lpac icon indicating copy to clipboard operation
lpac copied to clipboard
Published 5 months ago verified publisher icon estkme-group

driver: add uqmi backend

Open blocktrron opened this issue 1 year ago • 3 comments

This commit adds a backend to interface with an eUICC connected to a compatible modem using the uqmi application.

This allows OpenWrt to manage an eUICC including the download and installation of SIM profiles.

This was previously not possible with most modems, as the APDU operations were aborted due to exceeding the timeout imposed on the AT interface by the modem firmware.

Tested-on: Quectel EC25 / Quectel EP06 / Quectel RG520N

blocktrron avatar Aug 29 '24 00:08 blocktrron

@septs Where do you see the potential for Command injection? APDU data is generated by the existing lpac infrastructure and all binary data potentially landing in the system shell is formatted only in hex-chars here:

https://github.com/estkme-group/lpac/pull/149/files#diff-ec954341e60cb55be4a97cf02c58237678cc535c127029fe5a6c95fd228c34f2R125

The buffer is fixed-size 2048 byte long, which fits the maximum tansport size. However, it currently does not check if tx_len fits in there, I will fix this.

To give a it of background: uqmi is a standalone tool for modem-control on OpenWrt, so it sadly does not have a linkable library we could use and make the detour over the shell. This is set to change, as uqmi is being rewritten to provide an rpc interface. For the time being however, uqmi is the best way to interact with eUICCs in modems with small flash constraints like the ones targeted by OpenWrt.

Still looking forward for your feedback!

blocktrron avatar Aug 29 '24 02:08 blocktrron

Is there any difference to https://github.com/estkme-group/lpac/pull/131 apart from using uqmi instead of libqmi? The functionality should be the same, right?

z3ntu avatar Aug 30 '24 08:08 z3ntu

Is there any difference to #131 apart from using uqmi instead of libqmi? The functionality should be the same, right?

uQMI is OpenWrt specific

septs avatar Aug 30 '24 09:08 septs

long unprocessed review

septs avatar Jan 18 '25 08:01 septs

@septs Sorry for taking this long. I still ave this on my backlog and will notify you once i have an updated branch ready. Thank you for your review and work!

blocktrron avatar Jan 19 '25 13:01 blocktrron

i think safety code style like:

char *client_id = ...;
char *slot = ...;
char *channel_id = ...;

char *args = {
   "--set-client-id", client_id,
   "--keep-client-id", "uim",
   "--uim-slot", slot,
   "--uim-channel-id", channel_id,
   "--uim-apdu-send"
};
uqmi_execute_command(args, buffer, sizeof(buffer));

septs avatar Mar 17 '25 11:03 septs