[Testing] Security Meeting Minutes, 8/28/07

Kim Quirk kim at laptop.org
Tue Aug 28 18:25:38 EDT 2007 

8/28/07, every Tues 4pm


Attending: Jim, Michael Stone, Kim, Scott, Mitch

   - Activation: Mitch has written the code to handle signed OS and
   ramdisk images, look for lease file and its signature. He has created trial
   keys and is testing this out.
   - Scott will integrate Mitch's work into Pilgrim build in order to
   generate signed kernel for the next level of testing.
   - After that we need real crypto for the next level of testing.
   - Scott is waiting to receive code from Ivan for his testing of
   activation. Ivan has been ill.
   - Quanta told Mitch that they did NOT set the WP (write protect) flag
   at the end of the manufacturing cycle on the latest C build units. So when
   we are ready to test real activation on these machines we will need to first
   set that bit ourselves.


   - There are still some process questions as to once we are using real
   keys, will we be signing all builds; or providing keys and documentation to
   all developers in order to continue development efforts? Need to document
   this.
   - Is there a 'safe' place where a key can be stored on the laptop that
   won't get over-written by various OS reflashes, etc.
   - Need to ensure that clocks are set properly at mfg in order for the
   lease feature to work.
   - This brought up the question of older machines. We don't want to set
   the WP bit on older machines and we don't want them to fall into the
   activation/lease system. They should be permanently unlocked.
   - Other process questions that Michael brought up related to our
   security system (not just code, but process, monitoring, reporting, and
   fixing problems):
      - How do we measure 'security'?
      - Who measures and monitors this system?
      - When or how often is it done?
      - What procedures are used?
      - What happens when a security problem is found?
      - How do we fix and distribute changes?


   - Testing issues came up; Michael and Kim will set up another time to
   come up with some test cases and thoughts on priorities for testing.
   - Scott and SJ need to talk about the use case for sharing information
   more broadly and how security fits into that picture. Can we use a webserver
   on the XO; are there alternatives that would serve the same purpose? We
   should bring this up again at the school server and/or content meetings
   [School server meeting is Wed 3pm; content is Tues 3pm]

- Kim

Minutes can be found here:
http://laptop.org/teamwiki/index.php/Team:Main_Page#Meeting_Minutes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070828/40d1950d/attachment.htm

More information about the Testing mailing list