[Replicant] [PATCH] freedom-privacy-security-issues: Add information about TrustZone
Josh Branning
lovell.joshyyy at gmail.com
Sat Dec 16 19:34:05 UTC 2017
Also someone I know may be able to send a TZX-Q8-713B7 (AllWinner A13
tablet) Note the caveat, it has a broken screen.
A long time ago, I tried to get Replicant 4 on it, but found gnu/linux
was easier to put on.
Despite not having support for Replicant, it's got quite good upstream
support, and you could try disabling TrustZone on that without too much
fear of breaking the device [further].
I can also send you source files/scripts to build uboot/sunxi kernel and
boot arch linux arm on it, although this method may be old by now.
I'm not sure if uboot strips TrustZone either way or if this model has
it at all. It's worth noting that A13 is fairly old now and the tablet
is for some reason more expensive since I purchased it (possibly it's
not produced anymore).
I can understand if you don't want my junk or if the device is not
suitable. But you can PM me off-list if you are interested.
Josh
On 16/12/17 10:44, Denis 'GNUtoo' Carikli wrote:
> Hi,
>
> I've sent an updated proposal based on your modifications.
>
> I've also added a new patch to explain the consequences of a signed
> bootloader when some code is loaded into TruztZone.
>
> The second patch is not perfect as I've no idea what would happen when
> the TrustZone partition is erased. For instance would the device still
> boot, if for instance an upstream Linux kernel is used? Or would it fail
> before that, in the bootloader?
>
> Testing that safely, without risking to break a device would be complicated,
> and would probably require to:
> - Find a device supported by Replicant that can boot on something else
> than the internal memory first, or make it do that by modifying some
> resistors on the PCB.
> - Manage to boot on that "something else" and make sure to be able to
> recovery if all or part of the internal memory is erased.
> - Try to boot without the TrustZone partition, and see if it works.
> - Ideally also support for that device in the upstream Linux kenrel,
> to have a kernel that doesn't depend on TrustZone.
>
> Denis.
> _______________________________________________
> Replicant mailing list
> Replicant at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/replicant
>
More information about the Replicant
mailing list