Maemo security
m (added link to code repository) |
(Undo revision 45998 by 114.79.28.10 (Talk) vandalism/spam) |
||
(4 intermediate revisions not shown) | |||
Line 15: | Line 15: | ||
Some examples: | Some examples: | ||
- | + | ==Is there a diagram showing the security framework and components?== | |
See [http://www.slideshare.net/peterschneider/maemo-6-platform-security slide] #2, #5 and #9 of Elena Reshetova's [[Maemo Summit 2009/Day 3#Maemo_Platform_Security:_Principles_and_Concepts | Maemo Summit presentation]] | See [http://www.slideshare.net/peterschneider/maemo-6-platform-security slide] #2, #5 and #9 of Elena Reshetova's [[Maemo Summit 2009/Day 3#Maemo_Platform_Security:_Principles_and_Concepts | Maemo Summit presentation]] | ||
Line 21: | Line 21: | ||
Elena Reshetova: The presentation was [http://www.slideshare.net/peterschneider/maemo-6-platform-security uploaded], and currently it is the only information, which I can share. | Elena Reshetova: The presentation was [http://www.slideshare.net/peterschneider/maemo-6-platform-security uploaded], and currently it is the only information, which I can share. | ||
- | + | ==What is "Open Mode" and can it be revoked remotely?== | |
"Open" mode is when an unsigned kernel has been booted. Disabling it remotely would, presumably, require a change to the bootloader. See [http://www.slideshare.net/peterschneider/maemo-6-platform-security slide] #??? --[[User:jaffa|Jaffa]] 11:36, 13 October 2009 (UTC) | "Open" mode is when an unsigned kernel has been booted. Disabling it remotely would, presumably, require a change to the bootloader. See [http://www.slideshare.net/peterschneider/maemo-6-platform-security slide] #??? --[[User:jaffa|Jaffa]] 11:36, 13 October 2009 (UTC) | ||
- | + | ==What does closed mode restrict you from doing?== | |
* Terminal? | * Terminal? | ||
Line 32: | Line 32: | ||
Elena Reshetova: In general "close" mode has its own security policy, which user won't be able to change. | Elena Reshetova: In general "close" mode has its own security policy, which user won't be able to change. | ||
- | * Cellular is marked as a protected ressource in the slide. Can one still use it (phone, data, sms etc.) while running in open mode? While | + | * Cellular is marked as a protected ressource in the slide. Can one still use it (phone, data, sms etc.) while running in open mode? While running a rebuilt kernel? |
- | Elena Reshetova: If you use your own kernel, you are the one to set the security policy for the device, meaning that your SW in this case can make calls, send | + | Elena Reshetova: If you use your own kernel, you are the one to set the security policy for the device, meaning that your SW in this case can make calls, send SMS and so on (for example). Please note that the list of protected resources on the slide is given just as example (to show the possible granularity level), so it doesn't mean that we would have exactly these resources. |
- | + | ==How easy is it to switch between Open and Closed modes?== | |
Is it so trivial that you would want to and be able to do it several times a day and on the go (without restart)? | Is it so trivial that you would want to and be able to do it several times a day and on the go (without restart)? | ||
Line 42: | Line 42: | ||
Elena Reshetova: I should be able to tell the exact procedure in the future, but for now I can say that it won't be so trivial (like press the GUI button :-)), and the restart is needed. The checks for the SW image are done by the Loader, and during the boot time, so you do need to restart. | Elena Reshetova: I should be able to tell the exact procedure in the future, but for now I can say that it won't be so trivial (like press the GUI button :-)), and the restart is needed. The checks for the SW image are done by the Loader, and during the boot time, so you do need to restart. | ||
- | + | ==Can network operators restrict you switching to Open mode?== | |
- | Like if a device is | + | |
+ | Like if a device is SIM-locked to a particular network, does the device get locked down in closed DRM mode only too? Can you always switch to open mode? | ||
Elena Reshetova: If the device is SIM-locked, operator can restrict you to the usage of one particular kernel (slide 5), for example the one, which was shipped with a device. However, it is up to you to decide to buy the device from the operator or from the Nokia store. | Elena Reshetova: If the device is SIM-locked, operator can restrict you to the usage of one particular kernel (slide 5), for example the one, which was shipped with a device. However, it is up to you to decide to buy the device from the operator or from the Nokia store. | ||
- | Till Harbaum: Imho GPLv3 requires you to provide "installation instructions". gstreamer comes under GPLv3, MeeGo uses gstreamer, hence no distributor is allowed to prevent the | + | Till Harbaum: Imho GPLv3 requires you to provide "installation instructions". gstreamer comes under GPLv3, MeeGo uses gstreamer, hence no distributor is allowed to prevent the installation of e.g. a modified version of gstreamer. They are even required to tell you how to do that. |
+ | |||
+ | ==How granular is the encryption?== | ||
- | |||
If my app creates content in the closed mode can I see it in open mode? | If my app creates content in the closed mode can I see it in open mode? | ||
Elena Reshetova: If your application uses the Protected Storage for encryption (slide 8) in the initial mode, and after you switch to another mode, the application won't be able to get decrypted data. If your application just stores the data in the filesystem, after switching to your own kernel, you will be able to access the data (because they are just plain files in the filesystem). | Elena Reshetova: If your application uses the Protected Storage for encryption (slide 8) in the initial mode, and after you switch to another mode, the application won't be able to get decrypted data. If your application just stores the data in the filesystem, after switching to your own kernel, you will be able to access the data (because they are just plain files in the filesystem). | ||
- | + | ==Can open applications use the privilege mechanisms in the Open and Closed modes?== | |
Elena Reshetova: I guess the question is "Can the applications access protected resources in both modes?" I hope I got the question correctly. The answer is that the Device Security Policy (slide 7) defines the resources can be potentially granted to the SW coming from a particular SW source. When one uses the Nokia signed kernel, the device security policy is defined, and user can't change it. If one uses its own kernel (or community kernel for example), he (or community) is the one to define/change the device policy. This means that one can, for example, change the policy in the way that the SW coming from the maemo.org gets access to all protected resources (of course some content becomes unavailable when one switch to its own kernel, for example DRM). However, again, it is possible only while using your own kernel. | Elena Reshetova: I guess the question is "Can the applications access protected resources in both modes?" I hope I got the question correctly. The answer is that the Device Security Policy (slide 7) defines the resources can be potentially granted to the SW coming from a particular SW source. When one uses the Nokia signed kernel, the device security policy is defined, and user can't change it. If one uses its own kernel (or community kernel for example), he (or community) is the one to define/change the device policy. This means that one can, for example, change the policy in the way that the SW coming from the maemo.org gets access to all protected resources (of course some content becomes unavailable when one switch to its own kernel, for example DRM). However, again, it is possible only while using your own kernel. | ||
- | + | ==Can open applications use the DRM encryption mechanisms in the Open and Closed modes?== | |
- | + | ==Will community extensions to the kernel (modules) be permitted in Open/Closed modes?== | |
I can't see how - which leads to the question: How do community 'enhancements' to the kernel get adopted? | I can't see how - which leads to the question: How do community 'enhancements' to the kernel get adopted? | ||
Elena Reshetova: In the "Open" mode any changes of the kernel are allowed. Regarding the "closed" mode, unfortunately I am not the right person to answer this question. | Elena Reshetova: In the "Open" mode any changes of the kernel are allowed. Regarding the "closed" mode, unfortunately I am not the right person to answer this question. | ||
- | + | ==Is there any GPLv3 software impacted?== | |
[[Category:Harmattan]] | [[Category:Harmattan]] | ||
[[Category:Development]] | [[Category:Development]] |
Latest revision as of 06:28, 15 December 2011
At the Maemo Summit 2009, Nokia shared a great deal of information about the security mechanisms that would be available and/or mandated in upcoming platforms.
- Slides
- Video (TBC)
- Source Code
The concepts outlined include well established favourites in the OSS world (like privilege management) as well as some that are rather less well regarded - such as relatives of the Trusted Computing Platform and DRM.
Inevitably there will be a significant amount of interest and concern about how this affects the open nature of the Maemo platform.
This page is intended to capture community questions (and, eventually I hope, Nokia's answers) about these issues.
Initially please add questions to the discussion page and once they've been refined and consolidated, we'll add them onto this page.
Some examples:
[edit] Is there a diagram showing the security framework and components?
See slide #2, #5 and #9 of Elena Reshetova's Maemo Summit presentation
Elena Reshetova: The presentation was uploaded, and currently it is the only information, which I can share.
[edit] What is "Open Mode" and can it be revoked remotely?
"Open" mode is when an unsigned kernel has been booted. Disabling it remotely would, presumably, require a change to the bootloader. See slide #??? --Jaffa 11:36, 13 October 2009 (UTC)
[edit] What does closed mode restrict you from doing?
- Terminal?
- Root?
Elena Reshetova: In general "close" mode has its own security policy, which user won't be able to change.
- Cellular is marked as a protected ressource in the slide. Can one still use it (phone, data, sms etc.) while running in open mode? While running a rebuilt kernel?
Elena Reshetova: If you use your own kernel, you are the one to set the security policy for the device, meaning that your SW in this case can make calls, send SMS and so on (for example). Please note that the list of protected resources on the slide is given just as example (to show the possible granularity level), so it doesn't mean that we would have exactly these resources.
[edit] How easy is it to switch between Open and Closed modes?
Is it so trivial that you would want to and be able to do it several times a day and on the go (without restart)?
Elena Reshetova: I should be able to tell the exact procedure in the future, but for now I can say that it won't be so trivial (like press the GUI button :-)), and the restart is needed. The checks for the SW image are done by the Loader, and during the boot time, so you do need to restart.
[edit] Can network operators restrict you switching to Open mode?
Like if a device is SIM-locked to a particular network, does the device get locked down in closed DRM mode only too? Can you always switch to open mode?
Elena Reshetova: If the device is SIM-locked, operator can restrict you to the usage of one particular kernel (slide 5), for example the one, which was shipped with a device. However, it is up to you to decide to buy the device from the operator or from the Nokia store.
Till Harbaum: Imho GPLv3 requires you to provide "installation instructions". gstreamer comes under GPLv3, MeeGo uses gstreamer, hence no distributor is allowed to prevent the installation of e.g. a modified version of gstreamer. They are even required to tell you how to do that.
[edit] How granular is the encryption?
If my app creates content in the closed mode can I see it in open mode?
Elena Reshetova: If your application uses the Protected Storage for encryption (slide 8) in the initial mode, and after you switch to another mode, the application won't be able to get decrypted data. If your application just stores the data in the filesystem, after switching to your own kernel, you will be able to access the data (because they are just plain files in the filesystem).
[edit] Can open applications use the privilege mechanisms in the Open and Closed modes?
Elena Reshetova: I guess the question is "Can the applications access protected resources in both modes?" I hope I got the question correctly. The answer is that the Device Security Policy (slide 7) defines the resources can be potentially granted to the SW coming from a particular SW source. When one uses the Nokia signed kernel, the device security policy is defined, and user can't change it. If one uses its own kernel (or community kernel for example), he (or community) is the one to define/change the device policy. This means that one can, for example, change the policy in the way that the SW coming from the maemo.org gets access to all protected resources (of course some content becomes unavailable when one switch to its own kernel, for example DRM). However, again, it is possible only while using your own kernel.
[edit] Can open applications use the DRM encryption mechanisms in the Open and Closed modes?
[edit] Will community extensions to the kernel (modules) be permitted in Open/Closed modes?
I can't see how - which leads to the question: How do community 'enhancements' to the kernel get adopted?
Elena Reshetova: In the "Open" mode any changes of the kernel are allowed. Regarding the "closed" mode, unfortunately I am not the right person to answer this question.
[edit] Is there any GPLv3 software impacted?
- This page was last modified on 15 December 2011, at 06:28.
- This page has been accessed 38,204 times.