Anti-theft vs RTC (Was Re: NetworkManager time sync)

Hal Murray hmurray at
Tue Jul 6 14:32:25 EDT 2010

cscott at said:

>> While we have your attention on this topic...
>> Do you not think that this is a security issue? In that a thief could
>> put a laptop on a network with rigged DNS and have control over the
>> time/date on the laptop? 

> A sane security system would let the user control their local time, without
> jeopardizing security based on server (or "firmware") time.

That's hard to do if the user is root.

I'm far from a wizard on this area, but I think the key idea is that there is 
only one RTC and there isn't any reasonable way for the firmware to hide it 
from the OS.  So if you let the user become root, they can set the RTC back 
and keep using an old lease as long as they can hide from the anti-theft 
server at boot time.

I think a thief could do useful work on a stolen XO as long as they are 
willing to run with the clock set incorrectly (to bypass the firmware 
boot-time checks) and they are smart enough to disable any non-firmware 
security checks.  They would have to avoid booting near an anti-theft 
(school) server and/or hide behind a firewall that would filter it out.

Is there a good high level description of how the current anti-theft works?

I've found these:

The first two are full of commands to type to use the current anti-theft 
setup, but there isn't much discussion of the big picture.  The Bitfrost doc 
was last edited in Feb 2007.

I haven't found a discussion of the set-the-clock-back case.

The Bitfrost doc describes an anti-theft daemon running on the XO at:

It also expects file protection for the critical parts of the OS as described 
Has that been implemented?  If so, how, and where do I find more info?  I 
don't remember any discussion of that topic.

There is also discussion of maintaining a per program view of the RTC at:
I don't think that's been implemented either.

It's probably possible to make the anti-theft stuff significantly more robust 
in this area.  I think it would be a lot of work.  The two chunks of Bitfrost 
above would be a good start.  I'm not sure they are sufficient and/or there 
may be simpler ways.

Security is hard.

These are my opinions, not necessarily my employer's.  I hate spam.

More information about the Devel mailing list