[Replicant] Qualcomm

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Tue Sep 6 10:48:29 UTC 2016


On Fri, 26 Aug 2016 22:15:00 +0100
Josh Branning <lovell.joshyyy at gmail.com> wrote:

> 1) Would the GPU be able to spy on the CPU if it was used with
> freedreno instead?
At Replicant our main concern with Qualcomm SOCs:
- Modem isolation: On many Qualcomm SOCs, as far as I understand[1], the
  modem and the CPU use shared memory to communicate.
  We assume that giving the modem access to the RAM and flash chips is
  way less safe than having modem connected trough a bus that doesn't
  permit it to access the main CPU memory(Examples: USB, HSIC, serial).

  We didn't look if it was possible to prevent the modem from accessing
  the other parts of the main CPU memory trough IOMMU, or if it was
  possible to bypass that IOMMU from the modem nevertheless.

  Even if it was possible to constraint the modem, having the a
  processor running only non-free software (here the modem) in the same
  chip than the main CPU is a bad idea. The modem also seem to be
  heavily involved in the boot procedure and starts executing before
  the main CPU[2]. I also don't know if there are other ways for
  arbitrary code running in the modem to execute arbitrary code in the
  main CPU.

- Signed bootloader: As far as I know, it's not possible to boot any of
  the Qualcomm SOC that are used in Android smartphones with software
  chosen by the user. I'm not aware of similar Qualcomm SOC that can.
  I didn't check every devices but it seems that they are all signed.
  Note that on SOCs with an integrated modem, the modem might also be
  involved in the boot procedure and start executing before the
  main CPU[2].

Patches to improve the documentation[3] regarding such aspects are
welcome.

References:
-----------
[1] We didn't research enough on the topic, so that information might
   be imprecise.
[2]There is some documentation on it for the "HTC Vision" smartphone at:
   http://tjworld.net/wiki/Android/HTC/Vision/BootProcess
[3]https://git.replicant.us/replicant/website.git

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160906/97250a94/attachment.asc>


More information about the Replicant mailing list