Le samedi 16 décembre 2017 à 15:23 +0100, Paul Kocialkowski a écrit : > Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a > écrit : > > Signed-off-by: Denis 'GNUtoo' Carikli <[email protected]> > > Signed-off-by: Paul Kocialkowski <[email protected]> > > Acked-by: Paul Kocialkowski <[email protected]>
Actually, on second thought, I think we should clearly call the "code that is separate from the operating system" the "privileged execution environment", which is not specific to a particular platform. I can make that change if you agree. > > --- > > freedom-privacy-security-issues.php | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/freedom-privacy-security-issues.php b/freedom-privacy- > > security-issues.php > > index f3923d7..cf380d2 100644 > > --- a/freedom-privacy-security-issues.php > > +++ b/freedom-privacy-security-issues.php > > @@ -20,11 +20,14 @@ > > <p> > > Regarding the software side of > > things > > on mobile devices, the main CPU (inside the SoC) starts by executing > > hard-wired boot instructions (that cannot be changed), known as the > > bootrom. > > It will look up various places such > > as NAND, eMMC or MMC (sd/micro sd card) storage, depending on the > > hardware configuration, to load a bootloader. > > - The bootloader, which is in fact > > often split in different stages, is in charge of bringing up and > > configuring various aspects of the hardware and eventually starting > > the operating system by loading and running its kernel.<br /> > > + The bootloader, which is in fact > > often split in different stages, is in charge of bringing up and > > configuring various aspects of the hardware and eventually starting > > the main operating system by loading and running its kernel. > > + On some hardware, it is also in > > charge of loading code that is separate from the operating system. > > That code runs on the same processor with the highest level of > > hardware privileges, can interrupt the operating system and forbid > > it > > from accessing hardware resources. On ARM processors, this privilege > > mode is called TrustZone. The code running in TrustZone often keeps > > running in the background, aside of the main operating system.<br /> > > <br /> > > + > > <a href="images/freedom-privacy- > > security-issues/software.png" data-lightbox="overview" data- > > title="Software-side overview"><img src="images/freedom-privacy- > > security-issues/software.png" alt="Software-side overview" > > style="width: 250px; float: right;"/></a> > > The kernel itself, among other > > things, deals with the hardware directly and provides ways for other > > programs (running in user-space) to access it. > > In user-space, hardware abstraction > > layers are programs specific to each device that know how to > > properly > > drive the hardware. > > They use the kernel to communicate > > back and forth with the hardware and implement the proper protocols > > for it.<br /><br /> > > + > > The actual knowledge of how to > > drive > > the hardware is split between the kernel and the hardware > > abstraction > > layer libraries: both are needed to make it work properly. > > Hardware abstraction layers provide > > a > > generic interface for the framework to use. > > The framework itself provides an > > interface for applications that is independent of the device and the > > hardware. > > @@ -89,7 +92,7 @@ > > </p> > > <p> > > <a href="images/freedom-privacy- > > security-issues/operating-system.png" data-lightbox="current- > > situation" data-title="Mobile operating system"><img > > src="images/freedom-privacy-security-issues/operating-system.png" > > alt="Mobile operating system" style="width: 250px; float: > > left;"/></a> > > - The biggest part of the software > > running on a mobile device is the operating system, that runs on the > > main CPU. > > + The biggest part of the software > > running on a mobile device is the main operating system, that runs > > on > > the main CPU. > > It has access to most integrated > > circuits (I/O, camera, microphone, GPS, etc) as well as the user's > > data and communications. > > It is the most critical part for > > privacy/security and is also very important for free software as it > > interacts with the user directly and holds knowledge about > > communication with the hardware. > > Many mobile operating systems are > > mostly free software (e.g. > > @@ -99,7 +102,7 @@ > > None of these mostly-free systems > > have a clear policy to reject proprietary software and not advocate > > its use, except for Replicant. > > </p> > > <p> > > - While the operating system is a > > very > > important piece of software, it doesn't ship with applications that > > cover the wide spectrum of activities that a mobile device is > > expected > > to provide. > > + While the main operating system is > > a > > very important piece of software, it doesn't ship with applications > > that cover the wide spectrum of activities that a mobile device is > > expected to provide. > > Thankfully, plenty of free software > > applications exist for each kind of (mostly-)free operating system, > > sometimes gathered in free software application stores (such as <a > > href="//www.f-droid.org/">F-Droid</a>;; for Android systems). > > </p> > > <h3>Mobile telephony operators and > > privacy</h3> > > _______________________________________________ > Replicant mailing list > [email protected] > https://lists.osuosl.org/mailman/listinfo/replicant -- Paul Kocialkowski, developer of free digital technology and hardware support. Website: https://www.paulk.fr/ Coding blog: https://code.paulk.fr/ Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
