Comment by userbinator

You seem to be quite familiar with Qualcomm, but do you know if there's anything similar in Mediatek SoCs? They do have assisted GPS ("A-GPS"/"EPO") but from the info I can find (including leaked very thorough datasheets and programming manuals), it does nothing more than downloading already-public ephemeris data from an FTP server periodically. I've also inspected the firmware, and there doesn't appear to be any traces of the TrustZone/Trustonic stuff that you mention is present for Qualcomm; AFAICS the only thing running on the main CPU cores is Android itself, the modem runs its own baseband firmware, and the GPS/WiFi/BT/FM combo chip (which is a physically separate part, accessed over a serial interface with no direct DMA capabilities) runs a third firmware. Any "secure boot" features in MTK SoCs are (fortunately?) not very secure, so it's all quite easy to inspect.

There's some bits of interesting info here:

https://github.com/cyrozap/mediatek-lte-baseband-re

https://postmarketos.org/blog/2018/04/14/lowlevel/