Group: Hardware/Strategies/ReverseEngineering
(→Introduction) |
(→Is it the last step in completing the liberation of a whole device ?) |
||
| Line 7: | Line 7: | ||
For instance, [http://fortune.com/2016/09/08/raspberry-pi-10-million/ millions of Raspberry PI have been sold]. [https://github.com/christinaa/rpi-open-firmware A functional free software firmware] for the VideoCore IV GPU it uses would be beneficial to all existing users. Another example is the Samsung Galaxy SIII which sold [https://en.wikipedia.org/wiki/Samsung_Galaxy_S_III over 70 million units] and can easily be bought second hand world wide. A free software driver for the BCM4334 wifi chip could enable new Replicant users. | For instance, [http://fortune.com/2016/09/08/raspberry-pi-10-million/ millions of Raspberry PI have been sold]. [https://github.com/christinaa/rpi-open-firmware A functional free software firmware] for the VideoCore IV GPU it uses would be beneficial to all existing users. Another example is the Samsung Galaxy SIII which sold [https://en.wikipedia.org/wiki/Samsung_Galaxy_S_III over 70 million units] and can easily be bought second hand world wide. A free software driver for the BCM4334 wifi chip could enable new Replicant users. | ||
| − | == Is it the last step in completing the liberation of | + | == Is it the last step in completing the liberation of whole device(s) ? == |
For instance, consider the [https://linux-sunxi.org/A20 Allwinner A20 System on a Chip] in the [https://linux-sunxi.org/Olimex_A20-OLinuXino-Lime2 Olimex Lime2]. If we can make it work with free software, all the hardware of that chip will become functional in the free world. All of the hardware in that single board computer will likewise become functional in the free world. | For instance, consider the [https://linux-sunxi.org/A20 Allwinner A20 System on a Chip] in the [https://linux-sunxi.org/Olimex_A20-OLinuXino-Lime2 Olimex Lime2]. If we can make it work with free software, all the hardware of that chip will become functional in the free world. All of the hardware in that single board computer will likewise become functional in the free world. | ||
Revision as of 10:11, 15 October 2017
Contents
Introduction
Drivers, firmware, and hardware are integral parts of the computers we use and the devices that interact with them -- and when these things are proprietary, they are incompatible with free software. When the hardware manufacturer does not publish key technical specifications sufficient to write free drivers for their hardware, we'll have to reverse engineer the needed support. Which hardware should be prioritized ? We propose criterions and a few examples.
Is it a widely distributed hardware ?
For instance, millions of Raspberry PI have been sold. A functional free software firmware for the VideoCore IV GPU it uses would be beneficial to all existing users. Another example is the Samsung Galaxy SIII which sold over 70 million units and can easily be bought second hand world wide. A free software driver for the BCM4334 wifi chip could enable new Replicant users.
Is it the last step in completing the liberation of whole device(s) ?
For instance, consider the Allwinner A20 System on a Chip in the Olimex Lime2. If we can make it work with free software, all the hardware of that chip will become functional in the free world. All of the hardware in that single board computer will likewise become functional in the free world.
Is the work difficult ? (0 easy, 9 hard)
Low hanging fruit are motivating, create awarness on the problem and help new developers learn so they can work on more difficult tasks later on.
Is reverse engineering needed?
reverse engineering might not be needed as documentation might already exist, either published by the hardware manufacturer, or by people that did some reverse engineering on the hardware.
How useful is the hardware ? (0 not really, 9 very)
For instance, in the Samsung mobile phones, the Wifi, GPS and bluetooth drivers need reverse engineering. The wifi driver is more useful than the bluetooth driver.
Is it crucial ?
It is in hardware that does a job that is crucial for us to support. A job can be crucial even if only few people need to do it.
Hardware list
| Units | Last step | Difficult | Long | Useful | Crucial | |
|---|---|---|---|---|---|---|
| #Mali GPU | >100M | Yes | 5/9 | 9/9 | No | |
| BCM4334 Wifi | >70M | No | 9/9 | 9/9 | No | |
| BCM4334 Bluetooth | >70M | No | ?/9 | 2/9 | No | |
| BCM43438 Wifi | >10M | No | 9/9 | 2/9 | No | |
| Vivante GPU | ?? | No | 5/9 | 2/9 | No |
Mali GPU
The Mali GPU can be found in a lot of Allwinner System on a chip, since the Cedrus project took care of the video decoding offloading, only the Mali GPU isn't usable with free software. Such System on a chip can be found in many boards or devices which can easily be bought.
The Mali is also used in many Exynos System on a chip found in most Samsung phones (12) from the S2 to the S7 which sold over 100 million units combined (1, 2, 3). They can easily be purchased second hand world wide.
Reverse engineering is made easier because the driver is in user space and all dialogs with the hardware via a kernel driver published as free software.
The Lima project exists and is useable in some cases. But is incomplete and did not see much activity since 2016.
BCM4334 Wifi
The BCM4334 Single Chip IEEE 802.11 a/b/g/n MAC/Baseband/Radio with Integrated Bluetooth 4.0 + HS and FM Receiver is used in the Samsung Galaxy SIII which sold over 70 million units. It can easily be purchased second hand world wide. Reverse engineering would is very difficult. It would be very useful because it would enable Replicant. There are no ongoing reverse engineering projects for this chip.
BCM4334 Bluetooth
It is a part of the BCM4334 chip which also includes [[#BCM4334 Wifi|wifi], only it is less useful and the difficulty is unknown.
BCM43438 Wifi
The BCM43438 Single-Chip IEEE 802.11ac b/g/n MAC/Baseband/ Radio with Integrated Blue tooth 4.1 and FM Receiver is used in Raspberry Pi which sold over 10 million units. The user base is large and could upgrade to a free software driver. Reverse engineering would is very difficult. Although the bootloader is free software other hardware parts do not work wihout nonfree software. Since there also is an ethernet port, the availability of the wifi is not a blocker to operate the Raspberry PI.
Vivante GPU
The Vivante GPU is used in the i.MX_6 SoC which is used in the Novena laptop which sold ??? units. Reverse engineering is made easier because the driver is in user space and all dialogs with the hardware via a kernel driver published as free software. The Etnaviv project exists and is useable but it needs completion.
The only other part in the SoC requiring reverse engineering is the VDU.
TODO
SSD firmware blobs
It's pretty easy to hide data in an SSD or mount an attack on a machine when those blobs are totally unknown. You don't have to load the SSD firmware as part of boot, of course, but it is typically updateable. There's been a few demonstrations of attacks on USB/hard drive firmwares in the past. An exploit was found on an SD card firmware but was not weaponized. It is relatively trivial to hide data and do TOC/TOU attacks on unsuspecting hosts from mass storage firmwares.
Updating the firmware of a ssd / hdd
VDU used in the Novena
TBD
Raspberry hardware setup and bootloader
The Raspberry Pi needs nonfree software to start up. I think it initializes the hardware. This is a big problem; it means we have to call that machine "fatally flawed". I suspect that "bootloader" refers to just _part_ of the software that runs at startup time. It must run _after_ initializing the hardware.
Startup software consists of:
- Proprietary hardware setup.
- Free bootloader.
Freedom box
There are a number of hardware referenced at http://www.freedomboxfoundation.org/. Which one would benefit from reverse engineering and on which hardware part ?
