Attention is currently required from: dexter, laforge.

Hello Jenkins Builder, laforge,

I'd like you to reexamine a change. Please visit

https://gerrit.osmocom.org/c/aram-applet/+/39615?usp=email

to look at the new patch set (#3).

The following approvals got outdated and were removed: Code-Review+1 by laforge, Verified+1 by Jenkins Builder

Change subject: AccessRuleMaster: allow locking of STORE DATA commands ......................................................................

AccessRuleMaster: allow locking of STORE DATA commands

The ara-m applet has no security features whatsoever. The rules can be edited by any user that has APDU access to the ARA-M application.

To add a bit of security for users who want to make sure that their ARA-M rules are not edited by unauthorized partys, let's add a propritary lock/unlock command that can be used to lock the access to STORE DATA on the normal APDU interface of the application. Once locked, the access to STORE DATA can only be unlocked via an INSTALL for personalization command that is issued from the ISD on a secure channel.

Related: SYS#7245 Change-Id: I86437844585c22fc4280cc48b99edbb56e3159db --- M aram/src/main/java/fr/bmartel/aram/AccessRuleMaster.java 1 file changed, 19 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/aram-applet refs/changes/15/39615/3