[OLPC Security] teasing apart the security problem into pieces

[Simson Garfinkel]

> For open source code, it is now very easy.  Thank you for reminding me
> we should register laptop.org with the wonderful government people
> (there is still a probably pointless registration requirement).  The
> process got much easier 3 or 4 years ago.  Binaries are more of an
> issue; but (someone correct me if I'm wrong), binaries created from  
> open
> source/free software are much easier than it once was, and can be
> handled with some care.  Commercial requirements are higher.

I believe you are correct. The binary/source problem can be made  
irrelevant if your build system distributes source and then has  
people compile them, of course.

>
> For example, Debian now ships strong crypto in main, and the following
> link explains the situation and requirements different people must  
> meet.
> http://www.debian.org/legal/cryptoinmain

All of the free Unix distributions now ship with strong crypto, I  
believe. As does MacOS and Windows. There is no long any significant  
restriction on consumer operating systems.

>
> Diffie Hellman and RSA patents have run out, so we certainly can use
> public key crypto.

Yep. There are no restrictions.

>
>>
>> I think that it would make it easier to secure the laptop if the boot
>> flash were hardware write protected.  If malware is able to write to
>> the boot flash, it would be hard to clean up.
>> Can we do this?  You could manually write enable it with a paperclip
>> or JTAG device when necessary.
>
> We're planning to do something like this; it will require holding  
> down a
> certain set of keys on the keyboard before the boot flash can be
> overwritten (and that flash has the code that enforces that; it is in
> the embedded controller, rather than the CPU).

Nice design.  This is easier than adding another switch, I guess?

Presumably another funky set of keys will have my laptop copy the  
operating system from your laptop (but not the user code)?