PinePhone Security
#1
I'm wondering if PinePhone has any of the following or is planned to have any of the following:

1) Titan M-like security chip
2) Hardware-backed keystore
3) Verified boot
4) Wifi and Cellular Baseband Isolation IOMMU
5) Device-specific software hardening (like kernel CFI)

Thanks - and feel free to discuss!
  Reply
#2
It doesn't have 1-3 so far as I know, and I think verified boot would need a different cpu if I understand the boot process correctly. See https://linux-sunxi.org/BROM#A64
4 - my cursory understanding is that the cellular is pretty well isolated, with most connection being via USB, and not having memory access. WiFi connects via SDIO so might have DMA. I don't know about IOMMU on the A64. Schematics and A64 docs are in the wiki so you can dig deeper if you know what you're looking for.
5. I don't know what's been done on that front.
  Reply
#3
(02-20-2021, 02:06 PM)wibble Wrote: It doesn't have 1-3 so far as I know, and I think verified boot would need a different cpu if I understand the boot process correctly. See https://linux-sunxi.org/BROM#A64
4 - my cursory understanding is that the cellular is pretty well isolated, with most connection being via USB, and not having memory access. WiFi connects via SDIO so might have DMA. I don't know about IOMMU on the A64. Schematics and A64 docs are in the wiki so you can dig deeper if you know what you're looking for.
5. I don't know what's been done on that front.

Sounds like we have to choose between security & control still Sad
GrapheneOS: security
Pine64 / purism: you actually have access to your own equipment (which the GOS dev seems to think is impossible to have while maintaining security)

However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
  Reply
#4
(03-12-2021, 05:48 AM)TurpentineOS Wrote: ...
However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
I think the software for the pinephone is not trustworthy yet[0]. Even if we accept that the volunteers, who prepare the distros, are doing their best, this is still a general-purpose computer with many options set to undesirable defaults for people looking for "security out of the box". Still, I use it daily because I expect it to be more secure than some alternative, cheaper devices.

[0] I've just found that on my phone systemd-resolve is listening on a port facing the internet and had to fix its settings. I hope someday I will be able to just uninstall it. Smile
  Reply
#5
(03-13-2021, 03:41 AM)bosi564 Wrote:
(03-12-2021, 05:48 AM)TurpentineOS Wrote: ...
However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
I think the software for the pinephone is not trustworthy yet[0]. Even if we accept that the volunteers, who prepare the distros, are doing their best, this is still a general-purpose computer with many options set to undesirable defaults for people looking for "security out of the box". Still, I use it daily because I expect it to be more secure than some alternative, cheaper devices.

[0] I've just found that on my phone systemd-resolve is listening on a port facing the internet and had to fix its settings. I hope someday I will be able to just uninstall it. Smile

if the internet is too dangerous for you, you always have the hardware switch to turn off networking, and play 2048 and chess with yourself
  Reply
#6
What's the most secure pinephone OS with working calls right now? And how would you reinstall plasma manjaro if you got a virus or similar?
  Reply
#7
Quote:What's the most secure pinephone OS with working calls right now?


I think that's a really hard question to answer even for experts. Also it depends on your definition of "secure" and use cases.

As a user I expect that the security will be similar to a desktop GNU/Linux OS and I already use it daily as an alternative to a feature phone (lucky me, I'm not tied to any android specific programs).


Quote:And how would you reinstall plasma manjaro if you got a virus or similar?
You can read how to install a fresh OS here : https://wiki.pine64.org/wiki/PinePhone_I...structions. Installing should be easy for anyone comfortable with a terminal emulator.
  Reply
#8
It's a linux machine just like any other. Open and awesome!  Your pinephone will be just as secure as your other Linux box because the same person maintains both of them Big Grin  .

IMO,
Operational security is the only security that matters because it can automatically adjust to any hardware / software combo on the fly for free.   Big Grin 
My phone is secure when it's used by me. If I hand it to someone else there is no telling what they will do with it.
At least with the pinephone it's actually a challenge finding software that pillages your privacy like almost every single Android and IOS app available.
EVEN BETTER: I can write a bash script and not need some app store "app".

If there is some systemd process running and you don't like it then just kill and remove it.  It's not like you have to root the thing, hahaha

Cheers!
  Reply
#9
(03-13-2021, 03:41 AM)bosi564 Wrote:
(03-12-2021, 05:48 AM)TurpentineOS Wrote: ...
However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
I think the software for the pinephone is not trustworthy yet[0]. Even if we accept that the volunteers, who prepare the distros, are doing their best, this is still a general-purpose computer with many options set to undesirable defaults for people looking for "security out of the box". Still, I use it daily because I expect it to be more secure than some alternative, cheaper devices.

[0] I've just found that on my phone systemd-resolve is listening on a port facing the internet and had to fix its settings. I hope someday I will be able to just uninstall it. Smile
You don't need to use systemd-resolved. Just disable it, or disable the features you don't like in its config file. I routinely disable LLMNR and similar in systemd-resolved.

(05-27-2021, 08:36 AM)temp0rary Wrote: What's the most secure pinephone OS with working calls right now? And how would you reinstall plasma manjaro if you got a virus or similar?
Compared to every other mobile SoC, SD card has hardware enforced boot priority on Allwinner SoCs. No modifiable code runs prior to booting SD card.

So while secure boot is nice to have, you can just boot a known clean OS to recover eMMC/modem from any malware. No need for root of trust, because no modifiable code can run before your known clean code starts running. True root of trust is whatever is on the SD card itself.
my website: https://xnux.eu
  Reply
#10
(05-30-2021, 11:15 AM)megous Wrote:
(03-13-2021, 03:41 AM)bosi564 Wrote:
(03-12-2021, 05:48 AM)TurpentineOS Wrote: ...
However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
I think the software for the pinephone is not trustworthy yet[0]. Even if we accept that the volunteers, who prepare the distros, are doing their best, this is still a general-purpose computer with many options set to undesirable defaults for people looking for "security out of the box". Still, I use it daily because I expect it to be more secure than some alternative, cheaper devices.

[0] I've just found that on my phone systemd-resolve is listening on a port facing the internet and had to fix its settings. I hope someday I will be able to just uninstall it. Smile
You don't need to use systemd-resolved. Just disable it, or disable the features you don't like in its config file. I routinely disable LLMNR and similar in systemd-resolved.

(05-27-2021, 08:36 AM)temp0rary Wrote: What's the most secure pinephone OS with working calls right now? And how would you reinstall plasma manjaro if you got a virus or similar?
Compared to every other mobile SoC, SD card has hardware enforced boot priority on Allwinner SoCs. No modifiable code runs prior to booting SD card.

So while secure boot is nice to have, you can just boot a known clean OS to recover eMMC/modem from any malware. No need for root of trust, because no modifiable code can run before your known clean code starts running. True root of trust is whatever is on the SD card itself.
[quote pid='95349' dateline='1622394904']
Sweet. I tried mobian... It's the best OS i have tried so far on the pinephone. Smile
[/quote]
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Thumbs Up Pinephone Application Compatibility coolusername 1 47 11 hours ago
Last Post: ryo
  Pinephone Pro availability bcnaz 2 14 Yesterday, 09:10 PM
Last Post: bcnaz
Heart What native PinePhone application would you like to see in the near future? kern707 94 22,058 Yesterday, 08:21 PM
Last Post: bcnaz
  Can use PlayStation on Pinephone? willharper 4 1,426 Yesterday, 05:15 PM
Last Post: bcnaz
  Poll 2: What is your favorite distro/interface for the PinePhone? amosbatto 3 1,149 Yesterday, 04:36 PM
Last Post: bcnaz
  How to open a terminal on my PC to the PinePhone? amosbatto 2 81 Yesterday, 01:24 PM
Last Post: wibble
  Pinephone not booting, always vibrating alexander12 3 115 11-29-2021, 02:42 PM
Last Post: wibble
  UPDATED (June 2021): 17-distro multi-boot image for Pinephone (incl. 3GiB variant) megous 172 122,764 11-29-2021, 09:03 AM
Last Post: bitcompact
  PinePhone to sell ; Community Edition Manjaro + Convergence Package Gribouille 6 515 11-28-2021, 06:52 AM
Last Post: Gribouille
  PlayStation emulator on Pinephone PinePS1 4 2,381 11-27-2021, 10:32 AM
Last Post: Rahac

Forum Jump:


Users browsing this thread: 1 Guest(s)