It's not my opinion that the statement you're making about basebands is untrue. A component being on the SoC doesn't mean it isn't isolated. A component being on a separate chip doesn't mean it is isolated. Those are objective reality is that it depends on the implementation.
Conversation
SoC components tend to be among the most well isolated. Components like Wi-Fi that are rarely part of the SoC and yet often have DMA access tend to be those that are the most poorly isolated. Drivers also need to treat components as untrusted which Linux drivers often don't do.
1
It's wrong to portray mobile as a different situation than desktops and similarly to portray mobile basebands as an extremely special case. A desktop CPU is already a vastly complex system of hardware, microcode and firmware, and there are many other components in a system.
2
A laptop or desktop will often have dozens of different processors effectively running their own operating systems. The main difference with phones is that more of this is provided by a unified SoC from one company with shared security work, rather than many different companies.
1
There was discussion while back about librem to provide security by isolation like qubes os. Arguments against were cpu hog and bad ux. Not sure was it for laptop or phone...
1
Virtualization is only one possible option for implementing isolation. I'm also not even talking about providing a substantially more secure OS but rather just not substantially rolling back privacy and security from the existing mainstream mobile OS options.
2
Yes with Xen. Not sure how much such approach is viable on their soc. I just mentioned what options were considered early on.
1
It isn't viable due to the SoC choice, and QubesOS also isn't designed for that. Again, I'm not talking about not providing a substantially more secure OS but rather choosing to drastically roll back privacy and security from the status quo while falsely claiming it's better.
2
It's actually good to hear your opinion and I'm glad you responded. I genuinely loved the idea of linux phone with some nice hardware addition like mute button you mentioned.
1
Most phones are Linux phones, and some of them offer decent security. The Linux kernel is really their most prominent weakness. The equivalent in userspace to the Linux kernel is having everything in PID1, written solely in memory unsafe languages with ever expanding complexity.
1
To many people that probably sounds a bit like the direction systemd took the Linux desktop, but I'm talking about a far more extreme case. That's the state of the Linux kernel itself. Also add in very decentralized development with the vast majority caring little for security.