[Debian-on-mobile-maintainers] request for modemmanager to accept AT commands

[Arnaud Ferraris]

Hi Brendan,

Le 03/07/2022 à 02:32, Brendan Simon a écrit :
> Dear Debian `modemmanager` maintenance team,
> 
> I'd like to request that the default Debian package build be configured 
> with:
> 
> |--with-at-command-via-dbus|
> 
> Currently it is not configured, and the only way to be able to issue AT 
> commands is to stop MM, and restart it with --debug option.
> 
> This is a real inconvenience as it takes a long time for this to happen, 
> and then to restart again without --debug.
> 
> Our situation is that we have hundreds of remote devices sitting on 
> power-lines throughout the world, and the software needs to make changes 
> to the modem that is only available via AT commands (MM doesn't fully 
> support the options I need natively).
> 
> Everytime the unit boots or the ModemManager restarts, I need to 
> interrogate the modem to make sure the appropriate settings are 
> correct.  That means having to stop MM and restart in debug mode, and 
> then restart back into normal mode.
> 
> Is there any reason, other than historical, why configuring with AT 
> commands should not be the default?

Yes, having this enabled by default would be a security hazard: any 
software running under a logged user session could send arbitrary AT 
commands to the modem, without having ModemManager acting as a "trusted 
proxy".

Please see 
https://blog.mobian.org/posts/2022/02/11/pinephone-malware-analysis/ for 
a real-world example of malicious software using AT commands to brick a 
modem.

As a consequence, I prefer to keep the current status quo, as exposing 
such an important communication channel with the modem would be too much 
of a risk for the majority of our users.

I'd suggest you look for a way to have MM ignore the AT commands port 
exposed by your modem (if that's possible at all, i.e. said modem 
supports QMI for instance) and use this port directly.

You can draw inspiration from https://gitlab.com/mobian1/eg25-manager as 
this software is designed to configure a (very specific) modem beyond 
what MM can currently do. It runs on devices where there's an AT-capable 
serial port available (and unused by MM), which might not be feasible 
for you, however.

Regards,
Arnaud

> 
> I can build my own custom version of MM, but I'd prefer to use standard 
> Debian packages if possible.
> 
> NOTE: I'm currently using Debian Buster and MM 1.18.6 from 
> buster-backports-sloppy.
> 
> Thanks,
> Brendan.