Winter greetings to you all.

It's that time of the (2) year again where it's time to upgrade, and the N900 seems to be the obvious choice for me. I do have one query regarding the N900 security features and the memory card that I cannot find within the N900 user-guide or other online resources. So I thought I'd ask here.

I'm quite familiar to Blackberrys due to work, and I love the fact that they have the ability to encrypt all data stored on the SD card and requiring the user to type in a password to unlock it for mass-storage mode.

My question is: Does the N900 have any security features that can protect the data on the SD card out-of-the-box? If not, are there any apps that can add this cherry to the top of the N900?

Thanks.

There may be various ways to encrypt single files/archives (such as GPG), but I don't know of anything that will encrypt full partitions. The exception to that is this, but it is definitely "just for developers" type of thing right now:

http://wiki.maemo.org/User:Jebba/Cryptsetup

Thank you jebba for your advice.

After a couple of days of playing, the N900 seems very much what I was hoping for. A really great device. One more question though in relation to the original:

Does this device support, out of the box, to lock or password protect the internal 32gb memory while in mass-storage mode? I know this is not a corporate device like the Blackberry, but I would dread to lose this phone and allow someone to view the data so easily
If this device is to have any chance against the BB in a corporate environment, protection for the internal data is a must.

If there is nothing out of the box to support this, does anyone know of any current projects/apps which adds this support?

Thanks again.

By default they can view the data easily. The 32G partition does not get locked.

My apologies if I'm pointing out the obvious.

After playing around it seems that if you lock the device then mass-storage mode does not become available anyway. Problem solved, bar actually taking out the SD card. At least the main 32gb appears to be safe when this is kicked in.

Actually, I take that back.

It's locked as long as it's on, but if you turn the device off then mass-storage mode is enabled automatically, allowing full access to the files.

Doh.

Does anyone know of a way to lock this down?

Hi spinewire,

I'm a corporate user as well, and have been pushing for additional security features for quite some time. At the moment, the features you talk of are not implemented, however I've never used the Lock Device feature (as I have nothing worth stealing/protecting on the device itself).

Could you try to gather some information about this issue and create a new bug on bugs.maemo.org? I would make the severity high as it directly impacts security. (I searched bmo quickly but couldn't find any reference to the aforementioned issue)

With regards to on-device encryption etc:

- Maemo 6 and future device will most probably support this. There are talks to have secure elements provide crypto functionalities to multiple services, among which probably filesystem encryption.

- Maemo 5 currently doesn't support such features as far as I am aware. Even more so, there are no applications that provide this functionality at the moment. I believe it is possible, if utterly required, however the impact on performance might be significant.

Current modifications required for the above:
- Provide kernel modules, or new kernel which supports filesystem encryption.
- Provide a way to allow user to input passphrase or unlock PIN. This could theoretically be an updated bootloader which would pass the passphrase as a parameter to the kernel (unsure of the specifics, just eyeballing it).

Technically speaking, it is already possible to have encryption keys stored in a hardware module connected to the device. However, these are prototypes not yet available to the public at large.

It would be great if there was a small bluetooth device which would support the OpenPGP smart card ( http://shop.kernelconcepts.de/index....2a&language=en ) as USB host is not working.

I'm not sure if some sim card provided could be used for the same purpose.