|
|
symbian 9, security platform, signing
| Mon, 2007-03-26 18:08 | |
|
hi all,
soon i will port an applicacion to Symbian 9. This application is a project done by me. I dont want to gain money with it and ill not spend money on signing it. Im searching ways to install the application in the phone. For now, the best option i found was DevCerts, but a DevCert will work only for a phone (a IMEI). I dont want to distribute the application massively but i would like to be able to install the application over more that 1 phone (yes, i can generate more DevCerts for different IMEIs.. but i think its a not very confortable solution. In addition these DevCerts will expire 6 months later). I have read if your application is open source symbian will sign it for free, but im not interested on doing it open source for now. I guess its not possible to install application in other way (without spend money i mean), but i would like to ask you if you know any other way to do it. THanks in advance. |
|
Forum posts: 692
Forum posts: 27
i didnt know it was possible to sign for free without giving the sources. Perhaps ill try to do it in this way then.
But i have a question yet. WHat it happens when u must to correct a bug or to add a small modification after signing? I guess its necesary to sign again?
I would like to ask you other think related to this. When u sign a aplication the sis file is signed, and u cant modify it (contained binaries must remain identical to the original binaries when the sis was signed).
But in the moment the application was installed, if the binaries (main .exe for example) are modified (by a way or by other) in the aplication installation directory directly, the system will load this modified binary?? or it will keep a checksum of the installed filed yet?
THanks in advance.
Forum posts: 1886
Eric Bustarret
NewLC Founder & CEO / Professional Symbian OS Consultant
Forum posts: 27
thanks Eric. I supposed it was not possible to modify ur own exe in v9.
Perhaps dumping the flash, parsing the fat and modifying the file from outsite the phone,and writing the flash again... its a not factible way but it would be interesting to test it
Thanks for your answers.
Forum posts: 174
http://ptrmobile.blogspot.com/
Forum posts: 14
Is it possible to buy the ceritificate for TCB capability? I want to develop drivers for Symbian 9.x
Forum posts: 692
Just getting a certificate for TCB is not enough for developing a device drivers.
For Nokia phones, and getting programs signed with "sensitive capabilities" like TCB, read this for starters:
http://www.forum.nokia.com/main/technical_services/testing/cap_granting.html
Forum posts: 14
Symbian made the certification too complex. At Windows Mobile we've just sent an email to microsoft where we've described the API we wanted to use. Then they approved it and we've paid the money. In a week we were able to implement drivers for windows mobile.
I don't understand what is "Forum Nokia/S60 evaluation of the request" step. Also I couldn't find any prices for DRM, AllFiles and TCB capabilities certificate. The only thing i've found is:
http://www.verisign.com/products-services/security-services/code-signing/symbian-content-signing/
What capabilies will be granted by such ACS?
Forum posts: 1058
I never heard that the DRM, AllFiles and TCB capabilities have a price, where you pay the price and then get it. I think how to treat you will be decided on a case-by-case basis by the "powers that be".
Furthermore, if you write a driver for Symbian, are you sure that you will be able to use it, regardless of capabilities? I am not sure, but as far as I know Nokia's 3rd edition phones won't load drivers from anything than ROM. If this is true, are you ready to produce ROM images containing your driver and flash a limited number of phones with it?
Just out of curiositiy: What driver is it anyway? What in a phone or connected to a phone needs a driver?
René Brunner
Forum posts: 14
For Windows Mobile there were two types of code signing:
1) code signing for applications that don't need previledged API.
2) code signing for applications that uses previledged API.
I want to make File system plugin. It should be loaded by RFs::AddFileSystem(). It should be able to be loaded from C:\Sys\.
I've dumped security information for efat32.fsy by petran and found out, that to make my own FSY I'll need:
TCB
CommDD
PowerMgmt
ProtServ
DiskAdmin
AllFiles
Forum posts: 14
I've downloaded "The complete guide to Symbian Signed". As I understand, I need "Express signed" to be able to request TCB and other previledged capabilities. In the guide they say that I need to buy the publisher ID from Trust Center:
https://www.trustcenter.de/cs-bin/PublisherID.cgi/en/155102
The publisher ID is also provided by Verisign at step 2
http://www.verisign.com/products-services/security-services/code-signing/symbian-content-signing/
What is the difference between these publisher ID's?
Forum posts: 14
Heh... the experts have finished
As I ask some nontrivial question - there's no answer. It's sad, very sad... 
Forum posts: 1058
I don't see any non-trivial question right now.
This page
http://developer.symbian.com/main/signed/
tells quite clearly that for publisher IDs it's TrustCenter who is running the show now, and Verisign is out.
And the following link that N/A gave a few posts above already quite nicely sums up Nokia's policy for granting special capabilities:
http://www.forum.nokia.com/main/technical_services/testing/cap_granting.html
Maybe you are sad because there is probably a very real danger that you won't be able to convince Nokia to deal with you. I at least wouldn't even dare to contact them and apply for TCB - the holy grail of Symbian - without a very convincing business plan and an impressive track record in the mobile scene that shows that I am serious.
René Brunner
Forum posts: 140
Basically at the barest minimum you need to be a Symbian Partner AND a Nokia Launchpad or Pro member for them to even look at TCB.
The reason it that these can serverly compromize the phone and the API's you need are under a Symbian Partner licence so you need to have a solid business record with them before they will talk to you.
From the conversations I have had with Nokia, you will need to submit a business plan/case AND a development plan to assess the feasability of the design.
You can start by sending a request to (IIRC)
Paul Todd
Forum posts: 14
+
During reading the Symbian guides I haven't found any mentioning, that they demand the developer to be trusted. I don't think Symbian wants to know the business plans, they just want money. And everything can be solved by the appropriate summ of dollars/euro.
I will.
It seems to me that nobody ever tried to request such capabilities, because there are too many fairy tails about difficulties, and no success stories.