#11682 NORM 1.75-fi: Corrupted bootfw files are fatal to secure boot; ecfw updates are not
Zarro Boogs per Child
bugtracker at laptop.org
Mon Mar 12 19:20:29 EDT 2012
#11682: Corrupted bootfw files are fatal to secure boot; ecfw updates are not
-------------------------------------------+--------------------------------
Reporter: greenfeld | Owner: wmb at firmworks.com
Type: defect | Status: new
Priority: normal | Milestone: 1.75-firmware
Component: ofw - open firmware | Version: Development build as of this date
Resolution: | Keywords:
Next_action: review | Verified: 0
Deployment_affected: | Blockedby:
Blocking: |
-------------------------------------------+--------------------------------
Comment(by wmb at firmworks.com):
I don't have a strong opinion about how it should work - but I will offer
the following argument in favor of refusing to boot:
Suppose that a security vulnerability is found in OFW, that we wish to fix
as part of an OS upgrade. Corrupting the bootfw file could be an attack
to prevent upgrading that OFW.
One could just as easily argue that the denial of service attack is just
as bad.
That is the problem with security - it is anti-functionality, so it's hard
to decide what is best.
--
Ticket URL: <http://dev.laptop.org/ticket/11682#comment:9>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list