[Replicant] [PATCH] freedom-privacy-security-issues: Add information about TrustZone
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sat Dec 16 10:44:19 UTC 2017
Hi,
I've sent an updated proposal based on your modifications.
I've also added a new patch to explain the consequences of a signed
bootloader when some code is loaded into TruztZone.
The second patch is not perfect as I've no idea what would happen when
the TrustZone partition is erased. For instance would the device still
boot, if for instance an upstream Linux kernel is used? Or would it fail
before that, in the bootloader?
Testing that safely, without risking to break a device would be complicated,
and would probably require to:
- Find a device supported by Replicant that can boot on something else
than the internal memory first, or make it do that by modifying some
resistors on the PCB.
- Manage to boot on that "something else" and make sure to be able to
recovery if all or part of the internal memory is erased.
- Try to boot without the TrustZone partition, and see if it works.
- Ideally also support for that device in the upstream Linux kenrel,
to have a kernel that doesn't depend on TrustZone.
Denis.
More information about the Replicant
mailing list