GalaxyS3I9300PrivacySecurityEvaluation » History » Version 28
Denis 'GNUtoo' Carikli, 01/05/2020 11:52 AM
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. GalaxyS3I9300PrivacySecurityEvaluation |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Denis 'GNUtoo' Carikli | Note that this information may or may not be exhaustive. |
| 4 | It also may or may not contain all known issues or good point about this device. |
||
| 5 | 1 | Denis 'GNUtoo' Carikli | |
| 6 | 5 | Denis 'GNUtoo' Carikli | h2. General freedom issues on the Galaxy S 3 (I9300): |
| 7 | |||
| 8 | 26 | Denis 'GNUtoo' Carikli | * The bootloader is proprietary and signed. It's only possible to replace part of it. |
| 9 | 27 | Denis 'GNUtoo' Carikli | * The bootloader also loads a proprietary OS on the main CPU, in "TrustZone":https://en.wikipedia.org/wiki/Trusted_execution_environment. See "this analysis":https://sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/ for more details on the precise implementation for the Galaxy SIII. |
| 10 | 25 | Denis 'GNUtoo' Carikli | * Some peripherals do require proprietary firmwares to work. |
| 11 | ** See [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]]. |
||
| 12 | ** See also the "Missing without non-free firmwares" status in [[ReplicantStatus]]. |
||
| 13 | 19 | Wolfgang Wiedmeyer | * The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details. |
| 14 | 28 | Denis 'GNUtoo' Carikli | * The hardware is proprietary, and we are not aware if any complete schematics is available somewhere on the Internet. |
| 15 | 1 | Denis 'GNUtoo' Carikli | |
| 16 | 5 | Denis 'GNUtoo' Carikli | h2. Modem related: |
| 17 | 6 | Denis 'GNUtoo' Carikli | |
| 18 | 5 | Denis 'GNUtoo' Carikli | The modem runs non-free software, which is loaded but not shipped by Replicant. |
| 19 | * When using flight mode, The main CPU has to ask the modem to power itself off. |
||
| 20 | 1 | Denis 'GNUtoo' Carikli | * The modem is isolated: |
| 21 | 24 | Denis 'GNUtoo' Carikli | ** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus. |
| 22 | 15 | Wolfgang Wiedmeyer | ** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check). |
| 23 | 3 | Denis 'GNUtoo' Carikli | ** It has no access to the other CPU peripherals. |
| 24 | 7 | Denis 'GNUtoo' Carikli | * "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010 |
| 25 | 5 | Denis 'GNUtoo' Carikli | |
| 26 | 6 | Denis 'GNUtoo' Carikli | h2. TODO: |
| 27 | 5 | Denis 'GNUtoo' Carikli | |
| 28 | 13 | Denis 'GNUtoo' Carikli | * Investigate its terminal profile |
| 29 | 16 | Wolfgang Wiedmeyer | * Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?) |
| 30 | 14 | Denis 'GNUtoo' Carikli | * Investigate the flash layout, EMMC partitions, EMMC firmware |
| 31 | 23 | Denis 'GNUtoo' Carikli | * The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 8.8.1.45 of the Chapter 8 (Power Management Unit)). |