Hi!
On 06/22/2011 11:48 AM, Yves-Alexis Perez wrote:
Could you comment on MSSF support in MeeGo 1.2 Harmattan? It seems that
Aegis manifests are supposed to be present and the Harmattan Security
Guide [0] talks about it.
Sure. Harmattan's security framework is called Aegis and it is a direct
predecessor of MSSF. The biggest difference is that in stead of SMACK a
proprietary 'resource token' implementation is used for access control,
and that is not likely to be included in the Linux mainline kernel. Most
of the APIs and the manifest syntax are the same expect that in many
places the word 'aegis' appears where there should be 'mssf'. And the
packaging is still Debian in stead of RPM.
So Aegis is not at all API compatible with MSSF and the kernel parts of
it are kind of a dead end :-( On the bright side it's a working
implementation which you can try out in a real device as soon as you
manage to get a N9 or a N950. The SDK is available here:
http://www.developer.nokia.com/Develop/Qt/Tools/
Despite the fact that the kernel code will not be even offered for
mainline inclusion (the main reason being that it wouldn't be approved,
I guess), almost all of the source code is available at Gitorious under
meego-platform-security. The kernel parts are in linux-mssf and the
userspace stuff in refhashutils, libcreds2, librestok, aegis-crypto,
aegis-certman and aegis-builder. The SDK of course contains all the
necessary libaries and headers too.
What comes to documentation the couple of talks Elena gave when
Harmattan was still a synonym for Maemo 6 give a good idea of the
components:
http://www.slideshare.net/peterschneider/maemo-6-platform-security
http://archive.fosdem.org/2010/schedule/events/maemo
...although there is one big change since that: there is no DRM any
more. Now the purpose of security is just to protect the device owner
and guarantee stability. The SDK should contain more technical
documentation.
What is the current state of affairs regarding the N9/N950, do you have
any info on that you could share?
Well, the phones have been announced so I'll just have to believe that
N9 indeed arrives to shops in September or October. N950 unfortunately
can only be acquired through a developer program. What happens after
that I have absolutely no idea, I'm sure I'm not the only one who has
difficulties in understanding Nokia's long term strategy. I better not
comment that.
For now I can only say that N9 looks extremely good. I was lucky enough
to get a prototype for loan yesterday and so far it feels very nice, the
HW is really top-notch. Just to mention one detail, this is the first
mobile handset I have seen that can get a GPS lock-in indoors in a few
seconds. Also the maps application is a huge improvement compared to N900.
BTW, what comes to the confusion about names it is indeed true that
Harmattan is more Maemo than MeeGo, as Arjan pointed out in his comment
at LWN. When MeeGo was born the Harmattan project was already well under
way with a very limited mobile handset focus and the purpose of starting
to call it MeeGo was obviously just to emphasize the continuity towards
the next step, in which a much wider set of devices and environments
would be supported. One part of the planned transition at the security
side was the replacement of the orphaned kernel patches by the mainline
components SMACK, IMA and LVM.
Unfortunately that work was then abrubtly interrupted as we all know.
Nokia however seems to have decided that the missile called Harmattan
that was launched three years ago should be allowed to meet its original
target nevertheless, and they obviously didn't see any reason to change
the name back from MeeGo to Maemo. Hence the confusion.
For most application developers the difference is that big anyway. QML
is the preferred tool both in Harmattan and MeeGo proper and the SDK is
pretty much the same. The differences in lower level APIs are of course
annoying, but all things considered I think it could be much worse.
Yesterday was a good day after all.
JuM
_______________________________________________
MeeGo-security-discussion mailing list
[email protected]
http://lists.meego.com/listinfo/meego-security-discussion
