• AProfessional@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    Even that isn’t enough. The wireless modules of normal phones have direct access to system memory and, by law, have proprietary firmware. Some exploits have been found over the years. This needs to be isolated to avoid backdoors/bugs.

      • elderflower@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Example: https://grapheneos.org/faq#baseband-isolation

        Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations…Earlier generation devices we used to support prior to Pixels had Wi-Fi + Bluetooth implemented on a separate SoC. This was not properly contained by the stock OS and we put substantial work into addressing that problem.

        Baseband modems were not isolated from kernel memory in stock Android, GrapheneOS had to do it themselves using the IOMMU. We do not know for sure due to the proprietary/closed-source nature of baseband modem drivers, but we have no reason to assume any OEM (Samsung, Xiaomi etc) implemented proper isolation of baseband modem and system memory.