[OLPC-devel] Secure BIOS on the OLPC
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Mon Aug 28 14:36:43 EDT 2006
Krishna Sankar (ksankar) wrote:
> I have no problem with the idea, but pl make sure we document all the
> nuances.
Certainly.
> <KS> The key is available in the internet, but when I asked earlier,
> you said, there is no internet connectivity requirement during the
> verification process. In that case, we need to make sure the key is
> protected against tampering when in the OLPC, as much as we can.
> </KS>
Sorry, we miscommunicated. What I meant is that there's no need to
protect the identity of the key (since it's public), and once on the SPI
flash, the key becomes tamperproof by virtue of this very scheme (to
tamper with it, you have to tamper with the whole BIOS, but you can't,
because you'd have to forge a digsig on the new BIOS binary). Does that
make sense?
>>> But, want to caution that either the key or the serial number or
>>> the MAC address can be spoofed (under proper conditions) and so
>>> we should make sure, we do not
>> put *undue*
>>> trust in any of these artifacts.
>> There's no trust being put into either one.
>>
> <KS> If you are not trusting the embedded public key, then you cannot
> use it to verify the signature. Need to find another way ...</KS>
My statement of 'there's no trust being put into either one' refers to
the MAC address and the serial number on the machine, not the embedded
public key. The embedded public key is fully trusted.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
More information about the Devel
mailing list