Table of Contents
Introduction
The device-mode is a feature in ROS that sets specific limitations to a device for accessing specific configurations. By default, all devices have a mode: enterprise
...
enterprise is a mode that allows all functions on the device. Currently, the only additional mode is home, which means limited functionality. The device mode can be changed by the user, but remote access to the device is not enough to change it. After changing the device-mode, using the update command, you need to confirm it by pressing a button or perform a "cold reboot" - that is, unplug the power:
...
Property | Description |
---|---|
container, fetch, scheduler, traffic-gen, ipsec, pptp, smb, l2tp, proxy, sniffer, zerotier, bandwidth-test, email, hotspot, romon, socks. (yes | no; Default: yes, for enterprise mode) | The list of available features can be disabled with the device-mode option. |
activation-timeout (default: 5m); | The reset button or power off activation timer can be set in range (00:00:10 .. 1d00:00:00). |
flagging-enabled (yes | no; Default: yes) | Enable or disable the flagging feature. See Flagged notice for a detailed description. |
flagged (yes | no; Default: no) | If the system has detected unauthorized access, the status "flagged" is set to yes. |
mode: (home, enterprise; default: enterprise); | Allows choosing from available modes that will limit device functionality. In the future, various modes can be added. By default, enterprise mode allows all options except container. So to use the container feature, you will need to turn it on by performing a device-mode update. By default, home mode disables the following features: scheduler, socks, fetch, bandwidth-test, traffic-gen, sniffer, romon, proxy, hotspot, email, zerotier, container. |
...
More specific control over the available features is possible. Each of the features controlled by device-mode can be specifically turned on or off, for example:
...
If the update command specifies any of the mode parameters, this update replaces the entire device-mode configuration. In this case, all "per-feature" settings will be lost, except those specified with this command. For instance:
...
The Flag is another important "option". Along with the device-mode feature, ROS has implemented code that analyzes the whole configuration at system startup to determine if there are any signs of unauthorized access. If suspicious configurations are detected, the flagged flag is set at device-mode (and the corresponding configuration is disabled):
...