Really useful discussion , but just wanted to point out that you may not get a response from the official Fairphone team, as these are community forums. The team do try to keep in touch with the community, but may not respond directly.
If it gets to point where you think you need an official answer you can flag to the community mods and we’ll do our best to get a response. Alternatively you could contact support directly and update here with any response
There are regulatory compliance issues with baseband firmware (eg FCC in the US, OFCOM in the UK, others in other countries) which will take you far more than a few months to sort out. I don’t know the details - I’m a software guy, not a lawyer - but this has to be worked out separately for each regulatory body, by guys with expensive suits, not coders.
I’d be really interested in the official response if you could ask the team!
Ah, I think I’d managed to forget I’d heard that. I wish, whether fancy suits of not, they’d at least do their jobs and only approve reliable secure firmware, regardless of if they’re under pressure to approve exploitable code or not.
I like the discussion very much here and I a sure we can give some insights into what we can and will do later(but not right now). Working on an open/secure baseband is not one of them. We have to realize why Fairphone does (try) to open source things and what Fairphone’s roles is here.
Hi. I wanted to write this to the Fairphone team but couldn’t find a contact address, and it’s too long for a tweet. I know this is firstly a forum between users, but I’m hoping that posting here might at least be a first step.
Context: I am not yet a Fairphone owner, in fact not even a smartphone owner as I’m very unhappy with the way the market has evolved into a state where users are not really in control of the devices they bought. I can’t see myself using a standard Android device except for testing purposes. Needless to say, Apple and Windows devices are even less of an option. I appreciate that Fairphone went further than mainstream phone makers towards opening their phone to its users, and reading the latest blog post on Fairphone’s approach to software has made me more hopeful that the new Fairphone might offer a degree of freedom that will enable me to fully embrace it. I am a software developer, but know next to nothing about hardware. I’m also a volunteer at Digitalcourage, a German NGO that deals with digital rights, but here I’m writing personally.
If you truly wish to secure your mobile device from remote compromise, it is necessary to carefully select your hardware. First and foremost, it is absolutely essential that the carrier’s baseband firmware is completely isolated from the rest of the platform. Because your cell phone baseband does not authenticate the network (in part to allow roaming), any random hacker with their own cell network can exploit these backdoors and use them to install malware on your device.
While there are projects underway to determine which handsets actually provide true hardware baseband isolation, at the time of this writing there is very little public information available on this topic. […]
The page then goes on to discuss some seemingly exotic and inconvenient ways of achieving this separation. This is clearly an issue that is not yet served well and would need more attention from hardware makers. I understand that the Fairphone project is dependent on its suppliers, but I was wondering if there is a chance that this issue could be raised with suppliers as part of the search for the next Fairphone platform.
Hi, I could not insist more on this crucial matter.
Currently, it exists two categories of smartphones : the ones which control its user through the baseband, and the neo900 (which aim to sandbox the baseband)(and which is not exactly ‘existing’ yet).
Regarding FairPhone, my 1st concern was about Free Software operating system. I suggested to work for free during a year to port Firefox OS on FairPhone but were considered seriously. One year latter, reading that Sailfish OS will be supported, I’m back
A Free Software operating system can’t hold its promess if it is in the shadow of another OS controlling the phone. This issue may be less known for the moment, but is also far more a concern. A great work have been accomplish between FP1 and FP2, it’s impressive. So we know you can do it. Please, change the world once again, and have control over basebands a thing that comes true with your next phones or modules.
The more I’ve thought about this the more important it seems.
Perhaps the way forward is a partnership, involving Fairphone, OsmocomBB, Cyanogenmod, XDA, EFF, (& Digitalcourage @sebalis ?), etc.
If one barrier to open source baseband OSes is the very expensive process required by regulatory bodies (who obviously aren’t doing their job very well if they allow the current set of sub-standard, vulnerable bbs), I think there’s a good chance we could get this done through crowdfunding, building an online community of people willing to contribute at the same time.
@Chris_R I don’t think we ever got an official response from the Fairphone team on this: would you be willing to chase up the possibility of them supporting a project with this as the remit?
@keesj is one of the devs at Fairphone. Whilst the responses here are not the official stance of Fairphone, the post above does give a bit of an indication:
I’ve also invited @Douwe,the new online/community manager (sorry, forgot your exact jobtitle!) who may also be able to point us in the direction of any relevant stakeholders / developments.
For sure, there are multiple reasons the situation has fallen this way. One good protection of this untrustable component is its complexity : many protocols to support, many legislations to comply… I never said it would be easy, I just say it must be done.
It is what matters now.
You are who we would trust to ship it in new phones.
(it’s what could deserve an FP3 if any … maybe FP2 will be the last, and new features will be accessible via regular new modules releases…)
It’s pretty simple: The QC SoC is the easiest chip for building a top notch phone (~ current Nexus like) with an ODE/OEM fast and with a least some kind of software support. Basebandwise it’s another story. Just keep in mind that there is the very slim possibility that the baseband software could be able to control the full phone.
Currently (and only how I understand things that were told/written me) the FP is not a DIY hardware/software project and will not be a DIY hardware/software project for a long time. They design phones with what is available, try to improve their hardware supply chain and sell them to us. And sometimes they even listen to their customers
And although I dislike sony a lot they are currently putting some manpower into this. Maybe their released code will also improve some things (talking about SoC/Android support, not BB).
Personally I don’t know enough about this topic to be of any help. If you can’t find the info in the above mentioned docs you could always inquire about it through Support.[/quote]
What Openmoko produced in the late 2000s seems like the perfect
solution to the problem of closed proprietary phones with closed
proprietary basebands - but there is one problem with this solution. The
problem is that Openmoko phones are no longer made: the last production
batch was in 2009, and all remaining surplus has now been fully
exhausted - and none of the newer post-Openmoko initiatives have
retained the feature that matters, Openmoko’s Calypso modem.
The solution to THIS problem is obvious: we need to produce a series
of new phones with the same TI Calypso baseband as used by Openmoko, the
only cellular baseband chipset that currently exists in the world that
can run fully free, fully functional firmware as opposed to the closed
and proprietary kind. (The chips themselves are still available as
surplus on the Chinese markets in very large quantities.)
. What Openmoko produced in the late 2000s seems like the perfect
solution to the problem of closed proprietary phones with closed
proprietary basebands
I can assure you that it was far from perfect. I owned an Openmoko, I participated in the community. But I was never able to make decent quality phone calls. My wife woulf always recognize when I used it, as “you sound as if you stuck your head in a bucket”. Improving hardware supplies and manufacturing, software, drivers, and baseband (and keeping all that maintained) is more than any single organization can tackle. Take note that even sony had to withdrew Android Nougat plans for some of their current phones as Qualcomm refuses to update their proprietary graphics driver.
After looking into the OsmocomBB project more, I’ve realised that all hope of an open-source baseband processor is hopeless.
They’ve managed to reverse-engineer a GSM baseband processor, which somewhat works on a select few 10+ year old phones and only via getting some leaked specs. And from what I’ve heard 3G and LTE are also an order of magnitude more difficult to reverse engineer.
So let’s instead focus on the lower hanging fruit and the actual solution The Tor Project realised in the previously quoted post - hardware baseband isolation.
Their immediately proposed solution was having a tablet + a separate portable router with your 4G SIM card but we can actually have this all in one phone.
The Neo900 is a smartphone which is doing just that.
So if they’re able to do it and have a modular phone, I don’t see why Fairphone wouldn’t aim to do this also.
Just a quick note that Keesj left Fairphone earlier this year, and that I (and the other community moderators) are volunteers from the community rather than Fairphone employees. @Douwe is still at Fairphone though, and I would imagine that he tries to advocate this kind of thing where he can.