Closed
Bug 783638
(b2g-multi-signatures)
Opened 12 years ago
Closed 10 years ago
[tracking] B2G Updates: Enable MAR security (signing / verification)
Categories
(Firefox OS Graveyard :: General, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: marshall, Unassigned)
References
Details
(Keywords: feature, Whiteboard: [LOE:M][tech-p3])
This is a security requirement for Gecko updates in B2G:
https://wiki.mozilla.org/B2G/Architecture/Runtime_Security#B2G_Update
There are a number of requirements for this:
1. Build-time MAR verification enablement
2. Custom code and build changes for packaging and reading the signing cert(s). We can probably just package cert(s) directly in /system/b2g, but I'm open to alternatives (right now they are embedded into the updater.exe, but only for windows)
3. Define MOZ_VERIFY_MAR_SIGNATURE for the various talos configs in b2g/config/mozconfigs
4. Package update-settings.ini into /system/b2g (we will need some more clarification about the proper settings for this file)
|
Reporter | |
Updated•12 years ago
|
blocking-basecamp: --- → ?
This feels more like a tracking bug but we can at least start the client-side work here.
blocking-basecamp: ? → +
|
|
Reporter | |
Comment 2•12 years ago
|
||
We will need the new B2G update channel IDs to update the various mozconfigs
Depends on: 778341
|
||
Updated•12 years ago
|
Whiteboard: [LOE:M] → [LOE:M] [WebAPI:P0]
|
|
Reporter | |
Updated•12 years ago
|
Assignee: marshall → netzen
|
||
Updated•12 years ago
|
Summary: B2G Updates: Enable MAR security (signing / verification) for B2G → [tracking] B2G Updates: Enable MAR security (signing / verification)
|
|
||
Updated•12 years ago
|
Summary: [tracking] B2G Updates: Enable MAR security (signing / verification) → (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification)
|
|
||
Updated•12 years ago
|
Alias: b2g-multi-signatures
Summary: (b2g-multi-signatures) [tracking] B2G Updates: Enable MAR security (signing / verification) → [tracking] B2G Updates: Enable MAR security (signing / verification)
|
|
||
Updated•12 years ago
|
Blocks: b2g-fota-updates
|
|
||
Updated•12 years ago
|
|
||
Comment 3•12 years ago
|
||
Should we remove bug 799652 and bug 799655 from the depends-on list? I don't think we're going to do either of them soon.
|
||
Updated•12 years ago
|
Priority: -- → P1
Whiteboard: [LOE:M] [WebAPI:P0] → [LOE:M]
|
|
||
Updated•12 years ago
|
|
||
Comment 4•12 years ago
|
||
We're marking this bug with the C1 milestone since it follows the criteria of "unfinished feature work" (see https://etherpad.mozilla.org/b2g-convergence-schedule).
If this work is not finished by Nov19, this bug will need an exception and will be called out at the upcoming Exec Review.
Target Milestone: --- → B2G C1 (to 19nov)
|
||
Comment 5•12 years ago
|
||
Is this a meta-bug, or will any work actually happen in this bug?
|
|
||
Comment 6•12 years ago
|
||
Nothing to do here, it's just for tracking.
|
|
||
Comment 7•12 years ago
|
||
Thanks. Cleared blocking flag, and confirmed that the bugs that block this one are themselves blockers.
blocking-basecamp: + → ---
|
|
||
Updated•12 years ago
|
Target Milestone: B2G C1 (to 19nov) → ---
|
|
||
Updated•12 years ago
|
Assignee: netzen → nobody
|
||
Updated•12 years ago
|
Blocks: b2g-v-next
Technology we thought we needed, but until then it's an important tool in our technical tool box.
Whiteboard: [LOE:M] → [LOE:M][tech-p3]
|
|
||
Comment 9•10 years ago
|
||
Resolving since we have support for this now, but we don't use it. No dependent bugs left.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•