[OLPC-devel] Secure BIOS on the OLPC
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sun Aug 27 18:01:59 EDT 2006
Krishna Sankar wrote:
> a) How does the verification happen ? This is where the
> vulnerability will be.
Small binary within the LB payload that uses standard crypto signature
verification. This part can be assumed fully secure, as long as we ship
the machines with a known-good BIOS, which we obviously will.
> b) Where would the certs be stored ?
The OLPC public key(s) would be stored in the LB payload.
> c) Will we ship with an embedded cert ? If so, how can it be
> updated securely ?
A new BIOS is allowed to introduce new BIOS keys, if it fits some extra
security requirements (that I won't document here, but will be detailed
in the security spec I intend to release shortly).
> d) Do we assume internet connectivity for cert verification as
> well as for CRLS et al ?
Not at all.
> e) What else would this require in terms of infrastructure ?
> Connected to power ?
Absolutely nothing more than what's already there.
> Will ask more Q as I think of. I would rather document this, think
> through and then start implementing.
Unless someone can find a concrete security flaw with this idea, we need
to make the EC changes request sooner rather than later.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
More information about the Devel
mailing list