Apologies for the tardiness of this post. On Mon, 2008-07-14 at 10:57 -0400, Crane, Matthew wrote: > I would think on a phone the primary concern is protecting the user > data. > > E.g. sms, contacts, history. > > If somebody was able to malicously install software on the phone, your > pretty much already [EMAIL PROTECTED]'ed. Not letting it call out helps, but > it's > already defeated. I'm assuming we're not installing a lot of new > unknowns on a secure device, and anything trying to make network > connections is evol.
You're forgetting a large attack vector: social engineering. It doesn't require someone being able to maliciously install something for it to get on your system, especially once Moko repositories start to flourish and organizations setup their own for specific apps/purposes. Additionally, having used several mobile phones (Smart and otherwise) often it is helpful to be able to decide what abilities a piece of downloaded software will have (e.g. a game doesn't need to look at my address book). You're also assuming that it's a "secure device" and that the owner will know how to keep it that way. From experience, I can tell you that as soon as non-geeks get a hold of this phone (Presumably sometime this fall) device security will go out the window. > I've been picturing running an encrypted rootfs image off an SD card. > There could be multiple encrypted rootfs images, only one would be the > real one, or they all could be used for different reasons. Not a bad idea. I had to do something similar with my Zaurus 5500 several years ago because 14M of storage is not enough. However with the FreeRunner, I do actually want to keep my rootfs on the rootfs and use the card(s) for different data sets. > Once the system boots it's up to the user to unlock the keys to the > encrypted image to be used and that gets booted from the already running > kernel. Then what happens if you leave the system in sleep mode and accidentally leave it somewhere and it "wanders off"? You've unlocked the rootfs already, so as long as the attacker doesn't reboot the phone, they've got access. -KW _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community