[OLPC-devel] OLPC "bootloader"

Krishna Sankar (ksankar) ksankar at cisco.com
Sun Jun 25 18:53:24 EDT 2006


Agreed - integrity is our concern than confidentiality. I was more
interested in the authentication and link protection parts - hash,
signature mechanisms/signed code would work. 

And yes, reusing parts of already popular protocols is preferred than
inventing our own.

Cheers
<k/>

> -----Original Message-----
> From: Ivan Krstic [mailto:krstic at fas.harvard.edu] 
> Sent: Sunday, June 25, 2006 3:38 PM
> To: Krishna Sankar (ksankar)
> Cc: jg at laptop.org; devel at laptop.org
> Subject: Re: [OLPC-devel] OLPC "bootloader"
> 
> Krishna Sankar (ksankar) wrote:
> > 	Yep, if the BIOS is in place, one mechanism could be 
> signed code with 
> > an OLPC cert. Would we be able to get SSL functionality in the BIOS
> 
> Given our available computational resources on the laptop, 
> and the complexity of SSL, SSL is more of a non-solution than 
> anything. It's also "solving" the wrong problem: we don't 
> care about protecting the confidentiality of the wireless 
> data during a reflash; only about asserting its integrity.
> 
> There's already hashing code in the kernel; we should see if 
> we can easily cherrypick the signature verification code from IPSEC.
> 
> --
> Ivan Krstic <krstic at fas.harvard.edu> | GPG: 0x147C722D
> 



More information about the Devel mailing list