Librem 5 phone aims at privacy, hardware and software security, leverages a blob-free Linux-based stack and broadly promotes FOSS : how interested am I in chipping in!
I come here to discuss about important security specs, lacking so far in the campaign.
I am nowhere close to proficient in this domain and am looking for Purism’s point of view.
Librem 5 phone will run on an iMX chip, an ARM-based design produced by Dutch NXP.
Be it iMX6 or iMX8, it will feature accordingly Cortex A9 or Cortex A53 cores : both include ARM Trustzone technology.
Trustzone is a descendant of a long process in computer security, revolving around the principle of least privilege : giving programs as little resource as they need. It is implemented, according to the Trusted Computing Group and Global Platform specifications, as a virtualization within the SOC. Software is compartmented between two worlds. The “secure world” holds a very small operating system, and manages access to sensitive information such as crypto keys, biometry, DRMs etc. On the other hand, the “rich environment” hosts the actual operating system : Android, iOS, or here with the Librem 5, PureOS.
To my question, finally :
What do you intend to do with TEE (the secure world) code?
iMX chips are known to be open to TEE programming, contrary to much more opaque others such as Qualcomm’s. I suspect that might have been an argument you were well-aware of when targetting SOC. Both major TEE OSes, QSEE and Kinibi are proprietary and have known major vulnerability issues. That could mean that, no matter how secure is PureOS, it could be compromised by the obscure co-processor with its independent microkernel. TEE alternatives exist, I have stumbled upon open-source OP-TEE among few others.
With the care you exhibit at removing proprietary blobs from your design, I am quite confident you have encompassed the subject, let us know!