Hi,

I few ideas for people who want to build custom kernels for N950 in order to disable aegis:

* If you want to disable Aegis, just disabling it on "make menuconfig" will actually make the system unbootable (from my own experience). This is because various commands used during initialization will begin to fail.
* My tip to "disable" Aegis is to actually neutralize it, i.e. make the userspace think it is enabled, but on kernel side it is not enforced.

For instance, aegis is not "sealed" by default. At some point during initialization it is sealed with a write to a /sys/... file. So you can modify the function which implements the writing on kernel side (write_enable() in security/aegis/validator/enforce.c) to actually not set the seal bit, so it remains unsealed. You may also need to disable the bit which prevents "unsigned" kernel modules from being loaded, given that you built the kernel yourself, the hashes have probably changed.

I was too lazy to verify what each of those bits in /sys/.../enforce means, so I simply added a:

memset(&valinfo, 0, sizeof(valinfo));

right before "return count" in write_enable().

Hope that helps,

Could you confirm how you were able to flash the kernel to the N950, as I've been trying but failing to do exactly that with my BFS+BFQ build? I mean on-device via fiasco-flasher(-update), I imagine it's quite straightforward using the OneClickFlasher but I need a packageable solution..

I flashed using the flasher tool on Linux desktop, i.e. not on-device. I don't know how/if you can do that on-device easily.

Good luck!

Do you think you could write up a guide to get this going on the N950? My goal is to do all of my development on the N950 itself so I can code whenever I get free time. I have been away from Linux since I sold my N900, but I am trying to dig back in after being on Symbian^3, iOS, and Android lately.

would be nice if anyone creates .deb to disable aegis checks.

Kudos Hawaii
*RFMON
*Frame injection
*Mac80211
Is great functionality to eventually migrate to the N9.

But I'm not sure you're going to be able to implement FMTX.
I recall someone (actually from Nok IIRC) claiming the antenna or connection isn't there.
FMRX IIRC should be possible, but apparently not FMTX

Probably not an issue for the N950...
But that's not the point of you guys having the N950's.

Cheers.

looked in /usr/share too see if there was a folder to check to see if i could turn the red.led off while recording, i doubt itd be in the sounds fold for the camera.. any clue?

It likely tied into the camera firmware package or the kernel driver. You'd have to either reverse engineer the FW, or disable it from within the module like on the N900.

Just in case you get to the lovely malfunctioning screen (see http://talk.maemo.org/showpost.php?p...3&postcount=26).
I had it, together with the message: Unidentified problem (unknown).
It didnt want to boot any more, UNLESS I connected it to my PC and switched it on.
Then it started and I could use it again.

This way you still can use it (until next boot) and save your data and so on, before you reflash it.


Update:
The flashing will delete your backups!!!!
So wherever they are, make sure you copy them to another partition!

Flashing will delete everything... however, it somehow preserved my previous contacts (recognized them 'cause I had some new ones), but strangely imported them silently after I imported my N900 ones, creating duplicates all over. Very strange bug, I expected everything to be deleted...