Editing Talk:Maemo security
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 10: | Line 10: | ||
Maybe this should be 2 questions. | Maybe this should be 2 questions. | ||
- | --[[User:elena_r|elena_r]] 08:37, 28 October 2009 (UTC):Short answer: "Open mode" allows for a user/developer to have their own security policy on a device. This means that a user/developer can change the kernel and the important system components in the way he wants/needs. This mode can't be revoked remotely. | + | --[[User:elena_r|elena_r]] 08:37, 28 October 2009 (UTC): |
+ | :Short answer: "Open mode" allows for a user/developer to have their own security policy on a device. This means that a user/developer can change the kernel and the important system components in the way he wants/needs. This mode can't be revoked remotely. | ||
- | More detailed answer: Let me explain the modes a bit more that there are no confusions. Sorry, if I would be too academic or a bit too high-level, but it is the best way to explain things at the moment, as soon as we can't fully share the details now (work is still in progress). | + | :More detailed answer: Let me explain the modes a bit more that there are no confusions. Sorry, if I would be too academic or a bit too high-level, but it is the best way to explain things at the moment, as soon as we can't fully share the details now (work is still in progress). |
- | + | :About the first mode (it got the name "close mode", but it sounds too strong, so let's call it "normal mode"at the moment, before we have the final names): The device is called to be in the "normal mode", if it has booted the Nokia signed SW Image. This includes the kernel, rootfs, and important system components, which are part of our Trusted Computing Base. The examples of such components are drivers, applications like Application manager (input gate for the SW on the platform) and many others. | |
- | About the first mode (it got the name "close mode", but it sounds too strong, so let's call it "normal mode"at the moment, before we have the final names): The device is called to be in the "normal mode", if it has booted the Nokia signed SW Image. This includes the kernel, rootfs, and important system components, which are part of our Trusted Computing Base. The examples of such components are drivers, applications like Application manager (input gate for the SW on the platform) and many others. | + | :If any of such components is modified (not via system update), the device is in the "open mode". The checks for the components signature are done during the boot process (see presentation), so the current assumption that in order to change the mode, the reboot is needed. Moreover, in order to get back to the "normal mode" from the "open mode", one has to get all components back that the Nokia signature check is successful. The details of the procedure should be available later. |
- | + | ||
- | If any of such components is modified (not via system update), the device is in the "open mode". The checks for the components signature are done during the boot process (see presentation), so the current assumption that in order to change the mode, the reboot is needed. Moreover, in order to get back to the "normal mode" from the "open mode", one has to get all components back that the Nokia signature check is successful. The details of the procedure should be available later. | + | |
===Can open applications use the DRM encryption mechanisms in the Open and Closed modes?=== | ===Can open applications use the DRM encryption mechanisms in the Open and Closed modes?=== | ||
Line 27: | Line 26: | ||
[[User:lbt|lbt]] What is Nokias position? Peter made a statement at the talk - can someone transcribe it and/or get Nokia to clarify. | [[User:lbt|lbt]] What is Nokias position? Peter made a statement at the talk - can someone transcribe it and/or get Nokia to clarify. | ||
- | |||
- | |||
===What exactly is available to the end user?=== | ===What exactly is available to the end user?=== | ||
Line 35: | Line 32: | ||
* PIM data encryption ? | * PIM data encryption ? | ||
* encrypted/signed communications (phone, sms/mms, mails, IM) ? | * encrypted/signed communications (phone, sms/mms, mails, IM) ? | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
=== How does closed mode affect on-device debugging? === | === How does closed mode affect on-device debugging? === | ||
[[User:lma|lma]] For example, will ptrace(2) still work (eg gdb, strace & ltrace)? Will we be able to produce code dumps? | [[User:lma|lma]] For example, will ptrace(2) still work (eg gdb, strace & ltrace)? Will we be able to produce code dumps? | ||
- | |||
- | |||
===Will DRM-free data and DRM-free applications be accessible from both modes once they're installed/created in either of the two modes?=== | ===Will DRM-free data and DRM-free applications be accessible from both modes once they're installed/created in either of the two modes?=== | ||
E.g.: I start in DRM-mode, install DRM-free applications from Extras, take 3 pictures, add some contacts. Then I switch to DRM-free mode: Will I be able to run the applications installed in DRM-free mode, view and edit my contacts and view and edit my own pictures? (And the other way round, of course, starting from DRM-free mode and switching to DRM afterwards.) | E.g.: I start in DRM-mode, install DRM-free applications from Extras, take 3 pictures, add some contacts. Then I switch to DRM-free mode: Will I be able to run the applications installed in DRM-free mode, view and edit my contacts and view and edit my own pictures? (And the other way round, of course, starting from DRM-free mode and switching to DRM afterwards.) | ||
- | |||
- | |||
- | |||
- | |||
- | |||
===What is open mode good for at all?=== | ===What is open mode good for at all?=== | ||
Provided you don't consume digitally restricted media and don't purchase applications that in any way rely on DRM: You don't need DRM-mode then, but on the other hand why would you want DRM-free mode? What is it you cannot do in DRM-mode in such a scenario? Use case? | Provided you don't consume digitally restricted media and don't purchase applications that in any way rely on DRM: You don't need DRM-mode then, but on the other hand why would you want DRM-free mode? What is it you cannot do in DRM-mode in such a scenario? Use case? | ||
- | |||
- | |||
===What is ARM's TrustZone?=== | ===What is ARM's TrustZone?=== | ||
Line 71: | Line 50: | ||
===Can the Trusted Execution Environment (TrEE) be used as a kill switch for the device even if it runs in open mode?=== | ===Can the Trusted Execution Environment (TrEE) be used as a kill switch for the device even if it runs in open mode?=== | ||
- | |||
- | |||
===Will a SIM-locked device with a contract become unlocked at the end of the contract?=== | ===Will a SIM-locked device with a contract become unlocked at the end of the contract?=== | ||
Line 78: | Line 55: | ||
[[User:corsac|Corsac]]: In France for example, it's free (and mandatory) for carriers to accept sim-unlock after 6 months. It may be done before with some fee. | [[User:corsac|Corsac]]: In France for example, it's free (and mandatory) for carriers to accept sim-unlock after 6 months. It may be done before with some fee. | ||
- | |||
- | |||
===Would Nokia be prepared to have Bruce Schneier and co review the security architecture?=== | ===Would Nokia be prepared to have Bruce Schneier and co review the security architecture?=== | ||
[[User:lbt|lbt]] a review by a respected external expert like Bruce would be very beneficial to both parties. | [[User:lbt|lbt]] a review by a respected external expert like Bruce would be very beneficial to both parties. | ||
- | |||
- | |||
- | |||
=== Will a TPM chip be added? === | === Will a TPM chip be added? === | ||
Line 91: | Line 63: | ||
r-r: Could it serve other security purpose then in Open mode? | r-r: Could it serve other security purpose then in Open mode? | ||
[[User:corsac|Corsac]]: afaik, TPM is x86 only. But that's the purpose of ARM TrustZone. And we already asked the question, see above. | [[User:corsac|Corsac]]: afaik, TPM is x86 only. But that's the purpose of ARM TrustZone. And we already asked the question, see above. | ||
- | |||
- | |||
=== How are important upgrades handled? === | === How are important upgrades handled? === | ||
Line 98: | Line 68: | ||
r-r: Do they require to sign a whole new system image? | r-r: Do they require to sign a whole new system image? | ||
- | |||
- | |||
== Maintaining the discussion == | == Maintaining the discussion == | ||
Line 136: | Line 104: | ||
===Customisation (Eg Enterprise, Partner)=== | ===Customisation (Eg Enterprise, Partner)=== | ||
* ?? | * ?? | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- |
Learn more about Contributing to the wiki.