17 Dec
2017
17 Dec
'17
12:58 p.m.
Hello everyone,
Silly idea maybe, but would it be possible to port osmocom-bb for
mediatek/intel/qualcomm BBP and replace the current firmware with open one?
I presume it will be a tremendous amount of work, no doubts, but apart from
that, is it theoretically and technically possible? Given root and/or
hardware acces of course, we do not need to preserve the old firmware or
exploit the update process (ie. if specific cert signature is needed for
bbp-soc firmware update)
Note that we do not have to be limited by existing software access to
baseband, and we could use jtag/testpoints/wiring to access the BBP in a
way that will be necessary, similar to way libreboot is currently being
flashed.
Thank you
Marek Sebera
17 Dec
17 Dec
1:33 p.m.
Hi Marek!
On Sun, Dec 17, 2017 at 12:58:00PM +0100, Marek Sebera wrote:
Silly idea maybe, but would it be possible to port
osmocom-bb for
mediatek/intel/qualcomm BBP and replace the current firmware with open one?
theoretically possible, yes.
I presume it will be a tremendous amount of work, no
doubts, but apart from
that, is it theoretically and technically possible? Given root and/or
hardware acces of course, we do not need to preserve the old firmware or
exploit the update process (ie. if specific cert signature is needed for
bbp-soc firmware update)
The biggest challenges, from my point of view, are:
* using phones that don't use secure/authenticated boot for the BBP, or
those where the certificates have leaked and/or exploits are known
* finding significant enough amount of leaked sources or documentation
and/or doing the reverse engineering required to understand how to talk
to the DSP and/or related peripherals
* finding the time to work on the protocol stack beyond classic 2G which
is currently implemented in OsmocomBB.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
5:17 p.m.
* finding significant enough amount of leaked sources
or documentation
and/or doing the reverse engineering required to understand how to talk
to the DSP and/or related peripherals
I have looked through leaked sources for mtk6260 and think there may be enough info tgere,
but I lack deep gsm knowledge so maybe I am deceived.
* finding the time to work on the protocol stack
beyond classic 2G which
is currently implemented in OsmocomBB.
This is the work I intend to purse. Slowly I'm afraid.
Craig
21 Dec
21 Dec
9:48 a.m.
Hi Harald!
* using phones that don't use secure/authenticated boot for the BBP, or
those where the certificates have leaked and/or exploits are known
<>> Do we currently have any candidates? Or list of potential
candidates? Are ie. Nexus devices friendlier ?
* finding the time to work on the protocol stack beyond classic 2G which
is currently implemented in OsmocomBB.
<>> Wild idea this might be, but do we need BBP with 2G stack ? Could we
settle for LTE-only open BBP ? I'm thinking about doing some chip works
and minimizing the software stack based on srsUE
Cheers :)
Marek
On 12/17/2017 01:33 PM, Harald Welte wrote:
Hi Marek!
On Sun, Dec 17, 2017 at 12:58:00PM +0100, Marek Sebera wrote:
Silly idea maybe, but would it be possible to
port osmocom-bb for
mediatek/intel/qualcomm BBP and replace the current firmware with open one?
theoretically possible, yes.
I presume it will be a tremendous amount of work,
no doubts, but apart from
that, is it theoretically and technically possible? Given root and/or
hardware acces of course, we do not need to preserve the old firmware or
exploit the update process (ie. if specific cert signature is needed for
bbp-soc firmware update)
The biggest challenges, from my point of view, are:
* using phones that don't use secure/authenticated boot for the BBP, or
those where the certificates have leaked and/or exploits are known
* finding significant enough amount of leaked sources or documentation
and/or doing the reverse engineering required to understand how to talk
to the DSP and/or related peripherals
* finding the time to work on the protocol stack beyond classic 2G which
is currently implemented in OsmocomBB.
Regards,
Harald
17 Dec
17 Dec
5:13 p.m.
I am currently working on porting osmocom-bb to mtk6260/fernvale board available via open
hardware and from sysmocom. My goal is to get a nuttx-bb + layer1 + mobile (osmocom-bb
host software) working on fernvale and sim800h modules.
I am also working on integrating the old mt6235 sciphone g2 code as well as look dforward
to 3g/lte with mtk6735as in the ZTE Obsidian.
I have some dreamy ideas about how to use fernly as a base for interactive creation and
validation of board support and translate that into osmocom-bb firmware, nuttx application
or library or even as a linux kernel driver or user space program (maybe in the ec20
qualcomm module case).
I'm not very far along but will try and share as many small PRs as possible . I would
encourage others to do the same.
Cheers,
Craig
21 Dec
21 Dec
9:54 a.m.
Hello Craig!
you're proper cool ! Do you anything of your works public already?
is it possibly this?
https://github.com/craigcomstock/osmocom-bb/tree/mt62xx
https://osmocom.org/projects/cellular-infrastructure/wiki/Accelerate3g5_--_…
I thought about MTK chipsets as good start-point for development,
because they are less locked-down and there is bigger chance, they did
not protect ie. the DSP codes enough.
Also the dev-board (mtk6260/fernvale) what do you use specifically?
Last thing, what I'm curious about, if Librem 5 (the phone) is willing
to allocate some funds into BB(P) development and open-sourcing, because
they sure want to open the software/firmware/hardware at some point, but
so far I think, they rely more on BBP vendor to allow this, not so much
opening it up / developing them-selves.
Cheers
Marek
On 12/17/2017 05:13 PM, craig(a)unreasonablefarm.org wrote:
I am currently working on porting osmocom-bb to
mtk6260/fernvale board available via open hardware and from sysmocom. My goal is to get a
nuttx-bb + layer1 + mobile (osmocom-bb host software) working on fernvale and sim800h
modules.
I am also working on integrating the old mt6235 sciphone g2 code as well as look dforward
to 3g/lte with mtk6735as in the ZTE Obsidian.
I have some dreamy ideas about how to use fernly as a base for interactive creation and
validation of board support and translate that into osmocom-bb firmware, nuttx application
or library or even as a linux kernel driver or user space program (maybe in the ec20
qualcomm module case).
I'm not very far along but will try and share as many small PRs as possible . I would
encourage others to do the same.
Cheers,
Craig
1:30 p.m.
I am currently making a fresh start. That branch is old and not much done. I will submit
patches to baseband-devel as I make them. Right now I am working on porting
fernly/fernvale-nuttx code to osmocom-bb in pursuit of making layer1 firmware. That is a
very big project so would be happy for any help. I am focusing on the fernvale board for
now.
Cheers,
Craig
2328
days inactive
2332
days old
baseband-devel@lists.osmocom.org
6 comments
3 participants
participants (3)
-
craig@unreasonablefarm.org -
Harald Welte -
Marek Sebera