[Replicant] [PATCH] freedom-privacy-security-issues: Add information about TrustZone

Josh Branning lovell.joshyyy at gmail.com
Sat Dec 16 19:34:05 UTC 2017


Also someone I know may be able to send a TZX-Q8-713B7 (AllWinner A13 
tablet) Note the caveat, it has a broken screen.

A long time ago, I tried to get Replicant 4 on it, but found gnu/linux 
was easier to put on.

Despite not having support for Replicant, it's got quite good upstream 
support, and you could try disabling TrustZone on that without too much 
fear of breaking the device [further].

I can also send you source files/scripts to build uboot/sunxi kernel and 
boot arch linux arm on it, although this method may be old by now.

I'm not sure if uboot strips TrustZone either way or if this model has 
it at all. It's worth noting that A13 is fairly old now and the tablet 
is for some reason more expensive since I purchased it (possibly it's 
not produced anymore).

I can understand if you don't want my junk or if the device is not 
suitable. But you can PM me off-list if you are interested.

Josh

On 16/12/17 10:44, Denis 'GNUtoo' Carikli wrote:
> Hi,
>
> I've sent an updated proposal based on your modifications.
>
> I've also added a new patch to explain the consequences of a signed
> bootloader when some code is loaded into TruztZone.
>
> The second patch is not perfect as I've no idea what would happen when
> the TrustZone partition is erased. For instance would the device still
> boot, if for instance an upstream Linux kernel is used? Or would it fail
> before that, in the bootloader?
>
> Testing that safely, without risking to break a device would be complicated,
> and would probably require to:
> - Find a device supported by Replicant that can boot on something else
>    than the internal memory first, or make it do that by modifying some
>    resistors on the PCB.
> - Manage to boot on that "something else" and make sure to be able to
>    recovery if all or part of the internal memory is erased.
> - Try to boot without the TrustZone partition, and see if it works.
> - Ideally also support for that device in the upstream Linux kenrel,
>    to have a kernel that doesn't depend on TrustZone.
>
> Denis.
> _______________________________________________
> Replicant mailing list
> Replicant at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/replicant
>



More information about the Replicant mailing list