#11682 NORM 1.75-fi: Corrupted bootfw files are fatal to secure boot; ecfw updates are not

Zarro Boogs per Child bugtracker at laptop.org
Wed Mar 7 23:35:45 EST 2012

#11682: Corrupted bootfw files are fatal to secure boot; ecfw updates are not
           Reporter:  greenfeld            |       Owner:  wmb at firmworks.com                
               Type:  defect               |      Status:  new                              
           Priority:  normal               |   Milestone:  1.75-firmware                    
          Component:  ofw - open firmware  |     Version:  Development build as of this date
         Resolution:                       |    Keywords:                                   
        Next_action:  diagnose             |    Verified:  0                                
Deployment_affected:                       |   Blockedby:                                   
           Blocking:                       |  

Comment(by greenfeld):

 I'm not sure what should happen -- the ecfw.zip upgrade file is new to

  * If we are unwilling to boot a normal OS because we are concerned that a
 potential firmware upgrade has been tampered with, then we should refuse
 to boot if we see the EC firmware file is present but has been tampered
 with.  This risks a denial-of-XO attack should someone gain root access
 and alter one of these files.

  * Likewise if the boot failure is meant to tell its creator "you did not
 sign your image correctly" when testing it, then we should fail in both

  * If we refuse to boot because we believe the presence of a bootfw.zip
 file tells us the OS might requires something in the firmware (such as a
 flattened device-tree), but believe the EC firmware will never cause such
 a requirement, then the status quo is acceptable (although the error
 messages should be more descriptive like bootfw.zip's).

  * But if we believe actrd/actos/runrd/runos.zip are all we need to verify
 we can boot a secure image, then we should not block booting in either
 firmware case.

Ticket URL: <http://dev.laptop.org/ticket/11682#comment:2>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list