#11682 NORM 1.75-fi: Corrupted bootfw files are fatal to secure boot; ecfw updates are not
Zarro Boogs per Child
bugtracker at laptop.org
Wed Mar 7 23:35:45 EST 2012
#11682: Corrupted bootfw files are fatal to secure boot; ecfw updates are not
-------------------------------------------+--------------------------------
Reporter: greenfeld | Owner: wmb at firmworks.com
Type: defect | Status: new
Priority: normal | Milestone: 1.75-firmware
Component: ofw - open firmware | Version: Development build as of this date
Resolution: | Keywords:
Next_action: diagnose | Verified: 0
Deployment_affected: | Blockedby:
Blocking: |
-------------------------------------------+--------------------------------
Comment(by greenfeld):
I'm not sure what should happen -- the ecfw.zip upgrade file is new to
XO-1.75.
* If we are unwilling to boot a normal OS because we are concerned that a
potential firmware upgrade has been tampered with, then we should refuse
to boot if we see the EC firmware file is present but has been tampered
with. This risks a denial-of-XO attack should someone gain root access
and alter one of these files.
* Likewise if the boot failure is meant to tell its creator "you did not
sign your image correctly" when testing it, then we should fail in both
cases.
* If we refuse to boot because we believe the presence of a bootfw.zip
file tells us the OS might requires something in the firmware (such as a
flattened device-tree), but believe the EC firmware will never cause such
a requirement, then the status quo is acceptable (although the error
messages should be more descriptive like bootfw.zip's).
* But if we believe actrd/actos/runrd/runos.zip are all we need to verify
we can boot a secure image, then we should not block booting in either
firmware case.
--
Ticket URL: <http://dev.laptop.org/ticket/11682#comment:2>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list