Device manufacturer as certificate and signing authority

Perhaps the most straight forward deployment of dynamic code authorization through digital signing is that of a solution entirely owned and operated by the device manufacturer. This is also a common deployment scenario because device manufacturers create many dynamic applications in the course of handset development, and a significant portion of the Brew MP platform is also dynamic. While device manufacturers have other options with less operational overhead to authorize this code (see the appendix), digital signing is a flexible solution some may prefer. Most notably, it allows device manufacturers to update dynamic applications without needing to re-image the entire device.

In this example, the device manufacturer acts as the certificate authority, generating their own root keys and certificate and issuing signing certificates under their root. Root certificate policies are both determined and configured into the boot image by the manufacturer.

The manufacturer also acts as the signing authority, establishing signing operations and determining the signing policy for what code may be digitally signed under the root. The signing policy is likely tied to the manufacturer's already existing quality and release practices. If the device manufacturer is signing only their own code and signing activity is relatively infrequent (perhaps weekly), signing operations themselves may be small, and might be largely automated under the right circumstances.

  • Follow