Level of freedom of librem phone, especially GSM mdule

Hello,

I’m interested in the idea of a free and open source phone, but I would like to learn more about the exact level of freedom it has.

On the wikipedia page about currently existing “open source” phones,
https://en.wikipedia.org/wiki/List_of_open-source_mobile_phones
it is said:

All available mobile phones have proprietary baseband (GSM module) firmware.[1] There is an open-source baseband project, OsmocomBB.

Can you say anything about the GSM module of Librem phone. Will it be a newly-developed module with open source firmware? Or a development of OsmocomBB (its webpage https://osmocom.org/projects/baseband looks quite abandoned) or a development of something similar?

3 Likes

Hi,
as you already found, there are currently almost zero serious choice available for a really free mobile baseband. On the other hand we want to create a product which will be usable when shipped. Developing a mobile 3G or 4G baseband is not within the scope of our project since this would involve way too much effort.

What we aim at are two major points:

First we want to make sure that the 3G/4G modem is as separate as possible from the main CPU and RAM. Thus we can not and will not use chipsets which combine main processor + baseband in one - like Qualcom Snapdragon etc. The mode will be a separate part with defined electrical interfaces (like USB + UART) and no direct access to main CPU peripherals. We will also implement some form a hardware kill switch, i.e. a switch to disconnect the modem from the main system so that users can be sure that the modem is a) not powered anymore and b) there is not data flow from main processor to/from the modem.

Second we want to use a mode chipset which may in some future be freed. There are some already pretty well known and some reverse engineering has been done. Even if we can not provide a free baseband firmware we at least want to create a device which can eventually be turned into a completely freed device by upgrading the modem firmware to a free version.

I hope this helps a little. We will give updates once we have any news. And yes, we are also dependent on pointers from backers, users, interested people! We can not know everything. We try our best to do thorough research. But we are setting foot on pretty uncharted terrain. So any help is very welcome!

Cheers
nicole

16 Likes

Well, honestly, I am really disappointed with such a perspective. I don’t know much about the state of arts in hardware development, but my hope was that the goal of the campaign, $1.5M, would be enough to develop a new GSM/3G chip with open source firmware.

1 Like

i think developing a free baseband need more thank develop the entire phone
of course have the entire free and open stacks whould be better for everyone, purism too, but as the baseband is isolated from the entire system it sound ok to me
you have also to consider we do not have any kind of alternative, there is no other company who build a product with privacy in mind

you should also consider any kind of android even with an aosp is really unsafe from closed firmware, and for awful OS missing update

for these reasons, and not only for these, is important to buy and/or support this project even if is not perfect yet, but this is still the best option, then consider if this project will succeed maybe a librem 5 v2 will be focussed freeing the baseband

6 Likes

Then I am at least wondering if the developers of purism are at least considering as an option to recover the apparently abandoned OsmocomBB? Or is that impossible for some reason?

1 Like

Yes. Because GSM is being phased out in North America (dunno about other regions). Just search “gsm alarm sunset” and see for yourself; Alarm companies (first phase) are already alerting their customers. In a few years, you’ll not be able to find a cell tower to communicate with an OsmocomBB, Technoethical, etc. etc. phone. It’s a shame, but true. If you’re curious you can learn about cellular telephoney here.

I’ll think you’ll find, once you understand the industry a bit, that Purism is a just in time hero.

5 Likes

The future, in Canada at least, is going to be LTE. Carriers go with what’s cheapest. By future I mean like in 5 years.

2 Likes

Just for the records, the idea to develop a free baseband firmware is deeply rooted in our development and research. At the moment this goal is not feasible to target since there is too little information out there on existing chips and too little existing software to base on. To do everything from scratch would take way more than the money that we will have at hand for development (please keep in mind that the campaign money also has to pay for the devices, not only the development).

But while choosing the mobile modem chip(s) we will keep this goal in mind and choose a chipset that at least could be, later on, hacked and freed. For example there are modems by Sierra Wireless that run a second Linux inside the modem - of course with additional proprietary drivers in this (separated) Linux system but is a Linux with documented interfaces and even a SDK. And it can be updated in-situ, within the system. So at least one can “peak” over the shoulder of these modems and eventually using the SDK develop interesting monitoring stuff? But this is just an example. We still have to look for the best solution.

What I want to assure to you is that we will do all and everything we can possibly do within the constraints we have to build a device that is as free/open and as transparent as possible. And we also think about its future, i.e. that the parts that might not be free from day one can be freed later on.

Cheers
nicole

14 Likes

I am not disappointed with their decision (not custom develped baseband, but maximum separation from CPU/RAM). As it’s still the most secure and feasible solution on the market (the current situation is just a terrible risk from the security POV).

5 Likes

From what I’ve seen (see Harald Welte’s 33C3 talk (video, slides), also a Sierra Wireless press release and some reading on the Option modem which the GTA04 used), there are several vendors who basically stick a wrapper around a Qualcomm modem and package that out as a complete system. What this means is that the choice of actual baseband chips is strongly limited to a small handful of vendors.

That said, it was discovered that some USB modems (Ralf-Philipp Weinmann’s 30C3 talk) with a QC chipset at their core did not check firmware signatures, and neither did a small subset of Samsung Galaxy S4 phones.

I don’t know whether this remains true for newer chips, but I don’t expect it to be a common occurrence and realistically, a modem manufacturer is not going to release a special version of their recent hardware with no signature checking to what is quite frankly a very small niche market.

I’d like a fully programmable baseband chip. I really would. Unfortunately, the only “legitimate” feasible way to do that would be to get some kind of integrated SDR and while this is possible (it’s what Icera did for their modems), the only similar thing I know of which is designed as open hardware is the XTRX (an FPGA-based Mini PCI-E device) which is too large and too power-hungry for a phone. Not to mention that we’d still have to write a full GSM/UMTS/LTE stack.

A more underhanded approach would be to use a commercial chip on which we know there exist arbitrary memory read and write commands (for instance, Samsung basebands from Nico Golde and Daniel Komaromy’s REcon 2016 talk, slides and video; also possibly older Qualcomm devices through some of the DIAG commands, see Guillaume Delugre’s 28C3 talk, slides and video) and then either NOP out or, with somewhat more coding prowess, rewrite the more offensive components of the cellular stack… but I don’t imagine that the baseband manufacturers would take too kindly to relatively widespread console hack-style alteration of their stuff.

In short, yes - as mentioned just above me, the best we can realistically do is what is currently planned for the device.

4 Likes

I don’t know for sure, but it seems to me that a project with the clearly indicated goal of “to develop from scratch and build a new baseband chip with fully open specifications and firmware” would attract much more money from the community. In my opinion, this is one of the three most important challenges the open-source community is facing this decade (with the other two being “to fully eliminate intel ME and microcode” and “to develop an open-source skype client”).

There were projects of a linux (or similar non-android) smartphone in the past, like Ubuntu phone or Firefox phone, but all of them died, and my impression is that they died because they looked incomplete and unfinished, and they looked incomplete and unfinished because of baseband blobs and/or firmware.

I am still a bit surprised how counterintuitive the development of a new mobile network chip looks for you. Qualcomm builds these chips, plenty of other companies build their own (“commercial” as you say) chips for GSM/WiFi/Bluetooth, why should it be impossible for Purism to build one?

I understand that the situation with Intel x86_64 CPU is different, because there are a lot of programs written for it, and a lot of programs need to be run by CPU, so switching to another architecture would be a tough way. But here, in the case of a mobile network chip, it needs to run just one program, the one that converts AT commands and data into radio signals.

Hi Nicole :),
I want you to know that’s appreciated. I know purism had a bit of a rocky start (lord knows enough random people have felt the need to tell me on reddit!). Honestly, when I cut through all the trash talk, the only valid criticism they may have is that you bit of more than you can chew your first time out. Yeah, well, who with an ounce of life experience hasn’t at some point? It just shows the enthusiasm of Purisms intent. What I see now is that you’re still standing and, despite your detractors (who I wish would realise altruism is not a competition), you are still trying to further Free software/hardware even if that can realistically only be done a bit at a time. Every little bit helps :slight_smile:
I just wanted to leave some encouragement for you and the Librem 5 team:

Stay strong. You are appreciated :slight_smile:

Thank you,
Sarah

4 Likes

You may attract more attention by going “whole-hog”, but then, hypothetically but very likely, your timeline to completion is extended to three years and will require 3-4 times the capital investment before you have even one shipment. Over the lifespan of such a project, all the energy and attention will dwindle and you will be left with really no attraction nor money.

This, versus having a 1-1.5 year delivery timeline, which makes it more “investible” if I’m going to put my money on a new phone. And because it’s more quick-to-market, it can begin supporting itself and be a self-sustaining project that improves over time - and actually exists!

This is perhaps the reason Ubuntu failed - they tried to do too much - not the reason that you provide. They wanted new everything from scratch, from what I understand. I love that, but in practice it’s just too difficult to achieve. From my point of view, I’ll buy and fund this phone and help pave the way for the next and better phone, which I’ll also buy. But the point is, I’ll actually have something to buy - other than dreams.

2 Likes

Cellular baseband chips aren’t exactly something you can throw together in a few weeks. It’s the entire focus of some rather large companies (or divisions of said companies, for truly large groups like Samsung and Infineon). Even Intel had trouble with this, as shown by the delays in releasing new modems after they bought Infineon’s wireless division.

Making a mobile phone baseband chip needs a combination of good integrated circuit design (both digital and analogue, the latter part is what humbled the mighty Intel), decent access to semiconductor foundries and a thorough understanding of the 3GPP standards, which are hundreds of thousands of pages in total and horrifically convoluted.

Repeating what these reseller companies do does not give us a free modem. The parts which handle the actual network interactions will be supplied as a signed Qualcomm blob.

But hey - if it’s so easy, you’re quite welcome to produce the first truly open mobile phone baseband chip and network stack. You’ve got a potential customer base right here.

4 Likes

yes, that would be awesome!

i recently found this post: SUPL (search for “When The Baseband Makes The Query”). its exactly the screnario one would like to prevent: the closed source blob acts on its own. and we wont know of the many, many blobs in use and their hidden features. todays processors in such units are so powerfull you wont even notice it sneaks in stuff to the traffic. scary.

2 Likes

For 3G/4G there still a lot of work to do to “free the baseband!”. But at least for 2G, there’s a great and successful job made by Mychaela Falconia at https://www.freecalypso.org although for a specific chip. Mychaela is a devoted free software advocat, I highly recommend watching her talk on this subject at recon 2017 to really appreciate the kind of effort that went onto that project.

1 Like

thanks a lot! very informative.

!important>>> to everyone who wants to help the FreeCalypso project, go to your phone’s settings and chose 2G network only because we need to make the carriers keep supporting this network. For more details, watch the video.

Hope Librem 5 v2 will have this system implemented and we’ll have a 100% LIBRE smartphone.

Just out of interest: Have such blobs/code never leaked? Seems to me like unpreventable…Especially nowadays where ‘everything’ leaks.

It is absolutely impossible. All cellular radio devices (in the USA, where Purism is located) must be certified by the FCC. The FCC does not certify devices unless they only communicate in approved manners. This is impossible with a device that runs free software. While we obviously want these laws changed, just remember that the spectrum is “owned” by the cell companies and they ALSO have to certify devices. As far as I know it is generally illegal to use an Osmocom device.

Shipping a phone with actual Free firmware on the modem? Your radio frequency regulator might indeed complain about that, but would they do the same thing for a phone which contains that manufacturer’s standard firmware, but which also has the capability for someone else to run their own on it? That would be a whole different can of worms, especially since several older phones already exist which have no kind of integrity checking on their radio firmware.

As for usage - I suppose you’d have to look at the exact wording of the laws. Naively, I’d assume that they’d ban you from interfering with other people’s transmissions and messing up the network. If the scope of your modifications lies solely within the domain of your phone, I doubt that they’d be able to make any kind of case against you. For instance, recognising IMSI catchers and refusing to connect to them, or silently dropping tracking requests out of the protocol pipeline isn’t performing any kind of network disruption. It is, in fact, well within the range of possible behaviour of any normal phone (eg. go into a dead zone and that request wouldn’t arrive in the first place).

Finally, it seems pretty strange that a phone needs the explicit approval of your network operator to run (note that this is separate from the explicit IMEI blacklist created for stolen, and possibly other, phones). If you buy some random phone from overseas and stick your current SIM card in, will it really not function?