[Olpc-open] [possible improvement]built-in identity module

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Wed Feb 7 13:21:21 EST 2007


Bipin Gautam wrote:
> some sort of uniq identification mechanism should be in ROM chip that
> can be verified from network

Such a mechanism is there already, to some degree. See the Bitfrost
security specification[0], specifically section 8.21 on P_SERVER_AUTH.

Of course, we don't have a TPM chip. We're not doing any kind of remote
attestation. This is by design, and P_SERVER_AUTH is a purely
cooperative mechanism -- it works if the user's machine wishes to
identify itself, which it does only with trusted servers, for some value
of 'trusted'.

I'm setting Reply-To for this to the security list, as the discussion
belongs there.


[0] http://wiki.laptop.org/go/Bitfrost

-- 
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D


More information about the Olpc-open mailing list