N950/Aegis-notes

Aegis is a security framework that differs significantly from normal Unix, though sharing ideas from SELinux.

There is an apparent lack of documentation on what the security framework is intended to address, and how it is intended to be configured.

Some of these questions may be based on misunderstandings, or bugs in the image available to developers.

There are three broad classes of issues it raises to address.

[edit] End Users

Q: What limitations does it pose on software that developers can write for users for the N9. For example, if the developer wants to compile a new kernel with more iptables modules available, or to expose more hardware features, what are the implications?

A: Use open mode with own kernel image, just like it happened in case of the N900 device.

Q: Can Aegis run at all in this environment? What are the implications if Aegis cannot run - what stops working? Is it just (for example) Angry Birds, or does this include Maps, and other software.

A: Aegis can run just fine with own kernel image on the userspace side as well. You can still use it with own kernel image to a certain extent. There are some aegis-validator difference for sure, but that does not make these applications non-working.

[edit] Developers

While Aegis is a powerful platform for security, it raises issues for lower-level developers trying to understand the device, and trying to prototype code.

For example, under what conditions does it lock down the platform, requiring a reflash, as mentioned in this post on TMO.

A: I cannot personally reproduce this issue. I have never been able to do that, any hint ? On the other hand, that command is not well-thought. It shows the lack of architecture understading as well. Even if I cannot cause any "damage" with that command on my developer device, it should not be used like that.

In the absence of documentation on many of the closed components, 'poking around' can be a valuable method of exposing functionality of the closed parts of software. The interfaces then found can be integrated more normally into applications.

Q: The lack of a way to turn aegis truly off, even if this requires a reflash to turn it back on impedes this. Some development work - for example - work on making USB host available on the device - is made considerably harder or impossible.

A: Same question as above with the same answer: Use open mode (custom kernel, like in case of N900)

[edit] End of Life/Meego

At some point Nokia will stop signing packages. Exactly when this might be is hard to predict with the changing mobile space. It might be in 2025, after Harmattan derived phones have taken over the marketplace, it might be 2012, after windows phone is a roaring success for Nokia.

At this point - what happens?

Without a security system, devices have no clear end date. They may continue to work well for years, with a diminishing pool of developers and users.

With a security system - one day no development can be done.

Part of this is addressed by the earlier questions about 'can I run another kernel'.

A: Yeah, well the same question again. Yes, you can use open mode with custom image as it happened with N900.