@GrapheneOS >Connecting a modem via USB exposes an enormous amount of attack surface to the modem via the kernel's USB stack and drivers.
Harden the stack then and prove it is secure with a mathematical proof then.

>That's far less secure than having an IOMMU isolated modem with DMA using a typical approach.
Having a modem go boot the device up and then decide to enable IOMMU is much less secure.

>The Pinephone's modem is far less secure against attacks and missing important patches. No need for a backdoor
Why would you bother with attacks when you just use the backdoor built into each modem?

>Since the isolation is far worse, it's easier to take over the OS from it.
You would have to actually do an exploit, rather than having the modem trigger a reboot, write to the memory and then go enable IOMMU after.

>Replicant has atrocious security and non-existent protection from this, not more.
The built-in modem-to-storage backdoor is no longer functional.

You can get quite good protection - you just disable the modem software loading library and then the modem does not run.

>The extra CPU it has running a closed source and outdated fork of Android does not exist on a normal, sane modem.
All modems are insane - an extra CPU or not that runs an extra proprietary program is irrelevant.

>Replacing that is not replacing a component which exists on normal devices.
But if you replace that with free software, or use free software to make it do nothing, then it doesn't matter.

The free software userspace for the modem is available here; `git clone https://github.com/the-modem-distro/pinephone_modem_sdk` - google doesn't have that do they?