[Replicant] [PATCH] freedom-privacy-security-issues: Add information about TrustZone

Josh Branning lovell.joshyyy at gmail.com
Sat Dec 16 19:40:08 UTC 2017


Note the entire screen is visible and working, it's just the touch is 
half broken.

On 16/12/17 19:34, Josh Branning wrote:
> Also someone I know may be able to send a TZX-Q8-713B7 (AllWinner A13
> tablet) Note the caveat, it has a broken screen.
>
> A long time ago, I tried to get Replicant 4 on it, but found gnu/linux
> was easier to put on.
>
> Despite not having support for Replicant, it's got quite good upstream
> support, and you could try disabling TrustZone on that without too much
> fear of breaking the device [further].
>
> I can also send you source files/scripts to build uboot/sunxi kernel and
> boot arch linux arm on it, although this method may be old by now.
>
> I'm not sure if uboot strips TrustZone either way or if this model has
> it at all. It's worth noting that A13 is fairly old now and the tablet
> is for some reason more expensive since I purchased it (possibly it's
> not produced anymore).
>
> I can understand if you don't want my junk or if the device is not
> suitable. But you can PM me off-list if you are interested.
>
> Josh
>
> On 16/12/17 10:44, Denis 'GNUtoo' Carikli wrote:
>> Hi,
>>
>> I've sent an updated proposal based on your modifications.
>>
>> I've also added a new patch to explain the consequences of a signed
>> bootloader when some code is loaded into TruztZone.
>>
>> The second patch is not perfect as I've no idea what would happen when
>> the TrustZone partition is erased. For instance would the device still
>> boot, if for instance an upstream Linux kernel is used? Or would it fail
>> before that, in the bootloader?
>>
>> Testing that safely, without risking to break a device would be
>> complicated,
>> and would probably require to:
>> - Find a device supported by Replicant that can boot on something else
>>    than the internal memory first, or make it do that by modifying some
>>    resistors on the PCB.
>> - Manage to boot on that "something else" and make sure to be able to
>>    recovery if all or part of the internal memory is erased.
>> - Try to boot without the TrustZone partition, and see if it works.
>> - Ideally also support for that device in the upstream Linux kenrel,
>>    to have a kernel that doesn't depend on TrustZone.
>>
>> Denis.
>> _______________________________________________
>> Replicant mailing list
>> Replicant at osuosl.org
>> https://lists.osuosl.org/mailman/listinfo/replicant
>>
>



More information about the Replicant mailing list