Framework Execution Modalities
Since ESF 3.2+ two execution modalities are supported by the framework:
-
development mode - enables some specific features that simplify the development process and provide remote debugging. This is the factory default.
-
production mode - strengthens the security checks; remote debugging and profiling are not allowed.
Warning!
Eurotech recommends the usage of ESF development mode only in the early stages of software development, while suggests switching to production mode for deployed solutions.
The execution modality may be determined through the ESF Gateway Administration Console. In development mode, the lower part of the console displays a warning message as shown in the screen capture below.
In production mode, no warning messages are displayed.
Switch to Production Mode
This section will describe the suggested steps that need to be followed to move ESF from Development to Production mode.
If steps are not executed in the proper order, the switching to Production mode can fail and might require ESF reinstallation.
-
Make sure ESF is running before starting, for example by checking that the Web Console is online;
-
On the operative system, replace the default /opt/eurotech/esf/user/security/security.policy with one suitable for production mode (see below). At a minimum the value of the permit-debug property must be set to false;
A security.policy file suitable to switch to production mode can be found in each ESF-powered device or ESF Docker Container at /opt/eurotech/esf/.data/security_policy_backup/security-production-policy
<?xml version="1.0" encoding="UTF-8"?>
<esf:security xmlns:esf="http://eurotech.com/esf/2.0" version="1">
<esf:properties>
<esf:property>
<esf:name>permit-debug</esf:name>
<esf:value>false</esf:value>
</esf:property>
</esf:properties>
<esf:policies>
<esf:policy>
<esf:access>ALLOW</esf:access>
<esf:conditions>
<esf:condition>
<esf:name>
BundleSignerCondition
</esf:name>
<esf:value>
"CN=\"Eclipse.org Foundation\, Inc.\", OU=IT, O=\"Eclipse.org Foundation\, Inc.\", L=Ottawa, ST=Ontario, C=CA; CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US;-"
</esf:value>
</esf:condition>
</esf:conditions>
<esf:permissions>
<esf:permission>
<esf:name>java.security.AllPermission</esf:name>
<esf:values>
<esf:value>
*
</esf:value>
<esf:value>
*
</esf:value>
</esf:values>
</esf:permission>
</esf:permissions>
<esf:name>
All permissions to Eclipse
</esf:name>
</esf:policy>
<esf:policy>
<esf:access>ALLOW</esf:access>
<esf:conditions>
<esf:condition>
<esf:name>
BundleSignerCondition
</esf:name>
<esf:value>
"*;CN=EUROTECH S.p.A. Root Software ESF CA,OU=www.eurotech.com,O=EUROTECH S.p.A.,L=Amaro,ST=Udine,C=IT;-"
</esf:value>
</esf:condition>
</esf:conditions>
<esf:permissions>
<esf:permission>
<esf:name>java.security.AllPermission</esf:name>
<esf:values>
<esf:value>
*
</esf:value>
<esf:value>
*
</esf:value>
</esf:values>
</esf:permission>
</esf:permissions>
<esf:name>
All permissions to ESF signed bundles
</esf:name>
</esf:policy>
</esf:policies>
</esf:security>
- In ESF, move to the Settings tab, then select from the top menu Security Policies;
- Click on Security Policy and Startup Command Line to reveal the Reload fingerprint buttons;
- Click on both the Reload fingerprint buttons;
- From the operative system of the device, restart ESF, by using the command below:
# For newer systems (with systemd)
systemctl restart kura
# For older systems (with SystemV)
/etc/init.d/kura restart
ESF will restart and enforce the new security policy, allowing only code signed with a trusted certificate to be executed.
Updated about 1 year ago