[OLPC-devel] Secure BIOS on the OLPC

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Tue Aug 29 11:48:19 EDT 2006


John R. Hogerhuis wrote:
> The problem there is not physical security but a
> "trust the programmers" issue.

So you don't trust any piece of human-written cryptographic code to do
its job properly? Or are you saying you don't trust the people themselves?

> You're not familiar with evil?

Please re-read that part of the original message, and my reply, carefully.

> No perfect upgrade system has ever been designed / implemented.
> Most likely, yours isn't either so any system which is required to be
> perfect is broken by requirement.

John, you keep generalizing what is actually a very specific issue. The
design for this particular upgrade system is elegant and watertight.
Now, as you point out, the implementation and execution can go wrong in
one of three ways:

1. Physical compromise of OLPC private keys: mitigated by already
planned, highly-stringent physical security.

2. Bug in the digsig implementation: mitigated by the use of two
separate digsig systems.

3. Cryptographic break of the digsig system: mitigated as above.

Unless you're willing to specifically address technical details in order
to show that the design is invalid, I can't continue to participate in
this discussion.

> First, by definition those that do understand what is happening are in a
> position to authoritatively refuse. Not every kid will be in this
> category, but some will.

Can you provide a meaningful, non-contrived example under which a user
would refuse a BIOS upgrade?

-- 
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D



More information about the Devel mailing list