Recently I took a glance at L5 schematics and was a bit surprised to see how kill switches are implemented. I don’t have any questions about microphone switch - it seems to be a pretty straightforward solution. However, I was suprised by WWAN implementation: the kill switch works essentially by driving the W_DISABLE
pin low instead of cutting the power from the wireless module. By mPCIe specification,
In normal operation, the card should disassociate with the wireless network and cease any further operations (transmit/receive) as soon as possible after the W_DISABLE# signal is asserted. Given that a graceful disassociation with the wireless network fails to complete in a timely manner, the Mini Card shall discontinue any communications with the network and assure that its radio operation has ceased no later than 30 seconds following the initial assertion of the W_DISABLE# signal.
So, even if the card respects the specification, it may stay active up to 30 seconds, which is probably not what expected by the end user from the “kill switch”. But if the card hardware/software is not trusted (i.e. it may violate the spec in some very special conditions like if (asked_to_spy_by_nsa) { ... }
and stay active even when W_DISABLE
is low), nothing prevents it physically from continuing its operation. It still stays powered and connected to the system.
WLAN seems to use the same approach.
So, the question is: why it is considered reliable to ask the wireless cards “could you please be so kind and stop working?” instead of just cutting the power from these cards or, at least, disconnecting the antennas from the cards in addition to lowering the W_DISABLE
pins?