They have a policy of blocking firmware upgrades and designing around making it impossible, including for peripheral components. Read up on it. It's one of the goals of the device to prevent updating firmware unless it's not signed so anything can be installed as an update.
Conversation
I mean the schematics are public, I can swap in my own modules... I don't see how they could stop me unless it is enforced at the CPU level. Will research this.
1
SoCs themselves have a lot of firmware and they went out of the way to stop updating it via the OS for any other components too. It's not supposed to be possible to update the firmware on the baseband, Wi-Fi, etc. on it and particularly not for the SoC or other components.
1
They even went as far as doing some bits like RAM training via a secondary CPU (dedicating it to that purpose, so AFAIK it's not usable for other things) to avoid having it under the control of the OS or part of the boot chain that runs on the main CPU. It's supposed to block
1
updating it to 'protect your freedom' however that works by not having the ability to update firmware. It may be possible to use JTAG, etc. in some cases to bypass it. They deliberately chose components where they could block firmware updates in some way. That's the main concern.
1
So, in some cases, maybe they just didn't wire up all the data lines, in others they've configured it to prevent doing it, etc. So, sometimes they'll not configure security features (same case on their laptops), but they're also fine with just setting it up to block updates.
1
So, regardless of whatever is wrong with the Pinephone, they want to make something good and aren't sabotaging it, and they can improve it in future generations.
1
They don't have a weird ideology driving them to use loopholes to make a device where firmware can be considered 'hardware' by preventing updates to it. That's the only reason they can claim they avoid it: by preventing updates to it. It's still all there, including for the SoC.
1
1
And they don't consider it enough to simply not ship firmware / microcode updates. They consider it a problem for it to be possible for operating systems to do it, including the user going out of the way to do it via the OS. I think it's probably also considered an issue for it..
1
... to be possible with some out-of-band debug cable, etc. but just not nearly as much of one and I doubt they care about going out of the way to prevent that as they do with stopping updates via the OS. This is not the only issue with it. It is one of them, and representative
1
of the other issues with the device and why it is the way it is despite being quite expensive. So, yeah, the Pinephone is very low end hardware, and you get what you would expect for the price, including problematic hardware / firmware security, but future ones can be better.
They aren't explicitly anti-security and making design decisions based on stuff like that. Rather it's largely based on price. I think you are better off with that especially with the potential of future versions with higher end, more modern hardware. They won't sabotage it.
1
I don't expect them to set up security features for the SoC, setting up all the peripherals in a secure way, etc. and it can be problematic because public tools are generally not available to do stuff like flashing fuses in the SoC, even if it's still in development mode.
1
Show replies