#9045 HIGH 8.2.1: key delegation

Zarro Boogs per Child bugtracker at laptop.org
Mon Feb 2 10:59:15 EST 2009


#9045: key delegation
--------------------------------+-------------------------------------------
           Reporter:  kimquirk  |       Owner:  wmb at firmworks.com  
               Type:  defect    |      Status:  new                
           Priority:  high      |   Milestone:  8.2.1              
          Component:  security  |     Version:  not specified      
         Resolution:            |    Keywords:  cjbfor9.1.0 8.2.1:+
        Next_action:  code      |    Verified:  0                  
Deployment_affected:  Uruguay   |   Blockedby:                     
           Blocking:            |  
--------------------------------+-------------------------------------------

Comment(by dsd):

 Additional tests performed:

  1. Added an augment key for developer keys, created my own develop.sig,
 put it on the NAND and confirmed that it unsecured the machine.
  1. Added a firmware augment key, signed my own Q2E30, put it on the NAND,
 booted and watched it attempt to upgrade from Q2E29 to Q2E30 (it did not
 do the upgrade, as I had intentionally removed the battery, but it did
 trust the signature)
  1. Created an augment key for OS, resigned the staging-25 kernel with my
 own key, put it on the NAND and confirmed that it booted.

 I also did the miscellanous tests suggested by Mitch:
 ''Test the ability to install and remove keys from mfg data - create
 several new keys, both augment and override. Delete and recreate in
 various orders. Check attempts to create keys that already exist, deleting
 the last key, etc. Verify that the mfg data looks correct after each
 operation.''

 ''Check the visibility of the keys from Linux (in /mfg-data).''

 No problems found.

 This concludes my testing, unless anyone has any suggestions for more.
 Someone may want to test from a SD card. Otherwise I think we can say that
 the OFW part works perfectly!

-- 
Ticket URL: <http://dev.laptop.org/ticket/9045#comment:22>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system


More information about the Bugs mailing list