[OLPC Security] teasing apart the security problem into pieces

Jim Gettys jg at laptop.org
Fri Apr 7 22:12:52 EDT 2006 

On Fri, 2006-04-07 at 21:22 -0400, Tim Flavin wrote:
> Jim said:
> >So first, let's see if there are other questions that should be posed
> >than the list that comes to my mind immediately.
> 
> It has been a long time since I have tried to understand the issues
> relating to exporting security software, and it looks like some of the
> interested OLPC countries are on the State Department's least favorite
> countries list.  What are the limits on including encryption, and
> authentication software?  Is there a problem with public key
> encryption software?  Can we use public key algorithms for
> authentication?

For open source code, it is now very easy.  Thank you for reminding me
we should register laptop.org with the wonderful government people
(there is still a probably pointless registration requirement).  The
process got much easier 3 or 4 years ago.  Binaries are more of an
issue; but (someone correct me if I'm wrong), binaries created from open
source/free software are much easier than it once was, and can be
handled with some care.  Commercial requirements are higher.

For example, Debian now ships strong crypto in main, and the following
link explains the situation and requirements different people must meet.
http://www.debian.org/legal/cryptoinmain

Diffie Hellman and RSA patents have run out, so we certainly can use
public key crypto.

> 
> I think that it would make it easier to secure the laptop if the boot
> flash were hardware write protected.  If malware is able to write to
> the boot flash, it would be hard to clean up.
> Can we do this?  You could manually write enable it with a paperclip
> or JTAG device when necessary.

We're planning to do something like this; it will require holding down a
certain set of keys on the keyboard before the boot flash can be
overwritten (and that flash has the code that enforces that; it is in
the embedded controller, rather than the CPU).

There is no way to directly write the boot rom from the geode, as I
understand our hardware design.

> 
> 
> > are there ways in which we can exploit security technology to reduce
> >the inevitable theft problem?
> 
> Probably.  Is there any information available on the Marvell 8388? 
> Does it have a bit of room in its flash memory if any?  What is used
> to store the MAC address?

HIIK.  Michail Bletsas knows about the chip, and I would hope he can
poke the Marvell folks to getting some specs on their web site.

> 
> Is the hardware budget for security features more than  $0.50?  Less?
> 
> I assume that we are not trying to defend against people who have some
> technical capabilities and can mess with the insides of the laptop. 
> Is this true?

Yes, in fact, we consider part of education taking things apart and
messing around with them (not to mention people will be rebuilding
franken-machines in the field out of broken machines).

> 
> I think that a most of the answers to the privacy and access questions
> is that we provide the tools to enable them but that the local
> governments (on several levels) will decide on how they are used or if
> they are removed.
> 

Certainly...
                                   Regards,
                                                - Jim

-- 
Jim Gettys
One Laptop Per Child

More information about the Security mailing list