Hello everyone,
Silly idea maybe, but would it be possible to port osmocom-bb for mediatek/intel/qualcomm BBP and replace the current firmware with open one?
I presume it will be a tremendous amount of work, no doubts, but apart from that, is it theoretically and technically possible? Given root and/or hardware acces of course, we do not need to preserve the old firmware or exploit the update process (ie. if specific cert signature is needed for bbp-soc firmware update)
Note that we do not have to be limited by existing software access to baseband, and we could use jtag/testpoints/wiring to access the BBP in a way that will be necessary, similar to way libreboot is currently being flashed.
Thank you Marek Sebera
Hi Marek!
On Sun, Dec 17, 2017 at 12:58:00PM +0100, Marek Sebera wrote:
Silly idea maybe, but would it be possible to port osmocom-bb for mediatek/intel/qualcomm BBP and replace the current firmware with open one?
theoretically possible, yes.
I presume it will be a tremendous amount of work, no doubts, but apart from that, is it theoretically and technically possible? Given root and/or hardware acces of course, we do not need to preserve the old firmware or exploit the update process (ie. if specific cert signature is needed for bbp-soc firmware update)
The biggest challenges, from my point of view, are:
* using phones that don't use secure/authenticated boot for the BBP, or those where the certificates have leaked and/or exploits are known * finding significant enough amount of leaked sources or documentation and/or doing the reverse engineering required to understand how to talk to the DSP and/or related peripherals * finding the time to work on the protocol stack beyond classic 2G which is currently implemented in OsmocomBB.
Regards, Harald
- finding significant enough amount of leaked sources or documentation and/or doing the reverse engineering required to understand how to talk to the DSP and/or related peripherals
I have looked through leaked sources for mtk6260 and think there may be enough info tgere, but I lack deep gsm knowledge so maybe I am deceived.
- finding the time to work on the protocol stack beyond classic 2G which is currently implemented in OsmocomBB.
This is the work I intend to purse. Slowly I'm afraid.
Craig
Hi Harald!
* using phones that don't use secure/authenticated boot for the BBP, or those where the certificates have leaked and/or exploits are known
<>> Do we currently have any candidates? Or list of potential candidates? Are ie. Nexus devices friendlier ?
* finding the time to work on the protocol stack beyond classic 2G which is currently implemented in OsmocomBB.
<>> Wild idea this might be, but do we need BBP with 2G stack ? Could we settle for LTE-only open BBP ? I'm thinking about doing some chip works and minimizing the software stack based on srsUE
Cheers :) Marek
On 12/17/2017 01:33 PM, Harald Welte wrote:
Hi Marek!
On Sun, Dec 17, 2017 at 12:58:00PM +0100, Marek Sebera wrote:
Silly idea maybe, but would it be possible to port osmocom-bb for mediatek/intel/qualcomm BBP and replace the current firmware with open one?
theoretically possible, yes.
I presume it will be a tremendous amount of work, no doubts, but apart from that, is it theoretically and technically possible? Given root and/or hardware acces of course, we do not need to preserve the old firmware or exploit the update process (ie. if specific cert signature is needed for bbp-soc firmware update)
The biggest challenges, from my point of view, are:
- using phones that don't use secure/authenticated boot for the BBP, or those where the certificates have leaked and/or exploits are known
- finding significant enough amount of leaked sources or documentation and/or doing the reverse engineering required to understand how to talk to the DSP and/or related peripherals
- finding the time to work on the protocol stack beyond classic 2G which is currently implemented in OsmocomBB.
Regards, Harald
I am currently working on porting osmocom-bb to mtk6260/fernvale board available via open hardware and from sysmocom. My goal is to get a nuttx-bb + layer1 + mobile (osmocom-bb host software) working on fernvale and sim800h modules.
I am also working on integrating the old mt6235 sciphone g2 code as well as look dforward to 3g/lte with mtk6735as in the ZTE Obsidian.
I have some dreamy ideas about how to use fernly as a base for interactive creation and validation of board support and translate that into osmocom-bb firmware, nuttx application or library or even as a linux kernel driver or user space program (maybe in the ec20 qualcomm module case).
I'm not very far along but will try and share as many small PRs as possible . I would encourage others to do the same.
Cheers, Craig
Hello Craig!
you're proper cool ! Do you anything of your works public already?
is it possibly this? https://github.com/craigcomstock/osmocom-bb/tree/mt62xx https://osmocom.org/projects/cellular-infrastructure/wiki/Accelerate3g5_--_e...
I thought about MTK chipsets as good start-point for development, because they are less locked-down and there is bigger chance, they did not protect ie. the DSP codes enough.
Also the dev-board (mtk6260/fernvale) what do you use specifically?
Last thing, what I'm curious about, if Librem 5 (the phone) is willing to allocate some funds into BB(P) development and open-sourcing, because they sure want to open the software/firmware/hardware at some point, but so far I think, they rely more on BBP vendor to allow this, not so much opening it up / developing them-selves.
Cheers Marek
On 12/17/2017 05:13 PM, craig@unreasonablefarm.org wrote:
I am currently working on porting osmocom-bb to mtk6260/fernvale board available via open hardware and from sysmocom. My goal is to get a nuttx-bb + layer1 + mobile (osmocom-bb host software) working on fernvale and sim800h modules.
I am also working on integrating the old mt6235 sciphone g2 code as well as look dforward to 3g/lte with mtk6735as in the ZTE Obsidian.
I have some dreamy ideas about how to use fernly as a base for interactive creation and validation of board support and translate that into osmocom-bb firmware, nuttx application or library or even as a linux kernel driver or user space program (maybe in the ec20 qualcomm module case).
I'm not very far along but will try and share as many small PRs as possible . I would encourage others to do the same.
Cheers, Craig
I am currently making a fresh start. That branch is old and not much done. I will submit patches to baseband-devel as I make them. Right now I am working on porting fernly/fernvale-nuttx code to osmocom-bb in pursuit of making layer1 firmware. That is a very big project so would be happy for any help. I am focusing on the fernvale board for now.
Cheers, Craig
baseband-devel@lists.osmocom.org
-
craig@unreasonablefarm.org -
Harald Welte -
Marek Sebera