[Replicant] [Patch V3] freedom-privacy-security-issues: Add information about TrustZone

Paul Kocialkowski contact at paulk.fr
Sat Dec 16 14:23:41 UTC 2017


Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a
écrit :
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
> Signed-off-by: Paul Kocialkowski <contact at paulk.fr>

Acked-by: Paul Kocialkowski <contact at paulk.fr>

> ---
>  freedom-privacy-security-issues.php | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-
> security-issues.php
> index f3923d7..cf380d2 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -20,11 +20,14 @@
>  			<p>
>  				Regarding the software side of things
> on mobile devices, the main CPU (inside the SoC) starts by executing
> hard-wired boot instructions (that cannot be changed), known as the
> bootrom.
>  				It will look up various places such
> as NAND, eMMC or MMC (sd/micro sd card) storage, depending on the
> hardware configuration, to load a bootloader.
> -				The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the operating system by loading and running its kernel.<br />
> +				The bootloader, which is in fact
> often split in different stages, is in charge of bringing up and
> configuring various aspects of the hardware and eventually starting
> the main operating system by loading and running its kernel.
> +				On some hardware, it is also in
> charge of loading code that is separate from the operating system.
> That code runs on the same processor with the highest level of
> hardware privileges, can interrupt the operating system and forbid it
> from accessing hardware resources. On ARM processors, this privilege
> mode is called TrustZone. The code running in TrustZone often keeps
> running in the background, aside of the main operating system.<br />
> <br />
> +
>  				<a href="images/freedom-privacy-
> security-issues/software.png" data-lightbox="overview" data-
> title="Software-side overview"><img src="images/freedom-privacy-
> security-issues/software.png" alt="Software-side overview"
> style="width: 250px; float: right;"/></a>
>  				The kernel itself, among other
> things, deals with the hardware directly and provides ways for other
> programs (running in user-space) to access it.
>  				In user-space, hardware abstraction
> layers are programs specific to each device that know how to properly
> drive the hardware.
>  				They use the kernel to communicate
> back and forth with the hardware and implement the proper protocols
> for it.<br /><br />
> +
>  				The actual knowledge of how to drive
> the hardware is split between the kernel and the hardware abstraction
> layer libraries: both are needed to make it work properly.
>  				Hardware abstraction layers provide a
> generic interface for the framework to use.
>  				The framework itself provides an
> interface for applications that is independent of the device and the
> hardware.
> @@ -89,7 +92,7 @@
>  			</p>
>  			<p>
>  				<a href="images/freedom-privacy-
> security-issues/operating-system.png" data-lightbox="current-
> situation" data-title="Mobile operating system"><img
> src="images/freedom-privacy-security-issues/operating-system.png"
> alt="Mobile operating system" style="width: 250px; float: left;"/></a>
> -				The biggest part of the software
> running on a mobile device is the operating system, that runs on the
> main CPU.
> +				The biggest part of the software
> running on a mobile device is the main operating system, that runs on
> the main CPU.
>  				It has access to most integrated
> circuits (I/O, camera, microphone, GPS, etc) as well as the user's
> data and communications.
>  				It is the most critical part for
> privacy/security and is also very important for free software as it
> interacts with the user directly and holds knowledge about
> communication with the hardware.
>  				Many mobile operating systems are
> mostly free software (e.g.
> @@ -99,7 +102,7 @@
>  				None of these mostly-free systems
> have a clear policy to reject proprietary software and not advocate
> its use, except for Replicant.
>  			</p>
>  			<p>
> -				While the operating system is a very
> important piece of software, it doesn't ship with applications that
> cover the wide spectrum of activities that a mobile device is expected
> to provide.
> +				While the main operating system is a
> very important piece of software, it doesn't ship with applications
> that cover the wide spectrum of activities that a mobile device is
> expected to provide.
>  				Thankfully, plenty of free software
> applications exist for each kind of (mostly-)free operating system,
> sometimes gathered in free software application stores (such as <a
> href="//www.f-droid.org/">F-Droid</a>; for Android systems).
>  			</p>
>  			<h3>Mobile telephony operators and
> privacy</h3>
-- 
Paul Kocialkowski,

developer of free digital technology and hardware support.

Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20171216/959dc33e/attachment.asc>


More information about the Replicant mailing list