[Testing] Fwd: Security Meeting Minutes, 9/04/07

Kim Quirk kim at laptop.org
Wed Sep 5 18:18:00 EDT 2007 

FYI.

---------- Forwarded message ----------
From: Kim Quirk <kim at laptop.org>
Date: Sep 5, 2007 6:05 PM
Subject: Security Meeting Minutes, 9/04/07
To: noah at laptop.org, "C. Scott Ananian" <cscott at cscott.net>, Christopher
Blizzard <blizzard at redhat.com>, Dan Williams <dcbw at redhat.com>, Ivan Krstić
<ivan at laptop.org>, Jim Gettys <jg at laptop.org>, Kim Quirk <Kim at laptop.org>,
Michael Burns <burns at laptop.org>, Michael Stone <mstone at sccs.swarthmore.edu>,
Michail Bletsas <mbletsas at laptop.org>, Mitch Bradley <wmb at firmworks.com>,
John Watlington <wad at laptop.org>

(Please feel free to correct or amend if I got something wrong)


Attending: Ivan, Jim, Wad, Michael Stone, Michael Burns, Noah

Activation:

   - Last week (while Ivan was ill), Scott hacked an anti-theft client to
   use for testing. The goal is to have the same anti-theft client for
   activation and leases. For now we use what we have.
   - Ivan needs to write the "Chill" code for the HSMs this week; then we
   would be able to start testing activation with keys next week.
   - Note that activation/first lease requires physical media (USB stick,
   secure email) - not 'internet access'.

Upgrades:

   - Mitch has created test keys to test out signing OS images.
   - Noah or Michael Burns will be writing the Crypto in userland: use
   the public key from HSM and compare with blob of bytes and OS signature.
   - To start with, OLPC must sign all releases. Countries will not be
   able to do this themselves at least for a few months. More code/development
   will need to be done for that feature.


Containers:

   - Ivan will conduct a code review of Rainbow this week.
   - When we are ready to launch rainbow with even the minimal security
   features turned on (such as restricted network and filesystem access) it
   will require a flag day -- coordinated effort with many Activity developers.



Bentham, Tracking Server:

   - Tracking server - bentham - not getting the support from Quanta that
   we need.
   - Ivan needs to send an email to Elvis Woo asking for C-build mfg
   data. Please copy both Kim and Victor on this email as we have both agreed
   to follow up and get the data.
   - Need to understand our integration with a deployment partner. How to
   secure trusted person communications? How do they get the activation codes?
   How do they provide input on where the product is in the delivery chain? How
   do we instruct them on lease management? How do they provide info on stolen
   laptops? How do they provide info on returns/failures?


-Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070905/09b6c64d/attachment.htm

More information about the Testing mailing list