Project

General

Profile

Actions

ModemIsolationResearch » History » Revision 17

« Previous | Revision 17/67 (diff) | Next »
Denis 'GNUtoo' Carikli, 03/20/2019 02:51 PM


ModemSharedMemory

This section documents in more details the architecture of system on a chip and devices that have shared memory between the modem and the processor running Android. Since the modem runs (only) proprietary software, devices that doesn't have any mechanism that prevent the modem from taking control of the processor running Android are a grave concern for users freedom ans security.

This section focuses on that issue. Some Qualcomm System On a Chip that are affected by this issue also have other issues that aren't mentioned here but in the Qualcomm System On a Chip page.

Documenting the issue more in depth might allow us to understand if some devices with shared memory between the modem and the processor running Android might be able to be used safely.

Requirements

Having the modem and the processor running Android in separate chip, connected through a bus (like USB) that doesn't allow the modem to access the Android processor's memory offers pretty good guarantee that the modem cannot take the control of the processor running Android at a hardware level.
When the modem and the Android processor are in the same chip or when they use shared memory to communicate, and that memory is also used by the processor operating system, such guarantees are gone.

Several hardware mechanism that can bring them back exist:
  • Some smartphones manufacturer could connect the modem to the processor running Android with separate dedicated memory that is not used for things other than enabling them to communicate.
  • IOMMUs are hardware dedicated to prevent peripherals (like a modem) from taking control of the processor (that is here running Android). To have enough guarantee, such hardware should have good technical documentation and the code using it should have good peer review (It should be good enough if it is in upstream Linux).

System on a chip

This lists system on a chip that also Include a modem and have shared memory between the modem and the processor running Android, and the way the modem and the processor running Android are isolated or not.

Vendor System on a chip Isolation Market share References
Qualcomm Mobile Station Modem (MSM) Snapdragon 7x30 Bad:
* The modem is in charge of loading the bootloader of the processor running Android. Because of that it can temper with that bootloader and take control of the processor running Android.
* The modem can access the memory of the processor running Android, and can take control of it through that way.
* The modem has access to the storage of the processor running Android, so it can take control of it through that.
? boot process
Qualcomm Snapdragon S4 Unknown:
* The modem is booted by the processor running Android (which in turn is booted by a separate boot processor called RPM)
* There is not enough public documentation to understand if there is enough isolation between the modem and the processor running android.
?
Boot process
The Security of chip fabric page of rpw-pacsec2013-hexagon.pdf

Devices

This lists devices that have the modem and the processor running Android in separate chips and use shared memory between them, along with the way the processor running Android is isolated from the modem, or not.

Vendor Device Isolation References
Samsung Nexus S ? ?
Samsung Galaxy S ? ?

Updated by Denis 'GNUtoo' Carikli about 5 years ago · 17 revisions

Also available in: PDF HTML TXT