Life in an insecure world
John Watlington
wad at laptop.org
Wed Feb 4 10:32:34 EST 2009
On Feb 4, 2009, at 7:14 AM, Daniel Drake wrote:
> 2009/2/4 John Watlington <wad at laptop.org>:
>> I insist on b) in order to prevent inadvertent "bricking" of laptops
>> by typing "enable-security",
>
> Are you concerned that there is a realistic and common use case when a
> particular type of user would want or need to run enable-security?
> Or is your concern simply that there is such a command (regardless of
> what it actually does internally) that will break your XO?
Tthere are valid reasons in repair and manufacturing to have such
a command. And there might even be a reason why a deployment might
decide to turn on security.
My concern is that with security disabled, kids are now free to
explore OFW
(this is a good thing) and that command is relatively easy to
discover and
might break your machine.
Mitch is going to make the syntax a little more onerous. One
current proposal
is to require the serial number of the laptop as an argument. How
about
refusing to perform the command unless a valid signed image is
present in
the NAND ? In the same way we protect the flash command...
Regarding Reuben's original concern:
If you are going to enable security on a large number of laptops, you
are probably
going to be setting a few tags (such as providing your own signing
keys) at the
same time, and using a forth script on boot to perform it. Having
to remove the ak
tag at that point shouldn't be any extra hassle.
wad
More information about the Devel
mailing list