[Replicant] [PATCH] freedom-privacy-security-issues: Add information about TrustZone

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Sat Oct 28 08:45:36 UTC 2017


Hi,

On Sat, 14 Oct 2017 20:20:49 +0200
Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> wrote:

> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
> ---
>  freedom-privacy-security-issues.php | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php
> b/freedom-privacy-security-issues.php index f3923d7..ec4228f 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -20,11 +20,13 @@
>  			<p>
>  				Regarding the software side of
> things on mobile devices, the main CPU (inside the SoC) starts by
> executing hard-wired boot instructions (that cannot be changed),
> known as the bootrom. It will look up various places such as NAND,
> eMMC or MMC (sd/micro sd card) storage, depending on the hardware
> configuration, to load a bootloader.
> -				The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the operating system by loading and running its kernel.<br />
> +				The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the main operating system by loading and running its kernel.
> +				On some hardware, it is also in
> charge of loading a second operating system in the background, in a
> "secure" part of the processor called TrustZone. <br /> <br /> <a
> href="images/freedom-privacy-security-issues/software.png"
> data-lightbox="overview" data-title="Software-side overview"><img
> src="images/freedom-privacy-security-issues/software.png"
> alt="Software-side overview" style="width: 250px; float:
> right;"/></a> The kernel itself, among other things, deals with the
> hardware directly and provides ways for other programs (running in
> user-space) to access it. In user-space, hardware abstraction layers
> are programs specific to each device that know how to properly drive
> the hardware. They use the kernel to communicate back and forth with
> the hardware and implement the proper protocols for it.<br /><br /> +
> The actual knowledge of how to drive the hardware is split between
> the kernel and the hardware abstraction layer libraries: both are
> needed to make it work properly. Hardware abstraction layers provide
> a generic interface for the framework to use. The framework itself
> provides an interface for applications that is independent of the
> device and the hardware. @@ -32,6 +34,9 @@ For instance, when placing
> a call, the dialer application will communicate with the framework,
> which in turn will communicate with the hardware abstraction layer.
> That hardware abstraction layer will implement the protocol to
> communicate with the modem. The kernel will then forward the
> communication between the hardware abstraction layer and the modem.
> </p>
> +			<p>
> +			  The second operating system that runs
> inside TrustZone can access all hardware resources, including those
> of the primary operating system, such as its memory, while being
> isolated from it.
> +			</p>
>  			<p>
>  				Many other components of a mobile
> device also run software in different forms. The various integrated
> circuits run small pieces of dedicated software that are called
> firmwares. @@ -89,7 +94,7 @@ </p>
>  			<p>
>  				<a
> href="images/freedom-privacy-security-issues/operating-system.png"
> data-lightbox="current-situation" data-title="Mobile operating
> system"><img
> src="images/freedom-privacy-security-issues/operating-system.png"
> alt="Mobile operating system" style="width: 250px; float: left;"/></a>
> -				The biggest part of the software
> running on a mobile device is the operating system, that runs on the
> main CPU.
> +				The biggest part of the software
> running on a mobile device is the main operating system, that runs on
> the main CPU. It has access to most integrated circuits (I/O, camera,
> microphone, GPS, etc) as well as the user's data and communications.
> It is the most critical part for privacy/security and is also very
> important for free software as it interacts with the user directly
> and holds knowledge about communication with the hardware. Many
> mobile operating systems are mostly free software (e.g. @@ -99,7
> +104,7 @@ None of these mostly-free systems have a clear policy to
> reject proprietary software and not advocate its use, except for
> Replicant. </p> <p>
> -				While the operating system is a very
> important piece of software, it doesn't ship with applications that
> cover the wide spectrum of activities that a mobile device is
> expected to provide.
> +				While the main operating system is a
> very important piece of software, it doesn't ship with applications
> that cover the wide spectrum of activities that a mobile device is
> expected to provide. Thankfully, plenty of free software applications
> exist for each kind of (mostly-)free operating system, sometimes
> gathered in free software application stores (such as <a
> href="//www.f-droid.org/">F-Droid</a> for Android systems). </p>
> <h3>Mobile telephony operators and privacy</h3>

Ping.

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20171028/a5b94411/attachment.asc>


More information about the Replicant mailing list