Security/Reviews/B2GUpdates: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/B2GUpdates (view source)

Revision as of 01:04, 22 October 2012

37 bytes removed ,  22 October 2012
no edit summary
No edit summary
No edit summary
Line 18: Line 18:
}}
}}
{{SecReview
{{SecReview
|SecReview feature goal=====FOTA Updates===
|SecReview feature goal
FOTA: Full over-the-air updates (i.e. Gonk/Drivers + Gecko + Gaia)
===FOTA Updates===
Purpose: Only for security bugs that can't be fixed in Gecko or Gaia. Ideally are never needed for shipping devices.
FOTA: Full over-the-air updates (i.e. Gonk/Drivers + Gecko + Gaia) <br>
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=778084
Purpose: Only for security bugs that can't be fixed in Gecko or Gaia. Ideally are never needed for shipping devices. <br>
Wiki: https://wiki.mozilla.org/Gaia/System/Updates/Gonk
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=778084 <br>
Frequency:  Immediate for critical security bugs. Quarterly for any non-critical  security bugs, if needed. If there are no bug fixes in a given quarter,  there is no quarterly update.
Wiki: https://wiki.mozilla.org/Gaia/System/Updates/Gonk <br>
Integrity checking: Update packages will be signed .mar files (inside the mar file will be a zip file containing the update)
Frequency:  Immediate for critical security bugs. Quarterly for any non-critical  security bugs, if needed. If there are no bug fixes in a given quarter,  there is no quarterly update.<br>
Update server(s): Currently AUS, production undecided???
Integrity checking: Update packages will be signed .mar files (inside the mar file will be a zip file containing the update) <br>
Delivery: Updates will be provided over a private APN? (what about Wifi?)  
Update server(s): Currently AUS, production undecided.<br>
- Full flash of kernel & drivers etc
Delivery: Updates will be provided over a private APN? (what about Wifi?) <br>
- android devices use recovery partition to achieve this
 
- our updates use this
Notes:
- use google' update scripting language
*Full flash of kernel & drivers etc
- download update via existing firefox delivery mechanism (updater & mar)
*android devices use recovery partition to achieve this
- download a mar file (delivery & signing)
*our updates use this
- updater runs to check signatures and update details
*use google/android update scripting language
- sets up recovery partitioin (recovery commands)
*download update via existing firefox delivery mechanism (updater & mar)
- reboot in to recovery mode
*download a mar file (delivery & signing)
- return back to normal mode
*updater runs to check signatures and update details
- status checking afterwards
*sets up recovery partition (recovery commands)
- recovery mode also checks a signature of the oem key
*reboot in to recovery mode
Backup keys possible in mar file, but nbot in android
*return back to normal mode
*status checking afterwards
*recovery mode also checks a signature of the oem key
*Backup keys possible in mar file, but nbot in android
 
====Gecko/Gaia Updates====
====Gecko/Gaia Updates====
Purpose: Automatic updates of b2g "userspace" (gecko, built-in apps and dependencies; not third-party apps)  
Purpose: Automatic updates of b2g "userspace" (gecko, built-in apps and dependencies; not third-party apps) <br>
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=715816
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=715816 <br>
Wiki: https://wiki.mozilla.org/Gaia/System/Updates/GeckoGaia
Wiki: https://wiki.mozilla.org/Gaia/System/Updates/GeckoGaia <br>
Frequency:
Frequency:<br>
    - 42 weeks (ESR) > update cycle > 6 weeks (Firefox)
*42 weeks (ESR) > update cycle > 6 weeks (Firefox)
    - Current proposal is 18 weeks
*Current proposal is 18 weeks
Integrity checking:  
Integrity checking: <br>
    - MAR Signing  (see https://bugzilla.mozilla.org/show_bug.cgi?id=783638)
*MAR Signing  (see https://bugzilla.mozilla.org/show_bug.cgi?id=783638)
    - Background information on the MAR file format: https://wiki.mozilla.org/Software_Update:MAR and how signing currently works before Bug 783638.
*Background information on the MAR file format: https://wiki.mozilla.org/Software_Update:MAR and how signing currently works before Bug 783638.
    - Gaia apps also signed as per packaged apps?
*Gaia apps also signed as per packaged apps?
Update server(s): ?
Update server(s): Not decided yet.<br>
Delivery: Updates will be provided over a private APN. (Wifi? Download to PC then USB update?)
Delivery: Updates will be provided over a private APN. (Wifi? Download to PC then USB update?) <br>
Update flow: https://wiki.mozilla.org/images/4/46/SystemUpdates_Flow1.pdf
Update flow: https://wiki.mozilla.org/images/4/46/SystemUpdates_Flow1.pdf <br>
- very similar to firefox updates
 
- system partition is read-only
Notes:<br>
- updater mounts the partitition as read-write
*very similar to firefox updates  
- in case of error the device is rebooted
*system partition is read-only
- UI is based on chromeEvents  
*updater mounts the partitition as read-write
- system gaia apps hosted inside system partition
*in case of error the device is rebooted
Do we use PGO? (make updates larger)
*UI is based on chromeEvents  
- work is being done to optimise updates to make them more optimised
*system gaia apps hosted inside system partition
- size is important
* size is important
 
 
|SecReview alt solutions=- Why three signatures?
|SecReview alt solutions=- Why three signatures?
  * support for contractual relationships
  * support for contractual relationships
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/481468"

Navigation menu