#5680 HIGH Update.: G1G1 laptops are shipping with "security" enabled
Zarro Boogs per Child
bugtracker at laptop.org
Thu Dec 27 11:14:44 EST 2007
#5680: G1G1 laptops are shipping with "security" enabled
-----------------------+----------------------------------------------------
Reporter: gnu | Owner: jg
Type: defect | Status: new
Priority: high | Milestone: Update.1
Component: security | Version:
Resolution: | Keywords: firmware, security, G1G1
Verified: 0 | Blocking:
Blockedby: |
-----------------------+----------------------------------------------------
Comment(by jg):
There are registers you can write that will write the flash on our, or
most any other machine. This isn't just against malware.
You don't seem think this can happen: but I've done this personally to my
white box at home (I updated the boot flash on my white box with the
compressed version of the firmware, rather than the uncompressed version,
and the firmware writing program had no checks to prevent it.) One
bricked mother-board.... And I like to think I'm less likely to do this
than most people.
In short, on most machines, if you have root, you have the ability to
"brick" your machine. At best, one can call avoiding this as security by
obscurity.
Note that it appears some of the problems you've been helping with
happened for a different reason: a bug Mitch had in firmware before D07,
where a bad month field interacted badly with the security system.
I'll chat with Mitch on the suggestion you make in the final paragraph of
your reply....
--
Ticket URL: <http://dev.laptop.org/ticket/5680#comment:6>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list