Life in an insecure world

John Watlington wad at
Wed Feb 4 10:32:34 EST 2009

On Feb 4, 2009, at 7:14 AM, Daniel Drake wrote:

> 2009/2/4 John Watlington <wad at>:
>> I insist on b) in order to prevent inadvertent "bricking" of laptops
>> by typing "enable-security",
> Are you concerned that there is a realistic and common use case when a
> particular type of user would want or need to run enable-security?
> Or is your concern simply that there is such a command (regardless of
> what it actually does internally) that will break your XO?

Tthere are valid reasons in repair and manufacturing to have such
a command.   And there might even be a reason why a deployment might
decide to turn on security.

My concern is that with security disabled, kids are now free to  
explore OFW
(this is a good thing) and that command is relatively easy to  
discover and
might break your machine.

Mitch is going to make the syntax a little more onerous.   One  
current proposal
is to require the serial number of the laptop as an argument.    How  
refusing to perform the command unless a valid signed image is  
present in
the NAND ?   In the same way we protect the flash command...

Regarding Reuben's original concern:
If you are going to enable security on a large number of laptops, you  
are probably
going to be setting a few tags (such as providing your own signing  
keys) at the
same time, and using a forth script on boot to perform it.   Having  
to remove the ak
tag at that point shouldn't be any extra hassle.


More information about the Devel mailing list