[OLPC Security] Some anti-theft questions

[Alexander Todorov]

Hello,
I've read the Bitfrost specs on the wiki but still don't quite 
understand two things. Here are my concerns:

<quote>
In so doing, it is able to securely use NTP to set the machine RTC to 
the current time, and then obtain a cryptographic lease to keep running 
for some amount of time, e.g. 21 days.
</quote>

1. Is there a way that a stolen laptop can be modified in such a way 
that the cryptographic lease doesn't expire? (setting RTC backwards if 
that's possible, Is it? I don't really know.)

<quote>
After receiving the matching laptop batch, the school's project handler 
will be tasked with giving a laptop to each child at the school. When a 
child receives a laptop, it is still disabled. The child must power on 
the laptop within wireless range of the school's activation server. When 
this happens, the laptop will securely communicate its (SN, UUID) tuple 
to the server, which will return the activation code for the laptop in 
question, provided the tuple is found in the activation list, or an 
error if it isn't.
</quote>

2. Is there some kind of control over the shipped laptops and activation 
numbers to prevent fraudulent activities from school administrators?

e.g. A batch of 1000 laptops arrives at the school with the USB key 
containing 1000 activation codes. All machines are activated (as stated 
above) but only half of them go to children, the other half goes to a 
reseller. If the machines stay hidden for some time the cryptographic 
lease will expire and they will be disabled. But what happens if they 
are sold right away and used by customers? (in which case they will 
communicate to the servers and renew the lease)

3. Another version on the above: only the half of laptops are activated 
and other half stays hidden instead of being activated?
Counting the number of machines phoning home vs. the amount of shipped 
items can reveal such a fraud.

Thanks,
Alexander.