Quoting Enrico Weigelt, metux IT consult (enrico.weigelt@???):
> On 31.08.2017 20:07, Rick Moen wrote:
>
> >Having the i.MX6 ori.MX8 CPU 'separate' from the baseband
> >controller
>
> Does it have to be an mx6 ? okay, open gpu drivers, but perhaps a little
> bit expensive and produces a lot heat.
They say it's going to be either i.MX6 or i.MX8. They haven't yet
decided. (This further underlines my point that it's definitely nothing
like a finished product, yet.)
> #1: isolate them as much as we can, power on only if required, no direct
> connections to other vital devices, eg. main memory, storage, ports,
> mic, etc - for some interfaces eg. i2s we could even add an extra
> tamper detection (when baseband attempts to read audio stream)
> or just inject fake data when no actual call is running (w/
> cell calls you can safely assume being wiretapped)
This would be the opimal approch given the existing baseband situation,
but please note that Puri.sm haven't specified yet what they mean by
'separate'.
The Tor Project hardened-Android articles has some good thoughts about
the baseband problem and how to isolate it as best can be achieved under
current circumstances.
I don't want to be unduly cynical about Puri.sm, but they have had a
history of overselling and being just a bit reticent about the secret
proprietary bits they've not addressed at all in their 'open' designs.
> They suggest firefox ... recent versions (at least since 52) have
> built-in malware. I've already removed larged parts of it (yet
> very experimental and untested) - still need a strategy to align
> w/ upstream.
Have you written this up, somewhere?
> MSF has already made it perfectly clear they'll never accept any patches
> for that and continue their path (already threatened me personally)
And have you written up the details of this?