Talk:MaemoSecurity

(How does closed mode affect on-device debugging?: new section)
(Add Q13 about data accessible across both modes)
Line 12: Line 12:
===How easy is it to switch between Open and Closed modes?===
===How easy is it to switch between Open and Closed modes?===
 +
 +
Is it so trivial that you would want to and be able to do it several times a day and on the go?
===Can network operators restrict you switching to Open mode?===
===Can network operators restrict you switching to Open mode?===
Line 37: Line 39:
* encrypted/signed communications (phone, sms/mms, mails, IM) ?
* encrypted/signed communications (phone, sms/mms, mails, IM) ?
-
== How does closed mode affect on-device debugging? ==
+
=== How does closed mode affect on-device debugging? ===
For example, will ptrace(2) still work (eg gdb, strace & ltrace)?  Will we be able to produce code dumps?
For example, will ptrace(2) still work (eg gdb, strace & ltrace)?  Will we be able to produce code dumps?
 +
 +
===Will DRM-free data and DRM-free applications be accessible from both modes once they're installed/created in either of the two modes?===
 +
 +
E.g.: I start in DRM-mode, install DRM-free applications from Extras, take 3 pictures, add some contacts. Then I switch to DRM-free mode: Will I be able to run the applications installed in DRM-free mode, view and edit my contacts and view and edit my own pictures? (And the other way round, of course, starting from DRM-free mode and switching to DRM afterwards.)

Revision as of 11:07, 12 October 2009

Suggested questions:

Contents

Is there a diagram showing the security framework and components?

There were some diagrams in the presentation - can we see them.

What is "Open Mode" and can it be revoked remotely?

Is that the right terminology? Essentially can Nokia reach out the the 2nd stage bootloader and tell it to stop running unsigned kernels. Maybe this should be 2 questions.

What does closed mode restrict you from doing? Terminal? Root?

How easy is it to switch between Open and Closed modes?

Is it so trivial that you would want to and be able to do it several times a day and on the go?

Can network operators restrict you switching to Open mode?

Like if a device is sim-locked to a particular network, does the device get locked down in closed DRM mode only too? Can you always switch to open mode?

How granular is the encryption?

If my app creates content in the closed mode can I see it in open mode?

Can open applications use the privilege mechanisms in the Open and Closed modes?

Can open applications use the DRM encryption mechanisms in the Open and Closed modes?

I can see that this could be useful. Maybe.

Will community extensions to the kernel (modules) be permitted in Open/Closed modes?

I can't see how - which leads to the question: How do community 'enhancements' to the kernel get adopted?

Is there any GPLv3 software impacted?

Please have a license discussion somewhere and let us know when you have consensus. What is Nokias position? Peter made a statement at the talk - can someone transcribe it and/or get Nokia to clarify.

What exactly is available to the end user?

  • storage encryption ?
  • PIM data encryption ?
  • encrypted/signed communications (phone, sms/mms, mails, IM) ?

How does closed mode affect on-device debugging?

For example, will ptrace(2) still work (eg gdb, strace & ltrace)? Will we be able to produce code dumps?

Will DRM-free data and DRM-free applications be accessible from both modes once they're installed/created in either of the two modes?

E.g.: I start in DRM-mode, install DRM-free applications from Extras, take 3 pictures, add some contacts. Then I switch to DRM-free mode: Will I be able to run the applications installed in DRM-free mode, view and edit my contacts and view and edit my own pictures? (And the other way round, of course, starting from DRM-free mode and switching to DRM afterwards.)