PINE64
Suggestion / Warning about closed source wifi and keyboard / touch pad firmware - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=111)
+--- Forum: General Discussion on Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=112)
+--- Thread: Suggestion / Warning about closed source wifi and keyboard / touch pad firmware (/showthread.php?tid=17443)



Suggestion / Warning about closed source wifi and keyboard / touch pad firmware - omarcomputing - 10-08-2022

How can you call pinebook pro "open" when it requires a closed source WiFi firmware? (and closed source keyboard / touch pad firmware)
"ath9k" or "carl9170" would be a good solution because they are open and work on 5GHz.
The TERES by Olimex suffers from this problem too but I was easily able to remove the wifi module on the motherboard with a heat gun and some rosin.
The pinebook pro looks incredibly difficult to remove the wifi chip from the motherboard.
The next generation of pinebook pro should include an open source wifi option or an easy way to remove anything that is not open source.
(No I do not work for Olimex. I just want a better pinebook.)

If someone can get physical access to your pinebook (and reverse engineer the firmware or buy it from the manufacturer), they could upload a modified keyboard firmware that includes a key logger.
I use tamper evident stickers over some of the screw holes and over the SD card slot to prevent this.

Please complete the poll to show support for an easily removable wifi module.
Open source freedom fighting is hard to do without any help.


RE: Suggestion / Warning about closed source wifi and keyboard / touch pad firmware - KC9UDX - 10-08-2022

(10-08-2022, 10:57 AM)omarcomputing Wrote: If someone can get physical access to your pinebook (and reverse engineer the firmware or buy it from the manufacturer), they could upload a modified keyboard firmware that includes a key logger.
I use tamper evident stickers over some of the screw holes and over the SD card slot to prevent this.

Or they could modify your operating system to do whatever.

If they can, you can.

You already can alter the keyboard firmware. You can turn off the Wi-Fi. Mine is turned off; I use a USB WiFi dongle.


RE: Suggestion / Warning about closed source wifi and keyboard / touch pad firmware - omarcomputing - 10-08-2022

(10-08-2022, 12:37 PM)KC9UDX Wrote:
(10-08-2022, 10:57 AM)omarcomputing Wrote: If someone can get physical access to your pinebook (and reverse engineer the firmware or buy it from the manufacturer), they could upload a modified keyboard firmware that includes a key logger.
I use tamper evident stickers over some of the screw holes and over the SD card slot to prevent this.

Or they could modify your operating system to do whatever.

If they can, you can. 

You already can alter the keyboard firmware.  You can turn off the Wi-Fi.  Mine is turned off; I use a USB WiFi dongle.

I realize that but the idea for this thread is to show support for an easy to remove WiFi module.

In a root encrypted file system you cannot modify the OS without knowing the encryption key but you can change the unencrypted boot loader with a malicious one. If the keyboard / touchpad firmware was open source, it along with the unencrypted boot loader can be verified on boot with an external device similar to Librem Key from Purism. I think the best solution to remedy this is to use tamper evident stickers over some of the screw holes and over the SD card slot.

Just because the WiFi chip is "turned off" does not guarantee that it will remain radio silent (unless turning it off removes power to the chip.) Can someone confirm this? The best way to know for sure is to physicaly remove it. You have a closed source keyboard firmware turning off the Wifi so you cannot trust it. A physical switch to turn off the wifi chip (like on the pinephone) would be a better solution or better yet a way to remove the chip entirely. Right now I have the antenna disconnected but I still plan to physically remove the WiFi chip at the risk of destroying the motherboard.


RE: Suggestion / Warning about closed source wifi and keyboard / touch pad firmware - KC9UDX - 10-08-2022

Turning it off does remove the power. I think you can find the information you seek in the wiki.

It would be a pretty good trick to update your keyboard firmware without your notice. Especially just for the sake of installing a keylogger in the wifi "firmware" that's on your encrypted root device (it would be still much easier to modify the much better documented operating system). If you're that worried, you can permanently remove power to the chip pretty easily. The schematics are available. But that won't stop someone doing the same for whatever alternative interface you use.

The keyboard firmware has been cracked. You can do what you like with it, example source code is available.

I'm tempted to install my USB dongle inside the case of the PBP.