#9045 HIGH 8.2.1: key delegation

Zarro Boogs per Child bugtracker at laptop.org
Fri Jan 30 14:11:12 EST 2009 

#9045: key delegation
--------------------------------+-------------------------------------------
           Reporter:  kimquirk  |       Owner:  wmb at firmworks.com  
               Type:  defect    |      Status:  new                
           Priority:  high      |   Milestone:  8.2.1              
          Component:  security  |     Version:  not specified      
         Resolution:            |    Keywords:  cjbfor9.1.0 8.2.1:+
        Next_action:  code      |    Verified:  0                  
Deployment_affected:  Uruguay   |   Blockedby:                     
           Blocking:            |  
--------------------------------+-------------------------------------------

Comment(by cscott):

 From irc log:
 {{{
 (01:51:29 PM) C. Scott Ananian: all the lease checking stuff comes from
 the 'leases' package in git
 (01:52:10 PM) C. Scott Ananian: which is a submodule of both olpc-update
 and rootskel
 (01:52:50 PM) C. Scott Ananian: you'll find it in rootskel/src-olpc/leases
 (01:52:52 PM) cjb: cscott: would be great if you could comment on our
 approach at the bottom of http://dev.laptop.org/ticket/9045
 (01:53:33 PM) C. Scott Ananian: dsd's patch1 seems overly complicated
 (01:54:03 PM) C. Scott Ananian: FW_KEYS (etc) is not *supposed* to be
 OLPC_FW_KEYS
 (01:54:11 PM) C. Scott Ananian: it is supposed to be the list of valid
 FW_KEYS
 (01:54:25 PM) C. Scott Ananian: there isn't any need for a get_keys()
 function
 (01:54:49 PM) dsd_: in that case we now need some code to run when the
 module is imported though, right?
 (01:54:58 PM) C. Scott Ananian: dsd_: yes, that's the Python Way.
 (01:55:17 PM) dsd_: would we do that by having code inline (not in
 functions) in the file?
 (01:55:28 PM) C. Scott Ananian: dsd_: that's how python does it
 (01:55:51 PM) C. Scott Ananian: something like:
 (01:56:02 PM) C. Scott Ananian: FW_KEYS = [ 'asdasdasdasda....' ]
 (01:56:23 PM) C. Scott Ananian: if (exists('ofw/fw')) FW_KEYS += [
 read_key('ofw/fw') ]
 (01:56:38 PM) C. Scott Ananian: would probably be sufficient.
 (01:57:10 PM) C. Scott Ananian: instead of 'if exists' you'd probably want
 to encapsulate that in a function that does the proper replace/augment
 logic; i don't know exactly how Mitch_Bradley chose to implement that.
 (01:56:46 PM) dsd_: are there users of FW_KEYS that you know of?
 (01:57:22 PM) C. Scott Ananian: dsd_: not yet.
 (01:58:07 PM) dsd_: any idea about the availability of /ofw at that point
 in time?
 (01:58:56 PM) C. Scott Ananian: put 'import bitfrost.leases.keys' as the
 last line in the try block in init.py after 'if xo'
 (01:59:05 PM) C. Scott Ananian: and before 'umount /ofw'
 (01:59:42 PM) C. Scott Ananian: line 53 of init
 (01:59:41 PM) m_stone: the irfs (and also olpc-update on the nand) uses an
 additional key sequence called the OATS_KEY to authenticate messages that
 we receive when running the theft-deterrence protocol.
 (02:00:24 PM) dsd_: cscott: one other point.. in some cases we have to
 *remove* the OLPC key from the list. does that change your opinion on code
 layout? or would we initialise it as-is and then remove immediately after?
 (02:00:35 PM) C. Scott Ananian: FW_KEY = [ ... ]
 (02:00:49 PM) C. Scott Ananian: update_from_ofw(FW_KEY)
 (02:01:03 PM) C. Scott Ananian: OATS_KEY = [...]
 (02:01:08 PM) C. Scott Ananian: update_from_ofw(OATS_KEY)
 (02:01:29 PM) C. Scott Ananian: the update_from_ofw function is probably
 misnamed
 (02:01:41 PM) C. Scott Ananian: as m_stone points out, OATS and some of
 the other keys aren't really OFW-specific
 (02:01:51 PM) C. Scott Ananian: i'm just encouraging a consistent override
 mechanism.
 (02:02:19 PM) C. Scott Ananian: actually, i lied: i like the
 update_from_ofw name
 (02:02:40 PM) C. Scott Ananian: given the naming scheme in use, you can
 probably write mfg-data to override the OATS key and others as well
 (02:03:08 PM) C. Scott Ananian: but if you like, you can have
 update_from_ofw also check /etc/key-overrides/xyz (if it exists) as well.
 (02:03:31 PM) C. Scott Ananian: that won't exist in the initrd, but it
 could perhaps exist in the root filesystem, where olpc-update could see
 it.
 (02:04:47 PM) Mitch_Bradley: the logic in ofw is the forth equivalant of
 list =  ( (exists tag x0) ? tag x0 : olpc x key) + tag x1 + tag x2 + ...
 tag x9
 (02:06:06 PM) dsd_: in that case we have to assign a new naming scheme for
 oats keys
 (02:06:14 PM) dsd_: currently we have
 (02:06:16 PM) dsd_:    1.  Developer key - tag names d0 .. d9 (d for
 developer)
 (02:06:16 PM) dsd_:    2. Firmware key - tag names w0 .. w9 (w for
 firmWare)
 (02:06:16 PM) dsd_:    3. Filesystem key - tag names s0 .. s9 (s for
 fileSystem)
 (02:06:16 PM) dsd_:    4. OS key - tag names o0 .. o9 (oh for OS)
 (02:06:18 PM) dsd_:    5. Activation lease key - tag name a0 .. a9 (a for
 activation)
 (02:06:35 PM) m_stone: dsd_: I suggest 't0 -- t9' for "theft"
 (02:06:55 PM) C. Scott Ananian: or u0-u9 for "update/upgrade"
 (02:07:04 PM) m_stone: cscott: yes, that might be even better.
 (02:07:18 PM) m_stone: whoever implements it gets to pick their favorite.
 :)
 }}}

-- 
Ticket URL: <http://dev.laptop.org/ticket/9045#comment:15>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list