GalaxyS3I9300PrivacySecurityEvaluation » History » Version 28
Denis 'GNUtoo' Carikli, 01/05/2020 11:52 AM
1 | 1 | Denis 'GNUtoo' Carikli | h1. GalaxyS3I9300PrivacySecurityEvaluation |
---|---|---|---|
2 | |||
3 | 2 | Denis 'GNUtoo' Carikli | Note that this information may or may not be exhaustive. |
4 | It also may or may not contain all known issues or good point about this device. |
||
5 | 1 | Denis 'GNUtoo' Carikli | |
6 | 5 | Denis 'GNUtoo' Carikli | h2. General freedom issues on the Galaxy S 3 (I9300): |
7 | |||
8 | 26 | Denis 'GNUtoo' Carikli | * The bootloader is proprietary and signed. It's only possible to replace part of it. |
9 | 27 | Denis 'GNUtoo' Carikli | * The bootloader also loads a proprietary OS on the main CPU, in "TrustZone":https://en.wikipedia.org/wiki/Trusted_execution_environment. See "this analysis":https://sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/ for more details on the precise implementation for the Galaxy SIII. |
10 | 25 | Denis 'GNUtoo' Carikli | * Some peripherals do require proprietary firmwares to work. |
11 | ** See [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]]. |
||
12 | ** See also the "Missing without non-free firmwares" status in [[ReplicantStatus]]. |
||
13 | 19 | Wolfgang Wiedmeyer | * The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details. |
14 | 28 | Denis 'GNUtoo' Carikli | * The hardware is proprietary, and we are not aware if any complete schematics is available somewhere on the Internet. |
15 | 1 | Denis 'GNUtoo' Carikli | |
16 | 5 | Denis 'GNUtoo' Carikli | h2. Modem related: |
17 | 6 | Denis 'GNUtoo' Carikli | |
18 | 5 | Denis 'GNUtoo' Carikli | The modem runs non-free software, which is loaded but not shipped by Replicant. |
19 | * When using flight mode, The main CPU has to ask the modem to power itself off. |
||
20 | 1 | Denis 'GNUtoo' Carikli | * The modem is isolated: |
21 | 24 | Denis 'GNUtoo' Carikli | ** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus. |
22 | 15 | Wolfgang Wiedmeyer | ** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check). |
23 | 3 | Denis 'GNUtoo' Carikli | ** It has no access to the other CPU peripherals. |
24 | 7 | Denis 'GNUtoo' Carikli | * "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010 |
25 | 5 | Denis 'GNUtoo' Carikli | |
26 | 6 | Denis 'GNUtoo' Carikli | h2. TODO: |
27 | 5 | Denis 'GNUtoo' Carikli | |
28 | 13 | Denis 'GNUtoo' Carikli | * Investigate its terminal profile |
29 | 16 | Wolfgang Wiedmeyer | * Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?) |
30 | 14 | Denis 'GNUtoo' Carikli | * Investigate the flash layout, EMMC partitions, EMMC firmware |
31 | 23 | Denis 'GNUtoo' Carikli | * The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 8.8.1.45 of the Chapter 8 (Power Management Unit)). |