Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Yes I was stating what this update was offering. I do understand that kernel developers want to have full oem unlock command available, and we are working on providing solution for that in future updates. Unfortunately there is limited number of fixes and features that can be included per update. We dont have unlimited hours and manpower.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Like I previously wrote. That closeness is up to Jolla. I am not sure how many will appreciate it.
As for security. Honestly, that is a weak argument. I can break that any time as long as developer mode exists.
Protecting company data should be achieved by other means, If this is what you want.
From a company perspective this is understandable, but, considering whom supported the start-up by preorders, and considering other available options for companies. Is this a wise decision. I dont know, and I dont care. It is goodbye Jolla from me.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

And how do you install developer mode on the device that you have stolen from someone which asks you devicelock code on the boot?

We are not even trying to protect the case where user has installed developer mode by himself, as he as dismissed the warranty may void dialogs and such.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Let's see, for example an security problem in your old frankenstein android kernel mix?

You can even install rpms as an normal user.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

And how do you get to install things as normal user? Settings devicelock code, immediate, 10 attempts, reboot.

True if you quess the lock code with those 10 attemps, you can do anything as normal user. But if you dont happen to quess the code, do you have some trick to bypass the code query with the latest release?

But yes if frankestein kernel has some remote tcp/ip drop to shell exploit, then everything is wide open.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Even if i had I wouldn't disclose them.

But that is not the point. Everybody who thinks their data is secure if it is not encrypted doesn't know much about computer security.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Nobody in right mind would think that their data is secure. Most people know that unix permissions dont give you real data security and that people can just remove microsd card.

It just means that its nice to have locks in your front door, even if burglar can break the window quite easily. And most people in the world keep their front door closed/locked, even when their houses have windows and they know that people can break in at any time.

But I can be wrong of course, some people might not lock their front doors when they go out.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Correct me if I'm wrong, but all these lock-thingies will be slight bumps in the road for someone really interested in the data on your phone. Direct access to the flash chips is all you need. They only viable solution is encryption. What's the reason the Jolla doesn't use that, ootb?

While I'm not really into flashing custom kernels (my N9 runs stock kernel) I do find it disappointing to see I now have yet another device which is hard to hack, or at least harder to hack for the wrong reasons (i.e. trying to improve security, but ultimately failing at that. Just like my Samsung tv, which encrypts recording but helpfully puts the keys in a companion file.)

It might not affect many, but these kind of changes on a bug-fix update which will seriously hinder owner's ability to hack a supposedly open device should be noted in the release notes of that update.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Its pretty easy to use fuse encryption layer for example on your microsd card or any custom folder/directory/mountpoint, so people who wants to have some of their data encrypted are free to do so (it will have performance impact and battery life is also affected). Some future update might even offer you to have your data encrypted.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Well that escalated quickly...

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

If I want to do all the "pretty easy" things on my wish list, I wouldn't have time to poop.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I always thought that codes are to protect data and information and not hardware, it's not feature, it's totally bug. And people always asked why I whined when i was keeping to repeat that Jolla is mostly talking about FOSS and promises, but they still didn't fully proven to be trusted in any promised area.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Seriously guys, I don't see your problem.

As Jonni (rainisto) says, the device is still unlockable, you just need to use a different way to do it. And you can go back to a previous software release by resetting.

The rationale is also understandable: they wish to give some more protection to 99% of their users (that is, everybody who is not a kernel hacker).

They also said that the situation will improve with the next update. Seriously, it's a holiday right now, please have some patience. I bet you wouldn't like it if your boss/customers asked you to work in your holiday either.

Please respect the decision and have some patience.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

With hwkb it should be quite easy to use that off-time for something productive.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Closing/limiting the bootloader is an insufficient stop-gap for protecting the data on your stolen device. Closing/limiting the bootloader however is very effective for annoying tinkering owners. And I reckon that currently the percentage tinkerers of the Jolla is higher than the industry standard.

I was hoping security would be high, if not the highest on the priority list. Now it seems like an oversight which might or might not be fixed in a future update.

I'm quite productive when pooping. Just ask my toilet :D

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

@Venamo: thanks, I will have 2 days of holidays between this August to next May, and today was one of those days. :-]

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

It is definitely, but the Jolla cannot survive on those. MfE (and any IS compliance it needs to implement) is something which might be worth tens of thousands of handsets sold to companies, tinkerers will find their way (with absurdly awesome helping hand from company itself, compare this to nokia TMO interaction, nokia what?), business users want lock code that works. If that passes test for compliance this is something Jolla has to have

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

On the under hands, who would make applications for your platform if you annoy your tinkerers ? I don't think those business users would write their own apps themselves...

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

So back to the argument that having workable android apps is going to scare everyone... thought we did this one already. Android apps take care of business users if the phone is certified. (IF)

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

It only means that you do what you actually like as you keep working on day off, it's good, but it's your decision

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Yes, work and hobby is mixed together, I'm not complaining, every day is an interesting day nowadays :)

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Very disappointing behaviour by Jolla especially after all the publicly stated claims to support FOSS principles.

If you cannot have full and unfettered access to hardware that you have purchased you may as well throw it into the sea.

Locking the boot loader means it is harder to ensure that NSA, GCHQ or other snoopers are kept out of your system. Makes me wonder if there was any pressure applied to the Jolla team from interested parties like the Chinese to lock down these phones for the purposes of state control of users.

Just so glad I read this before updating my phone. Unless this policy is reversed then this will be the fastest self obsoleting piece of hardware I have ever purchased:(

Richard

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Ok, so, right after discovering a method to run what I want on the device, an update comes and breaks this method. And all we get is vague promises about a brighter future.

I am having Déjà vu. Lots of it.

Oh, I fully agree. In fact, I would really wish that whoever this "boss" is would stop asking these employees to ship, during Christmas, updates that actively cripple the device. That would have been much better.

"Cripple first, give explanations latter" was basically the Aegis motto during the early days.

And I'm not even saying that this update completely cripples the device. But, hey, as said, set your priorities straight. It has been mentioned in this thread for lots of pages that "annoying tinkerers" might not be in the best interests of the company. A few words instead of "future updates may or may not completely cripple the device" would be nice.

Look at Stskeeps' post: it was detailed, technical, mentioned future plans, and got a lot of karma. He obviously forgot to mention that locking the bootloader was so high on Jolla's TODO list that they would do that during Christmas and before other features such as, say, allowing this lock to be bypassed when there is no lock code were implemented. *cough*

But at least there were some words. As it stands now, it seems that we have another method, that may or may not last until the next update, which means we're back to a page#1-like panic again.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I understand that after the cloak-and-dagger way that Nokia ran things, people are a bit sensitive about these things, but I really wish people would stop having tantrums every time something like this happens.

This is still a long way from Aegis, and seems to be an emergency measure after what I assume was a stern telling off by some service provider that threatened to block Jolla devices otherwise. If the choice were between this and something like MfE stopping working, I'll take the locked-but-circumventable bootloader. The N900 was never supported by exchange servers that required provisioning, for exactly these kinds of reasons.

Jolla's intentions are to be open, but they also need to be commercially viable. Those two aims are often in conflict, but if they ignore the second then they'll end up in the same fringe Maemo was condemned to. They're also small, so we can't expect finely crafted, legally acrobatic, solutions from the start.

Give em time, and please stop throwing your Jollas in the sea. The Baltic has enough heavy metal in it already.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Besides having the bootloader in an IMG file to play with ? Which, can be used across devices ? OH! security doesnt matter once developer mode is accepted ;) Right, so all an employee have to say is ' I dont care' and then you write off all responsibilities.
That will work surely, for all companies who might have considered a Jolla acceptable for a empoyee device, I am sure.
Jolla went wrong here when it comes to developers and an open device.
Mistakes happen, but come on, this whole process untill now have been compiled of nothing but closed communication, doing stuff and them telling.
The bootloader locking is just the latest example.
Not even in the changelogs was it mentioned that Jolla locked the bootloader.
Luckily, the first security flaw was discovered within hours to restore the unlocked bootloader.
But, even if I can hack the device to 'get around' Jollas attempts to protect, its not the point. I DONT WANT TO. I want the device open without having to spent MY time breaking it.
There are enough of these devices around.
Nokias being some.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I just can say I 100% agree on NielDK's rationale and Javispedro's deja-vu induced concerns. Been there, suffered this before. The injuries still hurt. ~aegis
Hanlon's razor definitely not applicable here. Maybe Grey's Law though.

For me not baltic sea but "will it blend"

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

its a crappy move from jolla, and its probably no coinscidence that they did it just when this thread started to move forward. But lets be patient and back off a little and we'll see what they'll do in the nearest weeks. Maybe they did it to prevent eager users to shoot their devices to junk during holiday even before they have had time to roll out their most critical updates.
Show a little patience and give this little company a break.

EDIT: joerg-rw: that video was hilarious. thx.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

So much anger...it feels like i'm reading youtube comments.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Here's an official statement from Jolla:

See this link for details.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

As a consumer I would expect Jolla to make me want to use Sailfish, then boot anything else from custom kernels to Linux forks.
But Sailfish + decent recovery first.

Has the security vacancy been filled in yet?

One of the software engineers on this forum might take the position to work at the root of evil and prevent it to consume itsself?

You are the person we are looking for, if you…

can prevent Jolla devices from being infected with rootkits
have practical experience in finding and fixing such problems
have the ability to document level of confidence in a component
can focus on improving, not complaining
have work experience in the security area
are a team player with can do -attitude
have good communication skills in English
are independent-minded, innovative and proactive in your work

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

(actually eventually much much later that promise came true based on massive effort from community side, just it rendred the device pretty much useless due to the original OS getting locked down and not working as supposed anymore when that "open mode" got enabled. "Change device lock code" anybody?)

Everybody of the same guys doing Jolla now bashed me for being silly when I ranted about aegis being a terrible idea. X-Fade even stopped conversation with me completely from that very moment.
https://mg.pov.lt/maemo-irclog/%23ma...12-01T02:08:11

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

While I understand your concerns, I think this is a very different situation.

And remember, you can always go back to the older OS version that doesn't have this fix.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

AIUI you can't go back to *anything* once the device presents a "MALF" laughing at you. Or simply refuses to boot at all which is pretty much the same as a MALF. And just because selfdestruction not YET implemented doesn't mean you ever will get a way to recover from accidental destruction/damage to the system. And then you're back to what?

The difference between "you can't downgrade"(HARM) and "You can't flash at all"(Jolla) is marginal, with actually HARM being the less nasty concept here.

Sorry I'm out on this game, been there seen that.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I'm not sure what you mean.

You can do a factory reset which will restore the device to the version if came from the factory.

See here for details:
https://together.jolla.com/question/...nt-afterwards/

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

It will just reset the / partition. There is no mention of reflashing the bootloader (aboot partition)

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

Well, there's some thing that should be doable, really. Stskeeps did say previously;
So, if the boot loader is a linuxy bit, then it has to be open. Methinks I'll go and attempt to make my own bootloader, and include there an option to set up public-key ssh login for a maintanance mode, like I have on ubiboot. That should settle it, right?

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

No it has nothing to do with linux kernel. It is a small micro OS. Also I doubt that you can easily build your own lk. It has to be adapted to the jolla smartphone.

You can try it by reviewing the hardware adaption of linux kernel and try to adapt them to the LK bootloader. But this is very risky and not worth the risk.

Hope there will some open device soon which perhaps run mer/nemo/glaicer.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I blame Qualcomm for not allowing Jolla to distribute a proper image so that anyone can flash if the device is broken. I'd be happy to swap boot partitions (or any partition for that matter) if I had the ability to flash.

I sympathise with folks who want to get off ship now for economical reasons and maybe come back later if Jolla provides with better options.

I hope we get more competition in the SoC space so that we get better things. Somebody mentioned that perhaps Intel+open drivers will bring some happiness. Perhaps. Who knows.

I'll keep my Jolla for now, even if it isn't my main phone yet.

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I'll repeat myself, maybe you'll read me this time:

Jolla has acknowledged that this is a bug and that this break was not intentional - they also officially said that they're working on fixing it. :)

Re: [HOWTO] Comprehensive Firmware Flashing Guide for Jolla
 

I may keep my device also because I don't want to loose money. But my top priority is porting nemo/glacier on it.