Chris_ has quit [Remote host closed the connection]
_whitelogger has joined #neo900
xmn has quit [Quit: Leaving...]
piku has left #neo900 ["Leaving"]
_whitelogger has joined #neo900
pagurus has quit [Ping timeout: 246 seconds]
pagurus has joined #neo900
_whitelogger has joined #neo900
clapont has quit [Ping timeout: 250 seconds]
_whitelogger has joined #neo900
_whitelogger has joined #neo900
_whitelogger has joined #neo900
Szeraton has quit [Quit: Lost terminal]
dazinism has quit [Remote host closed the connection]
dazinism has joined #neo900
ArturShaik has joined #neo900
Kabouik has joined #neo900
_Chris_ has joined #neo900
dazinism has quit [Write error: Connection reset by peer]
dazinism has joined #neo900
clapont has joined #neo900
<clapont>
hi... Joerg-Neo900: why you wish to "sandbox" the modem? isn't it easier a modem driver to be developed, like for any other device in Linux? continuing this idea, a phone focused Linux based distro (Lineage/etc) with a driver for modem would be enough, is it? also, we should realize it's a phone not a full computer to play games/access the bloat sites/etc.. a phone which can do more usefull things, not a 9
<clapont>
5% compression-crunched computer.
<dos1>
clapont: uhm... "modem driver"? :p
<enyc>
clapont: certifications for mobile modem is very hard to get ... and fundaemantl problem is the modem able to access main device memory.
<dos1>
modem has to be "sandboxed" because it's basically an opaque blob full of potentially exploitable code you don't control
<enyc>
clapont: so, makes much more sense to segregate an existing usable approved modem and consider it as untrusted as network itself.
<dos1>
and that blob is not "a driver" - it's pretty much an essence of what makes a modem modem. you'd pretty much have to make your own modem to change it, which is itself much bigger task than producing a smartphone
<bencoh>
think of it as a firmware running on the modem cpu
<dos1>
when it comes to actual "drivers", it's usually well-supported already on both kernel and userspace middleware levels, as most modem modules communicate via either AT or QMI
<dos1>
so you only have to deal with vendor quirks ;D
<clapont>
enyc, dos1: sorry, I don't understand... and maybe is something too obvious for you :-) this is how I think: a hardware device has IO for data/command words... a software written in asm/c/etc can control that device and expose it to the OS through an API (for AT commands/etc)
<dos1>
that software already lives in the modem; you don't even have access to lower level IO
<clapont>
why a modem driver has to be "certified"? are the Linux drivers "certified", all of them. for example, take any USB camera, knowing/using the "uvc" protocol.. they just work
<dos1>
in turn, to support AT with modem like PLS8, all you need on the Linux side is a regular USB serial device driver
<clapont>
dos1: maybe here is my missunderstanding.. a modem has wires/antenna and chip to control antenna/data... cannot be these programmed? I am only thinking back to a z80 processor/a51/etc
<dos1>
this is where this whole certification issue comes in
<clapont>
why it has to be "certified"? if I have a modem, I make a driver for it (to expose it to USB), I put the code online for everyone to see it with their own eyes.. then what more? anyone who wishes, is using the modem and my code
<dos1>
this is not wifi range where you're free to transmit within some power limits - cellular range is highly regulated and you need certifications and/or other permits in order to transmit
<dos1>
(at least in most of the world - I'm sure you can find some autonomic island where it's legal :D)
<clapont>
aha. right, the cellular ranges are highly regulated by governments... well, they can get the code on a cd or even printed on paper
<dos1>
so you deal with all this legal mambo jumbo by either being a big company that can deal with that easily, or by buying a complete module that's already certified and exposes some usable interface to you, like AT or QMI
<clapont>
so this is the big deal? this is the "certification" issue? how much would this cost, what is this proces taking?
<dos1>
well, at the beginning you would have to make a modem, as most of those available on the market use cryptographically signed firmwares and verify them when trying to update
<dos1>
(you could also try to find some exploit and "break in" ;))
<clapont>
dos1: understood, thank you for explanation. now I see the problem is easier than I thought. so there is a way to have your drive on modem, just it is about bureaucracy!
<dos1>
basically both bureaucracy and resources
<dos1>
if all you need is a 2G module, resources are already there
<clapont>
"cryptographically signed firmwares" - hmm, isn't this driver we're speaking about - supposed to replace the proprietary "cryptographically signed firmwares" ?
<dos1>
if you want shiny LTE/5G, you probably need a huge investment just to write your own software
<dos1>
clapont: but how? all you get from the module is AT/QMI. you can't do anything lower level without replacing the firmware
<clapont>
what about 3g? 3g allows enough speed. I started browsing the internet through a 14400bps so I know to be very very reasonable
<dos1>
you may try looking for some holes or debug interfaces, but that's about it
<dos1>
AFAIK 3G is way more complicated than both 2G and 4G
<dos1>
solutions for 2G already exist, although not very "user oriented" (OsmocomBB)
<clapont>
dos1: so the firmware can be written, just the certification of it is the problem?
<dos1>
clapont: but where will you run your new shiny open firmware?
<dos1>
there were some modules that allowed you to flash your own firmware, and that's what OsmocomBB operates on
<dos1>
mostly 2G stuff
<clapont>
so you suggest the modem itself is the root of the problem?
<dos1>
so the first issue is actually getting your firmware to run
<dos1>
when you tackle that, then you won't be able to do anything with it legally without certification
<dos1>
only when you get that certified (and I'm not exactly sure if anything that allows user modification will actually pass certifications in US and Europe), you can think about selling that officially
<dos1>
(plus, of course, the "issue zero" - those firmwares are complicated and costly to make in the first place)
<clapont>
a hardware manufacturer of the modem (the board + wiring + antenna + chip) which will provide the full specs (pin i/o, diagrams etc) can be found? or it is available already?
<dos1>
how many modem makers do we actually have on earth right now? qualcomm, intel... anything else?
<dos1>
I heard some rumours that Apple is working on their own, but they already worked with both Qualcomm and Intel and even been in court being accused of copying their designs xd
<clapont>
dos1: sorry not to be updated.. I knew there were more modem providers.. even the Winmodems were something. but I realize the miniaturization got everything to new levels and only huge companies afford to continue
<dos1>
well, yeah, there used to be more even in GSM space
<dos1>
now even the Cinterion modules that were planned to be used in Neo900 are pretty much wrapped Qualcomm chips
<clapont>
ericcson was making 3G modems for laptops.. I have such modem, like 50x30x4mm, miniPCIe
<dos1>
lots of companies make modems in different form factors, but usually there are the same things inside
<clapont>
the laptops use Intel CPUs (most of); so using an Intel CPU means you trust the Intel.. so.... you can as well trust Intel's modems
<dos1>
although back in the 3G times it could have been a bit more varied than today
<clapont>
I mean... if I suspect everything and everyone.. I may have to trust myself only - and I die this way :-)
<dos1>
even Intel was actually a bit late to the LTE party. I think they haven't had anything working yet when Neo900 was started
<clapont>
(without any working solution/phone I mean)
<clapont>
I think Intel modem is a very good solution. in the end I only wish an reasonable assurance that my phone does what I wont, without stealing my data. the ones who need 1000% secrecy could/should invest in the proper certification/top-down process and eventually making a business out of it
<clapont>
*what I want
<Joerg-Neo900>
3G/LTE firmware is something around 500 manyears of development (been there seen that: ST-Ericsson NovaThor, Thorium, Radium chipsets, I done debugging of the local interface drivers e.g. HSI, I2C. UART)
<Joerg-Neo900>
>>I'm not exactly sure if anything that allows user modification will actually pass certifications...<< nope, you must sign a paper that guarantees that your firmware&chipset combo as evaluated&approved&certified doesn't allow any messing around with IMEI
<Joerg-Neo900>
the CTO signs that paper
<Joerg-Neo900>
>>Cinterion modules that were planned to be used in Neo900 are pretty much wrapped Qualcomm chips<< s/pretty much//
<Joerg-Neo900>
the point is we DO NOT trust any modem
<Joerg-Neo900>
>> only wish an reasonable assurance that my phone does what I wont, without stealing my data. the ones who need 1000% secrecy could/should invest in the proper certification/top-down process<< Please read again what I explained above (>>[4 Apr 2019 23:26:59] <Joerg-Neo900> Neo900 approach to backdoors always been: ...<<), your idea of >>proper certification/top-down process<< isn't feasible, it's exactly like producing a Linux distro that is *
<Joerg-Neo900>
oh right, I missed to answer the question about cost of certification (https://fccid.io/QIPPHS8-P/Test-Report/Test-Report-1597401.pdf is a final summary of such cert process doen by 3rd party) - it's anywhere in the 5 to 6 figures USD
<Joerg-Neo900>
then you got FCC. You might want to get approval/cert of other authorities as well, for other countries/regions of globe
<Joerg-Neo900>
>>The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons<< *cough*
<Joerg-Neo900>
aah well >>A separate approval is required for portable operating configurations, as defined in 2.1093 of the rules<<
Pali has joined #neo900
<Joerg-Neo900>
OOOOOHOHO they do same "trick" like Neo900 >>The X210 is a strange machine. A set of Chinese enthusiasts developed a series of motherboards that slot into old Thinkpad chassis, providing significantly more up to date hardware.<<
<Joerg-Neo900>
and a nice detail: >>The other fun thing about it is that none of the firmware flashing protection is enabled, including Intel Boot Guard.<<
ArturShaik has quit [Ping timeout: 245 seconds]
<clapont>
Joerg-Neo900: thank you very much for you kind explanations and time.
<Joerg-Neo900>
yw :-)
<Joerg-Neo900>
you got he chat of 4 Apr 2019 21:00 +x ?
<Joerg-Neo900>
in /topic there's a link to chanlogs