
PinePhone Misconceptions - UkiahSmith
https://www.pine64.org/2020/01/24/setting-the-record-straight-pinephone-misconceptions/
======
squarefoot
What most critics miss about its hardware is that the few closed subsystems
have no access to system memory and storage. It is _very_ different from say a
ME module into a CPU, or a closed card stuck into the same bus with the disk
controller, which is the case of just every "open" laptop out there. USB, i2c
and SPI are effective measures against malicious hardware taking control of
the system bus and sucking data from peripherals. Even in the unlikely (but
technically possible) scenario in which some chips loaded with malicious
firmware attempt to sniff the i2c bus, they will be fed data that has been
already encrypted on a system memory, bus and storage they have no access to.

If the user encrypts the data before sending it, whether the 4G modem/WiFi/BT
are closed or not, they will see just noise.

~~~
throwaway41597
The PinePhone looks compelling indeed.

One question: does anyone know where encryption occurs for 4G and Bluetooth
voice for example? Is audio going to a BT headset encrypted inside the BT
chip? Is audio going to the 4G network encrypted inside the modem?

Edit: Thanks for your replies.

~~~
RL_Quine
There's not really any meaningful encryption in LTE in the real world, that
there is is vulnerable to all sorts of nasty downgrade attacks. You're better
forgetting there is any and assuming that it's all in cleartext. Any there is
will be deciphered on the radio hardware and then send in the clear to the
main processor. This is how it always works.

The point of the pinephone post here is that you're basically treating the
entire modem as untrusted and part of the internet rather than part of your
device, which is the correct approach.

------
yjftsjthsd-h
> It’s worth mentioning that LPDDR3 initialization is done by u-boot SPL,
> which is also open source. There are no blobs in there either.

That's actually pretty impressive, isn't it? I was under the impression that
RAM setup was a mess.

~~~
monocasa
It's been open on these chips for a while (which is probably one of the
reasons why Pine is so into them).

And the way it works with these chips it's a pain to support more than one
board layout with more than one model of chips, but that's more a supply chain
and SKU explosion issue.

------
l0b0
This just sounds like a classic case of perfect being the enemy of good. A
bunch of "purists" unironically lamenting the fact the device isn't 100.00%
FOSS while typing on much more closed platforms. Or maybe just planted
misinformation by competitors or three-letter agencies, either of which don't
seem too far-fetched these days.

------
npo9
Can someone explain why the modem running closed source blob is not considered
a huge problem?

~~~
keyme
As long as the modem is connected via SDIO/USB to your open system (which it
is), how is this a problem? It's treated as compromised/hostile.

Encryption of IP traffic happens on the open system, so no problem there.

If you'd like to complain about encryption of voice calls happening on the
closed modem, I have some bad news. It wouldn't matter if it was open or
closed, since the network it negotiates keys with is also compromised.

The only problem remaining, on this particular device, is direct connection of
physical sensors (microphone, GPS, etc) directly to the modem. This is solved
by physical switches (or hardware switches controlled from the open system)
between the sensor and the modem.

The only exception I see now is the GPS, which is embedded into the modem. If
they solve that, I'm buying the phone.

~~~
dev-il
> The only problem remaining, on this particular device, is direct connection
> of physical sensors (microphone, GPS, etc) directly to the modem

is that even the case of the microphone? My understanding was that -
independently of the possibility to turn the microphone and modem off with
kill switches - all audio data to the modem comes via I2S from the SoC
anyways, i.e. that the microphone is NOT directly connected to the modem but
to the SoC (possibly via a separate audio codec Chip) and that the SoC serves
the modem via I2S whatever audio data the user pleases (whether that be from
the microphone or whatever else).

~~~
MartijnBraam
Yes, the modem can't talk to anything, it's only connected to the SoC with the
i2s audio bus and the usb bus, the SoC controls what gets sent to the modem.
for a voice call the SoC proxies audio between the mic/speaker and the modem.

------
swiley
It’s just as closed as the typical laptop (better in many ways, some newer
laptops have some nasty stuff in the bios) I think there might be 2 WiFi cards
that even have open source firmware and the firmware isn’t complete enough to
be usable for most people.

I’m not sure who would be surprised by this, I feel like anyone that cares
this much would be paying enough attention to know what’s going on.

~~~
prox
The librem phone seems a lot more open, and the zerophone is also very
interesting.

~~~
kop316
I'd say both are about the same. The Librem 5 physically puts the Modem and
Wifi/BT modules on a physical card, where the PinePhone make it all into a
single board. I believe both have the same physical/logical seperation (i.e.
Modem and Wifi/BT are on a Bus versus integrated directly into the CPU), and
both support a hardware disable due to the physical seperation.

Both Phones have to load firmware into the Modem and WiFi/BT.

------
petecox
Replicant has an evaluation page incorporating this info with a handy table.

[https://redmine.replicant.us/projects/replicant/wiki/Pinepho...](https://redmine.replicant.us/projects/replicant/wiki/Pinephone)

~~~
miohtama
Looks like camera is open. I wonder if it possible to tweak software to get
unholy quality out of sensors like Pixel phones do, or does one need to have
high power/integrated GPU or TPU hardware for it.

~~~
solarkraft
The unholy quality on pixel phones is achieved through taking many pictures
and combining them in smart ways (Google's computational photography wizard
Marc Levoy has given a great series of lectures about the theory behind it:
[https://www.youtube.com/playlist?list=PL7ddpXYvFXspUN0N-gObF...](https://www.youtube.com/playlist?list=PL7ddpXYvFXspUN0N-gObF1GXoCA-
DA-7i)) through a Qualcomm Hexagon processor, which has a special VLIW (Very
Long Instruction Words) architecture. This co-processor is in every high-end
Snapdragon (800 series) phone made in the last few years and you can
relatively easily get the software to run on them through modded Google Camera
versions commonly known as "Gcam ports".

My actual point is: You don't need special camera firmware to do this.

What you _do_ need special (or open enough) firmware for is stuff like long
exposures - the inability of which highly frustrated me on the phones,
especially from Sony, I have owned so far. Doing weird stuff with the camera
will probably be quite fun, but then again I don't believe the actual camera
device will be that good.

------
Skunkleton
All network connected systems have a boundary where they become untrusted.
With the exception of the GPS, this all seems like a securable, hackable, and
supportable system architecture.

RE cellular modems, there are some things worth noting. First, they are a huge
privacy hole. It doesn't matter if they run open or closed firmware, the real
adversary is the cell provider's hardware. Second, interoperability is a real
problem. There would be large consequences if enough improperly configured
cellular modems ended up in the wild.

Edit: Another point here. Open firmware does guarantee security. It is
unlikely that whatever distro you end up running on your pine phone will be
nearly as secure as iOS or Android. Of course privacy is a different story.

------
ldng
Can someone clear up if the modem and the GPS can talk directly? Not being
able to shutdown the GPS indepandently put me off librem.

~~~
nullc
Perhaps it would be better to say "Not being able to run the GPS with the
modem shut down"?

If the modem is on, the carrier can figure out your location relatively
precisely from your transmissions, even if GPS were disabled.

So the real loss is that you can't use the device for navigation/mapping
without turning on the modem.

Right?

At least this can be resolved by using an external receiver.

------
lvs
A removable battery AND a headphone jack? I mean, this is my definition of
luxury.

Has anyone actually gotten one of these yet? Any critical impressions? Could I
actually rely on it as a phone?

~~~
tmzt
People are reporting receiving them (the bravehert edition with near final
hardware) now in #pinephone on the pine64 discord.

------
numpad0
> The LTE modem on the PinePhone is a ‘black box’, and runs its own __Linux
> system __internally.

First mention of Linux I’ve seen wrt modem firmware. Interesting!

~~~
tmzt
The EG25 has two cores like most Android devices. One is running Qualcomm AMSS
and the other a Linux kernel. The Linux side apparently converts AT into QMI
messages, and provides endpoints for NMEA and other protocols.

It also uses an android bootloader and partition layout, and can support adb
connections.

[https://osmocom.org/projects/quectel-
modems/wiki/EC25](https://osmocom.org/projects/quectel-modems/wiki/EC25)

------
Tepix
This phone is looking fantastic. I‘m getting one for sure.

Perhaps the GPS issue can be solved by disconnecting the GPS antenna using a
kill switch.

------
anonymousiam
How long before PinePhone goes the way of Phantom Secure?
[https://www.sandiegouniontribune.com/news/courts/sd-me-
ramos...](https://www.sandiegouniontribune.com/news/courts/sd-me-ramos-
plea-20181002-story.html)

~~~
commoner
> To prevent law enforcement from getting their hands on the special phones,
> Phantom Secure required existing customers — referred to as “executives” —
> to vouch for new customers, then conducted background checks. The company’s
> safeguard didn’t always work.

> The judge called Fairfield’s participation in the scheme “aggravated”
> because of the significant amount of money laundered, the use of his
> expertise and the four-year stretch of illegal activity.

In contrast, anyone (including law enforcement officials) can buy a PinePhone,
and I doubt Pine64 is laundering money. It is unlikely for Pine64 to be
prosecuted the way Phantom Secure was.

