Bug 783638 (b2g-multi-signatures)

[tracking] B2G Updates: Enable MAR security (signing / verification)



Firefox OS
5 years ago
2 years ago


(Reporter: marshall_law, Unassigned)


(Blocks: 1 bug, {feature})

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [LOE:M][tech-p3])



5 years ago
This is a security requirement for Gecko updates in B2G:

There are a number of requirements for this:
1. Build-time MAR verification enablement
2. Custom code and build changes for packaging and reading the signing cert(s). We can probably just package cert(s) directly in /system/b2g, but I'm open to alternatives (right now they are embedded into the updater.exe, but only for windows)
3. Define MOZ_VERIFY_MAR_SIGNATURE for the various talos configs in b2g/config/mozconfigs
4. Package update-settings.ini into /system/b2g (we will need some more clarification about the proper settings for this file)


5 years ago
blocking-basecamp: --- → ?
This feels more like a tracking bug but we can at least start the client-side work here.
blocking-basecamp: ? → +

Comment 2

5 years ago
We will need the new B2G update channel IDs to update the various mozconfigs
Depends on: 778341
Whiteboard: [LOE:M] → [LOE:M] [WebAPI:P0]
Keywords: feature


5 years ago
Assignee: marshall → netzen
Depends on: 795921
Depends on: 792452
Summary: B2G Updates: Enable MAR security (signing / verification) for B2G → [tracking] B2G Updates: Enable MAR security (signing / verification)
Depends on: 797477
Depends on: 793709
Summary: [tracking] B2G Updates: Enable MAR security (signing / verification) → (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification)
Alias: b2g-multi-signatures
Summary: (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification) → [tracking] B2G Updates: Enable MAR security (signing / verification)
Blocks: 778084
Depends on: 798413
Depends on: 798415
Blocks: 799652
Blocks: 799655
No longer blocks: 799652, 799655
Depends on: 799652, 799655
No longer depends on: 778341
Should we remove bug 799652 and bug 799655 from the depends-on list? I don't think we're going to do either of them soon.


5 years ago
Priority: -- → P1
Whiteboard: [LOE:M] [WebAPI:P0] → [LOE:M]
No longer depends on: 799652, 799655

Comment 4

5 years ago
We're marking this bug with the C1 milestone since it follows the criteria of "unfinished feature work" (see https://etherpad.mozilla.org/b2g-convergence-schedule).

If this work is not finished by Nov19, this bug will need an exception and will be called out at the upcoming Exec Review.
Target Milestone: --- → B2G C1 (to 19nov)
Is this a meta-bug, or will any work actually happen in this bug?
Nothing to do here, it's just for tracking.
Thanks. Cleared blocking flag, and confirmed that the bugs that block this one are themselves blockers.
blocking-basecamp: + → ---


5 years ago
Target Milestone: B2G C1 (to 19nov) → ---
Assignee: netzen → nobody
Blocks: 844910
Technology we thought we needed, but until then it's an important tool in our technical tool box.
Whiteboard: [LOE:M] → [LOE:M][tech-p3]
Resolving since we have support for this now, but we don't use it.  No dependent bugs left.
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.