[OLPC Security] Developer Key

[Carl-Daniel Hailfinger]

Simson Garfinkel wrote:
> Several people have voiced confusion over the developer's key.
> 
> The purpose of the developer's key is to make it possible for students
> to change kernels, disable security features, try new operating systems,
> etc., to further the OLPC "constructivist" learning philosophy.  We
> don't make it easy, because disabling these features has risk to the
> laptop and to the student.  We couldn't come up with another system that
> would make it both possible to remove these protections and yet
> difficult and time-consuming to do so.

One concern I believe has not been addressed yet is that countries may
wish to issue developer keys themselves instead of delegating it to olpc.
How do we deal with that ("customer is king" vs "kids must have power")?

> The developer's key is not an end-run around the security system. It's a
> way for students to say "I will manage my own security." For example,
> although the key makes it possible to turn off P_THEFT, it doesn't
> require that the student do so.

May I take this a bit further and say that the developer key is intended
as an alternative to opening the case for reflashing?


As a side note, managing your own security may as well mean the ability
to refuse official signed updates. Why? Given that some of the (possible)
customer countries may have slight political/economical stability issues,
it is entirely possible that laptops may receive updates which
incapacitate parts of their functionality or turn them into propaganda
vehicles.
OTOH, updates temporarily disabling parts of the hardware may as well be
desirable e.g. to avoid laptops getting tracked down via their wireless
signature. Think military invasion here. Destroying the local
communication infrastructure helps the attacker a lot and so laptop
owners may be protected by making their laptops undetectable.

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/