Life in an insecure world

[John Watlington]

 >>Background context:
Right now, Quanta only ships laptops in one of two states:
- security enabled
- security enabled, and "pre-activated"

Starting in a few weeks, the factory will only ship laptops in one
of two configurations:
- security enabled
- security disabled

The goal is to only ship laptops with security enabled to deployments
which are capable of managing their own key management system
(including release signing, activation lease generation, developer key
generation, etc.)   The anti-theft features of the XO system are  
valuable,
but OLPC as an organization simply cannot afford to provide the
supporting services.

 >>Current Question (from Reuben):

> How will the ak tag be set for these machines that have security- 
> disabled ?
>
> a. without ak tag if someone then enables security then they will  
> require activation. Otherwise they will have to manually add the ak  
> tag.
>
> b. with ak tag -> security enabled, no activation will be required.  
> So if someone wants activation they will have to manually delete  
> the tag.


I insist on b) in order to prevent inadvertent "bricking" of laptops  
by typing "enable-security",
but that is sadly insufficient, as enabling security on a laptop  
simply running an unsigned build
will also "brick" it.   In the former case (b), it is possible to  
install and boot a signed (OLPC) build, but
reverting to the original (unsigned) build will still require a  
developer key.

Is there anything we can do ?

Should we care ?  I just proved that it is possible for any kid in  
Peru to slag their laptop by
simply typing "sudo rm -rf /*" in a terminal window, a similar feat  
of child-like naivete.
But at least in the security disabled case, this simply requires  
reflashing the NAND,
whereas re-disabling security is more difficult in cases where the  
security infrastructure was
never supported in the first place.

Comments ?  Suggestions ?
wad