Thread: Chroot Scripts for Harmattan Open Mode
View Single Post
rainisto is offline rainisto
2012-03-08 , 11:34
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#30
Originally Posted by javispedro View Post
This is because this is an Aegis crack and not open mode; like with the beta cracks, you will need to insmod unseal.ko .
And you will also need to still request permissions manually and so on for all packages.

Personally, I think this is the wrong approach to take (as explained in the original FMC aegis thread), exploring the real open mode is much more promising and future proof.
Well, if you boot to Open Mode with stock kernel, you still need to insmod module in order to make aegis less strict (I've written my module originally for open mode stock kernel). Its only when you boot to open mode with Aegis cracked kernel when things are easier.

Open mode is future proof, yes, most likely it will not get blocked. But Open Mode has a disadvantage in the fact that CAL nand area is always read-only. So unless you rewrite all the system modules that use CAL to not to use it (and as most of the services using cal are not open sourced) then you will never have 100% matching functionality to Closed Mode phone while being Open Mode. You can get near 99.5% by rewriting most common usecases, like reimplementing devicelock, but I have not seen any open mode developers doing that kind of rewrites.

Using exploits in Closed Mode is wrong approach too, since its quite likely that public exploits are going to be fixed if it poses thread of being misused by malware.

In optimal perfect world there would either be
A) com.nokia.maemo signed imei based develsh package that you would buy from ovi store or something, and which needs some manual/visual confirmation (so malware cannot install it without user noticing) before it is installed. That way nobody would need to use any exploits in order to get full access to their hardware and software.
B) Or the other way around if open mode would not trigger CAL to read-only.
C) Closed mode would not have SEAL_BIT enabled (if you enable R&D mode with flasher) and develsh privileges would be able to edit the file.
D) bootloader is changed to trust even unsigned kernels

But we do not live in perfect world... and most likely A, B, C or D will never happen. But you can always hope for the miracle.

Disclaimer: this is only my personal opinion, like all my posts. IMHO Aegis is a good thing and it protects file integrity quite well, and it should not be disabled even on open mode, but in some occasions policies might need do be a bit less strict if your a developer who is doing experimental stuff to their own device.
 

The Following 4 Users Say Thank You to rainisto For This Useful Post: