From b02c671839a2a0f458f593cb96e1b7a590cabf07 Mon Sep 17 00:00:00 2001
From: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Date: Wed, 6 Aug 2025 11:38:35 +0300
Subject: [PATCH] data: add disabled configuration for SUPL support

SUPL (Secure User-Plane Location) is protocol for A-GPS to receive
assistance data over Internet.

EG25-G has integrated SUPL client, that uses mobile data to
communicate with SUPL server and feed assisted data into GNSS
receiver. SUPL drastically improves TTFF (time to first fix) and is
much more effective than XTRA. To configure it user has to set SUPL
version (latest supported version is 2.0), select whether or not use
SSL, set address for SUPL server.

There are more tuning options in Quectel's documentation, but default
values are good to make SUPL work:
 - AT+QGPSCFG="agpsposmode" Configure AGPS Positioning Mode
 - AT+QGPSCFG="lbsapn" Configure AGNSS Positioning AP
 - AT+QGPSCFG="agnssprotocol" Configure AGNSS Positioning Protocols

There are some usage aspects of SUPL to be aware of:
 * modem uses mobile data to get information from SUPL server
 * mobile data is used even if it's disabled in operating system
 * firmware seems to try TLS 1.1, that is deprecated and not used in
   production anymore. See [1].
 * IMSI (International Mobile Subscriber Identity) of your SIM-card,
   current cell Id and public IP are leaked to SUPL server.
   It's recommended to setup proxy server to hide IMSI and IP from
   SUPL server [2].
 * all this information is visible in trafic dumps for network nodes
   in between since there is no SSL
 * SUPL requests with this information are not sent constantly, when
   geolocation is enabled. They are sent, when information in GNSS
   receiver is outdated.

SUPL servers that could be found on the Internet:
 - supl.google.com (widely used, supports SSL and non-SSL)
 - supl.grapheneos.org (supports only SSL, AFAIK just proxy to supl.google.com)
 - supl.vodafone.com (resolves to supl.google.com)
 - supl.qxwz.com (probably doesn't provide data outside of China, Chinese company)
 - supl.nokia.com (is shutdown down)

The only working SUPL server is supl.google.com.

Support in ModemManager and Geoclue is already in
place. ModemManager shows agps-msb capability and Geoclue enables
agps-msb, when it's available. When precise geolocation is requested
and assisted information is missing in the modem (cold start), when
modem requests SUPL server for new assisted data.

SUPL was successfully tested with stock modem firmware 30.007.30.007
and community firmware v0.7.4.

For testing it was often needed to delete assistance data and enforce
cold start. Following script was used for this, it requires
ModemManager run in debug mode (--debug).

```

sudo mmcli -m any --command="AT+QGPSEND"
sleep 1
sudo mmcli -m any --command="AT+QGPSDEL=0"
sleep 1
sudo mmcli -m any --command="AT+QGPSDEL=3"
sleep 1
sudo mmcli -m any --command="AT+QGPSDEL=1"
sleep 1
sudo mmcli -m any --command="AT+QGPSDEL=0"
sleep 1

```

1. https://forums.quectel.com/t/a-gnss-msb-with-tls-on-eg25-g/39334
2. https://github.com/Eierkopp/supl-proxy
---
 data/pine64,pinephone-1.0.toml | 27 +++++++++++++++++++++++++++
 data/pine64,pinephone-1.1.toml | 27 +++++++++++++++++++++++++++
 data/pine64,pinephone-1.2.toml | 27 +++++++++++++++++++++++++++
 data/pine64,pinephone-pro.toml | 27 +++++++++++++++++++++++++++
 4 files changed, 108 insertions(+)

diff --git a/data/pine64,pinephone-1.0.toml b/data/pine64,pinephone-1.0.toml
index 5ed4410..a473f43 100644
--- a/data/pine64,pinephone-1.0.toml
+++ b/data/pine64,pinephone-1.0.toml
@@ -80,6 +80,33 @@ configure = [
     { cmd = "QGPSCFG", subcmd = "galileonmeatype", expect = "0" },
     { cmd = "QGPSCFG", subcmd = "beidounmeatype", expect = "3" },
     { cmd = "QGPSCFG", subcmd = "autogps", expect = "0" },
+
+
+# SUPL (Secure User-Plane Location) configuration:
+#  * SUPL version 2.0
+#  * User Plane without SSL (7276 port).
+#    Frmware seems to try TLS 1.1, that is deprecated.
+#  * URL to SUPL server
+    { cmd = "QGPSCFG", subcmd = "suplver", expect = "2" },
+    { cmd = "QGPSCFG", subcmd = "plane", expect = "0" },
+
+#
+# SUPL drastically improves TTFF (time to first fix) for GNSS receiver
+# and is much more effective than XTRA, but there are some privacy aspects.
+#
+# When SUPL is enabled:
+#  * IMSI (International Mobile Subscriber Identity) of your SIM-card
+#    and public IP are leaked to SUPL server.
+#    It's recommended to setup proxy server like (https://github.com/Eierkopp/supl-proxy)
+#    to hide this information from SUPL server.
+#  * IMSI is visible in trafic dumps since there is no SSL
+#  * Mobile data is used, regardless of the setting in operating system.
+#    Be carefully especially in roaming.
+#
+# To enable SUPL uncomment one of following lines
+#    { cmd = "QGPSSUPLURL", expect = "\"supl.google.com:7276\"" },
+    { cmd = "QGPSSUPLURL", expect = "\"\"" },
+
 # Disable fast poweroff for stability
     { cmd = "QCFG", subcmd = "fast/poweroff", expect = "0" },
 # Configure sleep and wake up pin levels to active low
diff --git a/data/pine64,pinephone-1.1.toml b/data/pine64,pinephone-1.1.toml
index 9d9af97..07420fc 100644
--- a/data/pine64,pinephone-1.1.toml
+++ b/data/pine64,pinephone-1.1.toml
@@ -80,6 +80,33 @@ configure = [
     { cmd = "QGPSCFG", subcmd = "galileonmeatype", expect = "0" },
     { cmd = "QGPSCFG", subcmd = "beidounmeatype", expect = "3" },
     { cmd = "QGPSCFG", subcmd = "autogps", expect = "0" },
+
+
+# SUPL (Secure User-Plane Location) configuration:
+#  * SUPL version 2.0
+#  * User Plane without SSL (7276 port).
+#    Frmware seems to try TLS 1.1, that is deprecated.
+#  * URL to SUPL server
+    { cmd = "QGPSCFG", subcmd = "suplver", expect = "2" },
+    { cmd = "QGPSCFG", subcmd = "plane", expect = "0" },
+
+#
+# SUPL drastically improves TTFF (time to first fix) for GNSS receiver
+# and is much more effective than XTRA, but there are some privacy aspects.
+#
+# When SUPL is enabled:
+#  * IMSI (International Mobile Subscriber Identity) of your SIM-card
+#    and public IP are leaked to SUPL server.
+#    It's recommended to setup proxy server like (https://github.com/Eierkopp/supl-proxy)
+#    to hide this information from SUPL server.
+#  * IMSI is visible in trafic dumps since there is no SSL
+#  * Mobile data is used, regardless of the setting in operating system.
+#    Be carefully especially in roaming.
+#
+# To enable SUPL uncomment one of following lines
+#    { cmd = "QGPSSUPLURL", expect = "\"supl.google.com:7276\"" },
+    { cmd = "QGPSSUPLURL", expect = "\"\"" },
+
 # Disable fast poweroff for stability
     { cmd = "QCFG", subcmd = "fast/poweroff", expect = "0" },
 # Configure sleep and wake up pin levels to active low
diff --git a/data/pine64,pinephone-1.2.toml b/data/pine64,pinephone-1.2.toml
index 99ceb03..7ee3255 100644
--- a/data/pine64,pinephone-1.2.toml
+++ b/data/pine64,pinephone-1.2.toml
@@ -79,6 +79,33 @@ configure = [
     { cmd = "QGPSCFG", subcmd = "galileonmeatype", expect = "0" },
     { cmd = "QGPSCFG", subcmd = "beidounmeatype", expect = "3" },
     { cmd = "QGPSCFG", subcmd = "autogps", expect = "0" },
+
+
+# SUPL (Secure User-Plane Location) configuration:
+#  * SUPL version 2.0
+#  * User Plane without SSL (7276 port).
+#    Frmware seems to try TLS 1.1, that is deprecated.
+#  * URL to SUPL server
+    { cmd = "QGPSCFG", subcmd = "suplver", expect = "2" },
+    { cmd = "QGPSCFG", subcmd = "plane", expect = "0" },
+
+#
+# SUPL drastically improves TTFF (time to first fix) for GNSS receiver
+# and is much more effective than XTRA, but there are some privacy aspects.
+#
+# When SUPL is enabled:
+#  * IMSI (International Mobile Subscriber Identity) of your SIM-card
+#    and public IP are leaked to SUPL server.
+#    It's recommended to setup proxy server like (https://github.com/Eierkopp/supl-proxy)
+#    to hide this information from SUPL server.
+#  * IMSI is visible in trafic dumps since there is no SSL
+#  * Mobile data is used, regardless of the setting in operating system.
+#    Be carefully especially in roaming.
+#
+# To enable SUPL uncomment one of following lines
+#    { cmd = "QGPSSUPLURL", expect = "\"supl.google.com:7276\"" },
+    { cmd = "QGPSSUPLURL", expect = "\"\"" },
+
 # Disable fast poweroff for stability
     { cmd = "QCFG", subcmd = "fast/poweroff", expect = "0" },
 # Configure sleep and wake up pin levels to active low
diff --git a/data/pine64,pinephone-pro.toml b/data/pine64,pinephone-pro.toml
index b5c830f..514d420 100644
--- a/data/pine64,pinephone-pro.toml
+++ b/data/pine64,pinephone-pro.toml
@@ -79,6 +79,33 @@ configure = [
     { cmd = "QGPSCFG", subcmd = "galileonmeatype", expect = "0" },
     { cmd = "QGPSCFG", subcmd = "beidounmeatype", expect = "3" },
     { cmd = "QGPSCFG", subcmd = "autogps", expect = "0" },
+
+
+# SUPL (Secure User-Plane Location) configuration:
+#  * SUPL version 2.0
+#  * User Plane without SSL (7276 port).
+#    Frmware seems to try TLS 1.1, that is deprecated.
+#  * URL to SUPL server
+    { cmd = "QGPSCFG", subcmd = "suplver", expect = "2" },
+    { cmd = "QGPSCFG", subcmd = "plane", expect = "0" },
+
+#
+# SUPL drastically improves TTFF (time to first fix) for GNSS receiver
+# and is much more effective than XTRA, but there are some privacy aspects.
+#
+# When SUPL is enabled:
+#  * IMSI (International Mobile Subscriber Identity) of your SIM-card
+#    and public IP are leaked to SUPL server.
+#    It's recommended to setup proxy server like (https://github.com/Eierkopp/supl-proxy)
+#    to hide this information from SUPL server.
+#  * IMSI is visible in trafic dumps since there is no SSL
+#  * Mobile data is used, regardless of the setting in operating system.
+#    Be carefully especially in roaming.
+#
+# To enable SUPL uncomment one of following lines
+#    { cmd = "QGPSSUPLURL", expect = "\"supl.google.com:7276\"" },
+    { cmd = "QGPSSUPLURL", expect = "\"\"" },
+
 # Disable fast poweroff for stability
     { cmd = "QCFG", subcmd = "fast/poweroff", expect = "0" },
 # Configure sleep and wake up pin levels to active low