Closed Bug 783638 (b2g-multi-signatures) Opened 7 years ago Closed 5 years ago
[tracking] B2G Updates: Enable MAR security (signing / verification)
This is a security requirement for Gecko updates in B2G: https://wiki.mozilla.org/B2G/Architecture/Runtime_Security#B2G_Update There are a number of requirements for this: 1. Build-time MAR verification enablement 2. Custom code and build changes for packaging and reading the signing cert(s). We can probably just package cert(s) directly in /system/b2g, but I'm open to alternatives (right now they are embedded into the updater.exe, but only for windows) 3. Define MOZ_VERIFY_MAR_SIGNATURE for the various talos configs in b2g/config/mozconfigs 4. Package update-settings.ini into /system/b2g (we will need some more clarification about the proper settings for this file)
This feels more like a tracking bug but we can at least start the client-side work here.
blocking-basecamp: ? → +
We will need the new B2G update channel IDs to update the various mozconfigs
Depends on: 778341
Summary: B2G Updates: Enable MAR security (signing / verification) for B2G → [tracking] B2G Updates: Enable MAR security (signing / verification)
Summary: [tracking] B2G Updates: Enable MAR security (signing / verification) → (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification)
Summary: (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification) → [tracking] B2G Updates: Enable MAR security (signing / verification)
Should we remove bug 799652 and bug 799655 from the depends-on list? I don't think we're going to do either of them soon.
We're marking this bug with the C1 milestone since it follows the criteria of "unfinished feature work" (see https://etherpad.mozilla.org/b2g-convergence-schedule). If this work is not finished by Nov19, this bug will need an exception and will be called out at the upcoming Exec Review.
Target Milestone: --- → B2G C1 (to 19nov)
Is this a meta-bug, or will any work actually happen in this bug?
Nothing to do here, it's just for tracking.
Thanks. Cleared blocking flag, and confirmed that the bugs that block this one are themselves blockers.
blocking-basecamp: + → ---
Technology we thought we needed, but until then it's an important tool in our technical tool box.
Whiteboard: [LOE:M] → [LOE:M][tech-p3]
Resolving since we have support for this now, but we don't use it. No dependent bugs left.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.