12-08-2021, 09:16 AM
(12-08-2021, 09:05 AM)tophneal Wrote: it's likely not something you'll really need to worry about (that's a whole lot of hassle to muck around in the modem firmware just to get rid of the phone,) but if you feel inclined, you can build and install firmware yourself: https://github.com/Biktorgj/pinephone_modem_sdk
links and instructions to flash to stock can be found here: https://github.com/Biktorgj/pinephone_mo...ECOVERY.md and there is documentation for interacting with the modem firmware in the wiki.
i don't believe there's any other firmware that's OS-independent you really need to worry about. A fresh OS install should settle any fears, and void any need to wipe the internal storage, as writing the OS img will wipe out any existing data.
Thank you so much for the links! It's good to know that the only firmware is the modem. I was assuming there would be something like the BIOS/UEFI in x86 that sits under the OS.
For the Quectel EG25 I found this thread https://forum.pine64.org/showthread.php?tid=14935 from a couple of months ago. I assume that reflashing the modem firmware will be enough to reset and already compromised firmware by this CVE, right? Or does the existing firmware have control over the reflashing process, i.e. can the firmware lie that it is being completely reflashed? Finally, is this CVE still unpatched?