Newer MTK chipsets

Das Signal das.signal at freecalypso.org
Thu Apr 20 09:06:49 UTC 2017


Hi Mychaela,

So far I understand the requirements for an acceptable chip would be:

- full code source, ideally with the revision history (git or otherwise)
- ability to program the fuses with a controlled signing key, or the
  possibility of completely disabling the signing check
- full documentation for the chip: hardware registers, OS functions, ..
- lack of unnecessary ARM cores for running a smartphone OS like Android

I think Qualcomm does make modems without additional ARM cores, they are
used iirc in the iPhone. I'm unsure however if they distribute the full
source to companies, it's more likely to be a situation similar to MTK
where OEMs get precompiled binaries with the possibility of adding small
parts. But perhaps large companies (Apple, Samsung, LG) do get the full
source and documentation due to their bargaining power. Also recently
Qualcomm has released more information about their secure boot mechanism:

https://www.qualcomm.com/media/documents/files/secure-boot-and-image-authentication-technical-overview.pdf

> Yet it apparently didn't matter to those guys that for TI's chipsets
> we have extensive source leaks and two successful projects (ours and
> OsmocomBB) that have working GSM functionality based on the available
> leaked sources and docs

Of course I may remember wrong, but I assumed OsmocomBB was based on the
classic method of white-room reverse-engineering, precisely to ensure the
produced code was free of bits from the TI leaks, and make the project
immune from possible legal threats.

--DS


More information about the Community mailing list