#3914 HIGH V1.1: Protect Kernel Memory to secure the DRM against the user

[Zarro Boogs per Child]

#3914: Protect Kernel Memory to secure the DRM against the user
-----------------------+----------------------------------------------------
  Reporter:  mstone    |       Owner:  krstic  
      Type:  defect    |      Status:  new     
  Priority:  high      |   Milestone:  V1.1    
 Component:  security  |     Version:          
Resolution:            |    Keywords:  security
  Verified:  0         |  
-----------------------+----------------------------------------------------
Changes (by krstic):

 * cc: gnu (added)


Comment:

 Replying to [comment:4 gnu]:
 > I have an idea.  Don't let the user log in as root.

 It is likely, though not yet certain, that we will disable the root
 account for FRS. I remind you that the developer key mechanism will be
 operational from day 1, that it introduces a minimal (~2-week) delay, and
 provides kids with complete control over the machine. Issuing developer
 keys is a fully automated process happening on OLPC servers (there are no
 checks of any kind in the process; its entire purpose is to introduce a
 delay to verify the machine doesn't get marked as stolen in the GTS
 database). Should OLPC melt down or become corrupt, countries can issue
 the keys as well.

 Calling this scheme DRM, while technically accurate, is entirely
 misleading. I urge you to abstain from further FUDding until you can point
 to examples of other DRM schemes, especially in the entertainment
 industry, that give the content owner a master unlock key after an
 automated short delay.

-- 
Ticket URL: <https://dev.laptop.org/ticket/3914#comment:5>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system