[OLPC Security] How much of architecture document is actually implemented
michael at laptop.org
Wed Oct 10 14:37:55 EDT 2007
Thanks for your interest. Hopefully this overview will give you enough
information to figure out where to further direct your attention and
Today, the relevant players in this area are:
Ivan Krstić -> security architect, hardware cryptography,
server-side anti-theft & activation infrastructure
C. Scott Ananian -> activation initramfs & client-side anti-theft; os
Mitch Bradley -> firmware
Michael Stone -> containerization
The relevant git repositories, published on dev.laptop.org, are
olpcrd-rootskel <- initramfs
users/cscott/leases <- lease-checking code
users/cscott/rmanifest-py <- os manifest creation/verification
users/mstone/security <- containerization prototype ("rainbow")
bios-crypto <- lease & developer key construction tools
The overall summary is that we are confident that, for FRS (i.e. the
software release to be installed during deployment), we can deliver the
client-side component of first-boot activation and little else.
The server-side, manufacturing-side, and deployment-side software for
first-boot activation are still large unknowns.
We have a functional research prototype for activity containerization
that we are presently integrating in to the existing images; however,
it's shippability is uncertain.
We have spent essentially no time on user-land and kernel-level
hardening or on data-collection software for "soft" security.
Does this synopsis address your initial question?
On Wed, Oct 10, 2007 at 11:54:29AM -0400, Marcus Leech wrote:
> I've read the XO Security Architecture document.
> I have questions about how much of that is actually implemented, and how
> it's implemented. Is there a resource other
> than the architecture document that would give me a good overview of
> the current state of the world with respect
> to XO security?
> Security mailing list
> Security at lists.laptop.org
More information about the Security