Project

General

Profile

GalaxyS3I9300PrivacySecurityEvaluation » History » Version 18

Wolfgang Wiedmeyer, 04/22/2017 09:10 PM
link to loaded firmwares

1 1 Denis 'GNUtoo' Carikli
h1. GalaxyS3I9300PrivacySecurityEvaluation
2
3 2 Denis 'GNUtoo' Carikli
Note that this information may or may not be exhaustive.
4
It also may or may not contain all known issues or good point about this device.
5 1 Denis 'GNUtoo' Carikli
6 5 Denis 'GNUtoo' Carikli
h2. General freedom issues on the Galaxy S 3 (I9300):
7
8 1 Denis 'GNUtoo' Carikli
* The bootloader is proprietary and signed.
9 18 Wolfgang Wiedmeyer
* Some peripherals do require proprietary firmwares to work, [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]]. See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
10 11 Denis 'GNUtoo' Carikli
* The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":http://www.replicant.us/freedom-privacy-security-issues.php for more details.
11 12 Denis 'GNUtoo' Carikli
* The hardware is proprietary, and we are not aware if any its schematics is available somewhere on the Internet.
12 1 Denis 'GNUtoo' Carikli
13 5 Denis 'GNUtoo' Carikli
h2. Modem related:
14 6 Denis 'GNUtoo' Carikli
15 5 Denis 'GNUtoo' Carikli
The modem runs non-free software, which is loaded but not shipped by Replicant.
16
* When using flight mode, The main CPU has to ask the modem to power itself off.
17 1 Denis 'GNUtoo' Carikli
* The modem is isolated:
18
** It doesn't use shared memory with the CPU, instead it uses an "HSIC" bus.
19 15 Wolfgang Wiedmeyer
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
20 3 Denis 'GNUtoo' Carikli
** It has no access to the other CPU peripherals.
21 7 Denis 'GNUtoo' Carikli
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
22 5 Denis 'GNUtoo' Carikli
23
h2. TODO:
24 6 Denis 'GNUtoo' Carikli
25 5 Denis 'GNUtoo' Carikli
* Investigate its terminal profile
26 13 Denis 'GNUtoo' Carikli
* Investigate TrustZone and other potential issues with the bootloader.
27 16 Wolfgang Wiedmeyer
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
28 14 Denis 'GNUtoo' Carikli
* Investigate the flash layout, EMMC partitions, EMMC firmware