[OLPC-devel] Secure BIOS on the OLPC
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Aug 29 12:15:14 EDT 2006
Krishna Sankar (ksankar) wrote:
> So, you are, in fact, putting some trust on the sl number, after
> all ! ;o) In this case, why do you care - i.e. why tie developer keys
> to a serial number ? It doesn't give us anything. Most probably folks
> can spoof the sl # anyway.
I realized after sending that e-mail that you'd call me on it :)
We're actually still not trusting the serial number in any dangerous
sense. The LB payload _can_ trust the sl (there's no way to lie at that
stage in the boot), which means that if I hand you a signing key that
works for a machine with sl 'X', I know that you can't make a signed
BIOS that will work on any other machine.
Now, lying about your sl when you're requesting a developer signing key
gives you the opportunity to replace the BIOS on targeted machines
provided you can break into the machine some other way. But this doesn't
scale; worm writers can't go and ask for signing keys for a million
machines.
In fact, if I saw more than about 20 dev key requests per million units
shipped, I'd be pretty surprised.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
More information about the Devel
mailing list