Succeeded
Thank you for your help iDont!

What is the correct way to install busybox-power with standard open mode?

Is AEGIS_FIXED_ORIGIN=com.nokia.maemo dpkg -i busybox-power_1.21.0power1-harmattan0_armel.deb correct?

Does this mean i need aegisctl first? Or can standard open mode install the -noaegis version?

Standard open mode users (i.e. the kernel is not patched to neuter aegis) will need to install aegisctl, since aegis will still protect entries in /sys/kernel/security/validator/.

So the correct procedure for standard open mode users would be:
1. Install aegisctl
2. AEGIS_FIXED_ORIGIN=com.nokia.maemo dpkg -i busybox-power_1.21.0power1-harmattan0_armel.deb

Only if you're running a kernel that does neuter aegis (i.e. Patched open mode), you can leave out step 1 and use the -noaegis version.

By the way, if you were to install the -noaegis version on a non-neutered system, the postinst script would simply error out (busybox-power will then be left unconfigured for the moment) so your system won't be broken. All (invalid) scenario's are handled correctly by the packaging .


Edit:
You can't write to /sys/kernel/security/validator/* if you aren't running a kernel that neuters aegis, even when you're in open mode. So you'll still need aegisctl to unseal aegis.

Well I've read and re-read the thread, but it didn't work for me

EDIT: Solved, I guess tmpfs was full

nbedford,

"cp: write error: No space left on device"

Have you checked about the above?

I have busybox-power all setup and working, but I have a question, which is possibly a little off topic, but I would like to better understand for myself.

I installed the openmode kernel available from http://maemo.cloud-7.de/HARM/N9/1.3/openmode-kernel
I assumed (maybe mistakenly) that this was what people refered to as standard openmode?

However, I have opensh installed correctly with AEGIS_FIXED_ORIGIN and this shell provides all capabilities, including tcb-sign so can resign refhashlist.

So basically my question, is my kernel normal openmode or aegis neutered ?

Basically, this is the current situation:

1. A vanilla device is in Normal Mode.
2. Flashing any custom kernel (i.e. one not signed by Nokia) will put your device in Open Mode. You'll need to reflash the whole rootfs if you want your device to go back in Normal mode; just flashing Nokia's kernel won't do IIRC. Open Mode allows you to install packages with all capabilities via the AEGIS_FIXED_ORIGIN trick.
3. If your custom kernel contains this patch: http://maemo.cloud-7.de/HARM/N9/1.2/...openmode.patch, aegis is neutered (the patch should be pretty self-explanatory). Hence, a device in "Open Mode", does not necessarily run an aegis-neutered kernel.

In Open Mode, aegis still enforces the origin check on protected files in your filesystem. That's why we differentiate between Open Mode and Patched Open Mode: we still need to "crack" (or a better term: "unseal") aegis and disable the origin check (this is aegisctl's job) in non-patched Open Mode & Normal Mode. Otherwise aegis would deny access to /bin/busybox as soon as our version gets installed, something you don't want to experience .
When aegis is neutered, we can freely configure aegis as we like, so we don't need aegisctl to unseal aegis. That's why busybox-power-noaegis is able to drop this dependency.

Having all capabilities in non-patched Open Mode does not drop the dependency on aegisctl, as there will always be a brief period in which the hash of /bin/busybox won't match the one in the refhashlist. See the current installation workflow as to why this is true: disable the origin check, install new /bin/busybox (hashes mismatch at this point -> without disabled origin check, the system would now be "broken"), update the refhashlist, resign the refhashlist, reload the refhashlist, enable the origin check.

--
The kernel image you linked contains the neutering patch, although that isn't documented anywhere AFAICS. I guess most people run an aegis-neutered kernel (why still have aegis enforcing stuff when you can install packages with all capabilities?), though I'm not aware of any statistics regarding this subject.

So yes, you are running an aegis-neutered (patched) Open Mode kernel. You can install busybox-power-noaegis, which will replace busybox-power automagically, and uninstall aegisctl if you wish.

If you have any more questions regarding this subject, please don't hesitate to ask them .

This might be an epic nooby question

I installed busybox power fine, now how do I use the extra supported commands?
Like I need to use 'arp' for some network related troubleshooting. Earlier terminal dint support the command. But now I get the same error with busybox power installed.

Regards

you should export extra PATH items to your .profile script:

hey guys,

so i can't install busybox-power because it depends on meego-confirm-text which is either broken or offline or whatever...

any suggestions?