[OLPC Security] How much of architecture document is actually implemented

Michael Stone michael at laptop.org
Wed Oct 10 14:37:55 EDT 2007


Marcus,

Thanks for your interest. Hopefully this overview will give you enough
information to figure out where to further direct your attention and
questions.

Today, the relevant players in this area are:

Ivan Krstić      -> security architect, hardware cryptography,
                    server-side anti-theft & activation infrastructure

C. Scott Ananian -> activation initramfs & client-side anti-theft; os
                    update verification

Mitch Bradley    -> firmware

Michael Stone    -> containerization

The relevant git repositories, published on dev.laptop.org, are

  olpcrd-rootskel             <- initramfs
  users/cscott/leases         <- lease-checking code
  users/cscott/rmanifest-py   <- os manifest creation/verification
  users/mstone/security       <- containerization prototype ("rainbow")
  bios-crypto                 <- lease & developer key construction tools
  
The overall summary is that we are confident that, for FRS (i.e. the
software release to be installed during deployment), we can deliver the
client-side component of first-boot activation and little else.

The server-side, manufacturing-side, and deployment-side software for
first-boot activation are still large unknowns.

We have a functional research prototype for activity containerization
that we are presently integrating in to the existing images; however,
it's shippability is uncertain.

We have spent essentially no time on user-land and kernel-level
hardening or on data-collection software for "soft" security.


Does this synopsis address your initial question?

Yours,

Michael



On Wed, Oct 10, 2007 at 11:54:29AM -0400, Marcus Leech wrote:
> I've read the XO Security Architecture document.
> 
> I have questions about how much of that is actually implemented, and how
> it's implemented.  Is there a resource other
>   than the architecture document that would give me a good overview of
> the current state of the world with respect
>   to XO security?
> 
> 



> _______________________________________________
> Security mailing list
> Security at lists.laptop.org
> http://lists.laptop.org/listinfo/security



More information about the Security mailing list