[Replicant] help

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Tue Dec 6 14:53:02 UTC 2016


On Mon, 5 Dec 2016 23:01:56 +0000
". marrakech" <saidelaonke at hotmail.com> wrote:

> Hi 
Hi,

> I have a few questions about replicant
> this because I find various explanations and now do not know what's
> right that's what I found on your site
I've CC-ed the Replicant mailing list because this mail doesn't look
like a private inquiry. Next time ask directly on the Replicant mailing
list.

> Our free software replacement for the binary is incriminated Samsung
> RIL-which relies on libsamsung-ipc: both are used in Replicant.
> The affectedness devices have modems That Samsung use the IPC
> protocol, mostly XMM6160 Intel and Intel XMM6260 modems. Note That
> Despite this backing by, the devices usingthese modems are most
> likely to have good modem isolationism, Compared to other devices
> using Qualcomm platforms. Bear in mind thatthis is backed by
> Implemented in software and can easily be removed by installing a
> free replacement for the incriminated software, for instance by
> installing Replicant. Hence, we do not consider the incriminated
> devices to be inherently bad targets Because Of this back on.
In a nuttshell:
- On many qualcomm platforms, the modem and the CPU running Android
  shares the same RAM chips. The modem is also, in some cases,
  responsible for intialising the device before the CPU running
  Android, has also access to the flash chip holding the Android
  system, to the microphone(as it handles the sound card), and to the
  GPS(as it handles the GPS).
  On top of that the code quality of the qualcomm Linux kernels isn't
  sufficent to guarantee the device security.
- Some samsung devices have shared memory between the modem and the
  CPU, and here, since the RAM chip is probably wired to the modem and
  the CPU running Android, we have no guarantee that it cannot access
  some of the Android CPU RAM.
- Some samsung devices don't have shared memory between the modem and
  the CPU running Android.

All the above is the result of the hardware design and manufacturing
of the devices, and once the device is manufactured, it cannot be
changed.

The only way to deal with it is to buy good devices that don't have
shared memory.

> but on the site of Tehnoetic I found this
> In 2014, Replicant developers have found a modem backdoor in the
> Android systems or several at Replicant-supported devices, zoals the
> S3, and have successfully closed it in Replicant.

The RIL is the software that, within Android or Replicant, communicates
with the modem, in order to ask the modem to make a call, or to be
notified when someone calls you.

The proprietary Samsung RIL, which isn't used by Replicant, but is used
by Samsung and Cyanogenmod, had some serious security and privacy issue.
I've no idea if it still does have such issues.

Replicant is unaffected by it, since it doesn't use the proprietary
Samsung RIL.
Replicant can even potentially detect attackers trying to use that
security issue.

> Additionally, the
> phone Has A read-only nonfree boot ROM
This is part of the CPU running Android.
Some people feel it's an issue(Paul Kocialkowski does), but the FSF
doesn't as they consider it as part of the hardware.

I personally think that to have more guarantees on freedom, privacy,
and security, that the code it contains should, at least, be analyzed.
I also think that you course cannot require it to be modifiable since
it's read-only.

> -which loads a nonfree bootloader. The bootloader is not part of the
> Replicant system, but it is responsible with loading Replicant. We
> are telling you this So THAT before buying the product, you are aware
> there is ook nonfree software running on the Tehnoetic S3-which does
> not respect your freedom and it might not respect your privacy
> either. For now, we can not offer a full stack freedom-respecting
> smartphone, but we're joining the efforts.
Yes, the bootloader is a big issue, since it also loads another
operating system aside Replicant, in the processor runinng Android.
That operating system is loaded in "TrustZone". I didn't look yet if
code that is in TrustZone can continue to run without the cooperation
of the Linux Kernel.

Anyway, replacing the bootloader with free software might be doable on
that device but it would require some work:
https://github.com/Rebell/exynos4_uboot

> So can you tell me what Samsung or any other brand phone have no
> nonfree software because what tehnoetic say that the phone is not
> free from nonfree software
As far as I can tell, tehnoetic preinstall unmodified Replicant images
on the devices they sell.

On the Replicant wiki, I started to review the devices we support for
freedom, privacy, and security. This should have a (potentially
incomplete) list of non-free software that is either:
- Required to make some hardware work but not distributed by replicant.
  The consequence when using Replicant is that the hardware doesn't
  work. Some Replicant users still install some non-free firmware,
  while some other don't.
- Software that is already on the device and not modified nor
  replaced (yet) by Replicant, that is:
  - The modem firmware, which reside on a separate partition. Replicant
    will load that modem firmware into the modem.
  - The bootloader which also resides on a separate partition.

Unfortunately due to the lack of time, the freedom/privacy/security
devices reviews are probably far from complete.

It can be found, for the galaxy S3, here:
http://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300PrivacySecurityEvaluation

Other devices may have one too, if there is one, there is usually a
link to the page in the device page like for the Galaxy S3:
http://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300#Freedom-and-privacysecurity-evaluation

Also if you didn't already read the general introduction it's here:
http://www.replicant.us/freedom-privacy-security-issues.php

If something is not clear, improvements on the wiki or on
freedom-privacy-security-issues.php are welcome.

For the wiki you will need to create an account to edit, and for
freedom-privacy-security-issues.php, you need to send a patch for it on
the replicant mailing list.

Denis.


More information about the Replicant mailing list