| Howard Cunningham 2006-04-21, 7:09 pm |
| I am trying to produce a way that my testers can install a root certificate
on our smartfon without needing to be connected via KITL to modify the
registry. This is NOT a problem with PPC.
1. I can install the certificate by modifying
HKLM\Security\Policies\Policies\00001017
to 144 (was 128 - CARRIER_TPS, I am
adding USER_AUTH), copy the CER to the device, view the CER in FExplorer,
click it and it installs.
2. This would be OK, if I could get a local RegEdit that can update the
registry, but RegEditSTB cannot update the registry (probably a security
issue - can't tell).
3. I tried follwing the MSDN steps to export the CER, create _setup.xml,
package this in a CPF and sign the CPF. But when I click on the CPF, it
always sends a failed message to the device inbox complaining of insufficient
security.
We do build the image for the device so I looked for a way to include my
root ceritifcate in the image registry (like the other default certificates),
but no luck.
We would prefer NOT to hack the platform.reg in the image to change
HKLM\Security\Policies\Policies\00001017
and of course changing
PUBLIC\WPC\OAK\FILES\project.reg is a bad thing.
; Grant Manager Policy
; (default: CARRIER_TPS for phone skus; USER_AUTH for non-phone skus)
[HKEY_LOCAL_MACHINE\Security\Policies\Po
licies]
IF SKUTYPE=PHONESKU
"00001017"=dword:80
ENDIF ; SKUTYPE=PHONESKU
IF SKUTYPE=PHONESKU !
"00001017"=dword:10
ENDIF ; SKUTYPE=PHONESKU !
Can anyone give me some advice here?
Thanks,
--
Howard Cunnningham
BluefinMobile
RTP, NC
|