[Testing] Security Meeting Minutes, 8/28/07
Kim Quirk
kim at laptop.org
Tue Aug 28 18:25:38 EDT 2007
8/28/07, every Tues 4pm
Attending: Jim, Michael Stone, Kim, Scott, Mitch
- Activation: Mitch has written the code to handle signed OS and
ramdisk images, look for lease file and its signature. He has created trial
keys and is testing this out.
- Scott will integrate Mitch's work into Pilgrim build in order to
generate signed kernel for the next level of testing.
- After that we need real crypto for the next level of testing.
- Scott is waiting to receive code from Ivan for his testing of
activation. Ivan has been ill.
- Quanta told Mitch that they did NOT set the WP (write protect) flag
at the end of the manufacturing cycle on the latest C build units. So when
we are ready to test real activation on these machines we will need to first
set that bit ourselves.
- There are still some process questions as to once we are using real
keys, will we be signing all builds; or providing keys and documentation to
all developers in order to continue development efforts? Need to document
this.
- Is there a 'safe' place where a key can be stored on the laptop that
won't get over-written by various OS reflashes, etc.
- Need to ensure that clocks are set properly at mfg in order for the
lease feature to work.
- This brought up the question of older machines. We don't want to set
the WP bit on older machines and we don't want them to fall into the
activation/lease system. They should be permanently unlocked.
- Other process questions that Michael brought up related to our
security system (not just code, but process, monitoring, reporting, and
fixing problems):
- How do we measure 'security'?
- Who measures and monitors this system?
- When or how often is it done?
- What procedures are used?
- What happens when a security problem is found?
- How do we fix and distribute changes?
- Testing issues came up; Michael and Kim will set up another time to
come up with some test cases and thoughts on priorities for testing.
- Scott and SJ need to talk about the use case for sharing information
more broadly and how security fits into that picture. Can we use a webserver
on the XO; are there alternatives that would serve the same purpose? We
should bring this up again at the school server and/or content meetings
[School server meeting is Wed 3pm; content is Tues 3pm]
- Kim
Minutes can be found here:
http://laptop.org/teamwiki/index.php/Team:Main_Page#Meeting_Minutes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070828/40d1950d/attachment.htm
More information about the Testing
mailing list