[OLPC-devel] Secure BIOS on the OLPC

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Tue Aug 29 12:36:50 EDT 2006


Ivan Krstić wrote:
> Carl-Daniel Hailfinger wrote:
>> And it fully automates bricking of thousands of machines if the key
>> is ever compromised. 
> 
> If 3 separately kept private keys, two of which will live in a bank
> vault, are compromised.

The keys in the bank vault will have to be used outside of the bank
vault for every BIOS update the OLCP project issues. And if the
countries in which the machines are to be deployed want the ability
to change the BIOS without OLPC approval (which may well be the case)
you have to add three additional keys which will be kept under unknown
conditions.
If countries with autonomous regions (like Spain) are ever going to
participate in an OLCP rollout, the autonomous regions are likely
to demand an additional three keys as well.

>> Flashing a new BIOS against the will of the user
>> is *evil* (and generates quite a lot of bad publicity if you look at
>> the Playstation Portable forced firmware upgrades).
> 
> I'm not familiar with these (I'll read up on them), but I imagine they
> change actual user-visible system functionality in some way? That's not
> what any of our BIOS upgrades will do.

They fixed security holes (good) and made it impossible to run your
own software on it (bad). A few other user-visible changes were there
as well.
Our BIOS updates will fix security holes (good) and ....


This leads me to another question: Will the final board revision
still have a place where someone can solder on a PLCC socket and
will the EC code still have the feature to boot from PLCC ROM
if one is plugged in?

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/



More information about the Devel mailing list