Project

General

Profile

GalaxyS3I9300PrivacySecurityEvaluation » History » Version 24

Denis 'GNUtoo' Carikli, 05/20/2019 11:49 PM

1 1 Denis 'GNUtoo' Carikli
h1. GalaxyS3I9300PrivacySecurityEvaluation
2
3 2 Denis 'GNUtoo' Carikli
Note that this information may or may not be exhaustive.
4
It also may or may not contain all known issues or good point about this device.
5 1 Denis 'GNUtoo' Carikli
6 5 Denis 'GNUtoo' Carikli
h2. General freedom issues on the Galaxy S 3 (I9300):
7
8 1 Denis 'GNUtoo' Carikli
* The bootloader is proprietary and signed.
9 18 Wolfgang Wiedmeyer
* Some peripherals do require proprietary firmwares to work, [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]]. See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
10 19 Wolfgang Wiedmeyer
* The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details.
11 12 Denis 'GNUtoo' Carikli
* The hardware is proprietary, and we are not aware if any its schematics is available somewhere on the Internet.
12 1 Denis 'GNUtoo' Carikli
13 5 Denis 'GNUtoo' Carikli
h2. Modem related:
14 6 Denis 'GNUtoo' Carikli
15 5 Denis 'GNUtoo' Carikli
The modem runs non-free software, which is loaded but not shipped by Replicant.
16
* When using flight mode, The main CPU has to ask the modem to power itself off.
17 1 Denis 'GNUtoo' Carikli
* The modem is isolated:
18 24 Denis 'GNUtoo' Carikli
** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus.
19 15 Wolfgang Wiedmeyer
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
20 3 Denis 'GNUtoo' Carikli
** It has no access to the other CPU peripherals.
21 7 Denis 'GNUtoo' Carikli
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
22 5 Denis 'GNUtoo' Carikli
23
h2. TODO:
24 6 Denis 'GNUtoo' Carikli
25 5 Denis 'GNUtoo' Carikli
* Investigate its terminal profile
26 13 Denis 'GNUtoo' Carikli
* Investigate TrustZone and other potential issues with the bootloader.
27 16 Wolfgang Wiedmeyer
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
28 14 Denis 'GNUtoo' Carikli
* Investigate the flash layout, EMMC partitions, EMMC firmware
29 23 Denis 'GNUtoo' Carikli
* The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 8.8.1.45 of the Chapter 8 (Power Management Unit)).