Le lundi 28 mars 2016 à 20:50 +0200, Denis 'GNUtoo' Carikli a écrit : > The Images links html is very long, and therefor less readable by humans. > > This is to have more readable git diffs. > > Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org> Acked-by: Paul Kocialkowski <cont...@paulk.fr>
> --- > freedom-privacy-security-issues.php | 15 ++++++++++----- > 1 file changed, 10 insertions(+), 5 deletions(-) > > diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security- > issues.php > index 1cdd5a1..7def689 100644 > --- a/freedom-privacy-security-issues.php > +++ b/freedom-privacy-security-issues.php > @@ -12,7 +12,8 @@ > </p> > <h3>A simplified overview of mobile devices</h3> > <p> > - <a href="images/freedom-privacy-security- > issues/hardware.png" data-lightbox="overview" data-title="Hardware-side > overview"><img src="images/freedom-privacy-security-issues/hardware.png" > alt="Hardware-side overview" style="width: 250px; float: left;"/></a>On the > hardware side, mobile devices are built with a system on a chip (SoC) that > includes a processor (CPU) and various other fundamental components, around > which are found various integrated circuits, memory (RAM), storage, user > input/output (I/O), etc. > + <a href="images/freedom-privacy-security- > issues/hardware.png" data-lightbox="overview" data-title="Hardware-side > overview"><img src="images/freedom-privacy-security-issues/hardware.png" > alt="Hardware-side overview" style="width: 250px; float: left;"/></a> > + On the hardware side, mobile devices are > built with a system on a chip (SoC) that includes a processor (CPU) and > various other fundamental components, around which are found various > integrated circuits, memory (RAM), storage, user input/output (I/O), etc. > When the device is telephony-enabled, it also > features a modem, which is the component in charge of dealing with the mobile > telephony network. > Nowadays, it is usually a powerful processor, > sometimes with its own memory and storage. > </p> > @@ -20,7 +21,8 @@ > Regarding the software side of things on > mobile devices, the main CPU (inside the SoC) starts by executing initial boot > code, often known as the bootrom. > This code will look up various places such as > NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware > configuration, to load a bootloader. > The bootloader, which is in fact often split > in different stages, is in charge of bringing up and configuring various > aspects of the hardware and eventually starting the operating system by > loading and running its kernel.<br /> > - <a href="images/freedom-privacy-security- > issues/software.png" data-lightbox="overview" data-title="Software-side > overview"><img src="images/freedom-privacy-security-issues/software.png" > alt="Software-side overview" style="width: 250px; float: right;"/></a>The > kernel itself, among other things, deals with the hardware directly and > provides ways for other programs (running in user-space) to access it. > + <a href="images/freedom-privacy-security- > issues/software.png" data-lightbox="overview" data-title="Software-side > overview"><img src="images/freedom-privacy-security-issues/software.png" > alt="Software-side overview" style="width: 250px; float: right;"/></a> > + The kernel itself, among other things, deals > with the hardware directly and provides ways for other programs (running in > user-space) to access it. > In user-space, hardware abstraction layers > are programs specific to each device that know how to properly drive the > hardware. > They use the kernel to communicate back and > forth with the hardware and implement the proper protocols for it.<br /><br /> > The actual knowledge of how to drive the > hardware is split between the kernel and the hardware abstraction layer > libraries: both are needed to make it work properly. > @@ -48,7 +50,8 @@ > However, it is not always possible to even > replace those firmwares: some are loaded to the integrated circuit by the main > CPU but some others are pre-installed in the circuit (in that case, they > almost seem to behave like hardware) and cannot be updated to a free > replacement. > </p> > <p> > - <a href="images/freedom-privacy-security- > issues/bad-modem-isolation.png" data-lightbox="current-situation" data- > title="Bad modem isolation"><img src="images/freedom-privacy-security- > issues/bad-modem-isolation.png" alt="Bad modem isolation" style="width: 250px; > float: left;"/></a>The modem system on telephony-enabled mobile devices is > always proprietary. > + <a href="images/freedom-privacy-security- > issues/bad-modem-isolation.png" data-lightbox="current-situation" data- > title="Bad modem isolation"><img src="images/freedom-privacy-security- > issues/bad-modem-isolation.png" alt="Bad modem isolation" style="width: 250px; > float: left;"/></a> > + The modem system on telephony-enabled mobile > devices is always proprietary. > While <a > href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it > only runs on old feature phones, currently requires a host computer to operate > and is not certified to run on public networks. > Despite this situation, the modem remains a > crucial part for privacy/security: it is nearly always connected to the GSM > network, allowing for <a href="//www.gnu.org/philosophy/malware-mobiles.html"> > remote control</a>. > The modem can be more or less damaging to > privacy/security depending on what hardware it has access to and can control. > @@ -56,7 +59,8 @@ > A device with bad modem isolation would allow > the modem to access and control key parts of the hardware, such as the RAM, > storage, GPS, camera, user I/O and microphone. > This situation is terrible for > privacy/security as it provides plenty of ways to efficiently spy on the user, > triggered remotely over the mobile telephony network. > Those are accessible to the mobile telephony > operator, but also to attackers setting up fake base stations for that > purpose. > - <a href="images/freedom-privacy-security- > issues/good-modem-isolation.png" data-lightbox="current-situation" data- > title="Good modem isolation"><img src="images/freedom-privacy-security- > issues/good-modem-isolation.png" alt="Good modem isolation" style="width: > 250px; float: right;"/></a>On the other hand, when the modem is well-isolated > from the rest of the device, it is limited to communicating directly with the > SoC and can only access the device's microphone when allowed by the SoC. > + <a href="images/freedom-privacy-security- > issues/good-modem-isolation.png" data-lightbox="current-situation" data- > title="Good modem isolation"><img src="images/freedom-privacy-security- > issues/good-modem-isolation.png" alt="Good modem isolation" style="width: > 250px; float: right;"/></a> > + On the other hand, when the modem is well- > isolated from the rest of the device, it is limited to communicating directly > with the SoC and can only access the device's microphone when allowed by the > SoC. > It is then strictly limited to accessing what > it really needs, which considerably reduces its opportunities to spy on the > user. > While it doesn't solve any of the freedom > issues, having an isolated modem is a big step forward for privacy/security. > However, it is nearly impossible to be > entirely sure that the modem is actually isolated, as any documentation about > the device cannot be trusted, due to the lack of effective hardware freedom. > @@ -74,7 +78,8 @@ > Allwinner Ax, TI OMAP General-Purpose). > </p> > <p> > - <a href="images/freedom-privacy-security- > issues/operating-system.png" data-lightbox="current-situation" data- > title="Mobile operating system"><img src="images/freedom-privacy-security- > issues/operating-system.png" alt="Mobile operating system" style="width: > 250px; float: left;"/></a>The biggest part of the software running on a mobile > device is the operating system, that runs on the main CPU. > + <a href="images/freedom-privacy-security- > issues/operating-system.png" data-lightbox="current-situation" data- > title="Mobile operating system"><img src="images/freedom-privacy-security- > issues/operating-system.png" alt="Mobile operating system" style="width: > 250px; float: left;"/></a> > + The biggest part of the software running on a > mobile device is the operating system, that runs on the main CPU. > It has access to most integrated circuits > (I/O, camera, microphone, GPS, etc) as well as the user's data and > communications. > It is the most critical part for > privacy/security and is also very important for free software as it interacts > with the user directly and holds knowledge about communication with the > hardware. > Many mobile operating systems are mostly free > software (e.g.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
