Replicant @ 36C3

Posted on by
2

Starting on December 27th, the 36th Chaos Communication Congress (36C3) is taking place in Leipzig. Replicant will be there as part of the Critical Decentralization Cluster.

Replicant’s assembly will feature demos of the current Replicant 6 as well as the upcoming Replicant 9. It is the place to come by if you need some help installing Replicant or general advice regarding software freedom on smartphones and tablets. You can also take the opportunity to verify the release signing PGP key.

Location: L4, Exhibition Hall 2, Level 0
DECT: 6506

There will also be a few talks about Replicant and related topics in several spots around the congress:

Graphics support for Replicant 9

Posted on by
3

Thanks to volunteer effort and NLnet funding we have had developers working hard the past couple weeks on making graphics work on the Samsung Galaxy S3 for the upcoming Replicant 9 release. Three different software renderers have been successfully used with the current Replicant 9 development version: softpipe (Mesa), llvmpipe (Mesa), and SwiftShader.

The Linux kernel and Mesa required some small tweaks to allow using the Exynos DRM driver for software rendering. For the Linux kernel we had to allow in the DRM subsystem the creation of dumb buffers for render nodes as discussed previously on LKML. The devfreq module was also disabled as a workaround for graphics corruption issue that happened due to too low clock speeds. Mesa on the other hand required us to whitelist Exynos DRM driver to be used with a software rendering driver called kms_swrast. After these tiny changes we were already able to use the Mesa’s software rendering backend called softpipe! Unfortunately, softpipe turned out to be unusably slow even after using HW overlay planes to offload some of the buffer compositions to the Exynos 4412 display controller found on the Samsung Galaxy S3.

Next the community members Putti, dllud and GrimKriegor worked on a new revision for a patch originally used in the Android-x86 project for enabling llvmpipe support in Mesa. When the compilation fixes and slight adjustments for the rebased original patch were done we had yet another software renderer to use. The new revision of the patch enabling llvmpipe is now submitted again to Mesa and hopefully this time around it will go through.

The rendering speed with llvmpipe turned out to be only slightly faster than softpipe and still unusable for everyday usage. There are plans optimize llvmpipe for the ARM Cortex-A9 processor in Exynos 4412 so hopefully soon it will be usable for everyday usage.

Before diving into the world of NEON optimization for llvmpipe and so forth, we decided to give SwiftShader software renderer a go together with hwcomposer.ranchu and gralloc.default. Other than having to add support for UDIV and SDIV instruction emulation in the Linux kernel, we got it running by simply setting some system properties and adding the SwiftShader and hwcomposer.ranchu modules to the system image. The speed of SwiftShader felt like it was at least twice as fast compared to llvmpipe and softpipe but still just a tiny bit too slow to be enjoyable for everyday usage. We are now hoping to find people that could work with us to replace hwcomposer.ranchu with drm_hwcomposer. Using drm_hwcomposer with SwiftShader would allow us to take advantage of HW overlay planes to speed up the compositions.

If you are interested in helping or want to learn more you can get in touch with us on IRC on the #replicant channel on Freenode, or via our mailing list.

Replicant contributors meeting the 27,28 July in France

Posted on by
3

A Replicant contributors meeting will take place in or near Paris in France the 27 and 28 July 2019.

As we are still looking for a place to host the meeting, we don’t have a definitive address yet.

It will be open to anyone who contributes or wants to contribute to the Replicant project.

The meeting will most likely be in English as not all the Replicant contributors who plan to attend speak French.

More details will be posted on the wiki page dedicated to this event over time.

Last minute information, if any, will also be posted on that wiki page.

Meeting Point at FOSDEM

Posted on by
Reply

The Replicant Community Meeting will take place on Sunday, the 3rd of February at 11:00 AM in room J.1.106 at ULB, Brussels Belgium.
We have successfully booked a BoF room at FOSDEM, so we will have a quiet, heated and comfortable place where we can all sit together.

Access is public and free as in beer.
We encourage everyone to participate and contribute their opinion.
This meeting will be essential to the future arrangement of Replicant as a structured Project.

Any schedule update or other info can be tracked on the event’s dedicated page on FOSDEM’s website.
Replicant’s blog will also be updated accordingly.

IMPORTANT NOTICE: This announcement is about the community meeting. The time schedule for the workshop hasn’t been decided yet.
Interested people are encouraged to write to the mailing list to help organize it.
Also, the related poll is still open.


The Replicant project will receive a mobile device from Necuno Solutions

Posted on by
10

The Replicant project has been looking forward to support devices with free software bootloaders. While Replicant is a fully free software Android distribution, many freedom, privacy and security issues are orthogonal to the operating system. The hardware design of each computer (smartphone, tablet, laptop, etc.) people use, and the architecture of the cellular network also have their set of issues. For more information on these issues, the Replicant project has some documentation on the topic.

So far all the devices that are (or have been) supported by Replicant use a nonfree boot software (the bootloader). These devices also use hardware restrictions to deny users the freedom to replace them completely with free software, effectively forcing them to run nonfree software. This is a very serious freedom issue that prevents users from being in control of their devices.

There were several attempts to add support for devices with free software bootloaders in Replicant:

  • The LG Optimus black: this smartphone doesn’t prevent users from replacing the bootloader. Paul Kocialkowsky did a lot of work to add support for this device in upstream u-boot (a free software bootloader) and added minimal support for it in the upstream Linux kernel. However support for some of its most important hardware components like the display are still missing in the Linux kernel. This device can probably still be found second hand
  • The GTA04 smartphone from Golden Delicious: this smartphone has a free software bootloader which is based on u-boot. The smartphone was designed to run GNU/Linux and has almost complete support in upstream Linux. There were attempts to add support for it in Replicant 6.0, however a lot of time was spent to try to make suspend to RAM work with Android. However older Replicant 4.2 images are available. Several hardware revisions of the GTA04 have been made and shipped to customers and developers over the years. However this has stopped due to manufacturing issues. Another issue is that the revisions before A5 only have 512M of RAM and a high DPI display: This combination makes running Android 9 potentially challenging. Fortunately the A5 revision has 1G of RAM, but not a lot of working units were produced.

There is also some ongoing work to specifically add support for smartphones that are currently supported by Replicant like the Galaxy SIII (i9300), the Galaxy Note 2 (n7100) and their 4G versions (i9305 and n7105). The 4G versions could also be supported by Replicant if the work to support their modem (through QMI-RIL) is resumed.

The Replicant project will receive a mobile device, the NC_1 (formerly called Necuno Mobile) from its manufacturer (Necuno Solutions), which will have a free software bootloader

This device has the size of a smartphone, but doesn’t have a broadband modem: while users will not be able to use a built-in modem for phone calls, SMS or to access the Internet, it is still the best way to be completely sure of avoiding any freedom privacy and security issues related to broadband modems and the cellular network. It will also require less work to add support for this device in Replicant.

Even if it’s possible to disable the modem on some of the mobile devices currently supported by Replicant by not loading the modem’s code, some nonfree software still run on these mobile devices. This includes the bootloader and potentially any other nonfree software that it may load. Because of that we cannot be 100% sure that the modem is completely disabled.

The Necuno Mobile will use an I.MX6 Quad system on a chip (which is a chip that contains the main CPU, the microSD card controller, the GPU, etc.). Its free software support is better than for many other system on a chip: the only functionality of the I.MX6 Quad that requires nonfree software is the video decoding acceleration. The article on single board computers has more details on freedom issues affecting various system on a chip and by extension the single board computers that use such components.

A Replicant developer (Joonas Kylmälä) will receive a Necuno Mobile to work on it.

The Necuno Mobile should have a Linux kernel that is very close to upstream: this is a good opportunity for a new attempt to enable Replicant to use upstream kernels. This has many advantages. One of them is that in the long run, it should decrease the amount of work required to maintain the devices and potentially increase their lifetime.

This should also enable the Replicant project to more easily add support for other devices that can use an upstream kernel, like the GTA04, or devices like the Galaxy SIII (i9300) and the Galaxy Note 2 (n7100) that are starting to have good support in upstream Linux.

It is also very interesting in the long run as we could share some of the work with other smartphones projects like postmarketOS who are also trying to support mobile devices with upstream kernels. It could also enable the Replicant project to more easily support future mobile devices that will have free software bootloaders, as some of them will also use kernels that are meant to run GNU/Linux.

Replicant meeting at FOSDEM 2019

Posted on by
1

Call for participants

Like every year, FOSDEM will take place the first weekend of february in Brussels, Belgium.

Replicant is organizing a community meeting and a workshop that will take place alongside FOSDEM events.
The main intention behind this is to gather Replicant enthusiasts and contributors together in order to share ideas and discuss Replicant-related key topics.
This is a call for the community to participate and propose arguments to discuss.
A wiki page has been prepared, to collect proposals and schedules.
Proposals and questions can be presented to the mailing list.

Examples topics that have been proposed are:

  • What directions should the project take, what work to prioritize
  • How to fix f-droid to keep Replicant FSDG compliant

Together with the following workshop arguments:

  • How to setup the build environment
  • Hands on libsamsung-ipc and samsung-ril
  • Answer various questions about contributing to Replicant
  • Help contributors who are stuck with specific issues


Two free-software-powered polls have been published, to help us chose the best day and time:

We invite whoever might be interested, to indicate their preferred schedule for the events, in order to help us set up a sensible timetable.

The official meeting point and timetables will be published on this blog and on the mailing list.

Stay tuned!

EDIT:
The meeting report is available: https://redmine.replicant.us/attachments/download/1597/formatted-report.pdf

Final days for the upstream Linux Allwinner VPU support crowdfunding campaign

Posted on by
Reply

A crowdfunding campaign was launched over a month ago by Bootlin in order to fund the development of an upstream Linux kernel driver for the Allwinner CedarX VPU. The VPU (Video Processing Unit) is in charge of offloading video decoding and encoding to a dedicated hardware block, relieving the main CPU. While Replicant does not support Allwinner devices at this point, the project has acquired a number of Allwinner tablets a few years ago, that helped with the advancements of Allwinner platforms support in upstream projects such as the U-Boot bootloader and the Linux kernel.

Recently, Replicant was a candidate for the Google Summer of Code program and we came up with a list of tasks for the occasion. Although our application was not accepted, we are still interested in completing the tasks that we picked up. We put a deliberate focus on supporting mobile devices in mainline U-Boot and Linux, with a particular emphasis on Allwinner devices, the Optimus Black and the Kindle Fire (first generation). We believe that supporting mobile devices and using standard driver interfaces in the upstream Linux kernel is the only sustainable way for freedom on mobile devices. Instead of writing device-specific code specifically for Android for each of the supported devices, this would allow using generic Hardware Abstraction layers (HALs), reducing the amount of work for hardware support on the Replicant side in the long run. This also allows running other operating systems that integrate the upstream Linux kernel interfaces, such as standard GNU/Linux distributions.

In spite of this, I have been dedicating more and more time to contributing to upstream projects such as coreboot, U-Boot and Linux for supporting devices of various form factors, including mobile devices, laptops and single-board computers. Thus, I became less and less active on the technical side for Replicant, where Wolfgang and others have picked-up the work. There is still a lot of room for contributions and everyone is warmly encouraged to join-in and help with the upstreaming effort for devices, especially regarding the Optimus Black, Kindle Fire (first generation) and Allwinner devices.

As a student approaching graduation, I have joined Bootlin (formerly Free Electrons) in Toulouse, France for an internship focused on supporting the Allwinner VPU in upstream Linux and userspace. It definitely fits perfectly with the logic behind focusing Replicant towards upstream Linux support. In order to accelerate the development of the driver, Bootlin has decided to start a crowdfunding campaign in order to fund Maxime Ripard, who has been working for the company and maintaining Allwinner platforms in the Linux kernel for a while.

As the main goal of the campaign was reached within its first week, Maxime will be able to work with me on the VPU. His in-depth understanding of the sun4i DRM video driver’s innards will also reveal very useful for accelerating the processing of the frames coming from the VPU (without unneeded copies of buffers) and implementing scaling in hardware. In order to support the VPU hardware efficiently, a number of changes have to be introduced to the Linux kernel. It currently lacks an interface to provide coherency between setting specific controls for the media stream and the input/output buffers that these controls are related to and should apply to. This API has been implemented by Alexandre Courbot (who’s working at Google on the Chromium OS project) as the V4L2 request API, that fits the requirements for the Allwinner VPU driver. Other VPU drivers, such as the tegra-vde driver that supports the Tegra 20 video decoder engine, also require this API in order to implement a proper V4L2 mem2mem driver.

The crowdfunding campaign still has 10 days to go and two stretch goals to meet (while the first stretch goal, about supporting newer Allwinner SoCs was already met):

  • H265 video decoding support
  • H264 encoding support

As I am not directly impacted by the funding received through the crowdfunding campaign, we believe that there is no direct conflict of interest writing this blog post on the Replicant blog.

Les terminaux sont ils le maillon faible de l’ouverture d’internet ?

Posted on by
4

Les terminaux font aujourd’hui partie de la vie quotidienne de millions d’utilisateurs, au travers d’appareils de différents formats et en particulier d’appareils mobiles de type smartphone, tablette ou d’ordinateurs portables. Ces appareils ont permis de numériser bon nombre d’aspects de la vie, qu’il s’agisse des communications entre les individus ou la capture, le stockage et l’échange d’informations. Ces appareils disposent en effet de nombreuses entrées/sorties permettant de capter et d’interagir avec l’environnement, en récoltant et en stockant une très grande quantité de données tout au long de chaque journée. Ces données sont très largement stockées au sein d’infrastructures de stockage de différentes entreprises, le plus souvent des multinationales Américaines.

Ces appareils se caractérisent donc par une grande capacité à interagir avec les différents aspects du quotidien et une connectivité accrue permettant la communication et le partage de données, mais également par l’accès à de nombreux contenus et services en ligne. En effet, ces terminaux sont les passerelles d’accès pour l’accès rapide au web et à différents types de services, qui génèrent un grand nombre de méta-données et forment en cela une empreinte numérique de l’utilisateur, qui permettra son identification fine. Ces procédés d’identification sont par ailleurs connus pour être mis en œuvre par de nombreuses agences de renseignement.

Les utilisateurs peuvent donc légitimement se poser la question de la confiance qu’ils peuvent accorder à ces terminaux, en particulier du point de vue de leur fonctionnement et agissements réels vis-à-vis des données qu’ils traitent, mais également de leur sécurité, afin de s’assurer que ces données ne sont pas vulnérables et restent effectivement privées. Le contrôle de ces appareils apparaît ainsi comme un élément clef, en ce qu’il permet à l’utilisateur de s’assurer du bon fonctionnement de l’appareil tout au long de son utilisation. Il s’agit pour cela dans un premier temps d’être en mesure d’effectuer des audits du code utilisé sur l’appareil et de pouvoir le modifier et l’exécuter par la suite. Il devient alors possible pour l’utilisateur d’y apporter ses modifications personnelles ou celles de la communauté, de supprimer toute restriction volontaire de fonctionnalité mais aussi d’effectuer des audits de sécurité pour identifier les vulnérabilités et les portes dérobées et d’apporter des corrections indépendamment des constructeurs des appareils qui prennent rarement en charge les appareils de nombreuses années. Il s’agit également par là de garantir l’accès à la connaissance du fonctionnement des appareils, présentant ainsi une opportunité pour étudiants, curieux et passionnés d’étudier et de modifier des logiciels largement utilisés. De plus, la préservation de cette connaissance reste un enjeu pour assurer un certain contrôle à long terme de la technologie, toujours plus présente, de la part de la société toute entière.

Le règlement Européen 2015/2120 prévoit pour les utilisateurs « le droit d’accéder aux informations et aux contenus et de les diffuser, d’utiliser et de fournir des applications et des services et d’utiliser les équipements terminaux de leur choix, ». La question du libre choix du terminal ouvre la porte à la possibilité pour l’utilisateur de pouvoir choisir des terminaux en lesquels ils peuvent avoir confiance, sur lesquels ils ont le contrôle et dont le fonctionnement est connu et largement diffusé. Le projet Replicant s’inscrit tout particulièrement dans cette démarche, en développant un système d’exploitation entièrement composé de logiciels libres, basé sur le code libre d’Android, diffusé par Google. Il s’agit, à partir de cette base libre, de développer les logiciels nécessaires à la prise en charge matérielle de différents appareils mobiles, de manière plus ou moins complète mais avec un minimum de fonctionnalités disponible. Replicant s’inscrit donc au niveau du système d’exploitation, mais les problématiques de la confiance, du contrôle et de la connaissance des appareils concernent plus largement l’ensemble des composants des appareils mobiles. S’il est en général aujourd’hui possible de remplacer le système d’exploitation de ces appareils, la tâche est autrement moins aisée pour d’autres composants critiques tels que les logiciels de démarrage, qui s’exécutent avant le système d’exploitation, mais également les environnements d’exécution de confiance qui s’exécutent pendant toute la durée d’utilisation des appareils avec les privilèges les plus élevés sur l’appareil. Les appareils qui, en plus de présenter une connectivité TCP/IP à l’Internet sont également connectés au réseau GSM disposent d’un composant dédié à cette communication mobile, le baseband ou modem. Tout comme les logiciels cités précédemment, le logiciel qui s’exécute sur ce modem est bien souvent protégé par une signature numérique qui rend impossible sa modification par quiconque ne possède pas la clef privée du fabricant, qu’il ne divulgue pas. Il est ainsi impossible d’exécuter du logiciel libre dans ces cas de figure, n’offrant ainsi jamais à l’utilisateur une véritable confiance, ni de véritable contrôle ou une connaissance complète de son fonctionnement.

De cette façon, on retire du pouvoir aux utilisateurs finaux, qu’il s’agisse d’individus ou d’entreprises intermédiaires qui utilisent et intègrent ces appareils, qui est alors dans les mains du fabricant des appareils. Il s’agit ainsi de consacrer l’union entre le matériel d’une part et le logiciel qui s’exécute sur celui-ci d’autre part. Pour autant, le logiciel se caractérisant comme des instructions pouvant être modifiées, il est une utilisation tout à fait légitime pour l’utilisateur de pouvoir modifier le logiciel s’exécutant sur chacun de ses appareils, qui est par nature dissocié de l’aspect matériel qui permet son exécution. On souhaite donc particulièrement insister sur cette distinction fondamentale, de l’appareil d’une part et du logiciel qu’il exécute d’autre part.

Cette capacité de modifier les logiciels présente par sa nature de nombreuses opportunités d’innovation par la très grande flexibilité qu’elle offre, qui permet l’élaboration d’applications et de services innovants qui sont tout à fait de nature à favoriser l’ouverture d’Internet et le développement de l’activité qui lui est associée.

Third Replicant 6.0 release

Posted on by
1

A new version (0003) of Replicant 6.0 has been released a few weeks ago.

It fixes an important issue that makes devices end up in a boot loop (the devices were crashing during boot, endlessly) when installing certain applications.

It also fixes a security issue that enables attackers to decrypt and/or modify WiFi traffic.
This can be problematic if your security is relying on the WiFi encryption. This can be the case if you are using WiFi to connect to your device to use applications like Remote Keyboard over telnet. This can also be problematic if you share your Internet connection through WiFi and some services of the phone operator you use are available without authentication.

Because of the above, updating to this new version is strongly recommended.
See the update instructions on the wiki for that.

If your device is affected by the boot loop issue mentioned above, the update instructions won’t work, as they expect you to be able to easily reboot to recovery.
In that case, to reboot to the recovery you have to first boot in safe mode, and then to follow the update instructions to reboot to recovery.

Contributions to ARCEP work on terminal devices and public consultation

Posted on by
Reply

While Replicant is mainly backed by Wolfgang in terms of technical contributions nowadays, Denis and Paul are still active in the project, in other ways.

Over the past few months, we have been working with ARCEP, the independent French governmental agency in charge of regulating telecommunications. The agency is working on evaluating the influence of terminal devices in achieving an open Internet, with a particular focus on mobile device. A first report on this topic was issued at the end of may 2017, based on consultations with various members of the industry as well as non-profits such as FFDN, the federation of non-profit ISPs. This first document presents ARCEP’s approach to the application of EU regulation 2015/2120, that gives users specific rights regarding their choice of terminal devices. It provides an analysis of the various actors involved with terminal devices, making clear distinctions between the hardware, operating system, applications and services.

The EU regulation is however less specific and the articles related to terminals can be interpreted with different scopes:

When accessing the internet, end-users should be free to choose between various types of terminal equipment […].

End-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice […].

A narrow understanding would associate the choice of the terminal witch choices made available from the industry, while a broader understanding, that ARCEP is pursuing, also takes in account all the actors involved at every level, including actors from the free software community such as Replicant. This lead the authority to get in touch with us, after members of FFDN kindly put-in a word of recommendation for Replicant.

We attended an initial meeting in Paris in September, where we explained our action at Replicant, the problems we are facing and key elements to shape their understanding. We mentioned that not only the operating system should be considered separately in terms of choice, but also other software components such as the boot software, the privileged execution environment and the modem system, that are also crucial parts of a terminal device that can (and often do) restrict the user.

In November, we attended a workshop with members of the industry, that included Microsoft and Qualcomm among others. We took the occasion to directly question them regarding deliberate choices that are detrimental to users in terms of freedom. It seemed agreed and understood that the ability to load an alternative operating system is a necessity for users and that mistakes were made in the past in that area. However, many of the perspectives presented by the industry were not satisfactory in terms of freedom and privacy/security for end users, especially when it comes to IoT and ISP-provided routers that keep embedding more functionalities. We did not always get answers to our questions, as the representatives that were sitting at the table did not share our technical background and thus sometimes did not fully grasp the reality of the situations at hand.

ARCEP is now organizing a public consultation on the influence of terminal devices on an open Internet, that is presented in a dedicated document. Anyone is welcome to submit a contribution, to share their understanding of what the free choice of terminal devices should entail, either in French or in English. This is an opportunity to send a strong message in favor of free software at all the levels involved in mobile devices: boot software, privileged execution environment (often called TrustZone), operating system, applications and modem system. ARCEP is now organizing a public consultation on the influence of terminal devices on an open Internet, that is presented in a dedicated document. Anyone is welcome to submit a contribution, to share their understanding of what the free choice of terminal devices should entail, either in French or in English. This is an opportunity to send a strong message in favor of free software at all the levels involved in mobile devices: boot software, privileged execution environment (often called TrustZone), operating system, applications and modem system. Replicant will also submit a contribution in this direction, that will be published on the Replicant blog soon.

The consultation is open until the 10th of January 2018 and submissions can be sent to: terminaux@arcep.fr.