Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday September 11 2018, @10:45AM   Printer-friendly
from the I'd-buy-one dept.

Progress update from the Librem 5 hardware department:

[...] Making a non-Android mobile phone that will run an FSF-approved OS that supports all the features that we've all come to rely on (cellular, WiFi, Bluetooth, touchscreen input) has and continues to involve a lot of pathfinding, given that a RYF phone has never been attempted before and discovery involves solving issues as they come up.

The industry offers all the hardware to create a smartphone on a fast path, as the SoC vendors typically provide the modem (cellular and wifi) integrated directly on the SoC. Like a recipe in a cookbook—take an SoC, place it on a PCB, add RAM and flash chip on top of it (called a package on package—PoP), add antennas and finally power. The difficulty comes down to the firmware and the software that run these devices. The necessary firmware to operate the cellular modem, WiFi, BT etc. is provided by the chip maker, including the drivers for the GPU and more. The firmware and software included is proprietary with no source code with little to no alternatives.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by pTamok on Tuesday September 11 2018, @12:04PM (7 children)

    by pTamok (3042) on Tuesday September 11 2018, @12:04PM (#733113)

    Reading the article shows that Librem have been unable to avoid using non-open software in the cellular modem.

    The modem is the component that has to implement all the familiar protocols you would associate with a phone (like 2G, 3G, 4G and the upcoming 5G). It does so by running its own proprietary black box operating system. The cellular modem is also covered by thousands of patents held by hundreds of patent owners.

    ...only a handful of silicon vendors in the world that make these chipsets...

    This left us with only one choice: to use ready-made modem “modules”...

    Librem are doing their best to isolate the modem, so that it does not have direct access to RAM, but is instead accessed over an internal USB bus, but there is nothing to stop undocumented over-the-air interface access to the modem accessing undocumented capabilities.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 5, Interesting) by mth on Tuesday September 11 2018, @12:43PM (1 child)

    by mth (2848) on Tuesday September 11 2018, @12:43PM (#733124) Homepage

    It is possible to use a whitelist for USB devices. So if a modem suddenly decides to become a keyboard, the OS can ignore it. That limits the possible attacks considerably.

    It would still be possible to eavesdrop on communication, but that is possible anyway at the telco. You would have to make sure communication is encrypted at the OS level, before it even reaches the modem, but that's a pretty basic requirement.

    Denial of service by turning off the modem remotely is also theoretically possible, but again this type of attack could also be done at the telco.

    Having a USB port exposed to an untrusted device is an additional attack surface. I don't know how secure the average USB stack is. I remember there being a PlayStation 4 exploit some years ago that used a weakness in the USB stack.

    With the likely alternative being no libre phone at all, I think a black box on a USB bus is an acceptable compromise.

    • (Score: 2) by mth on Tuesday September 11 2018, @02:58PM

      by mth (2848) on Tuesday September 11 2018, @02:58PM (#733167) Homepage

      I misremembered: it was actually the PS3 that was exploited via USB.

  • (Score: 0) by Anonymous Coward on Tuesday September 11 2018, @05:55PM

    by Anonymous Coward on Tuesday September 11 2018, @05:55PM (#733226)

    In other words, patents and proprietary software thugs are screwing us out of our freedoms again. Yet, when Free Software has an issue or doesn't have some feature, many instantly blame the developers. Sometimes that is warranted, but in cases such as this, our corrupt political system and the proprietary software companies are directly responsible for the issues facing Free Software developers. I wish people would remember that next time they decide to sneer at Free Software.

  • (Score: 2) by jmorris on Tuesday September 11 2018, @08:50PM (3 children)

    by jmorris (4844) on Tuesday September 11 2018, @08:50PM (#733300)

    Putting the modem on USB is a mistake. My LG talks to the modem over a direct bus with i2s on the side to let the modem do audio encode/decode. The modem can't attempt very many shenanigans over such a connection so no real worries. We have to accept that for regulatory compliance issues the modem is going to run a blob. So wall it off and get on with opening up the rest. We desperately need an ARM SoC with open graphics that isn't an obsolete gimped Pi.

    • (Score: 2) by mth on Tuesday September 11 2018, @10:02PM (2 children)

      by mth (2848) on Tuesday September 11 2018, @10:02PM (#733352) Homepage

      According to TFA, they picked the i.MX series SoC specifically because there are open GPU drivers for it, from the Etnaviv project.

      • (Score: 2) by jmorris on Tuesday September 11 2018, @10:57PM (1 child)

        by jmorris (4844) on Tuesday September 11 2018, @10:57PM (#733376)

        Last update was eleven months ago. Yeah I'd plan a product launch around them coming through and delivering the goods.

        • (Score: 3, Informative) by mth on Wednesday September 12 2018, @01:29AM

          by mth (2848) on Wednesday September 12 2018, @01:29AM (#733430) Homepage

          Last update of Etnaviv, you mean? As far as I know several people are still working on that, but since the parts have been upstreamed, the updates are now spread over different repos. The kernel driver is in the mainline kernel, for example, other parts are in Mesa, libdrm etc.