Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (6)
to General by Kalatti - 2 days, 21 hrs ago -
Full linux distros on Sailfish OS (253)
to SailfishOS by qoh - 5 days, 15 hrs ago - more...
 |
ewan |
2009-10-15
, 17:00
|
|
Posts: 445 |
Thanked: 572 times |
Joined on Oct 2009
@ Oxford
|
#81
|
It's important to separate the technology and the policy. Technology that helps me to protect my system and my data from apps I don't trust is good. If the policy says that it's used to protect apps and data from me, because the upstream suppliers don't trust me, then it's a problem.
| The Following 4 Users Say Thank You to ewan For This Useful Post: | ||
|
|
2009-10-15
, 20:08
|
|
Posts: 286 |
Thanked: 259 times |
Joined on Jan 2006
@ Cambridge, England
|
#82
|
For those intertesed I've just noticed that Elena at Nokia has kindly answered some of the questions about the security platform on the Maemo Security wiki page.
Rich
Last edited by richie; 2009-10-15 at 20:11.
Rich
Last edited by richie; 2009-10-15 at 20:11.
| The Following 2 Users Say Thank You to richie For This Useful Post: | ||
|
|
2009-10-16
, 12:52
|
|
Posts: 94 |
Thanked: 28 times |
Joined on Oct 2009
|
#83
|
Ok, on the wiki page Elena replied about the security architecture. I still have few questions/clarifications but don't really want to clutter the page (even in discussion mode). Should I ask them here (does Elena reads this thread?) or should I edit the page? (then we need to find a way to do more constructed answer/replies because it won't be readable long)
 |
|
2009-10-16
, 12:54
|
|
Posts: 2,535 |
Thanked: 6,681 times |
Joined on Mar 2008
@ UK
|
#84
|
Originally Posted by corsac
Add stuff here or on the discussion page and people'll moderate it into a sensible Q&A on the main page.
Ok, on the wiki page Elena replied about the security architecture. I still have few questions/clarifications but don't really want to clutter the page (even in discussion mode). Should I ask them here (does Elena reads this thread?) or should I edit the page? (then we need to find a way to do more constructed answer/replies because it won't be readable long)
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
|
|
2009-10-16
, 12:58
|
|
Posts: 94 |
Thanked: 28 times |
Joined on Oct 2009
|
#85
|
Ho, and another question (well, two in fact):
* will the Arm TrustZone be available and usable on n900?
* is there any security architecture available on Maemo 5?
(the two aren't completely independant though)
* will the Arm TrustZone be available and usable on n900?
* is there any security architecture available on Maemo 5?
(the two aren't completely independant though)
|
|
2009-10-16
, 13:24
|
|
Posts: 168 |
Thanked: 265 times |
Joined on Oct 2009
@ London, UK
|
#86
|
Originally Posted by allnameswereout
gst-inspect | grep flu brings up:
@qgil are there plans to port over Fluendo codecs to Maemo, or Moonlight to Maemo?
fluwma: fluwmsdec: Fluendo WMS Decoder
fluwma: fluwmadec: Fluendo WMA Decoder
| The Following 2 Users Say Thank You to zaheerm For This Useful Post: | ||
|
|
2009-10-16
, 13:37
|
|
Posts: 94 |
Thanked: 28 times |
Joined on Oct 2009
|
#87
|
Originally Posted by Elena Reshetova
Ok, that means that, if we designed our own kernel with its security policy (I guess there will be some documentation to do that, but that looks very interesting and powerful), we could restrict it from doing something (like accessing cellular functions) easily. But that won't be enforced if we don't want to, it's up to the kernel maintainer.If you use your own kernel, you are the one to set the security policy for the device, meaning that your SW in this case can make calls, send sms and so on (for example). Please note that the list of protected resources on the slide is given just as example (to show the possible granularity level), so it doesn't mean that we would have exactly these resources.
Am I right?
Can open applications use the privilege mechanisms in the Open and Closed modes?
Originally Posted by Elena ReshetovaI guess the question is "Can the applications access protected resources in both modes?" I hope I got the question correctly. The answer is that the Device Security Policy (slide 7) defines the resources can be potentially granted to the SW coming from a particular SW source. When one uses the Nokia signed kernel, the device security policy is defined, and user can't change it. If one uses its own kernel (or community kernel for example), he (or community) is the one to define/change the device policy. This means that one can, for example, change the policy in the way that the SW coming from the maemo.org gets access to all protected resources (of course some content becomes unavailable when one switch to its own kernel, for example DRM). However, again, it is possible only while using your own kernel.
But more, what, as I user (or, say, a company giving n900 (or a Maemo6 device) to its employee), can use from the security architecture.
Suppose I need to run a rebuilt kernel (because I need some functions not available in regular kernels), that means (slide 6) the device will “restrcict security functionality”. In particular, DRM keys will be disabled (I'm fine with that) “content from the previous mode can't be decrypted”.
I'm fine with the latter too, as long as I can still use the security architecture for personal needs, so still use encryption storage, use trustzone, be able to sign my own kernels, use security functions for VPN stuff etc.
Basically, will the Maemo6 security architecture still be usable outside of “nokia world“ and inside a “local business world”.
Not sure I'm really clear, feel free to ask precision
|
|
2009-10-23
, 13:52
|
|
Posts: 3 |
Thanked: 0 times |
Joined on Mar 2007
|
#88
|
Read this thread and I have an emotional/geek question for Quim or Peter about using the x-terminal in Maemo 6.
Quim's blog post proudly shows off an x-term running on Maemo 5 and there is hack project with Nokia PUSH on the N900. So worried Maemo 6 has boring DRM restrictions.
I understand there is an open and closed mode, but I gather that Maemo Security will use access control that is likely to be implemented below Root level, so can't Maemo 6 continue with the x-term even in closed mode? I rarely need root level access, it is more about my preference to manage files using the x-term, using it for SSH and simple geekness of having an x-term on a handheld device!
Quim's blog post proudly shows off an x-term running on Maemo 5 and there is hack project with Nokia PUSH on the N900. So worried Maemo 6 has boring DRM restrictions.
I understand there is an open and closed mode, but I gather that Maemo Security will use access control that is likely to be implemented below Root level, so can't Maemo 6 continue with the x-term even in closed mode? I rarely need root level access, it is more about my preference to manage files using the x-term, using it for SSH and simple geekness of having an x-term on a handheld device!
|
|
2009-10-27
, 04:17
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#89
|
NRC-TR-2008-010 is a year old but looks relevant and goes into a lot more detail than the talk & slides.
 |
|
2009-10-28
, 09:51
|
|
Posts: 3,105 |
Thanked: 11,088 times |
Joined on Jul 2007
@ Mountain View (CA, USA)
|
#90
|
That is Elena' master thesis done while she was working at Nokia Research Center. Yes, we all have previous lives. Don't mix this document with Maemo Harmattan plans.
Don't mix this document with Maemo Harmattan plans.
