[OLPC-devel] Secure BIOS on the OLPC
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Mon Aug 28 23:51:25 EDT 2006
Ronald G Minnich wrote:
> I am pretty uncomfortable with the idea of putting a magic file in place
> and then having a flash occur on reboot automatically.
Why, specifically?
How is it better than flashing when a user agrees? If the payload is
broken, the BIOS is gone either way, and the user has no better way to
detect a broken payload than what my system does.
The payloads need to be deeply tested either way; if we send bad
upgrades out, they'll brick machines regardless of the upgrade method.
The "but not as many will be bricked" argument falls on its face -- we
can't afford to think about this in terms of damage control. We need to
structure our QA in a way that makes it certain there's no damage to
control in the first place.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
More information about the Devel
mailing list