#5680 HIGH Update.: G1G1 laptops are shipping with "security" enabled

Zarro Boogs per Child bugtracker at laptop.org
Mon Feb 4 20:06:56 EST 2008 

#5680: G1G1 laptops are shipping with "security" enabled
-----------------------+----------------------------------------------------
  Reporter:  gnu       |       Owner:  jg                      
      Type:  defect    |      Status:  new                     
  Priority:  high      |   Milestone:  Update.1                
 Component:  security  |     Version:                          
Resolution:            |    Keywords:  firmware, security, G1G1
  Verified:  0         |    Blocking:                          
 Blockedby:            |  
-----------------------+----------------------------------------------------

Comment(by gnu):

 Replying to [comment:10 cscott]:
 > I don't know anything about whatever certificate bugs jg is complaining
 about in his item 1.

 The problem is that our https: site is signed only by our own cert, which
 nobody else's browsers
 (nor their wget) know the public key for.  We should consider also signing
 the site with a cert that has widespread acceptance.

 > jg's item 2 is presently infeasible, for a number of reasons.   A better
 solution is to use 'disable-security' if that is what you want to do,
 which is what gnu recommends in his reply.  Even better: keep using olpc-
 update, which has no problem preserving the key.

 When OFW first sees a valid developer key, it could copy it into the
 manufacturing area as a new tag (dk).  This would provide more permanent
 stability for the key, independent of changes to the NAND filesystem.  It
 already does something similar if it finds a signed firmware file in the
 NAND.

 Unfortunately, the support crew often encounters XO users whose symptoms
 indicate that the NAND filesystem seems to be fried for one reason or
 another.  The recommended advice (unless there's significant saved data
 that the user wants to keep) is to reflash from scratch using the
 "Activated Update" or "four-game-key" procedure.  This may be an infant
 mortality problem; it's too early to tell how often such a reflash will be
 the easiest recommended way to get your laptop back in the future.  But
 OLPC expects to be shipping millions of infant XO's every year.  We
 appreciate your olpc-update tool, Scott, but it's not the right hammer for
 every job.

 > No idea what jg means by item 3; we already protect against access to
 SPI flash access even with a dev key, which is what causes the reboot
 cycle gnu complains about.

 JG fried a motherboard on a white box PC by reflashing once, and has a
 visceral memory of that experience.  I had suggested an improvement to our
 SPI index gating strategy that would prevent host accesses via indexed-IO
 after Linux boots, even in WW-tagged machines.  This would restrict tag
 and firmware changes to ONLY ever be done from Forth.  However, Richard
 Smith might object to that; he has battery diagnosis and repair scripts
 that might suffer.  Also, this might mess up the process flow in
 manufacturing, if they have Linux code that's writing tags.  At any rate,
 it's a subject for a separate TRAC ticket.

-- 
Ticket URL: <http://dev.laptop.org/ticket/5680#comment:13>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list