Signed-off-by: Denis 'GNUtoo' Carikli <[email protected]>
---
freedom-privacy-security-issues.php | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/freedom-privacy-security-issues.php
b/freedom-privacy-security-issues.php
index f3923d7..ec4228f 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -20,11 +20,13 @@
<p>
Regarding the software side of things on mobile
devices, the main CPU (inside the SoC) starts by executing hard-wired boot
instructions (that cannot be changed), known as the bootrom.
It will look up various places such as NAND,
eMMC or MMC (sd/micro sd card) storage, depending on the hardware
configuration, to load a bootloader.
- The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the operating system by loading and
running its kernel.<br />
+ The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the main operating system by loading
and running its kernel.
+ On some hardware, it is also in charge of
loading a second operating system in the background, in a "secure" part of the
processor called TrustZone. <br /> <br />
<a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>
The kernel itself, among other things, deals
with the hardware directly and provides ways for other programs (running in
user-space) to access it.
In user-space, hardware abstraction layers are
programs specific to each device that know how to properly drive the hardware.
They use the kernel to communicate back and
forth with the hardware and implement the proper protocols for it.<br /><br />
+
The actual knowledge of how to drive the
hardware is split between the kernel and the hardware abstraction layer
libraries: both are needed to make it work properly.
Hardware abstraction layers provide a generic
interface for the framework to use.
The framework itself provides an interface for
applications that is independent of the device and the hardware.
@@ -32,6 +34,9 @@
For instance, when placing a call, the dialer
application will communicate with the framework, which in turn will communicate
with the hardware abstraction layer.
That hardware abstraction layer will implement
the protocol to communicate with the modem. The kernel will then forward the
communication between the hardware abstraction layer and the modem.
</p>
+ <p>
+ The second operating system that runs inside
TrustZone can access all hardware resources, including those of the primary
operating system, such as its memory, while being isolated from it.
+ </p>
<p>
Many other components of a mobile device also
run software in different forms.
The various integrated circuits run small
pieces of dedicated software that are called firmwares.
@@ -89,7 +94,7 @@
</p>
<p>
<a
href="images/freedom-privacy-security-issues/operating-system.png"
data-lightbox="current-situation" data-title="Mobile operating system"><img
src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile
operating system" style="width: 250px; float: left;"/></a>
- The biggest part of the software running on a
mobile device is the operating system, that runs on the main CPU.
+ The biggest part of the software running on a
mobile device is the main operating system, that runs on the main CPU.
It has access to most integrated circuits (I/O,
camera, microphone, GPS, etc) as well as the user's data and communications.
It is the most critical part for
privacy/security and is also very important for free software as it interacts
with the user directly and holds knowledge about communication with the
hardware.
Many mobile operating systems are mostly free
software (e.g.
@@ -99,7 +104,7 @@
None of these mostly-free systems have a clear
policy to reject proprietary software and not advocate its use, except for
Replicant.
</p>
<p>
- While the operating system is a very important
piece of software, it doesn't ship with applications that cover the wide
spectrum of activities that a mobile device is expected to provide.
+ While the main operating system is a very
important piece of software, it doesn't ship with applications that cover the
wide spectrum of activities that a mobile device is expected to provide.
Thankfully, plenty of free software
applications exist for each kind of (mostly-)free operating system, sometimes
gathered in free software application stores (such as <a
href="//www.f-droid.org/">F-Droid</a> for Android systems).
</p>
<h3>Mobile telephony operators and privacy</h3>
--
2.14.2
_______________________________________________
Replicant mailing list
[email protected]
https://lists.osuosl.org/mailman/listinfo/replicant
