Paul Gardner-Stephen has built a very interesting device to present to the LINUX.CONF.AU this week for the talk “FPGA based mobile phone: Creating a truly open trustable mobile communications device“. If you are in the area, go to the conference on Wednesday January 23rd from 2:25-3:10 pm for an epic talk and demonstration.
First, do we trust our mobile phones?
Modern smart-phones are untrustable. Even if they were open-source, the sheer complexity makes them impossible to meaningfully verify, and therefore trust them. Worse, because they contain major closed-source elements, we lack the digital sovereignty to even attempt such a verification. These concerns are not merely theoretical, the Samsung Galaxy S2 back-door episode, as well as Spectre and Meltdown, and the surveillance facilities purposely built into the cellular network are all evidence that verifiability, trustability, and ultimately, digital sovereignty are all sorely wanted.
Past efforts to make open-source smart-phones have struggled on a number of fronts. First, the chipsets are rarely open-source friendly. Second, even if you find a suitable chipset, by the time you go to market, it is likely already obsolete, and the process of migrating to new chipsets every year is not sustainable for an open-source project. Third, even if you do succeed, there are enough closed-source blobs to make the whole thing untrustable, and without the user holding sovereignty over the device.
So, their approach to developing a secure system:
(We have) created a smart-phone like device that uses an FPGA as the main application processor, and coupled it with an industry standard mini-PCIe cellular modem. The result is a system where you can freely upgrade the cellular modem using commercial off-the-shelf modules, and have complete sovereignty, in that you can create your own FPGA bitstream that defines whatever application processor you want. The cellular modem is left as an untrusted and quarantined “black box”. Importantly, the microphone connects to the modem via the FPGA, so it is possible to prevent the cellular modem listening in when it shouldn’t be. Indeed, we have gone two steps further: You can cut the power to the modem, or even physically remove it. This modular approach also leaves the door open for a truly open cellular modem to be created, without making us wait in the meantime.
As FPGA programming is not for everyone, and because the device should be fun, and because it is easier to make a less miniaturised device on a shoe-string budget, we are creating prototype devices that double as a portable game console, similar in size to a 3DS XL, and that implements both basic telephony (voice, SMS, contacts) and is backwards compatible with the Commodore 64: The core telephony software we have created is written using an extension to Commodore 64 BASIC, and is already open-sourced, and small enough for a determined user to verify. Naturally, you can use the tune from your favourite C64 game or demo as ringtone and/or hold music, and play your favourite games while on a call. Thanks to our crazy full-crossbar audio mixer framework, you can even have the sound from what you are playing audible to you, but not to the other party. And because of our history with the Serval Project, we are also including some long-range UHF packet radios for good measure.
The resulting franken-phone will not be for everyone, but we believe it represents a significant milestone, in that it could well be the first long-term sustainable open-source smart-phone, and perhaps the first ever smart-phone to offer true digital sovereignty. And play Impossible Mission.
I think the incorporation of a Commodore 64 as the front end platform is simply brilliant!