From 9a673ef01fb3e67f84dc50461257bf2f6ed3cac7 Mon Sep 17 00:00:00 2001 From: Denis 'GNUtoo' Carikli Date: Mon, 28 Mar 2016 20:50:21 +0200 Subject: freedom-privacy-security-issues: Split into new lines after
This is to have more readable git diffs. Signed-off-by: Denis 'GNUtoo' Carikli --- freedom-privacy-security-issues.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-issues.php index 48d47b2..1cdd5a1 100644 --- a/freedom-privacy-security-issues.php +++ b/freedom-privacy-security-issues.php @@ -19,9 +19,11 @@

Regarding the software side of things on mobile devices, the main CPU (inside the SoC) starts by executing initial boot code, often known as the bootrom. This code will look up various places such as NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware configuration, to load a bootloader. - The bootloader, which is in fact often split in different stages, is in charge of bringing up and configuring various aspects of the hardware and eventually starting the operating system by loading and running its kernel.
Software-side overviewThe kernel itself, among other things, deals with the hardware directly and provides ways for other programs (running in user-space) to access it. + The bootloader, which is in fact often split in different stages, is in charge of bringing up and configuring various aspects of the hardware and eventually starting the operating system by loading and running its kernel.
+ Software-side overviewThe kernel itself, among other things, deals with the hardware directly and provides ways for other programs (running in user-space) to access it. In user-space, hardware abstraction layers are programs specific to each device that know how to properly drive the hardware. - They use the kernel to communicate back and forth with the hardware and implement the proper protocols for it.

The actual knowledge of how to drive the hardware is split between the kernel and the hardware abstraction layer libraries: both are needed to make it work properly. + They use the kernel to communicate back and forth with the hardware and implement the proper protocols for it.

+ The actual knowledge of how to drive the hardware is split between the kernel and the hardware abstraction layer libraries: both are needed to make it work properly. Hardware abstraction layers provide a generic interface for the framework to use. The framework itself provides an interface for applications that is independent of the device and the hardware. That way, applications can access hardware features through the generic framework interface, which will call the hardware abstraction layer libraries, ending up with the kernel communicating with the hardware. @@ -50,7 +52,8 @@ While OsmocomBB, a free software GSM stack exists, it only runs on old feature phones, currently requires a host computer to operate and is not certified to run on public networks. Despite this situation, the modem remains a crucial part for privacy/security: it is nearly always connected to the GSM network, allowing for remote control. The modem can be more or less damaging to privacy/security depending on what hardware it has access to and can control. - That is to say, how isolated it is from the rest of the device.

A device with bad modem isolation would allow the modem to access and control key parts of the hardware, such as the RAM, storage, GPS, camera, user I/O and microphone. + That is to say, how isolated it is from the rest of the device.

+ A device with bad modem isolation would allow the modem to access and control key parts of the hardware, such as the RAM, storage, GPS, camera, user I/O and microphone. This situation is terrible for privacy/security as it provides plenty of ways to efficiently spy on the user, triggered remotely over the mobile telephony network. Those are accessible to the mobile telephony operator, but also to attackers setting up fake base stations for that purpose. Good modem isolationOn the other hand, when the modem is well-isolated from the rest of the device, it is limited to communicating directly with the SoC and can only access the device's microphone when allowed by the SoC. @@ -77,7 +80,8 @@ Many mobile operating systems are mostly free software (e.g. Android, Firefox OS, Ubuntu Touch, Tizen), as they use the Linux kernel, a free framework and ship with free base applications. However, the user-space hardware abstraction layers are for the most part proprietary (it varies from one device to another) and they also ship with proprietary loaded firmwares for various integrated circuits. - Every piece of proprietary software running on the system is a risk for privacy/security as they can offer remote access back-doors and compromise the rest of the system.
None of these mostly-free systems have a clear policy to reject proprietary software and not advocate its use, except for Replicant. + Every piece of proprietary software running on the system is a risk for privacy/security as they can offer remote access back-doors and compromise the rest of the system.
+ None of these mostly-free systems have a clear policy to reject proprietary software and not advocate its use, except for Replicant.

While the operating system is a very important piece of software, it doesn't ship with applications that cover the wide spectrum of activities that a mobile device is expected to provide. -- cgit v1.1