Hi,

I was wondering if there are any security features built-in or available as third party apps to protect the n810 data ?

Palm Pilots had some simple encryption in the security options that would be triggered when turning off, after a configurable amount of time or at will. You could also select which application's data would be encrypted (as opposed to just everything) or even "only encrypt records marked as private".

Thank for any hints about this.

My first application (for the N800 discount code) was to my port my old TCFS filesystem to the tablet itself.

TCFS is a patch made to NFS in order to encrypt files over the NFS file system. It was a per-file basis encryption system. Each file had is own randomly generated encryption key (actually each block of the file was encrypted with different encryption key for maximum security -> two identical blocks would appear as different ones once encrypted).
All the keys were encrypted by means of a user master key.
Once this key was inserted all the files would be "unlocked" and became accessible.
File encryption was inherited from the directory flag : directory encrypted -> newly created/copied/moved file would be encrypted as well (that was useful, for example, when compiling on that directory. Temporary generated files from gcc would be encrypted automatically).
There was also work in progress for shared encrypted files over a network.

Porting it on the tablet leads to one problem: we have no NFS.
TCFS was designed with a network in mind. An NFS client mounting a file system from an untrusted NFS server.

Adapting it to a local file system would be (and is) trivial from the design perspective, but it's a totally different argument from the practical perspective.
Because that would mean having to manually patch the local file system code.

Specifically, on the tablet, the internal rootfs is an ext2 file system, while the memory card file system is a VFAT one.
That would me having to re-write the code (i.e. patch) either the ext2 file system AND the VFAT file system... and possibly all the others.

I was thinking, for years now, to make the patch directly into the VFS and relying on an external user space daemon for almost everything (key management, encryption/decryption and so on). The VFS would only check and manage the encryption flag (it needs to be fast). Patching the VFS would mean having this encryption support available for ALL the filesystems.
That is not easy. A file system can be slow, the VFS cannot.

Anyway.. TCFS is a project we had to abandon a bunch of years ago. There was some work on a port to Linux 2.6 from a BA student, but that was it.
My dream as always been to keep working on it and bring it back to life.

I can't guarantee anything as I am quite busy, but I can promise I'll take a look at it and see how difficult would be to make the VFS patch.

An alternative could be to write a new FUSE file system.

What about cryptoloop?
http://tldp.org/HOWTO/Cryptoloop-HOWTO/

The main problem is how to get the key from the user on boot up, I think...

May be "dm-crypt" as, as the Cryptoloop page itself states:

Thanks for the replies.

dm-crypt / LUKS would seem appropriate ways to deal with securing down some data / files. I can imagine any of this is not standard as we want to squeeze as much processing power as we can from these devices, so any encryption / security layer is not on by default.

But is it realistic to expect people to use this hardware in any practical way, trusting their data to it without any protection whatsoever ?

Searching the forums for GnuPG / OpenPGP support turned up the following:

Quick command line intro to GnuPG on Nokia tablets:
http://www.internettablettalk.com/fo...6&postcount=18

No support for S/MIME or OpenPGP in Claws for now:
http://www.internettablettalk.com/fo...80&postcount=4

I actualy think there is a lack of security related easy to use security related apps. What I miss is

1. A GUI app or plugin to the filemanager that gives me an easy "encrypt this file or folder" in an easy way.
2. A good note/text/memo app with "encrypt this note" functionality.

GPG is realy nice in theory but with all the commandline stuff it adds so much extra work to get the files safe so that its easy just stop protecting stuff.

"Notecase" did the trick for me:

http://notecase.sourceforge.net/
http://www.maemo-apps.org/content/sh...?content=68633

What about TrueCrypt?

See this thread for TrueCrypt + frontend. Whether you use TrueCrypt or dm-crypt, you won't have XTS cipher mode on Linux 2.6.21.*, you're gonna need Linux 2.6.24.* at least. Because there is now an open source WiFi driver for N8x0 the possibility of Linux version > 2.6.21.* has increased but there isn't a functional port yet. So for now you have to use LRW which has known vulnerabilities.