Hi, On Sat, 14 Oct 2017 20:20:49 +0200 Denis 'GNUtoo' Carikli <[email protected]> wrote:
> Signed-off-by: Denis 'GNUtoo' Carikli <[email protected]> > --- > freedom-privacy-security-issues.php | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/freedom-privacy-security-issues.php > b/freedom-privacy-security-issues.php index f3923d7..ec4228f 100644 > --- a/freedom-privacy-security-issues.php > +++ b/freedom-privacy-security-issues.php > @@ -20,11 +20,13 @@ > <p> > Regarding the software side of > things on mobile devices, the main CPU (inside the SoC) starts by > executing hard-wired boot instructions (that cannot be changed), > known as the bootrom. It will look up various places such as NAND, > eMMC or MMC (sd/micro sd card) storage, depending on the hardware > configuration, to load a bootloader. > - The bootloader, which is in fact > often split in different stages, is in charge of bringing up and > configuring various aspects of the hardware and eventually starting > the operating system by loading and running its kernel.<br /> > + The bootloader, which is in fact > often split in different stages, is in charge of bringing up and > configuring various aspects of the hardware and eventually starting > the main operating system by loading and running its kernel. > + On some hardware, it is also in > charge of loading a second operating system in the background, in a > "secure" part of the processor called TrustZone. <br /> <br /> <a > href="images/freedom-privacy-security-issues/software.png" > data-lightbox="overview" data-title="Software-side overview"><img > src="images/freedom-privacy-security-issues/software.png" > alt="Software-side overview" style="width: 250px; float: > right;"/></a> The kernel itself, among other things, deals with the > hardware directly and provides ways for other programs (running in > user-space) to access it. In user-space, hardware abstraction layers > are programs specific to each device that know how to properly drive > the hardware. They use the kernel to communicate back and forth with > the hardware and implement the proper protocols for it.<br /><br /> + > The actual knowledge of how to drive the hardware is split between > the kernel and the hardware abstraction layer libraries: both are > needed to make it work properly. Hardware abstraction layers provide > a generic interface for the framework to use. The framework itself > provides an interface for applications that is independent of the > device and the hardware. @@ -32,6 +34,9 @@ For instance, when placing > a call, the dialer application will communicate with the framework, > which in turn will communicate with the hardware abstraction layer. > That hardware abstraction layer will implement the protocol to > communicate with the modem. The kernel will then forward the > communication between the hardware abstraction layer and the modem. > </p> > + <p> > + The second operating system that runs > inside TrustZone can access all hardware resources, including those > of the primary operating system, such as its memory, while being > isolated from it. > + </p> > <p> > Many other components of a mobile > device also run software in different forms. The various integrated > circuits run small pieces of dedicated software that are called > firmwares. @@ -89,7 +94,7 @@ </p> > <p> > <a > href="images/freedom-privacy-security-issues/operating-system.png" > data-lightbox="current-situation" data-title="Mobile operating > system"><img > src="images/freedom-privacy-security-issues/operating-system.png" > alt="Mobile operating system" style="width: 250px; float: left;"/></a> > - The biggest part of the software > running on a mobile device is the operating system, that runs on the > main CPU. > + The biggest part of the software > running on a mobile device is the main operating system, that runs on > the main CPU. It has access to most integrated circuits (I/O, camera, > microphone, GPS, etc) as well as the user's data and communications. > It is the most critical part for privacy/security and is also very > important for free software as it interacts with the user directly > and holds knowledge about communication with the hardware. Many > mobile operating systems are mostly free software (e.g. @@ -99,7 > +104,7 @@ None of these mostly-free systems have a clear policy to > reject proprietary software and not advocate its use, except for > Replicant. </p> <p> > - While the operating system is a very > important piece of software, it doesn't ship with applications that > cover the wide spectrum of activities that a mobile device is > expected to provide. > + While the main operating system is a > very important piece of software, it doesn't ship with applications > that cover the wide spectrum of activities that a mobile device is > expected to provide. Thankfully, plenty of free software applications > exist for each kind of (mostly-)free operating system, sometimes > gathered in free software application stores (such as <a > href="//www.f-droid.org/">F-Droid</a> for Android systems). </p> > <h3>Mobile telephony operators and privacy</h3> Ping. Denis.
pgpx62RP7VNDs.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
