[OLPC Security] Some anti-theft questions
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Jan 22 15:53:59 EST 2008
On Jan 22, 2008, at 8:38 PM, Chris Ball wrote:
> That falls under the category of "implementation problems we'll find
> an answer to as we get to them", I think.
It's considered in the spec, actually, just not written up in detail:
"We provide such a service for interested countries to enable on the
laptops. It works by running, as a privileged process that cannot be
disabled or terminated even by the root user, an anti-theft daemon
which detects Internet access, and performs a call-home request—no
more than once a day—to the country's anti-theft servers. In so
doing, it is able to securely use NTP to set the machine RTC to the
current time ..."
-- from the P_THEFT section
What this means is that we can use untrusted NTP pools, but we perform
the call-home beforehand and only tolerate a minimal delta between the
time returned from the pool and that reported by the (SSL-tunneled)
web server on the call-home side.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the Security
mailing list