"Walter Bender": Re: devkeys, prettyboot, and G1G1

John Gilmore gnu at toad.com
Wed Oct 1 22:15:06 EDT 2008 

Mitch and I have come up with a way to ship G1G1 laptops so that they
will pretty-boot, but still come from the factory without any need
for developer keys (in the Forth "disable-security" setting).  

This requires a small edit to /boot/olpc.fth in the OS build,
to load the XO child image, freeze the screen, and put the
first "progress dot" down just before jumping to Linux.  It's
detailed here:

  http://dev.laptop.org/ticket/7896

I know the support crew would be much happier if G1G1 laptops were
shipped able to run test builds and patched software, if users could
interact with Forth to diagnose their hardware, if they could run
unsigned Forth code from USB collector keys, etc.

Unfortunately, an IRC discussion with Scott today revealed that the
engineering team has decided that we *must* ship G1G1 laptops with a
requirement for development keys.  The reason: because too many kids
in the third world will be getting lockdown laptops, and we want the
G1G1 recipients to be guinea pigs to debug the laptops, to be sure the
laptops work even when locked down (and that they unlock properly when
the kid requests a jailbreak key).

I see this is utterly backwards.  The countries that want DRM on their
laptops should be paying the price in support problems and
infrastructure.  Not the donors who sponsor a G1G1 laptop, and not the
free software community who donate to help push this project along.
As believers in freedom, we shouldn't be defaulting EVERY laptop to
being locked by its manufacturer.  Yet that's the argument: because
some of them are locked, all of them must be locked.  Or perhaps it's
slightly more nuanced: A country that orders thousands can order them
without DRM, but G1G1 users can't.  That sounds reasonable, but I've
interacted with several country teams (Nepal and South Pacific), who
had come away from OLPC with the impression that it would be
incredibly dangerous to turn off the "security" of the laptops.  In
Nepal's case I was unable to disabuse them of this odd notion.  So no
country asks for freedom in their laptop shipments, and no G1G1 is
shipped with freedom, and thus every OLPC laptop is jailed, like every
iPhone.

	John

Date: Wed, 1 Oct 2008 08:34:09 -0400
From: "Walter Bender" <walter.bender at gmail.com>
To: "John Gilmore" <gnu at toad.com>
Subject: Re: devkeys, prettyboot, and G1G1
Cc: "Mitch Bradley" <wmb at laptop.org>

If Mitch is comfortable with his fix, I cannot see any reason not to
ship developer keys with G1G1 machines--it would save everyone
headaches, especially on support; but of course I cannot speak for
OLPC these days.

-walter

On Tue, Sep 30, 2008 at 7:26 PM, John Gilmore <gnu at toad.com> wrote:
>> I recall discussing this last time but  don't recall the reasons not
>> to do it this way. We did ship them all pre-activated.
>
> I questioned people after the fateful meeting, and it seemed to me
> that the problem was that Nicholas wanted pretty-boot, and Mitch was
> unwilling to try to disentangle pretty-boot from secure-boot.  Secure-boot
> was already a tangle of ugly Forth code, and he was sure that adding
> more complexity there would result in security holes or bugs.
>
> Since then, he has figured out the one-line circumvention that's
> documented in bug #7896.  The circumvention is in the OS (since OFW
> keeps no state).
>
>        John


-- 
Walter Bender
Sugar Labs
http://www.sugarlabs.org


[gnu: I also cc'd this to support-gang, but that required sending it
from a different email address, due to how I am subscribed there.]

More information about the Devel mailing list