GalaxyS3I9300PrivacySecurityEvaluation » History » Version 31
Denis 'GNUtoo' Carikli, 10/30/2020 07:55 PM
update bootloader status
|1||1||Denis 'GNUtoo' Carikli||
|3||2||Denis 'GNUtoo' Carikli||
Note that this information may or may not be exhaustive.
It also may or may not contain all known issues or good point about this device.
|5||1||Denis 'GNUtoo' Carikli|
|6||5||Denis 'GNUtoo' Carikli||
h2. General freedom issues on the Galaxy S 3 (I9300):
|8||31||Denis 'GNUtoo' Carikli||
* The bootloader is proprietary and signed. So far it's only possible to replace part of it but that requires yet another nonfree (first stage) bootloader.
|9||27||Denis 'GNUtoo' Carikli||
* The bootloader also loads a proprietary OS on the main CPU, in "TrustZone":https://en.wikipedia.org/wiki/Trusted_execution_environment. See "this analysis":https://sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/ for more details on the precise implementation for the Galaxy SIII.
|10||25||Denis 'GNUtoo' Carikli||
* Some peripherals do require proprietary firmwares to work.
** See [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]].
** See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
|13||30||Denis 'GNUtoo' Carikli||
* The bootrom is the first code that is executed. That code is stored in a read-only memory and has no free license: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details.
|14||28||Denis 'GNUtoo' Carikli||
* The hardware is proprietary, and we are not aware if any complete schematics is available somewhere on the Internet.
|15||1||Denis 'GNUtoo' Carikli|
|16||5||Denis 'GNUtoo' Carikli||
h2. Modem related:
|17||6||Denis 'GNUtoo' Carikli|
|18||5||Denis 'GNUtoo' Carikli||
The modem runs non-free software, which is loaded but not shipped by Replicant.
|19||29||Denis 'GNUtoo' Carikli||
* When using flight mode, The main CPU has to ask the modem to put itself in low power mode (and not transmit anymore).
** When booting Replicant 6 in flight mode, the modem still communicates with the SIM card.
** When booting Replicant 6 with the modem disabled (modem.sh off) either in flight modem or without being in flight mode, no access to the SIM card is done.
|22||1||Denis 'GNUtoo' Carikli||
* The modem is isolated:
|23||24||Denis 'GNUtoo' Carikli||
** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus.
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
|25||3||Denis 'GNUtoo' Carikli||
** It has no access to the other CPU peripherals.
|26||7||Denis 'GNUtoo' Carikli||
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
|27||5||Denis 'GNUtoo' Carikli|
|28||6||Denis 'GNUtoo' Carikli||
|29||5||Denis 'GNUtoo' Carikli|
|30||13||Denis 'GNUtoo' Carikli||
* Investigate its terminal profile
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
|32||14||Denis 'GNUtoo' Carikli||
* Investigate the flash layout, EMMC partitions, EMMC firmware
|33||23||Denis 'GNUtoo' Carikli||
* The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 22.214.171.124 of the Chapter 8 (Power Management Unit)).