Paul Todd's Forum Nokia Blog - Symbian signed and openess

TCB

2008-07-09T15:13:07Z

As I'm (with my team) partially in charge of giving out DevCerts with TCB, DRM and AllFiles I just have to comment. What Mark described is exactly what we do. We have to be careful when granting any of the three. Because:

1. AllFiles just to make sure your secrets are not thrown away too easily.
2. DRM because Nokia licensed DRM technology and we are liable on holding that part together. In other words a DRM protected application must not leak out from our devices unprotected.
3. TCB because there is Platform Security and because of #1 and #2.

The main pain is that all of the three capabilities are still needed. May it be design flaws in S60 (Server Side MTMs, changing a theme background, etc.) or due to a good reason (Device encryption, Antivirus, FEPs, etc.).

That requires a process which is bit painful, but doable if the reason is technically justified and (like I say) the company requesting them has a direction in life. Unfortunately there is a legal agreement needed...

Risto

Yes and no

2008-07-09T12:42:49Z

Hi Paul,

I have to say I agree with some points and disagree with others.

1) Yes, PlatSec is complex and not helped at all by the very poor information that Symbian publishes about it. The new PlatSec booklet from Symbian Press is particularly poor - I'll post my constructive criticism on that separately.

2) Well yes, inexcusable really. Although they didn't rewrite the OS, they retro-fitted PlatSec constraints to existing APIs which is where a lot of the problems come from. I expect that most of the PlatSec checks were documented at the point of the check, but another API that uses an API internally that requires a certain capability...

2.1) Yes, but that's business as usual in most software development in my experience. :-(

3) Once you're signed up to the program - which is the problem most people have with Symbian Signed at the moment. I've already given my suggestions for how this could be improved for freeware and open source projects. How should it be improved for commercial ISVs?

4) I'm not sure where your distrust comes from here, particularly since you've been granted TCB capability for an application. There is already an anti-virus product for Symbian (http://www.f-secure.com/products/fsmav.html). If someone else writes one that is both good and secure I'm sure they'll have no trouble getting the necessary capabilities granted.

TCB really does need to be protected very carefully though, otherwise you might as well just throw away PlatSec altogether. If I were in charge of handing out the TCB DevCerts I'd only be giving them to sensible sized companies with a reputation to lose or start-ups where the people involved were already known in the industry (not how things should work in a free and fair world but the core concept for PlatSec is TRUST!).

If Norton turns up saying they want a TCB devcert to develop an anti-virus product for Symbian they'll have no problem. If J. Smith from the newly created MobiVirus.com makes the same request then he's going to have a lot more work to do to get it granted. That's how it should be! However, if it was P. Todd rather than J. Smith he should have a rather easier time of it. :-)

Mark

symbian signed

2008-07-09T07:16:53Z

hi Paul,

i do not have publisher id
but i want to install a sis which requires capabilities like TCB,NETWORK CONTROL ,ALLFILES
but the capabilities is not accessed through open signed

What's your #1 suggestions for improving Symbian Signed?

2008-07-08T19:59:55Z

Hi Paul,

I'm keen to learn from the principles and practice of Maemo. Absolutely!

I'm sorry to hear that you've had a rough time with Symbian Signed. Could I ask you: What is the single most important improvement you recommend should happen with Symbian Signed?

As you know, Symbian Signed went through a number of changes recently. As it says in "A guide to Symbian Signed":

"Symbian Signed has changed recently, introducing new and simplified signing options
for applications, and a new lower cost Certificate Authority (CA). No matter what kind of application you are developing for Symbian OS, whether it is commercial or non-commercial, the changes should make it easier for you to get your software signed and deployed. The following three signing options are now available:

"(*) Open Signed, Developer Certificate based signing, including a completely new online-only signing option for developers without a Publisher ID;

"(*) Express Signed, a streamlined signing option that does not require independent testing;

"(*) Certified Signed, the mainstream signing option based on independent testing by a Symbian-accredited Test House."

"The number of Capabilities requiring Device Manufacturer approval has been minimized, and a simpler, unified process has been created for applications that do still require manufacturer approval. Independent testing is now only required for Certified Signed. However, all applications are still expected to satisfy any test cases relevant to them."

// David Wood, Symbian