+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: General Discussion on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=127)
+--- Thread: Can internal PinePhone firmware be compromised? (/showthread.php?tid=12210)
Can internal PinePhone firmware be compromised? - fsflover - 11-18-2020
Perhaps a stupid question. Is there any firmware in PinePhone which could be compromised by the OS? For example, I heard that a compromised OS on a laptop can compromise BIOS, which makes the computer insecure without recurse (and you won't know it unless you have Anti Evil Maid).
Let's say I install some untrusted OS on the eMMC, use it, then wipe it. After that I boot from a trusted microSD, can I be sure that I am not compromised?
I am also thinking about such a use case: I have untrusted OS on the eMMC, where I collect all the viruses I want. When I need to do something security-critical (e.g., open my email), I insert a microSD with a bootable trusted OS, use it and then remove the microSD again returning to the initial untrusted OS. Would such access to the email be secure?
RE: Can internal PinePhone firmware be compromised? - ryo - 11-18-2020
All software available to the public can be compromised, and unless it's something almost nobody uses, all software will be compromised at some point in time.
Privacy, security, and freedom is never ethernal, and it's never a gift.
Both the consumer and developer have to fight for it forever.
RE: Can internal PinePhone firmware be compromised? - LinAdmin2 - 11-18-2020
The firmware in the Quectel modem can be changed and therefore it can also be corrupted.
I have not heard of any way how the bootloader could be compromised?
If that is not the case, eMMC always can be cleaned.
RE: Can internal PinePhone firmware be compromised? - evilbunny - 11-18-2020
(11-18-2020, 02:16 PM)fsflover Wrote: Let's say I install some untrusted OS on the eMMC, use it, then wipe it. After that I boot from a trusted microSD, can I be sure that I am not compromised?
Unlike regular computers, ARM systems have all the bios-y info stored on the emmc/sdcard, as @
RE: Can internal PinePhone firmware be compromised? - dallytaur - 11-18-2020
Would there be a way to lock down modem firmware with a dip switch seems like a major target
RE: Can internal PinePhone firmware be compromised? - LinAdmin2 - 11-19-2020
(11-18-2020, 06:07 PM)evilbunny Wrote:Wrong;(11-18-2020, 02:16 PM)fsflover Wrote: Let's say I install some untrusted OS on the eMMC, use it, then wipe it. After that I boot from a trusted microSD, can I be sure that I am not compromised?
Unlike regular computers, ARM systems have all the bios-y info stored on the emmc/sdcard,
The ARM system must have some initial loader to start reading from eMMc or sd.card.
RE: Can internal PinePhone firmware be compromised? - evilbunny - 11-19-2020
(11-19-2020, 11:03 AM)LinAdmin2 Wrote:(11-18-2020, 06:07 PM)evilbunny Wrote:Wrong;(11-18-2020, 02:16 PM)fsflover Wrote: Let's say I install some untrusted OS on the eMMC, use it, then wipe it. After that I boot from a trusted microSD, can I be sure that I am not compromised?
Unlike regular computers, ARM systems have all the bios-y info stored on the emmc/sdcard,
The ARM system must have some initial loader to start reading from eMMc or sd.card.
I'm led to believe boot is hard coded into the chip. The rest is on emmc/sdcard.
RE: Can internal PinePhone firmware be compromised? - wibble - 11-19-2020
https://linux-sunxi.org/Pine64#Boot_sequence
https://linux-sunxi.org/BROM#A64