[OLPC-devel] Secure BIOS on the OLPC

Tushar Adeshara adesharatushar at gmail.com
Fri Sep 1 02:30:12 EDT 2006 

On 8/31/06, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:
> Tushar Adeshara wrote:
> > On 8/31/06, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
> > wrote:
> >> Tushar Adeshara wrote:
> >> > On 8/30/06, Joshua N Pritikin <jpritikin at pobox.com> wrote:
> >> >> On Tue, Aug 29, 2006 at 12:02:18PM -0400, Jim Gettys wrote:
> >> >> > "Belt and Suspenders" feels right to me.
> >> >>
> >> >> Even if kids are going to blindly follow directions about "Hold this
> >> >> key combo
> >> >> down to reflash the BIOS", that's good because then they'll know that
> >> >> _something_ is happening. Mystery invites investigation. More kids
> >> will
> >> >> discover the BIOS and its humble purpose.
> >> >
> >> > I think we need to also think about situations where there will be
> >> > many such laptops (100 to 500) that need BIOS update. Best way to do
> >> > that here would be no physical interaction with machine for BIOS
> >> > update.
> >>
> >> At some school: "Hey kids, please press spacebar now!"
> >>
> >> Laptops are inteded to stay with the kids all the time. BIOS updates
> >> should hopefully be something needed at most once or twice, unlike
> >> regurlar kernel updates. So telling kids once in their lifetime to
> >> press a specific button while they are at school is no significant
> >> problem.
> >
> > I suggested something that I would like in a device if I have to
> > ensure that all laptops are updated. If we require physical
> > interaction for BIOS updates, we ensure that updates can't be
> > automated if need arises later on.
> >
> > I would like to know about problems you can think of with the above
> > approach.
>
> It has already been written in this thread a few mails ago, but let
> me repeat:
> * BIOS updates are only needed in case of incorrect hardware setup
> * This will not happen regularly
The hard fact is BIOS need to be updated.
> * Automation has the potential to brick thousands of machines overnight
This seems to be the only problem you have with auto update. Please
let me know if there are any other.

Now let me be more clear on this,

1.I don't mind some policy in software that will allow/disallow auto
update. What I don't feel comfortable is _physical_ _interaction_ with
machine for BIOS update signed by OLPC.

2.All BIOS that are auto updated are signed by OLPC after extensive
testing. It should not brick even a single machine.  (One nice
question is what are plans if it ever happened? )

>
> And now the most important point:
> * OLPC was designed to make your scenario (service center where
>   hundreds of machines are reflashed/updated) unneeded
I expect school to be one place where all updates, exchange of
software etc will happen, and there can be many laptops to be updated.
>
> If we suddenly find out that machines need an update, it will affect
> not only a few hundred machines, but something like a million machines.
> You can't rely on the mesh network to reach every machine at the same
> time (and many meshes will be completely disconnected from the rest
> of the world), so you have to visit schools anyway. And then there is
> really no problem telling kids to press a key.

I agree. The thing is, every school can download updated BIOS from
OLPC and all machines will be (auto ?) updated, without any special
procedure unless some one don't allow their school to update their
BIOS. So Internet will be used to distribute BIOS to schools and mesh
network to update individual machines within that school.

Lastly, even though I am not much agree with phishing attack idea,
"press the button" is vulnerable to it. Opening laptop and doing
something is not expected out of child, which can allow flashing
unsigned BIOS.

Also, AFAIK from above mails, the approach of "press the button" is
discussed to avoid locking down machines to use only BIOS signed by
OLPC, while tyring to avoid update of BIOS without user knowledge.

So my point is,
1.If BIOS is from OLPC, we can have control in software that will
decide BIOS should be updated or not. And there should be no reason
not to allow user to auto update BIOS signed by OLPC.
2.If you want to flash your own BIOS, you will have to open laptop and
press some button of something like that. So no lock down of machines
to use only BIOS signed by OLPC, and no
phishing attacks.

Let me know your view on this.
-- 
Regards,
Tushar
--------------------
It's not a problem, it's an opportunity for improvement. Lets improve.

More information about the Devel mailing list