GalaxyS3I9300PrivacySecurityEvaluation » History » Version 36
Denis 'GNUtoo' Carikli, 10/30/2020 08:03 PM
reflect better modem isolation
|1||1||Denis 'GNUtoo' Carikli||
|3||2||Denis 'GNUtoo' Carikli||
Note that this information may or may not be exhaustive.
It also may or may not contain all known issues or good point about this device.
|5||1||Denis 'GNUtoo' Carikli|
|6||5||Denis 'GNUtoo' Carikli||
h2. General freedom issues on the Galaxy S 3 (I9300):
|8||31||Denis 'GNUtoo' Carikli||
* The bootloader is proprietary and signed. So far it's only possible to replace part of it but that requires yet another nonfree (first stage) bootloader.
|9||27||Denis 'GNUtoo' Carikli||
* The bootloader also loads a proprietary OS on the main CPU, in "TrustZone":https://en.wikipedia.org/wiki/Trusted_execution_environment. See "this analysis":https://sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/ for more details on the precise implementation for the Galaxy SIII.
|10||32||Denis 'GNUtoo' Carikli||
* Some peripherals do require proprietary firmwares to work:
|11||25||Denis 'GNUtoo' Carikli||
** See [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]].
** See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
|13||1||Denis 'GNUtoo' Carikli||
* The bootrom is the first code that is executed. That code is stored in a read-only memory and has no free license: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details.
|14||34||Denis 'GNUtoo' Carikli||
* Like most mass storage device, the microSD has a nonfree firmware. Older devices have had firmware update released as GPL, so it might be possible to build a free firmware out of it if some people spend some time to to work on it.
|15||28||Denis 'GNUtoo' Carikli||
* The hardware is proprietary, and we are not aware if any complete schematics is available somewhere on the Internet.
|16||1||Denis 'GNUtoo' Carikli|
|17||5||Denis 'GNUtoo' Carikli||
h2. Modem related:
|18||6||Denis 'GNUtoo' Carikli|
|19||5||Denis 'GNUtoo' Carikli||
The modem runs non-free software, which is loaded but not shipped by Replicant.
|20||29||Denis 'GNUtoo' Carikli||
* When using flight mode, The main CPU has to ask the modem to put itself in low power mode (and not transmit anymore).
** When booting Replicant 6 in flight mode, the modem still communicates with the SIM card.
** When booting Replicant 6 with the modem disabled (modem.sh off) either in flight modem or without being in flight mode, no access to the SIM card is done.
|23||36||Denis 'GNUtoo' Carikli||
* The modem is somewhat isolated:
|24||35||Denis 'GNUtoo' Carikli||
** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus. This means that the modem could still take control of the Android part (for instance by emulating a keyboard) but it could only do so at boot, and the OS could also catch it. It could be improved with kernel USB whitelist and/or usbguard.
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
|26||3||Denis 'GNUtoo' Carikli||
** It has no access to the other CPU peripherals.
|27||7||Denis 'GNUtoo' Carikli||
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
|28||5||Denis 'GNUtoo' Carikli|
|29||6||Denis 'GNUtoo' Carikli||
|30||5||Denis 'GNUtoo' Carikli|
|31||13||Denis 'GNUtoo' Carikli||
* Investigate its terminal profile
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
|33||14||Denis 'GNUtoo' Carikli||
* Investigate the flash layout, EMMC partitions, EMMC firmware
|34||23||Denis 'GNUtoo' Carikli||
* The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 18.104.22.168 of the Chapter 8 (Power Management Unit)).