Latest revision |
Your text |
Line 1: |
Line 1: |
| Aegis is a security framework that differs significantly from normal Unix, though sharing ideas from SELinux. | | Aegis is a security framework that differs significantly from normal Unix, though sharing ideas from SELinux. |
| | | |
- | There is an apparent lack of documentation on what the security framework is intended to address, and how it is intended to be configured. | + | There is a lack of documentation on what the security framework is intended to address, and how it is intended to be configured. |
- | | + | |
- | Some of these questions may be based on misunderstandings, or bugs in the image available to developers.
| + | |
| | | |
| There are three broad classes of issues it raises to address. | | There are three broad classes of issues it raises to address. |
| | | |
| ==End Users== | | ==End Users== |
- | '''Q: What limitations does it pose on software that developers can write for users for the N9. For example, if the developer wants to compile a new kernel with more iptables modules available, or to expose more hardware features, what are the implications?'''
| + | What limitations does it pose on software that developers can write for users for the N9. |
| | | |
- | A: Use open mode with own kernel image, just like it happened in case of the N900 device.
| + | For example, if the developer wants to compile a new kernel with more iptables modules available, or to expose more hardware features, what are the implications? |
| | | |
- | '''Q: Can Aegis run at all in this environment? What are the implications if Aegis cannot run - what stops working? Is it just (for example) Angry Birds, or does this include Maps, and other software.'''
| + | Can Aegis run at all in this environment? |
- | | + | What are the implications if Aegis cannot run - what stops working? |
- | A: Aegis can run just fine with own kernel image on the userspace side as well. You can still use it with own kernel image to a certain extent. There are some aegis-validator difference for sure, but that does not make these applications non-working.
| + | Is it just (for example) Angry Birds, or does this include Maps, and other software. |
| | | |
| ==Developers== | | ==Developers== |
| While Aegis is a powerful platform for security, it raises issues for lower-level developers trying to understand the device, and trying to prototype code. | | While Aegis is a powerful platform for security, it raises issues for lower-level developers trying to understand the device, and trying to prototype code. |
- |
| |
- | '''For example, under what conditions does it lock down the platform, requiring a reflash, as mentioned [http://forum.meego.com/showpost.php?p=25529&postcount=94 in this post on TMO].'''
| |
- |
| |
- | A: I cannot personally reproduce this issue. I have never been able to do that, any hint ? On the other hand, that command is not well-thought. It shows the lack of architecture understading as well. Even if I cannot cause any "damage" with that command on my developer device, it should not be used like that.
| |
- |
| |
- | In the absence of documentation on many of the closed components, 'poking around' can be a valuable method of exposing functionality of the closed parts of software. The interfaces then found can be integrated more normally into applications.
| |
- |
| |
- | '''Q: The lack of a way to turn aegis truly off, even if this requires a reflash to turn it back on impedes this. Some development work - for example - work on making USB host available on the device - is made considerably harder or impossible. '''
| |
- |
| |
- | A: Same question as above with the same answer: Use open mode (custom kernel, like in case of N900)
| |
- |
| |
- | ==End of Life/Meego==
| |
- |
| |
- | At some point Nokia will stop signing packages.
| |
- | Exactly when this might be is hard to predict with the changing mobile space.
| |
- | It might be in 2025, after Harmattan derived phones have taken over the marketplace, it might be 2012, after windows phone is a roaring success for Nokia.
| |
- |
| |
- | At this point - what happens?
| |
- |
| |
- | Without a security system, devices have no clear end date.
| |
- | They may continue to work well for years, with a diminishing pool of developers and users.
| |
- |
| |
- | With a security system - one day no development can be done.
| |
- |
| |
- | Part of this is addressed by the earlier questions about 'can I run another kernel'.
| |
- |
| |
- | A: Yeah, well the same question again. Yes, you can use open mode with custom image as it happened with N900.
| |