Feature #5267
openpySim-shell: Ability to deactivate entire applications on the card
0%
Description
We so far can only remove applications from EF.DIR. This just hides the application, but doens't prevent anyone form blindly selecting it.
I suspect there are UE out in the field which don't read EF.DIR and blindly select ADF.ISIM. This succeeds as sysmoISIM-SJA2 have an ISIM application installed.
It would be good to have a pySim-shell command that would deactivate an application, similar to how we have deactivate_file
to deactiveat individual files that are not to be used.
Unfortunately, deactivate_file
is specified to work only on EF, not on DF (and hence not on ADF). I even tried it, it fails in the CardOS - so it's not just the spec but also the implementation preventing this.
GlobalPlatform has a SET STATUS
command which should in theory allow to set the life cycle state from SELECTABLE to LOCKED (or even INSTALLED?). In those states, the application would no longer be selectable.
The "problem" with this is that GlobalPlatform requires secure messaging as per SCP02. The commands are not permitted in plain text after ADM1 pin.
Related issues
Updated by laforge over 2 years ago
- Related to Feature #5268: pySim-shell: GlobalPlatform SCP02 support added
Updated by laforge over 2 years ago
- Subject changed from Ability to deactivate entire applications on the card to pySim-shell: Ability to deactivate entire applications on the card