On Mon, 5 Dec 2016 23:01:56 +0000 ". marrakech" <saidelao...@hotmail.com> wrote:
> Hi Hi, > I have a few questions about replicant > this because I find various explanations and now do not know what's > right that's what I found on your site I've CC-ed the Replicant mailing list because this mail doesn't look like a private inquiry. Next time ask directly on the Replicant mailing list. > Our free software replacement for the binary is incriminated Samsung > RIL-which relies on libsamsung-ipc: both are used in Replicant. > The affectedness devices have modems That Samsung use the IPC > protocol, mostly XMM6160 Intel and Intel XMM6260 modems. Note That > Despite this backing by, the devices usingthese modems are most > likely to have good modem isolationism, Compared to other devices > using Qualcomm platforms. Bear in mind thatthis is backed by > Implemented in software and can easily be removed by installing a > free replacement for the incriminated software, for instance by > installing Replicant. Hence, we do not consider the incriminated > devices to be inherently bad targets Because Of this back on. In a nuttshell: - On many qualcomm platforms, the modem and the CPU running Android shares the same RAM chips. The modem is also, in some cases, responsible for intialising the device before the CPU running Android, has also access to the flash chip holding the Android system, to the microphone(as it handles the sound card), and to the GPS(as it handles the GPS). On top of that the code quality of the qualcomm Linux kernels isn't sufficent to guarantee the device security. - Some samsung devices have shared memory between the modem and the CPU, and here, since the RAM chip is probably wired to the modem and the CPU running Android, we have no guarantee that it cannot access some of the Android CPU RAM. - Some samsung devices don't have shared memory between the modem and the CPU running Android. All the above is the result of the hardware design and manufacturing of the devices, and once the device is manufactured, it cannot be changed. The only way to deal with it is to buy good devices that don't have shared memory. > but on the site of Tehnoetic I found this > In 2014, Replicant developers have found a modem backdoor in the > Android systems or several at Replicant-supported devices, zoals the > S3, and have successfully closed it in Replicant. The RIL is the software that, within Android or Replicant, communicates with the modem, in order to ask the modem to make a call, or to be notified when someone calls you. The proprietary Samsung RIL, which isn't used by Replicant, but is used by Samsung and Cyanogenmod, had some serious security and privacy issue. I've no idea if it still does have such issues. Replicant is unaffected by it, since it doesn't use the proprietary Samsung RIL. Replicant can even potentially detect attackers trying to use that security issue. > Additionally, the > phone Has A read-only nonfree boot ROM This is part of the CPU running Android. Some people feel it's an issue(Paul Kocialkowski does), but the FSF doesn't as they consider it as part of the hardware. I personally think that to have more guarantees on freedom, privacy, and security, that the code it contains should, at least, be analyzed. I also think that you course cannot require it to be modifiable since it's read-only. > -which loads a nonfree bootloader. The bootloader is not part of the > Replicant system, but it is responsible with loading Replicant. We > are telling you this So THAT before buying the product, you are aware > there is ook nonfree software running on the Tehnoetic S3-which does > not respect your freedom and it might not respect your privacy > either. For now, we can not offer a full stack freedom-respecting > smartphone, but we're joining the efforts. Yes, the bootloader is a big issue, since it also loads another operating system aside Replicant, in the processor runinng Android. That operating system is loaded in "TrustZone". I didn't look yet if code that is in TrustZone can continue to run without the cooperation of the Linux Kernel. Anyway, replacing the bootloader with free software might be doable on that device but it would require some work: https://github.com/Rebell/exynos4_uboot > So can you tell me what Samsung or any other brand phone have no > nonfree software because what tehnoetic say that the phone is not > free from nonfree software As far as I can tell, tehnoetic preinstall unmodified Replicant images on the devices they sell. On the Replicant wiki, I started to review the devices we support for freedom, privacy, and security. This should have a (potentially incomplete) list of non-free software that is either: - Required to make some hardware work but not distributed by replicant. The consequence when using Replicant is that the hardware doesn't work. Some Replicant users still install some non-free firmware, while some other don't. - Software that is already on the device and not modified nor replaced (yet) by Replicant, that is: - The modem firmware, which reside on a separate partition. Replicant will load that modem firmware into the modem. - The bootloader which also resides on a separate partition. Unfortunately due to the lack of time, the freedom/privacy/security devices reviews are probably far from complete. It can be found, for the galaxy S3, here: http://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300PrivacySecurityEvaluation Other devices may have one too, if there is one, there is usually a link to the page in the device page like for the Galaxy S3: http://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300#Freedom-and-privacysecurity-evaluation Also if you didn't already read the general introduction it's here: http://www.replicant.us/freedom-privacy-security-issues.php If something is not clear, improvements on the wiki or on freedom-privacy-security-issues.php are welcome. For the wiki you will need to create an account to edit, and for freedom-privacy-security-issues.php, you need to send a patch for it on the replicant mailing list. Denis. _______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
