Active Topics
-
[HOWTO] Comprehensive Firmware Flashing Guide for N9 (1,580)
to Nokia N9 / N950 by aspergerguy - 10 hrs, 40 mins ago -
Nokia N9-00 Prototype Build S1.12 (RM-680 codename "Dali") (250)
to Nokia N9 / N950 by en0s - 3 days, 7 hrs ago -
[Announce] Maebble - Pebble support for Maemo (118)
to Applications by glo-worm - 3 days, 19 hrs ago -
Possible to flash Leste to eMMC? (6)
to Maemo 7 / Leste by Eri - 4 days, 9 hrs ago - more...
|
2009-10-12
, 10:33
|
|
Posts: 289 |
Thanked: 560 times |
Joined on May 2009
@ Tampere, Finland
|
#62
|
I wasn't in the Maemo Summit so I'm a bit in the dark about this and would appreciate if someone could possibly clarify some things.
First of all, I am talking about DRM here with regard to applications. I don't plan on using DRM'd music or video right now but I might end up using commercial applications or games that insist on some sort of DRM to (try to) prevent unwanted copying. I can live with that as long as I have the choice to use or not to use them. I also don't plan on buying a subsidised device from a mobile operator but an unlocked version.
What I'm wondering about is how much the "hackability" will be affected by this DRM scheme. Example: Some bluetooth profiles are missing out of the box in Maemo 6 like now and would require some hacking to make them work. Could I do this hacking with root access in the "open mode" and then boot back to the "drm-mode" to be able to run my DRM'd applications or games or voice-guided nav with Nokia Maps _and_ have the bluetooth profiles work or would I have to boot back to the "open mode" every time I wanted to use the profiles?
Another example could be something like plugging in accessories or peripherals that won't work out of the box and would require for example driver installation or configuration. In a case like this, am I able to do the driver installation/configuration in "open mode" and have these still work in the "drm-mode"? Or will it be an either-or situation?
First of all, I am talking about DRM here with regard to applications. I don't plan on using DRM'd music or video right now but I might end up using commercial applications or games that insist on some sort of DRM to (try to) prevent unwanted copying. I can live with that as long as I have the choice to use or not to use them. I also don't plan on buying a subsidised device from a mobile operator but an unlocked version.
What I'm wondering about is how much the "hackability" will be affected by this DRM scheme. Example: Some bluetooth profiles are missing out of the box in Maemo 6 like now and would require some hacking to make them work. Could I do this hacking with root access in the "open mode" and then boot back to the "drm-mode" to be able to run my DRM'd applications or games or voice-guided nav with Nokia Maps _and_ have the bluetooth profiles work or would I have to boot back to the "open mode" every time I wanted to use the profiles?
Another example could be something like plugging in accessories or peripherals that won't work out of the box and would require for example driver installation or configuration. In a case like this, am I able to do the driver installation/configuration in "open mode" and have these still work in the "drm-mode"? Or will it be an either-or situation?
| The Following User Says Thank You to jsa For This Useful Post: | ||
 |
|
2009-10-12
, 10:47
|
|
Posts: 3,105 |
Thanked: 11,088 times |
Joined on Jul 2007
@ Mountain View (CA, USA)
|
#63
|
jsa, these are good questions worth checking with the security guys through the wiki page. The real question is whether Harmattan users will need to move to an open mode to introduce or activate features not supported out of the box. They might be able to do this for instance through a maemo.org Extras add-on, perfectly valid out of the box.
DRM itself has nothing to do on whether applications will be able to get privileges to extend the functionality at those levels. I guess it's about seeing case by case since from a security point of view installing a driver, enabling a BT profile, speed the CPU clock and etc are each one a different case.
DRM itself has nothing to do on whether applications will be able to get privileges to extend the functionality at those levels. I guess it's about seeing case by case since from a security point of view installing a driver, enabling a BT profile, speed the CPU clock and etc are each one a different case.
|
|
2009-10-12
, 11:24
|
|
Posts: 2,152 |
Thanked: 1,490 times |
Joined on Jan 2006
@ Czech Republic
|
#64
|
Originally Posted by jsa
Yeah I'm aftraid of this too. I was hoping N900 and up will be more open and more hackable on the lower level (kernel, bootloader). This indeed looks like signed bootloader loading signed kernel with disabled (or signed?) kernel modules. So most probably no extra kernel drivers or otherwise you would be able to load anything into kernel and disable DRM in one way or another.
What I'm wondering about is how much the "hackability" will be affected by this DRM scheme. Example: Some bluetooth profiles are missing out of the box in Maemo 6 like now and would require some hacking to make them work. Could I do this hacking with root access in the "open mode" and then boot back to the "drm-mode" to be able to run my DRM'd applications or games or voice-guided nav with Nokia Maps _and_ have the bluetooth profiles work or would I have to boot back to the "open mode" every time I wanted to use the profiles?
Another example could be something like plugging in accessories or peripherals that won't work out of the box and would require for example driver installation or configuration. In a case like this, am I able to do the driver installation/configuration in "open mode" and have these still work in the "drm-mode"? Or will it be an either-or situation?
I am also worried that such locked down design will be used as excuse for not having some features available (no time for coding them because of priorities and extra DRM complications) or for not having source code available. It mayalso affect various design choices (choice of bootloader etc) so even people using only open mode will feel the limitations being present.
__________________
Newbies click here before posting. Thanks.
If you really need to PM me with troubleshooting question please consider posting it to the forum instead. It is OK to PM me a link to such post then. Thank you.
Newbies click here before posting. Thanks.
If you really need to PM me with troubleshooting question please consider posting it to the forum instead. It is OK to PM me a link to such post then. Thank you.
| The Following User Says Thank You to fanoush For This Useful Post: | ||
|
|
2009-10-12
, 11:35
|
|
Posts: 286 |
Thanked: 259 times |
Joined on Jan 2006
@ Cambridge, England
|
#65
|
Originally Posted by qgil
That's good to know.
What we are saying is that no matter what user will have access to new Maemo flagship devices unlocked, at least through the official Nokia distribution channels.
Originally Posted by qgil
There is a slightly different scenario, signing a network contract, but not wanting to use DRM, is open mode available then?
My *personal* opinion with my software freedom hat on: if someone voluntarily signs a contract with an operator for a locked-in device and voluntarily purchases DRM apps or content, then I don't see what ownership and freedom rights can he really claim. If freedom is so important for someone then get an unlocked device, get DRM-free apps and content and be good with it.
I've heard the N900 has DRM functionailty, not sure if this is correct, but if it does and I buy from a network operator, then do I expect a locked down, restricted device? I fine with being sim-locked to the network, just not restricted with what the device can do on the back of DRM implementation. I currently don't have a phone contract and had planned to buy a N900 on contract, but potential DRM has put a doubt in my mind and maybe I should start saving to buy direct from Nokia!
 |
|
2009-10-12
, 12:40
|
|
Posts: 600 |
Thanked: 742 times |
Joined on Sep 2008
@ England
|
#66
|
Does anyone think it will be worth trying to educate the buyers of carrier-degraded Maemo phones? I'm thinking of something along these lines...
A desktop widget (with an enticing name such as "Free Desktop Widget" to encourage users to try it out). When it's running under open-Maemo, it displays the message "I am free!". When it's running under DRM-Maemo, it displays the message "I am shackled". If the user taps on the widget, it then pops up an explanation of how to enable open-Maemo mode.
Authors of open-source Maemo packages could introduce a dependency upon this widget if they liked the idea.
Regards,
Roger
A desktop widget (with an enticing name such as "Free Desktop Widget" to encourage users to try it out). When it's running under open-Maemo, it displays the message "I am free!". When it's running under DRM-Maemo, it displays the message "I am shackled". If the user taps on the widget, it then pops up an explanation of how to enable open-Maemo mode.
Authors of open-source Maemo packages could introduce a dependency upon this widget if they liked the idea.
Regards,
Roger
| The Following User Says Thank You to eiffel For This Useful Post: | ||
|
|
2009-10-12
, 12:57
|
|
Posts: 3,105 |
Thanked: 11,088 times |
Joined on Jul 2007
@ Mountain View (CA, USA)
|
#67
|
richie, lock-in and DRM are different things. There are devices with both, just one or none. If you're interested, ask before buying a product. The N900 has no DRM and is available unlocked.
fanoush & co, your concerns and perhaps even suspicions are understandabe. Hopefully previous Maemo records, overall Nokia strategy and trends plus the fact that we have shared this Harmattan information even before the N900 is in the shops helps showing our willingness to share, discuss, and get into details as development goes further and things get more concrete.
fanoush & co, your concerns and perhaps even suspicions are understandabe. Hopefully previous Maemo records, overall Nokia strategy and trends plus the fact that we have shared this Harmattan information even before the N900 is in the shops helps showing our willingness to share, discuss, and get into details as development goes further and things get more concrete.
 |
|
2009-10-12
, 13:29
|
|
Posts: 2,535 |
Thanked: 6,681 times |
Joined on Mar 2008
@ UK
|
#68
|
Can I ask that the wiki page is used as a way of those of us who understand Elena's design (fantastic presentation and really good design given the requirements, IMHO) to ask questions in a structured and sensible way?
The more end-user/enthusiast questions can be dealt with through communication channels such as Talk and Planet; leaving the impact on Elena's (and others') time to be minimised?
So, good questions:
Bad questions:
Certainly, once Elena's presentation (and the video) is online, I plan on writing up my own take on it, and helping lbt come up with a good list of questions. I don't want to scare Elena and the other security framework developers off from the community.
PS. The initial comments about "open" and "closed" device modes refer to people who want the full freedoms afforded them today. However, most users will still be able to dabble with a single paid-for app (using DRM to ensure copy protection) and get most of their apps from maemo.org Extras.
PPS. I spoke to Niels immediately after Elena's talk and there are two useful things we can do on Downloads and/or Packages: showing the capabilities requested by a package (by parsing its Aegis manifest) whilst a user is browsing the apps (before having to install it), and making the autobuilder check that an app doesn't request any privileges which aren't available to apps available through Extras.
PPPS. I'm very glad that the effort we're putting in to Extras QA and -testing isn't going to be wasted by users only being able to get community apps through Ovi Store if they want DRM. As I said, good design here.
The more end-user/enthusiast questions can be dealt with through communication channels such as Talk and Planet; leaving the impact on Elena's (and others') time to be minimised?
So, good questions:
When Maemo 6 has booted into a "trusted" mode and has the DRM features available; will a maemo.org extras package be able to modify a file in the rootfs? Will postinst scripts run as root? Will root be available for modifying files installed for unverified binaries (such as editing a file my own app has installed?)
Can a signed image be booted into with an unsigned kernel, but with fewer capabilities available?
Can't I just get root and modify /etc/init.d/... to turn off DRM and get at all my copy-protected music?
Why are you so evil to allow companies which are subsidizing my device to control what I do with it?
PS. The initial comments about "open" and "closed" device modes refer to people who want the full freedoms afforded them today. However, most users will still be able to dabble with a single paid-for app (using DRM to ensure copy protection) and get most of their apps from maemo.org Extras.
PPS. I spoke to Niels immediately after Elena's talk and there are two useful things we can do on Downloads and/or Packages: showing the capabilities requested by a package (by parsing its Aegis manifest) whilst a user is browsing the apps (before having to install it), and making the autobuilder check that an app doesn't request any privileges which aren't available to apps available through Extras.
PPPS. I'm very glad that the effort we're putting in to Extras QA and -testing isn't going to be wasted by users only being able to get community apps through Ovi Store if they want DRM. As I said, good design here.
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
| The Following 4 Users Say Thank You to Jaffa For This Useful Post: | ||
|
|
2009-10-12
, 13:32
|
|
Posts: 2,535 |
Thanked: 6,681 times |
Joined on Mar 2008
@ UK
|
#69
|
Originally Posted by fanoush
However, there are two paths. If the kernel's signature is incorrect, and the device is not sim-locked, the unsigned kernel will be booted with DRM features disabled.
Yeah I'm aftraid of this too. I was hoping N900 and up will be more open and more hackable on the lower level (kernel, bootloader). This indeed looks like signed bootloader loading signed kernel with disabled (or signed?) kernel modules. So most probably no extra kernel drivers or otherwise you would be able to load anything into kernel and disable DRM in one way or another.
Those who are interested in hardware hackery for the end-user may have more problems, but most end-users don't need functionality provided by new kernel modules or kernels. And, if they do, and they require access to some DRM content, they'll need to use bootmenu.
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
|
|
2009-10-12
, 14:04
|
|
Posts: 2,152 |
Thanked: 1,490 times |
Joined on Jan 2006
@ Czech Republic
|
#70
|
Originally Posted by Jaffa
Yes, I didn't emphasized it, sure there will be two ways but with DRM disabled some stuff will not work so you e.g. cannot play game you bought with non-hid bluetooth keyboard (unless uinput is enabled in signed kernel) etc. That basically means modified kernels with harmless fixes will be a no go for people buying stuff from ovi store (i.e most regular people). We'll see how much this will hurt.
However, there are two paths. If the kernel's signature is incorrect, and the device is not sim-locked, the unsigned kernel will be booted with DRM features disabled.
And then with all this restrictions and inconvenience in place, security exploit will be found in signed kernel, and all this is in vain anyway.
__________________
Newbies click here before posting. Thanks.
If you really need to PM me with troubleshooting question please consider posting it to the forum instead. It is OK to PM me a link to such post then. Thank you.
Newbies click here before posting. Thanks.
If you really need to PM me with troubleshooting question please consider posting it to the forum instead. It is OK to PM me a link to such post then. Thank you.
Last edited by fanoush; 2009-10-12 at 14:17.
| The Following 3 Users Say Thank You to fanoush For This Useful Post: | ||
 |
| Tags |
| drm, harmattan, maemo 6, windows |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 03:03.
Until now Nokia has been fully respectful with all kinds of licensing models and of course this full respect will be kept in the future. The legal experts in the company are in touch with the FSF/FSFE and they take part in their activities.
Have also in mind that the own GPLv3 allows to developers adding exceptions e.g. Canola Project’s GPLv3 Permissions are Worth a Look
So let's see. What has been presented is a security framework technically able to offer a wide and flexible array of configurations. If someone is interested in the lock-in business model then they will need to pay attention to the licensing. Business as usual, on the other hand.
http://maemo.org/profile/view/qgil/ + http://qt-project.org