Simlock Overview: Confidential and Proprietary - Qualcomm Technologies, Inc
Simlock Overview: Confidential and Proprietary - Qualcomm Technologies, Inc
Simlock Overview: Confidential and Proprietary - Qualcomm Technologies, Inc
80-ND826-1 A
PAGE 2 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Revision History
PAGE 3 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Contents
PAGE 4 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
SimLock in the Modem
The Qualcomm Technologies, Inc. (QTI) chipset has support for SimLock
Compliant with [S1]
Partial implementation of [S2] per operator requirements
SimLock is configured in the factory using the diag interface
Control key (CK) values are generated randomly
CK values are locked after configuration is completed using diag interface
Configuration is stored on a secure file system
The modem executes SimLock verification during card initialization
Network is not acquired before SimLock is verified
PAGE 5 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
SimLock on Apps Processor
PAGE 6 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Secure Channel Between Modem and TrustZone
PAGE 7 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Secure Channel Between Modem and TrustZone (cont.)
PAGE 8 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Secure Channel Between Modem and TrustZone (cont.)
PAGE 9 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Secure Channel Between Modem and TrustZone (cont.)
PAGE 10 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Notes on Security
In case of a failed SimLock check, TZ should not pass the encrypted IMSI
in the request to the modem.
This is required to avoid a malicious application from modifying a flag that
indicated the result from failure to success.
In general, the opposite attack (modifying from success to failure) is not an
issue.
IMSI needs to be reencrypted by TZ.
TZ retrieves encrypted IMSI from the modem, decrypts it, and must then
reencrypt it when notifying the modem to proceed.
This guarantees that encrypted payload when IMSI is read is not reused by
malicious applications to fake a message from TZ.
PAGE 11 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
External SimLock in Modem
PAGE 12 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
External SimLock in Modem (cont.)
PAGE 13 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
NV Items
PAGE 14 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
External SimLock – Integration with RIL
PAGE 15 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
References
Ref. Document
Qualcomm Technologies
Q1 Application Note: Software Glossary for Customers CL93-V3077-1
Standards
S1 Personalisation of Mobile Equipment (ME); Mobile Functionality Specification 3GPP 22.022
PAGE 16 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION
Questions?
https://support.cdmatech.com
PAGE 17 80-ND826-1 A Oct 2012 Confidential and Proprietary – Qualcomm Technologies, Inc. | MAY CONTAIN U.S. AND INTERNATIONAL EXPORT CONTROLLED INFORMATION