[Replicant] [Patch V3] freedom-privacy-security-issues: Add information about TrustZone
Paul Kocialkowski
contact at paulk.fr
Mon Aug 6 16:51:02 UTC 2018
Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a
écrit :
Slightly modified,
Acked-by: Paul Kocialkowski <contact at paulk.fr>
and merged!
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
> Signed-off-by: Paul Kocialkowski <contact at paulk.fr>
> ---
> freedom-privacy-security-issues.php | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-issues.php
> index f3923d7..cf380d2 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -20,11 +20,14 @@
> <p>
> Regarding the software side of things on mobile devices, the main CPU (inside the SoC) starts by executing hard-wired boot instructions (that cannot be changed), known as the bootrom.
> It will look up various places such as NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware configuration, to load a bootloader.
> - The bootloader, which is in fact often split in different stages, is in charge of bringing up and configuring various aspects of the hardware and eventually starting the operating system by loading and running its kernel.<br />
> + The bootloader, which is in fact often split in different stages, is in charge of bringing up and configuring various aspects of the hardware and eventually starting the main operating system by loading and running its kernel.
> + On some hardware, it is also in charge of loading code that is separate from the operating system. That code runs on the same processor with the highest level of hardware privileges, can interrupt the operating system and forbid it from accessing hardware resources. On ARM processors, this privilege mode is called TrustZone. The code running in TrustZone often keeps running in the background, aside of the main operating system.<br /> <br />
> +
> <a href="images/freedom-privacy-security-issues/software.png" data-lightbox="overview" data-title="Software-side overview"><img src="images/freedom-privacy-security-issues/software.png" alt="Software-side overview" style="width: 250px; float: right;"/></a>
> The kernel itself, among other things, deals with the hardware directly and provides ways for other programs (running in user-space) to access it.
> In user-space, hardware abstraction layers are programs specific to each device that know how to properly drive the hardware.
> They use the kernel to communicate back and forth with the hardware and implement the proper protocols for it.<br /><br />
> +
> The actual knowledge of how to drive the hardware is split between the kernel and the hardware abstraction layer libraries: both are needed to make it work properly.
> Hardware abstraction layers provide a generic interface for the framework to use.
> The framework itself provides an interface for applications that is independent of the device and the hardware.
> @@ -89,7 +92,7 @@
> </p>
> <p>
> <a href="images/freedom-privacy-security-issues/operating-system.png" data-lightbox="current-situation" data-title="Mobile operating system"><img src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile operating system" style="width: 250px; float: left;"/></a>
> - The biggest part of the software running on a mobile device is the operating system, that runs on the main CPU.
> + The biggest part of the software running on a mobile device is the main operating system, that runs on the main CPU.
> It has access to most integrated circuits (I/O, camera, microphone, GPS, etc) as well as the user's data and communications.
> It is the most critical part for privacy/security and is also very important for free software as it interacts with the user directly and holds knowledge about communication with the hardware.
> Many mobile operating systems are mostly free software (e.g.
> @@ -99,7 +102,7 @@
> None of these mostly-free systems have a clear policy to reject proprietary software and not advocate its use, except for Replicant.
> </p>
> <p>
> - While the operating system is a very important piece of software, it doesn't ship with applications that cover the wide spectrum of activities that a mobile device is expected to provide.
> + While the main operating system is a very important piece of software, it doesn't ship with applications that cover the wide spectrum of activities that a mobile device is expected to provide.
> Thankfully, plenty of free software applications exist for each kind of (mostly-)free operating system, sometimes gathered in free software application stores (such as <a href="//www.f-droid.org/">F-Droid</a>; for Android systems).
> </p>
> <h3>Mobile telephony operators and privacy</h3>
--
Developer of free digital technology and hardware support.
Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20180806/5c2f13e9/attachment.asc>
More information about the Replicant
mailing list