[Replicant] [Patch V3] freedom-privacy-security-issues: Add information about TrustZone
Paul Kocialkowski
contact at paulk.fr
Sat Dec 16 14:23:41 UTC 2017
Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a
écrit :
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
> Signed-off-by: Paul Kocialkowski <contact at paulk.fr>
Acked-by: Paul Kocialkowski <contact at paulk.fr>
> ---
> freedom-privacy-security-issues.php | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-
> security-issues.php
> index f3923d7..cf380d2 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -20,11 +20,14 @@
> <p>
> Regarding the software side of things
> on mobile devices, the main CPU (inside the SoC) starts by executing
> hard-wired boot instructions (that cannot be changed), known as the
> bootrom.
> It will look up various places such
> as NAND, eMMC or MMC (sd/micro sd card) storage, depending on the
> hardware configuration, to load a bootloader.
> - The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the operating system by loading and running its kernel.<br />
> + The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the main operating system by loading and running its kernel.
> + On some hardware, it is also in
> charge of loading code that is separate from the operating system.
> That code runs on the same processor with the highest level of
> hardware privileges, can interrupt the operating system and forbid it
> from accessing hardware resources. On ARM processors, this privilege
> mode is called TrustZone. The code running in TrustZone often keeps
> running in the background, aside of the main operating system.<br />
> <br />
> +
> <a href="images/freedom-privacy-
> security-issues/software.png" data-lightbox="overview" data-
> title="Software-side overview"><img src="images/freedom-privacy-
> security-issues/software.png" alt="Software-side overview"
> style="width: 250px; float: right;"/></a>
> The kernel itself, among other
> things, deals with the hardware directly and provides ways for other
> programs (running in user-space) to access it.
> In user-space, hardware abstraction
> layers are programs specific to each device that know how to properly
> drive the hardware.
> They use the kernel to communicate
> back and forth with the hardware and implement the proper protocols
> for it.<br /><br />
> +
> The actual knowledge of how to drive
> the hardware is split between the kernel and the hardware abstraction
> layer libraries: both are needed to make it work properly.
> Hardware abstraction layers provide a
> generic interface for the framework to use.
> The framework itself provides an
> interface for applications that is independent of the device and the
> hardware.
> @@ -89,7 +92,7 @@
> </p>
> <p>
> <a href="images/freedom-privacy-
> security-issues/operating-system.png" data-lightbox="current-
> situation" data-title="Mobile operating system"><img
> src="images/freedom-privacy-security-issues/operating-system.png"
> alt="Mobile operating system" style="width: 250px; float: left;"/></a>
> - The biggest part of the software
> running on a mobile device is the operating system, that runs on the
> main CPU.
> + The biggest part of the software
> running on a mobile device is the main operating system, that runs on
> the main CPU.
> It has access to most integrated
> circuits (I/O, camera, microphone, GPS, etc) as well as the user's
> data and communications.
> It is the most critical part for
> privacy/security and is also very important for free software as it
> interacts with the user directly and holds knowledge about
> communication with the hardware.
> Many mobile operating systems are
> mostly free software (e.g.
> @@ -99,7 +102,7 @@
> None of these mostly-free systems
> have a clear policy to reject proprietary software and not advocate
> its use, except for Replicant.
> </p>
> <p>
> - While the operating system is a very
> important piece of software, it doesn't ship with applications that
> cover the wide spectrum of activities that a mobile device is expected
> to provide.
> + While the main operating system is a
> very important piece of software, it doesn't ship with applications
> that cover the wide spectrum of activities that a mobile device is
> expected to provide.
> Thankfully, plenty of free software
> applications exist for each kind of (mostly-)free operating system,
> sometimes gathered in free software application stores (such as <a
> href="//www.f-droid.org/">F-Droid</a>; for Android systems).
> </p>
> <h3>Mobile telephony operators and
> privacy</h3>
--
Paul Kocialkowski,
developer of free digital technology and hardware support.
Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20171216/959dc33e/attachment.asc>
More information about the Replicant
mailing list