Active Topics
-
Extra softwares in Sailfish using CLI, repositories, etc (117)
to SailfishOS by nieldk - 1 day, 13 hrs ago -
Firefox with Leste (6)
to Maemo 7 / Leste by teroyk - 2 days, 9 hrs ago - more...
 |
|
2014-01-26
, 21:49
|
|
Posts: 6,436 |
Thanked: 12,699 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#312
|
openmode patch includes allowing to load unsigned kernel modules, executing binaries from any location, unrestricting root privileges and disabling refhash integrity check. thats all.
you cant remove aegis from kernel, because many os components are based on aegis services, and you cant rebuild system.
if you want aegis-free environment you'll use Nemo.
you cant remove aegis from kernel, because many os components are based on aegis services, and you cant rebuild system.
if you want aegis-free environment you'll use Nemo.
| The Following User Says Thank You to coderus For This Useful Post: | ||
|
|
2014-01-26
, 23:02
|
|
Posts: 1,225 |
Thanked: 1,905 times |
Joined on Feb 2011
@ Quezon City, Philippines
|
#313
|
Originally Posted by __fastcall
It's the same Open Mode other kernels use.
But Ive tried to install a package with dpkg -i and Ive received an aegis security error. So I guess aegis is not fully patched out?
using dpkg.real did the trick, but normally the kernel should disable aegis, or do I understand it wrong?
The patched dpkg checks for file signatures when installing system packages - are you using you used
Code:
export AEGIS_FIXED_ORIGIN="com.nokia.maemo"
__________________
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
|
|
2014-01-28
, 11:20
|
|
Posts: 8 |
Thanked: 2 times |
Joined on Dec 2013
|
#314
|
Thanks for clearing that up.
Yes ive used that export and then I got it working. Ive installed the aegis-hack afterwords and now everything works properly
Yes ive used that export and then I got it working. Ive installed the aegis-hack afterwords and now everything works properly
 |
|
2014-02-03
, 08:28
|
|
Posts: 64 |
Thanked: 66 times |
Joined on Aug 2013
@ Tehran - Iran
|
#315
|
Originally Posted by Hurrian
Hi dear Hurrian
...
kernel-plus 2.6.32.61 r7 should come when I stop messing around with Sailfish
Is there any news about "kernel-plus 2.6.32.61 r7" or "kernel-plus 2.6.32.61 Final" or newer than 61?
Thanks a lot
Last edited by hrbani; 2014-02-03 at 11:22.
|
|
2014-03-25
, 00:50
|
|
Posts: 1,225 |
Thanked: 1,905 times |
Joined on Feb 2011
@ Quezon City, Philippines
|
#316
|
Just a little update, since I've been off TMO for quite a while:
I'm working on rebasing kernel-plus on top of the Mer N9/50 2.6.32 kernel and Mer toolchain, as the Harmattan SDK is officially offline (and deprecated, if I kept building with HSDK, it'd be a pain for others to install and build using it), and it'd be a lot easier to track Git commits with the log from the Mer N9 kernel.
I'm working on rebasing kernel-plus on top of the Mer N9/50 2.6.32 kernel and Mer toolchain, as the Harmattan SDK is officially offline (and deprecated, if I kept building with HSDK, it'd be a pain for others to install and build using it), and it'd be a lot easier to track Git commits with the log from the Mer N9 kernel.
__________________
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
|
|
2014-03-27
, 04:17
|
|
Posts: 324 |
Thanked: 739 times |
Joined on Jun 2009
@ São Paulo, Brazil
|
#317
|
Originally Posted by Hurrian
I noticed only the noop io scheduler is present in the latest kernel-plus. Would you mind re-enabling all the others available in the main kernel pretty please? I really need cfq, no way to set processes io priorities without it.
Just a little update, since I've been off TMO for quite a while:
I'm working on rebasing kernel-plus on top of the Mer N9/50 2.6.32 kernel and Mer toolchain, as the Harmattan SDK is officially offline (and deprecated, if I kept building with HSDK, it'd be a pain for others to install and build using it), and it'd be a lot easier to track Git commits with the log from the Mer N9 kernel.
I would build the kernel myself, but no way to download the sdk, as you mentioned...
Last edited by traysh; 2014-03-27 at 04:27.
|
|
2014-03-29
, 08:08
|
|
Posts: 6,436 |
Thanked: 12,699 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#318
|
@Hurrian @Juiceme i have a non-standart question. Is there any way in kernel to have display framebuffer in portrait rotation? I'm asking because of sailfishos v > 1.0.2.5 going to be crazy on N9's framebuffer. I know about fbrotation cmdline parameters, but it seems not to work.
| The Following User Says Thank You to coderus For This Useful Post: | ||
|
|
2014-03-30
, 13:07
|
|
Posts: 1,225 |
Thanked: 1,905 times |
Joined on Feb 2011
@ Quezon City, Philippines
|
#319
|
Originally Posted by coderus
Well, rotation works, sorta. The problem is, there's some kind of bug that b0rks up rotation at 90 and 270 degrees (echo {1,3} > /sys...)
I know about fbrotation cmdline parameters, but it seems not to work.
I suspect it's related to this bug report filed quite some time ago.
WARNING: This will flip display 180 degrees, but touch mappings will not rotate! You may need to reboot after.
Code:
echo 2 > /sys/class/graphics/fb0/rotate
Originally Posted by traysh
Oops. Yeah, about that...
I noticed only the noop io scheduler is present in the latest kernel-plus. Would you mind re-enabling all the others available in the main kernel pretty please? I really need cfq, no way to set processes io priorities without it.
I've trashed my build VM with the Harmattan SDK on it, leaving me with one option - migrating to Mer+SB2 SDK.
The source code is here for anyone with a functioning Mer+SB2+Nemo N950 SDK.
TODO:
- Fix bug that makes the kernel unbootable
This would be the last known working revision.
Beyond that, I wager something broke in the squashed Linux updates.
__________________
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
Last edited by Hurrian; 2014-04-01 at 03:02.
|
|
2014-04-03
, 03:40
|
|
Posts: 1,225 |
Thanked: 1,905 times |
Joined on Feb 2011
@ Quezon City, Philippines
|
#320
|
I know this'll be a double post, but I just cant resist - I got a little too bored last night while hopped up on coffee.
It's a little teaser of what's to come.
Right now, I've got it booting to the Nokia logo (/sbin/preinit_harmattan), which means I'm able to run Harmattan binaries.
I've spent the night patching Aegis to build and link properly against 3.5.3,but it doesn't register as a LSM
This turns the boot process into potato once /sbin/init runs, as IIRC it has Aegis hooks.
Maybe I need to disable the stock Unix DAC?
I'll make a diff and post binaries for any devs to test and work with me in a few.
Based on filippz's kernel source tree.
EDIT:
I've gotten aegis to load as a LSM!
One minor problem - it looks like due to some methods I've removed (due to deprecated kernel API or somesuch) cause aegis to go completely tits up.
You will get a MALF if you boot this kernel, in its current state.
You will render Harmattan unbootable (broken refhashlist?)
On the plus side, validator-init runs (you get the MALF screen), which means userspace is communicating with the kernel (not in the way we'd want to, but hey, it's a start!)
Points of interest:
security/aegis/validator/validator.c
@525: ipp_hashlist_load [...]
Function entirely removed and stubbed, first oops.
The original code (this commit, same file, line 530) can probably be rewritten.
The code in question that breaks:
Changes that broke the original function: 1, 2
@1338: #if CONFIG_SECURITY_AEGIS_CREDP
.task_setgroups and .task_setgid are removed, reflecting a kernel API change (1, 2)
Investigate how important these LSM hooks are to Aegis?
security/aegis/validator/enforce.c
@188: valinfo.hashreq [...]
Should probably be changed back to
once validator.c:525 is fixed.
WARNING! READ THE ABOVE FIRST!
The kernel is here
compiled with debug info and more printks, in case some of you have a serial port adapter and/or a propensity for kdb
Source patch is here
apply on top of filippz's kernel source tree
use n9_harmattan_defconfig to build a kernel with aegis enabled
WARNING! WARNING! WARNING! WARNING!
Last edited by Hurrian; 2014-04-03 at 23:26.
It's a little teaser of what's to come.
Code:
[ 0.000000] Booting Linux on physical CPU 0 [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Linux version 3.5.3-plus (hurrian@buildserver) (gcc version 4.6.4 20130412 (Mer 4.6.4-1) (Linaro GCC 4.6-2013.05) ) #1 PREEMPT Thu Apr 3 02:06:04 UTC 2014 [ 0.000000] CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c53c7d [ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache [ 0.000000] Machine: Nokia RM-680 board [ 0.000000] Reserving 14680064 bytes SDRAM for VRAM [ 0.000000] Memory policy: ECC disabled, Data cache writeback [ 0.000000] On node 0 totalpages: 256768 [ 0.000000] free_area_init_node: node 0, pgdat b06e6ea0, node_mem_map b0710000 [ 0.000000] Normal zone: 2032 pages used for memmap [ 0.000000] Normal zone: 0 pages reserved [ 0.000000] Normal zone: 252688 pages, LIFO batch:31 [ 0.000000] HighMem zone: 16 pages used for memmap [ 0.000000] HighMem zone: 2032 pages, LIFO batch:0 [ 0.000000] OMAP3630 ES1.2 (l2cache iva sgx neon isp 192mhz_clk ) [ 0.000000] Clocking rate (Crystal/Core/MPU): 38.4/390/600 MHz [ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 [ 0.000000] pcpu-alloc: [0] 0 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 254720 [ 0.000000] Kernel command line: init=/sbin/preinit_harmattan root=/dev/mmcblk0p2 rootwait rootflags=errors=remount-ro rootfstype=ext4 rw mtdoops.mtddev=log mtdoops.record_size=65536 console=tty0 mtdparts=omap2-onenand:1024k(bootloader),2816k@1024k(config),16384k@3840k(kernel),2048k@20224k(log),469248k@22272k(var),32768k@491520k(moslo) bootreason=pwr_key bootmode=normal nolo=2.3.6 product_name=RM-696 dbi-type=V5JW dbi-vendor=1 dbi-size=73 dbi-uid=000000000000000 imei=000000000000000 g_nokia.iSerialNumber=000000000000000 serialnumber=XXX000000 omap_sec.kci=958 gpio=cmt_apeslpx:93:sysfs:output,cmt_en:23:sysfs:init_active:output,cmt_rst_rq:88:sysfs:init_active:output,sleep_ind:92:sysfs:output omapdss.def_disp_enabled=1 vhash=000x00xxxxxxxx000x0xxxx0x00x0x00x0x0xx0x product_model=N9 hwid=1507
I've spent the night patching Aegis to build and link properly against 3.5.3,
This turns the boot process into potato once /sbin/init runs, as IIRC it has Aegis hooks.
Maybe I need to disable the stock Unix DAC?
I'll make a diff and post binaries for any devs to test and work with me in a few.
Based on filippz's kernel source tree.
EDIT:
I've gotten aegis to load as a LSM!
One minor problem - it looks like due to some methods I've removed (due to deprecated kernel API or somesuch) cause aegis to go completely tits up.
You will get a MALF if you boot this kernel, in its current state.
You will render Harmattan unbootable (broken refhashlist?)
On the plus side, validator-init runs (you get the MALF screen), which means userspace is communicating with the kernel (not in the way we'd want to, but hey, it's a start!)
Points of interest:
security/aegis/validator/validator.c
@525: ipp_hashlist_load [...]
Function entirely removed and stubbed, first oops.
The original code (this commit, same file, line 530) can probably be rewritten.
The code in question that breaks:
Code:
bufptr = dentry_path(file->f_vfsmnt->mnt_mountpoint, buffer, buflen);
[...]
if (file->f_vfsmnt->mnt_parent != NULL) {
@1338: #if CONFIG_SECURITY_AEGIS_CREDP
.task_setgroups and .task_setgid are removed, reflecting a kernel API change (1, 2)
Investigate how important these LSM hooks are to Aegis?
security/aegis/validator/enforce.c
@188: valinfo.hashreq [...]
Should probably be changed back to
Code:
valinfo.hashreq = (val & HASH_REQ_BIT) ? 1 : 0;
WARNING! READ THE ABOVE FIRST!
The kernel is here
compiled with debug info and more printks, in case some of you have a serial port adapter and/or a propensity for kdb
Source patch is here
apply on top of filippz's kernel source tree
use n9_harmattan_defconfig to build a kernel with aegis enabled
WARNING! WARNING! WARNING! WARNING!
__________________
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
N9 PR 1.3 Open Mode + kernel-plus for Harmattan
@kenweknot, working on Glacier for Nemo.
Last edited by Hurrian; 2014-04-03 at 23:26.
But Ive tried to install a package with dpkg -i and Ive received an aegis security error. So I guess aegis is not fully patched out?
using dpkg.real did the trick, but normally the kernel should disable aegis, or do I understand it wrong?