[OLPC Security] G1G1: Security, to enable or disable...

david at lang.hm david at lang.hm
Thu Jun 5 11:16:49 EDT 2008 

On Thu, 5 Jun 2008, Kim Quirk wrote:

> 1 - I thought requiring signed images was part of our bitfrost
> security. Doesn't it provide some protection from malicious images?
> Assuming we get to the point where upgrading is an easy click from the
> G1G1 machine, then we want to be sure that people don't mistakenly
> load non-signed images. If you are not a developer; doesn't this add a
> level of protection that we want for 90% of G1G1 recipients?

how about an option to install a 'tester key' that would let a machine 
download test builds that are then signed by a different key then the 
production builds. by comparison a developer key would let them install 
anything.

> 2 - I believe our support issues will go up significantly as people
> who have little or no experience are encouraged to download all sorts
> of untested builds with no easy way to get back to a working system.
> To feel better about the support issues, I would like the one-button
> push that restores a laptop to factory default. Actually walking
> people through a cleaninstall is a very time-consuming process right
> now.

there is currently a one button reboot to the prior version, so people 
wiil only need to do a cleaninstall if they install two broken builds in a 
row, _and_ can't use either build to install a good build (which is 
unlikely becouse they used the older one to install the one after that, so 
they should be able to use that older one to install a working build)

David Lang

> Finally, I agree with Scott, that the easiest thing we can do in the
> short term is to make the 'get a developer key' more prominent for
> those who want to find it. I would really like a brief note about how
> they should first be familiar with how to do a factory cleaninstall
> before they unprotect their machine.
>
> Kim
>
>
> On Wed, Jun 4, 2008 at 9:50 PM, C. Scott Ananian <cscott at laptop.org> wrote:
>> On Wed, Jun 4, 2008 at 9:20 PM, reynt0 <reynt0 at cs.albany.edu> wrote:
>>> I also want to be able to examine the XO as thoroughly as
>>> possible from my own (USA, educated, experienced, and so
>>> on) perspective.  In that regard, FWIW I found the various
>>> infos I later could find from olpc a bit unclear or even
>>> seeming at first glance inconsistent about how usable a
>>> G1G1 XO could be as-delivered.  My present understanding
>>> is that I will need a developer's key, and that I can get
>>> one by asking when I'm ready to (though I'm not sure if
>>> I would be able to if I were a non-compsci G1G1), tho I
>>> am willing to accept that this understanding may be wrong.
>>
>> http://wiki.laptop.org/go/Developer_key
>>
>> I would like to see the link for requesting a developer key made much
>> more prominent in the library.  (I've cc'ed SJ specifically to see if
>> he can make that happen for me.)
>>  --scott
>>
>> --
>>                         ( http://cscott.net/ )
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/devel
>>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>

More information about the Devel mailing list