[OLPC-devel] OLPC "bootloader"
Krishna Sankar (ksankar)
ksankar at cisco.com
Sun Jun 25 18:53:24 EDT 2006
Agreed - integrity is our concern than confidentiality. I was more
interested in the authentication and link protection parts - hash,
signature mechanisms/signed code would work.
And yes, reusing parts of already popular protocols is preferred than
inventing our own.
Cheers
<k/>
> -----Original Message-----
> From: Ivan Krstic [mailto:krstic at fas.harvard.edu]
> Sent: Sunday, June 25, 2006 3:38 PM
> To: Krishna Sankar (ksankar)
> Cc: jg at laptop.org; devel at laptop.org
> Subject: Re: [OLPC-devel] OLPC "bootloader"
>
> Krishna Sankar (ksankar) wrote:
> > Yep, if the BIOS is in place, one mechanism could be
> signed code with
> > an OLPC cert. Would we be able to get SSL functionality in the BIOS
>
> Given our available computational resources on the laptop,
> and the complexity of SSL, SSL is more of a non-solution than
> anything. It's also "solving" the wrong problem: we don't
> care about protecting the confidentiality of the wireless
> data during a reflash; only about asserting its integrity.
>
> There's already hashing code in the kernel; we should see if
> we can easily cherrypick the signature verification code from IPSEC.
>
> --
> Ivan Krstic <krstic at fas.harvard.edu> | GPG: 0x147C722D
>
More information about the Devel
mailing list