[zeta0134]

To me, the modem running a closed source blob is okay so long as that entire system is acting as a slave to the host, and isn't integrated with that host. The PinePhone appears to be explicitly designed around a total lack of trust for that modem. In a way, you could think of the modem at that point like any other Wireless Access Point you might connect to. Think about going into a coffee shop; sure you can hop on CafeBucks WiFi, but do you know what firmware the access point is running? How do you know it's secure? Heck, could you even guess the model number? Of course you can't; instead, your security model treats that entire communication line as potentially insecure, and implements SSL/TLS on top of it.

The PinePhone appears to use a similar approach here. The modem's only job is to provide a data connection, and ideally everything sent through that connection is encrypted in such a way that even if the modem wanted to snoop, it would be unable to do so. All it sees is encrypted noise, with the OS and application doing everything they can to keep it that way. The additional hardware isolation helps to ensure that even if the modem is compromised in some way by an attacker (difficult, but theoretically not impossible) it has very limited access to the rest of the phone, and would hopefully not be able to do very much damage. This is in stark contrast to most of the rest of the mobile industry today, which happily integrates the modem into the rest of the memory space, and would be at far greater risk should a modem exploit be discovered.

None of this is perfect, of course. In a perfect and ideal world, a FOSS modem would exist at scale, and the PinePhone would use that and all of the firmware would be open source. But the practical reality is that, at scale, a closed blob for the modem is required; no alternative exists that's cost effective enough to bring to market. So, the phone is designed to give that blob just as little trust as possible while still making the connection work. I think that's a perfectly fair trade.

[mirimir]

> This is in stark contrast to most of the rest of the mobile industry today, which happily integrates the modem into the rest of the memory space, and would be at far greater risk should a modem exploit be discovered.

Is that still the case? I though that most phones now isolate modems via some flavor of USB with IOMMU.

And indeed, that phones now isolate modems better than Intel and AMD machines isolate USB devices. There's IOMMU, but only some software actually uses it, such as Qubes.

[MartijnBraam]

Modems in modern phones are all integrated in the SoC, it's technically seperated by iommu, but the issue with that is that you can't verify that the iommu works. There isn't really anything preventing the modem having some hard lines into the RAM.

With the PinePhone (and also the Librem 5) the modem and SoC are physically seperate so the communication between those two components can be inspected and controlled.

[mirimir]

Thanks. So OK, it comes down to trusting IOMMU.

But iOS devices don't have the cellular modem in the SoC.

And neither does the latest from Qualcomm with 5G, which I gather will go in at least high-end phones.