[Replicant] Qualcomm
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Tue Sep 6 10:48:29 UTC 2016
On Fri, 26 Aug 2016 22:15:00 +0100
Josh Branning <lovell.joshyyy at gmail.com> wrote:
> 1) Would the GPU be able to spy on the CPU if it was used with
> freedreno instead?
At Replicant our main concern with Qualcomm SOCs:
- Modem isolation: On many Qualcomm SOCs, as far as I understand[1], the
modem and the CPU use shared memory to communicate.
We assume that giving the modem access to the RAM and flash chips is
way less safe than having modem connected trough a bus that doesn't
permit it to access the main CPU memory(Examples: USB, HSIC, serial).
We didn't look if it was possible to prevent the modem from accessing
the other parts of the main CPU memory trough IOMMU, or if it was
possible to bypass that IOMMU from the modem nevertheless.
Even if it was possible to constraint the modem, having the a
processor running only non-free software (here the modem) in the same
chip than the main CPU is a bad idea. The modem also seem to be
heavily involved in the boot procedure and starts executing before
the main CPU[2]. I also don't know if there are other ways for
arbitrary code running in the modem to execute arbitrary code in the
main CPU.
- Signed bootloader: As far as I know, it's not possible to boot any of
the Qualcomm SOC that are used in Android smartphones with software
chosen by the user. I'm not aware of similar Qualcomm SOC that can.
I didn't check every devices but it seems that they are all signed.
Note that on SOCs with an integrated modem, the modem might also be
involved in the boot procedure and start executing before the
main CPU[2].
Patches to improve the documentation[3] regarding such aspects are
welcome.
References:
-----------
[1] We didn't research enough on the topic, so that information might
be imprecise.
[2]There is some documentation on it for the "HTC Vision" smartphone at:
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess
[3]https://git.replicant.us/replicant/website.git
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160906/97250a94/attachment.asc>
More information about the Replicant
mailing list