#3570 NORM Trial-3: set-wp should be safer.
Zarro Boogs per Child
bugtracker at laptop.org
Tue Sep 18 13:46:35 EDT 2007
#3570: set-wp should be safer.
----------------------------------+-----------------------------------------
Reporter: cscott | Owner: wmb at firmworks.com
Type: defect | Status: closed
Priority: normal | Milestone: Trial-3
Component: ofw - open firmware | Version:
Resolution: fixed | Keywords:
Verified: 0 |
----------------------------------+-----------------------------------------
Changes (by wmb at firmworks.com):
* status: new => closed
* resolution: => fixed
Comment:
Replying to [ticket:3570 cscott]:
> We need a command like set-wp but safer for people to use to try out
secure boot. It should prevent people from setting wp if they are using a
machine earlier than a B4
Okay, I just added an "enable-security" command to q2c26h . It bails out
on machines earlier than B4.
> or if they have no (or bogus) mfg-data.
The existing set-wp already bails out if the mfg-data is missing. I'm not
sure what bogosity checks would be worthwhile in this case. It current
checks for the existence of a "ww" tag at a specific place in the mfg-data
area. As far as I know, that is a reliable indicator, in practice, that
mfg data is present.
>
> Currently set-wp also requires a hard reset (complete power off, take
the battery out, wait, replace, etc). clear-wp seems to lock up the
machine. If these can be made friendlier, they should be.
The hard reset is necessary for the same reason as for the "flash" command
- you can't write to the SPI FLASH unless you turn off the microprocessor
in the EC, and once you turn that off, you need a power-loss reset to
restart it properly.
I really really really wish that were not the case, but ...
--
Ticket URL: <https://dev.laptop.org/ticket/3570#comment:1>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list