Thread: Windows Playready DRM?
View Single Post
corsac is offline corsac
2009-10-16 , 13:37
Posts: 94 | Thanked: 28 times | Joined on Oct 2009
#87
Originally Posted by Elena Reshetova
If you use your own kernel, you are the one to set the security policy for the device, meaning that your SW in this case can make calls, send sms and so on (for example). Please note that the list of protected resources on the slide is given just as example (to show the possible granularity level), so it doesn't mean that we would have exactly these resources.
Ok, that means that, if we designed our own kernel with its security policy (I guess there will be some documentation to do that, but that looks very interesting and powerful), we could restrict it from doing something (like accessing cellular functions) easily. But that won't be enforced if we don't want to, it's up to the kernel maintainer.

Am I right?

Can open applications use the privilege mechanisms in the Open and Closed modes?

Originally Posted by Elena Reshetova
I guess the question is "Can the applications access protected resources in both modes?" I hope I got the question correctly. The answer is that the Device Security Policy (slide 7) defines the resources can be potentially granted to the SW coming from a particular SW source. When one uses the Nokia signed kernel, the device security policy is defined, and user can't change it. If one uses its own kernel (or community kernel for example), he (or community) is the one to define/change the device policy. This means that one can, for example, change the policy in the way that the SW coming from the maemo.org gets access to all protected resources (of course some content becomes unavailable when one switch to its own kernel, for example DRM). However, again, it is possible only while using your own kernel.
I fact, I don't meant that I wanted to access from open mode a ressource protected in closed mode.

But more, what, as I user (or, say, a company giving n900 (or a Maemo6 device) to its employee), can use from the security architecture.

Suppose I need to run a rebuilt kernel (because I need some functions not available in regular kernels), that means (slide 6) the device will “restrcict security functionality”. In particular, DRM keys will be disabled (I'm fine with that) “content from the previous mode can't be decrypted”.

I'm fine with the latter too, as long as I can still use the security architecture for personal needs, so still use encryption storage, use trustzone, be able to sign my own kernels, use security functions for VPN stuff etc.

Basically, will the Maemo6 security architecture still be usable outside of “nokia world“ and inside a “local business world”.

Not sure I'm really clear, feel free to ask precision