GalaxyS3I9300PrivacySecurityEvaluation » History » Version 24
Denis 'GNUtoo' Carikli, 05/20/2019 11:49 PM
|1||1||Denis 'GNUtoo' Carikli||
|3||2||Denis 'GNUtoo' Carikli||
Note that this information may or may not be exhaustive.
It also may or may not contain all known issues or good point about this device.
|5||1||Denis 'GNUtoo' Carikli|
|6||5||Denis 'GNUtoo' Carikli||
h2. General freedom issues on the Galaxy S 3 (I9300):
|8||1||Denis 'GNUtoo' Carikli||
* The bootloader is proprietary and signed.
* Some peripherals do require proprietary firmwares to work, [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]]. See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
* The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details.
|11||12||Denis 'GNUtoo' Carikli||
* The hardware is proprietary, and we are not aware if any its schematics is available somewhere on the Internet.
|12||1||Denis 'GNUtoo' Carikli|
|13||5||Denis 'GNUtoo' Carikli||
h2. Modem related:
|14||6||Denis 'GNUtoo' Carikli|
|15||5||Denis 'GNUtoo' Carikli||
The modem runs non-free software, which is loaded but not shipped by Replicant.
* When using flight mode, The main CPU has to ask the modem to power itself off.
|17||1||Denis 'GNUtoo' Carikli||
* The modem is isolated:
|18||24||Denis 'GNUtoo' Carikli||
** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus.
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
|20||3||Denis 'GNUtoo' Carikli||
** It has no access to the other CPU peripherals.
|21||7||Denis 'GNUtoo' Carikli||
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
|22||5||Denis 'GNUtoo' Carikli|
|24||6||Denis 'GNUtoo' Carikli|
|25||5||Denis 'GNUtoo' Carikli||
* Investigate its terminal profile
|26||13||Denis 'GNUtoo' Carikli||
* Investigate TrustZone and other potential issues with the bootloader.
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
|28||14||Denis 'GNUtoo' Carikli||
* Investigate the flash layout, EMMC partitions, EMMC firmware
|29||23||Denis 'GNUtoo' Carikli||
* The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 18.104.22.168 of the Chapter 8 (Power Management Unit)).