[OLPC Security] G1G1: Security, to enable or disable...

Kim Quirk kim at laptop.org
Thu Jun 5 09:25:02 EDT 2008


The two issues that I am concerned about regarding the write protect
flag with regards to G1G1:

1 - I thought requiring signed images was part of our bitfrost
security. Doesn't it provide some protection from malicious images?
Assuming we get to the point where upgrading is an easy click from the
G1G1 machine, then we want to be sure that people don't mistakenly
load non-signed images. If you are not a developer; doesn't this add a
level of protection that we want for 90% of G1G1 recipients?

2 - I believe our support issues will go up significantly as people
who have little or no experience are encouraged to download all sorts
of untested builds with no easy way to get back to a working system.
To feel better about the support issues, I would like the one-button
push that restores a laptop to factory default. Actually walking
people through a cleaninstall is a very time-consuming process right
now.

Finally, I agree with Scott, that the easiest thing we can do in the
short term is to make the 'get a developer key' more prominent for
those who want to find it. I would really like a brief note about how
they should first be familiar with how to do a factory cleaninstall
before they unprotect their machine.

Kim


On Wed, Jun 4, 2008 at 9:50 PM, C. Scott Ananian <cscott at laptop.org> wrote:
> On Wed, Jun 4, 2008 at 9:20 PM, reynt0 <reynt0 at cs.albany.edu> wrote:
>> I also want to be able to examine the XO as thoroughly as
>> possible from my own (USA, educated, experienced, and so
>> on) perspective.  In that regard, FWIW I found the various
>> infos I later could find from olpc a bit unclear or even
>> seeming at first glance inconsistent about how usable a
>> G1G1 XO could be as-delivered.  My present understanding
>> is that I will need a developer's key, and that I can get
>> one by asking when I'm ready to (though I'm not sure if
>> I would be able to if I were a non-compsci G1G1), tho I
>> am willing to accept that this understanding may be wrong.
>
> http://wiki.laptop.org/go/Developer_key
>
> I would like to see the link for requesting a developer key made much
> more prominent in the library.  (I've cc'ed SJ specifically to see if
> he can make that happen for me.)
>  --scott
>
> --
>                         ( http://cscott.net/ )
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>


More information about the Security mailing list