Friday, July 22, 2011

Please Remove Harmattan Platform Security!

This is an open letter to the decision-makers in the Nokia Harmattan project, prompted by Ville Vainio's suggestion.

There is still some time before the release of the N9. Before that release, please disable the platform security framework (MSSF) by default.


When the concept of the Maemo 6 security framework was first outlined to the community in Amsterdam, Maemo was the OS that was going to end up powering all of Nokia's future high-end devices. Maemo 6 was being designed to cater to massive global markets, and so it needed to provide full DRM capabilities.

When Nokia moved to the joint MeeGo project with Intel, they pushed to include the MSSF in the MeeGo 1.2 release.

Many important things have changed since then. Nokia has announced that it is dropping the MeeGo project; the N9 will be the only Harmattan device released by Nokia (and it will be a limited availability release with no announced plans for the UK or North America); there will be no DRM support in Harmattan; and the Intel-led MeeGo project has declined to include the framework in MeeGo 1.2 and announced a "review of meego security strategy".


Now that most (if not all) of the most compelling reasons for platform security in Harmattan have disappeared, the platform security has become, as one community member phrased it, "dead weight". It no longer has a great deal to contribute to the success of the device or the operating system. It has now become more of a hindrance than a benefit to developers and power users, more of a disabler than an enabler.

If Nokia releases the N9 with platform security enabled, it is guaranteed that an open kernel with platform security disabled will be made immediately available. Almost as surely, any power users and developers wishing to use their devices fully will immediately replace the stock kernel with the community kernel. This seems completely out of character for an open-source project, forcing a major fork at release time!

I am not arguing this as an academic exercise, however. I have a very specific example in mind when I make this plea; I have long maintained a Maemo project called Easy Debian which allows common users to install and run desktop Linux applications (like Open Office) on their handheld devices without having to know much about the internal workings of the operating system.

As far as anyone can tell, my project will simply not work with the security framework. It depends upon an image file being mounted on the loop device and then chrooted into. This image file is mounted dynamically and so the hashes cannot be stored in the system. So these files can't be signed. And even if the basic files could be signed, what about people installing any new apps from the Debian repositories?

See this post. The whole thread is very interesting.



When the N9 is released, Harmattan will be the best example on the market of a mobile, open-source operating system. It should also be the best example of an "open" OS for developers. Please don't add unneeded layers of complexity. Please make the threshold for entry as low as possible. Please keep the legacy of "most hackable device" alive in Harmattan!

Please reconsider the platform security!

I think Andrew's  cogent summary below is worth including in the article:

"Symbian was a mass-market OS; Harmattan won't be.

The provision of a secure DRM system makes sense when the platform is your future, with content providers lining up to provide movies-on-demand and for purchase.

Maemo managed fine for years without platsec, and Android's recent malware problems show that having one doesn't prevent users granting permissions to apps which don't need them."

Labels: , , , , , ,

11 Comments:

At Fri Jul 22, 08:54:00 pm GMT-7, Blogger Unknown said...

+1

Keeping this will not just alienate Quim. It will alienate most linux users. And probably also all the customers in one way or the other. One of the benefits of Meego compared with other embedded OS's is it's openness.. by taking that away will make it a less desired device. Especially if there is no point in it.

 
At Sat Jul 23, 02:53:00 pm GMT-7, Anonymous Anonymous said...

Dont Agree even if I am a opensure geek.

As long as there is an option it should be enabled as default. its upto the geeks/us to disable it afterwards. Main consumers are not intrested in geekstuff and easy debian and desktops apps. We have to understand this.

A better petition would be to make Nokia release the geekphone N950 for us instead. I wouldn't mind sign such but its seems no one will even bother start such :-( instead they bashing and whining about it on TMO. Woops sorry for going "a bit" offtopic but just my point.

N950 geeks N9 maiinly no geeks...

 
At Sun Jul 24, 01:37:00 pm GMT-7, Blogger SpeedEvil said...

There is another issue.

Sure, you can install your own kernel.

(at least on the n950 version, it's not impossible this may change on the n9)

But, will any binary only blobs that are required for sane system use work without platform security enabled?

If getting back to the initial state of a nice friendly interface that makes day-day tasks easy requires reverse engineering, that will greatly slow down development.

 
At Mon Jul 25, 04:42:00 am GMT-7, Blogger Hardeep Singh said...

You guys seem to ignore the fact that its important for Nokia to provide a usable and secure device to its non technical users. Platform Security has been around since Symbian 9 and it forced most anti virus companies to shut shop on that platform. For the rest of us, there were always tools lke hello ox and rompatcher to disable the platform security at the touch of a button. Keeping platform security covers all their bases and saves them from potential lawsuits and they know that those who need access will find their way in anyway.

 
At Wed Jul 27, 02:39:00 pm GMT-7, Blogger Ville said...

Finland is hibernating through july, let's see if we can get some kind of response for this next month.

 
At Wed Jul 27, 02:42:00 pm GMT-7, Blogger Ville said...

SpeedEvil, everything should work fine w/o platsec. Kernel can run in non-enforcing mode where platform security subsystem is available, it just won't block anything.

 
At Sun Jul 31, 12:42:00 am GMT-7, Blogger Jaffa said...

@Hardeep, Symbian was a mass-market OS; Harmattan won't be. The provision of a secure DRM system makes sense when the platform is your future, with content providers lining up to provide movies-on-demand and for purchase.

Maemo managed fine for years without platsec, and Android's recent malware problems show that having one doesn't prevent users granting permissions to apps which don't need them.

 
At Sun Aug 07, 12:10:00 am GMT-7, Blogger James (Jeffrey) T Wang said...

But there's still a tiny glimmer of hope it can be a mass market device.

Despite all the measures taken by Nokia's senior management to constrain that chance.

Insisting they remove the DRM framework before release, kills-off that last chance!

I don't agree it should be removed by default from release.

 
At Sun Aug 07, 12:17:00 am GMT-7, Blogger James (Jeffrey) T Wang said...

Platsec's also important from an attractiveness POV to carriers etc. in the future.

I don't get the massive assumptions people are making that this absolutely won't become a mass consumer OS in the future.

It's still really early days, WP may not remain the "sole" platform.

 
At Fri Aug 12, 01:31:00 am GMT-7, Blogger Ville said...

Jed,

There is no DRM in Harmattan. That's the point.

If there was DRM, platsec would be useful. Since there isn't, there is not.

 
At Fri Aug 12, 08:56:00 am GMT-7, Blogger James (Jeffrey) T Wang said...

Huh? But there is...
It just becomes irrelevant if there's not much of a commercial 'ecosystem' upon which it'll be heavily utilized.
But that's a big assumption.

N9 looks to be being pushed in markets where Symbian is traditionally strong (with a few exceptions).
Who's to say Nokia doesn't have plans to genuinely try & push it "hard" in those markets?*
Hence the need for DRM...

*admittedly I have serious doubts when it comes to Elop.
But it's our only hope if MeeGo's finally to become a true commercial success (on it's own scale).

 

Post a Comment

<< Home