From: Denis 'GNUtoo' Carikli <[email protected]>
Signed-off-by: Denis 'GNUtoo' Carikli <[email protected]>
Signed-off-by: Paul Kocialkowski <[email protected]>
---
freedom-privacy-security-issues.php | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/freedom-privacy-security-issues.php
b/freedom-privacy-security-issues.php
index f3923d7..f75482d 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -20,11 +20,14 @@
<p>
Regarding the software side of things on mobile
devices, the main CPU (inside the SoC) starts by executing hard-wired boot
instructions (that cannot be changed), known as the bootrom.
It will look up various places such as NAND,
eMMC or MMC (sd/micro sd card) storage, depending on the hardware
configuration, to load a bootloader.
- The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the operating system by loading and
running its kernel.<br />
+ The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the main operating system by loading
and running its kernel.
+ On some hardware, it is also in charge of
loading a privileged execution environment, that runs on the same processor
with the highest level of permissions. It might interrupt the system and forbid
it from accessing hardware resources. On mobile devices, this is often
implemented with TrustZone, where the processor's execution mode is split
between a secure world, where the privileged execution environment is running
and a non-secure world. The privileged execution environment often keeps
running in the background, aside of the main operating system.<br /> <br />
+
<a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>
The kernel itself, among other things, deals
with the hardware directly and provides ways for other programs (running in
user-space) to access it.
In user-space, hardware abstraction layers are
programs specific to each device that know how to properly drive the hardware.
They use the kernel to communicate back and
forth with the hardware and implement the proper protocols for it.<br /><br />
+
The actual knowledge of how to drive the
hardware is split between the kernel and the hardware abstraction layer
libraries: both are needed to make it work properly.
Hardware abstraction layers provide a generic
interface for the framework to use.
The framework itself provides an interface for
applications that is independent of the device and the hardware.
@@ -89,7 +92,7 @@
</p>
<p>
<a
href="images/freedom-privacy-security-issues/operating-system.png"
data-lightbox="current-situation" data-title="Mobile operating system"><img
src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile
operating system" style="width: 250px; float: left;"/></a>
- The biggest part of the software running on a
mobile device is the operating system, that runs on the main CPU.
+ The biggest part of the software running on a
mobile device is the main operating system, that runs on the main CPU.
It has access to most integrated circuits (I/O,
camera, microphone, GPS, etc) as well as the user's data and communications.
It is the most critical part for
privacy/security and is also very important for free software as it interacts
with the user directly and holds knowledge about communication with the
hardware.
Many mobile operating systems are mostly free
software (e.g.
@@ -99,7 +102,7 @@
None of these mostly-free systems have a clear
policy to reject proprietary software and not advocate its use, except for
Replicant.
</p>
<p>
- While the operating system is a very important
piece of software, it doesn't ship with applications that cover the wide
spectrum of activities that a mobile device is expected to provide.
+ While the main operating system is a very
important piece of software, it doesn't ship with applications that cover the
wide spectrum of activities that a mobile device is expected to provide.
Thankfully, plenty of free software
applications exist for each kind of (mostly-)free operating system, sometimes
gathered in free software application stores (such as <a
href="//www.f-droid.org/">F-Droid</a> for Android systems).
</p>
<h3>Mobile telephony operators and privacy</h3>
--
2.15.1
_______________________________________________
Replicant mailing list
[email protected]
https://lists.osuosl.org/mailman/listinfo/replicant
