Friday, July 22, 2011

Please Remove Harmattan Platform Security!

This is an open letter to the decision-makers in the Nokia Harmattan project, prompted by Ville Vainio's suggestion.

There is still some time before the release of the N9. Before that release, please disable the platform security framework (MSSF) by default.

When the concept of the Maemo 6 security framework was first outlined to the community in Amsterdam, Maemo was the OS that was going to end up powering all of Nokia's future high-end devices. Maemo 6 was being designed to cater to massive global markets, and so it needed to provide full DRM capabilities.

When Nokia moved to the joint MeeGo project with Intel, they pushed to include the MSSF in the MeeGo 1.2 release.

Many important things have changed since then. Nokia has announced that it is dropping the MeeGo project; the N9 will be the only Harmattan device released by Nokia (and it will be a limited availability release with no announced plans for the UK or North America); there will be no DRM support in Harmattan; and the Intel-led MeeGo project has declined to include the framework in MeeGo 1.2 and announced a "review of meego security strategy".

Now that most (if not all) of the most compelling reasons for platform security in Harmattan have disappeared, the platform security has become, as one community member phrased it, "dead weight". It no longer has a great deal to contribute to the success of the device or the operating system. It has now become more of a hindrance than a benefit to developers and power users, more of a disabler than an enabler.

If Nokia releases the N9 with platform security enabled, it is guaranteed that an open kernel with platform security disabled will be made immediately available. Almost as surely, any power users and developers wishing to use their devices fully will immediately replace the stock kernel with the community kernel. This seems completely out of character for an open-source project, forcing a major fork at release time!

I am not arguing this as an academic exercise, however. I have a very specific example in mind when I make this plea; I have long maintained a Maemo project called Easy Debian which allows common users to install and run desktop Linux applications (like Open Office) on their handheld devices without having to know much about the internal workings of the operating system.

As far as anyone can tell, my project will simply not work with the security framework. It depends upon an image file being mounted on the loop device and then chrooted into. This image file is mounted dynamically and so the hashes cannot be stored in the system. So these files can't be signed. And even if the basic files could be signed, what about people installing any new apps from the Debian repositories?

See this post. The whole thread is very interesting.

When the N9 is released, Harmattan will be the best example on the market of a mobile, open-source operating system. It should also be the best example of an "open" OS for developers. Please don't add unneeded layers of complexity. Please make the threshold for entry as low as possible. Please keep the legacy of "most hackable device" alive in Harmattan!

Please reconsider the platform security!

I think Andrew's  cogent summary below is worth including in the article:

"Symbian was a mass-market OS; Harmattan won't be.

The provision of a secure DRM system makes sense when the platform is your future, with content providers lining up to provide movies-on-demand and for purchase.

Maemo managed fine for years without platsec, and Android's recent malware problems show that having one doesn't prevent users granting permissions to apps which don't need them."

Labels: , , , , , ,