Specifications
How the BlackBerry 10 device manages
permissions for apps
The authorization manager is the part of the BlackBerry 10 OS that evaluates requests from apps to access the capabilities
of the BlackBerry 10 device. Capabilities include taking a photograph and recording audio. The BlackBerry 10 OS invokes
the authorization manager when an app starts to set the permissions for the capabilities that the app uses. When an app
starts, it might prompt the user to allow access to a capability. The authorization manager can store a permission that the
user grants access to and apply the permission the next time that the app starts.
How the BlackBerry 10 device verifies the
software that it runs
How the BlackBerry 10 device verifies the boot ROM
code
The BlackBerry 10 device uses an authentication method that verifies that the boot ROM code is permitted to run on the
device. The manufacturing process installs the boot ROM code in the processor on the device and the RIM signing
authority system uses an RSA public key to sign the boot ROM code. The device stores information that it can use to verify
the digital signature of the boot ROM code.
When a user turns on a device, the processor runs internal ROM code that reads the boot ROM from memory and verifies
the digital signature of the boot ROM code using the RSA public key. If the verification process completes, the boot ROM is
permitted to run on the device. If the verification process cannot complete, the device stops running.
How the BlackBerry 10 device verifies the BlackBerry
10 OS and its file system
If the boot ROM code is permitted to run on the BlackBerry 10 device, the boot ROM code verifies the BlackBerry 10 OS.
The BlackBerry 10 OS is digitally signed using EC 521 with a series of private keys. The boot ROM code uses the
Security Technical Overview The BlackBerry 10 OS
109