#5680 HIGH Update.: G1G1 laptops are shipping with "security" enabled

Zarro Boogs per Child bugtracker at laptop.org
Fri Jan 4 12:04:44 EST 2008 

#5680: G1G1 laptops are shipping with "security" enabled
-----------------------+----------------------------------------------------
  Reporter:  gnu       |       Owner:  jg                      
      Type:  defect    |      Status:  new                     
  Priority:  high      |   Milestone:  Update.1                
 Component:  security  |     Version:                          
Resolution:            |    Keywords:  firmware, security, G1G1
  Verified:  0         |    Blocking:                          
 Blockedby:            |  
-----------------------+----------------------------------------------------
Changes (by jg):

 * cc: cscott, wmb at laptop.org, mstone, krstic (added)


Comment:

 OK, here's the order of march I see on this topic, having chatted with
 Walter on the topic, and looking at engineering resources available, the
 fact the G1G1 systems have already shipped and we can't change everything
 overnight.

 1) Our highest priority has to be to streamline getting developer keys; it
 is currently too painful, and affects everyone, G1G1 or kids, teachers and
 country deployment people all over the world. It is causing a support
 burden we need to avoid, and is operationally painful; it appears our
 browser's security settings and lack of sophistication in certificate
 handling in recent builds may be compounding the headache further

 2) We need to be able to preserve developer keys across image
 reinstallations, by preserving the key in flash rather than requiring
 recording the key or requesting a duplicate, so that we no longer multiply
 the effort 1) presents to both developers and to people supporting
 developers.

 3) Protecting the firmware against malware kernel level attacks or
 accidental rebricking (as has happened to me personally; I'll bring in my
 junk whitebox motherboard and put it on my wall as a trophy) even when
 unlocked by a developer key is also worth doing, but lower priority than
 1) and 2).

 How much of this we can get done by even Update.1 is less than clear to
 me, given constraints on time and manpower.

 Once we've done these, we can have a discussion about what we might do in
 future G1G1 programs as to settings, and where the right line is....

-- 
Ticket URL: <http://dev.laptop.org/ticket/5680#comment:7>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list