When Replicant was started, the HTC Dream was the only available Android phone, and it had a Qualcomm System On a Chip (SOC). We then also added support for other very similar devices.
The System On a Chip family used by these devices was the MSM7K. Both the modem and the processor that run Replicant were in that same chip.While working on Replicant, very serious flaws were discovered with that System On a Chip family:
- The modem (which runs only non-free software) handled things that were too privacy sensitive, such as the audio CODEC, which, as I understand, makes it possible, hardware wise, for the modem to enable the microphone without the Application Processor (which ran Replicant) being involved.
- The RAM chips were shared between the CPU of the GSM modem and the SOC CPU. This was also the case for some of the supported devices that had a Samsung Exynos SOC like the Nexus S. This could enable the modem to take control of the processor running Replicant.
- The modem processor was in charge of booting the device. To do that it had to:
- Intialize all the system RAM
- Load the bootloader of the Application Processor in RAM and instruct that processor to run that code.
- The modem also handled the GPS. This is also a concern for other devices with different System On a Chip like the Nokia N900.
Despite the huge amount of work required, when alternatives became available, we switched away from devices with this System On a Chip family because the gravity of the issues was a nightmare.
While some of the above issues have been fixed in more recent Qualcomm System On a Chip families, the increasing amount of proprietary libraries for theses new families, and the lack of strong guarantees that would prevent the modem from being able to take control of the processor running Replicant made the project ignore and discourage the use of the newer Qualcomm System On a Chip families.Despite that, it may be possible to make sure that the modem cannot physically access and modify the Application Processor's RAM content, for instance by using the SOC IOMMU, if there is one, but that would require significant work. It would at least require:
- to be able to use a mainline kernel (to be able to have some trust in the code)
- to have public documentation on the System On a Chip IOMMU.
- to have people analyze the security of the IOMMU.
- to make sure that the IOMMU setup even before the RAM is even initialized. Nonfree bootloader most probably prevent that.
Despite that we may still accept contributions for devices with such System On a Chip, but it's best to contact the Replicant project (for instance on the mailing list or on IRC) before starting to work on that, to collectively decide how to handle that.
For instance some tablets use Qualcomm SOCs have no modems. So if the most important privacy sensitive hardware is under the control of the Application Processor, it might be possible to add support for such tablets if work is done to make sure that they can be useful without any proprietary libraries.