[Testing] Security Meeting Minutes, 8/28/07
Mitch Bradley
wmb at laptop.org
Tue Aug 28 23:32:24 EDT 2007
Bryan.Ma at quantatw.com wrote:
>
> What will happen if we set the WP tag on the older machine?
>
Right now, if you set the WP tag, nothing at all will happen. The
firmware does not look at the WP tag yet.
> What stage unit (e.g. B3, B2...) is not recommended to do that ?
>
I think the plan is that, for older machines, we will only set the WP
tag for development testing. Eventually we will stop supporting the
older machines, and there are only a limited number of them in the
world, so security is not important for them.
>
>
> -- Bryan
>
>
>
> ------------------------------------------------------------------------
>
> *From:* testing-bounces at lists.laptop.org
> [mailto:testing-bounces at lists.laptop.org] *On Behalf Of *Kim Quirk
> *Sent:* Wednesday, August 29, 2007 6:26 AM
> *To:* noah at laptop.org; C. Scott Ananian; Christopher Blizzard; Dan
> Williams; Ivan Krstić; Jim Gettys; Kim Quirk; Michael Stone; Michailis
> Bletsas; Mitch Bradley
> *Cc:* testing at laptop.org; Walter Bender
> *Subject:* [Testing] Security Meeting Minutes, 8/28/07
>
>
>
> 8/28/07, every Tues 4pm
>
>
>
> Attending: Jim, Michael Stone, Kim, Scott, Mitch
>
> * Activation: Mitch has written the code to handle signed OS and
> ramdisk images, look for lease file and its signature. He has
> created trial keys and is testing this out.
> * Scott will integrate Mitch's work into Pilgrim build in order to
> generate signed kernel for the next level of testing.
> * After that we need real crypto for the next level of testing.
> * Scott is waiting to receive code from Ivan for his testing of
> activation. Ivan has been ill.
> * Quanta told Mitch that they did NOT set the WP (write protect)
> flag at the end of the manufacturing cycle on the latest C build
> units. So when we are ready to test real activation on these
> machines we will need to first set that bit ourselves.
>
> * There are still some process questions as to once we are using
> real keys, will we be signing all builds; or providing keys and
> documentation to all developers in order to continue development
> efforts? Need to document this.
> * Is there a 'safe' place where a key can be stored on the laptop
> that won't get over-written by various OS reflashes, etc.
> * Need to ensure that clocks are set properly at mfg in order for
> the lease feature to work.
> * This brought up the question of older machines. We don't want to
> set the WP bit on older machines and we don't want them to fall
> into the activation/lease system. They should be permanently
> unlocked.
> * Other process questions that Michael brought up related to our
> security system (not just code, but process, monitoring,
> reporting, and fixing problems):
>
> o How do we measure 'security'?
> o Who measures and monitors this system?
> o When or how often is it done?
> o What procedures are used?
> o What happens when a security problem is found?
> o How do we fix and distribute changes?
>
> * Testing issues came up; Michael and Kim will set up another time
> to come up with some test cases and thoughts on priorities for
> testing.
> * Scott and SJ need to talk about the use case for sharing
> information more broadly and how security fits into that
> picture. Can we use a webserver on the XO; are there
> alternatives that would serve the same purpose? We should bring
> this up again at the school server and/or content meetings
> [School server meeting is Wed 3pm; content is Tues 3pm]
>
> - Kim
>
> Minutes can be found here:
> http://laptop.org/teamwiki/index.php/Team:Main_Page#Meeting_Minutes
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Testing mailing list
> Testing at lists.laptop.org
> http://lists.laptop.org/listinfo/testing
>
More information about the Testing
mailing list