#9045 HIGH 8.2.1: key delegation
Zarro Boogs per Child
bugtracker at laptop.org
Mon Feb 2 10:59:15 EST 2009
#9045: key delegation
--------------------------------+-------------------------------------------
Reporter: kimquirk | Owner: wmb at firmworks.com
Type: defect | Status: new
Priority: high | Milestone: 8.2.1
Component: security | Version: not specified
Resolution: | Keywords: cjbfor9.1.0 8.2.1:+
Next_action: code | Verified: 0
Deployment_affected: Uruguay | Blockedby:
Blocking: |
--------------------------------+-------------------------------------------
Comment(by dsd):
Additional tests performed:
1. Added an augment key for developer keys, created my own develop.sig,
put it on the NAND and confirmed that it unsecured the machine.
1. Added a firmware augment key, signed my own Q2E30, put it on the NAND,
booted and watched it attempt to upgrade from Q2E29 to Q2E30 (it did not
do the upgrade, as I had intentionally removed the battery, but it did
trust the signature)
1. Created an augment key for OS, resigned the staging-25 kernel with my
own key, put it on the NAND and confirmed that it booted.
I also did the miscellanous tests suggested by Mitch:
''Test the ability to install and remove keys from mfg data - create
several new keys, both augment and override. Delete and recreate in
various orders. Check attempts to create keys that already exist, deleting
the last key, etc. Verify that the mfg data looks correct after each
operation.''
''Check the visibility of the keys from Linux (in /mfg-data).''
No problems found.
This concludes my testing, unless anyone has any suggestions for more.
Someone may want to test from a SD card. Otherwise I think we can say that
the OFW part works perfectly!
--
Ticket URL: <http://dev.laptop.org/ticket/9045#comment:22>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list