[OLPC-devel] Secure BIOS on the OLPC

Krishna Sankar (ksankar) ksankar at cisco.com
Tue Aug 29 10:04:10 EDT 2006

> Developer signing keys are issued for each machine 
> individually, based on the serial number.
<KS> So, you are, in fact, putting some trust on the sl number, after all ! ;o) In this case, why do you care - i.e. why tie developer keys to a serial number ? It doesn't give us anything. Most probably folks can spoof the sl # anyway.</KS>


> -----Original Message-----
> From: devel-bounces at laptop.org 
> [mailto:devel-bounces at laptop.org] On Behalf Of Ivan Krstic
> Sent: Monday, August 28, 2006 8:46 PM
> To: Carl-Daniel Hailfinger
> Cc: Mark J. Foster; devel at laptop.org
> Subject: Re: [OLPC-devel] Secure BIOS on the OLPC
> Carl-Daniel Hailfinger wrote:
> > And it fully automates bricking of thousands of machines if 
> the key is 
> > ever compromised.
> If 3 separately kept private keys, two of which will live in 
> a bank vault, are compromised.
> > Flashing a new BIOS against the will of the user is *evil* (and 
> > generates quite a lot of bad publicity if you look at the 
> Playstation 
> > Portable forced firmware upgrades).
> I'm not familiar with these (I'll read up on them), but I 
> imagine they change actual user-visible system functionality 
> in some way? That's not what any of our BIOS upgrades will do.
> In principle, though, I agree with you. Power users never 
> considered upgrades that do things behind their backs a 
> feature. But I think you'll find the exact opposite holds for 
> most computer users, and this becomes particularly compelling 
> when many of your users are too young to be able to make a 
> reasonable decision about whether to agree or disagree with a 
> security prompt.
> Finally, remember that BIOS flashing is really a fully opaque 
> operation.
> While software upgrades tell you things like "I want to 
> upgrade version x of this software to version y, here's what 
> will be different", how do you see this happening for BIOS 
> upgrades? In other words, in what cases does the user know 
> enough about the system to be able to authoritatively refuse 
> a BIOS upgrade?
> > Once you make these provisions, how are you going to be sure a worm 
> > author doesn't use them? "Hey, I'm a kid wanting to hack 
> the BIOS, can 
> > I have a signing key?"
> Developer signing keys are issued for each machine 
> individually, based on the serial number.
> > There should remain at least one way to flash a non-signed BIOS 
> > without resorting to a soldering iron. Possibly require a 
> USB keyfob 
> > to be plugged in or something (like the original solution with 
> > keypress).
> I've been toying with the same idea. Let me think about that 
> some more.
> --
> Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 
> 0x147C722D _______________________________________________
> Devel mailing list
> Devel at laptop.org
> http://mailman.laptop.org/mailman/listinfo/devel

More information about the Devel mailing list