[OLPC-devel] Secure BIOS on the OLPC
Krishna Sankar (ksankar)
ksankar at cisco.com
Mon Aug 28 13:16:56 EDT 2006
Ivan,
I have no problem with the idea, but pl make sure we document all the nuances.
> I don't know what you mean by 'protected properly'. The key
> is public, so it's available for download on the Internet.
<KS>
The key is available in the internet, but when I asked earlier, you said, there is no internet connectivity requirement during the verification process. In that case, we need to make sure the key is protected against tampering when in the OLPC, as much as we can.
</KS>
> > But, want to caution that either the
> > key or the serial number or the MAC address can be spoofed (under
> > proper conditions) and so we should make sure, we do not
> put *undue*
> > trust in any of these artifacts.
>
> There's no trust being put into either one.
>
<KS> If you are not trusting the embedded public key, then you cannot use it to verify the signature. Need to find another way ...</KS>
Cheers
<k/>
> -----Original Message-----
> From: Ivan Krstić [mailto:krstic at solarsail.hcs.harvard.edu]
> Sent: Sunday, August 27, 2006 7:17 PM
> To: Krishna Sankar (ksankar)
> Cc: devel at laptop.org
> Subject: Re: [OLPC-devel] Secure BIOS on the OLPC
>
> Krishna Sankar (ksankar) wrote:
> > The signed code paradigm is being used by Microsoft, Java et al.
>
> Signed code works, but that's sort of beside the point. In
> this case, what's in question is a particular and rather
> unusual implementation thereof, and I wanted to get a bunch
> of eyeballs on the unusual bits to make sure I didn't miss something.
>
> > Embedding an OLPC public key in the bios for bootstrapping is fine.
> > We need to make sure, it is protected properly
>
> I don't know what you mean by 'protected properly'. The key
> is public, so it's available for download on the Internet.
> Protection against the BIOS being maliciously overwritten is
> the whole point of the scheme; the public keys just get a
> free ride because they live within the LB payload.
>
> > unique MAC address
>
> I will almost certainly make the MACs unusable for
> identifying the machines. See e.g. RFC 3041. More details to
> be provided in the spec.
>
> > But, want to caution that either the
> > key or the serial number or the MAC address can be spoofed (under
> > proper conditions) and so we should make sure, we do not
> put *undue*
> > trust in any of these artifacts.
>
> There's no trust being put into either one.
>
> --
> Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
>
More information about the Devel
mailing list