[Testing] Security Meeting Minutes, 9/18/07
Kim Quirk
kim at laptop.org
Tue Sep 18 19:00:22 EDT 2007
Attending: Jim, Mitch, Noah, Michael Stone, Scott, Ivan, Kim
- To what extent can we test deployment with real activation? How
soon?
- Scott has written the code that looks at the WP bit; This
should be in the next build, so we can enable WP on a particular
laptop and
it should require an activation key.
- Ivan is still working on the server code to generate key
codes. He will make this work without Crypto first and then add HSM calls
later if he runs into HSM problems.
- Mitch's OFW version c27 should be available this evening and
we should install it on test machines.
Scott: Three possible upgrade schemes -
1. Updating a machine straight from the factory; don't need
backup/restore, don't need to activate or 'register' it. Can't put arbitrary
bits on -- they need to be signed. This has to be secure so you can't use it
to bypass activation.
2. Auto-reinstallation script v2.0; backup; put new signed image;
restore; doesn't need to activate since the activation code is copied during
backup/restore
3. Real upgrade over the network from 1CC (global server or school
server); student has logged in (pre-activated); needs to backup and restore
- Today there is a bug in the upgrade from the OLPC Global server, but
Scott and Michael are working on this. There might be a work around for this
bug so they can get to the next level of debug to make sure the rest of it
works.
- Since this is XO code that needs to be in for Trial-3, they need to
get it in now.
Activation (from USB key for Trial-3):
1. Deployment team member with bar code scanner will send serial
number, or enter by hand; and get back activation code
2. Put activation codes on USB; before booting up laptop this USB
should be inserted.
3. We may be able to combine upgrade and activation (as we do today);
but we can start with a separate test.
- Scott has code that might make it possible to activate from the
school server (needs to go into XO), so we need to review that for FRS.
- XO side of this code is just about complete.
Ivan's Notes:
- We might have to require signed activities from the first deployment
rather than waiting for when we are ready to turn on rainbow.
- This would require the private key of the original activity
developer to upgrade that XO file.
- We need to carefully analyze the security implications of installing
a new activity or upgraded activity.
- Ivan would like to treat all activities alike (no difference between
'core' activities and add-ons).
- We are trying to protect the student from clicking on something he
normally clicks on, but get something totally different.
- Ivan will send out a message to devel and sugar regarding these
issues so we can get wider discussion. (Don't bother responding to this on
questions since Ivan's email will be a better thread)
Michael: When to turn on Rainbow?
- Rainbow needs to be running after the system bus and before X
(before sugar).
- Michael will need to work with appropriate boot and sugar people to
get this into the build.
Containers:
- Today camera and sound aren't working in rainbow, need to find time
to work on those bugs.
Keys:
- Developer keys, activation keys, os keys and firmware keys are all
using sample keys
- The real keys need HSM to be up and running; which is slightly lower
priority than the other things Ivan is working on.
- Mitch has to get the public key version into the firmware
- Private version of those keys never leave the HSM; so we need the
mechanism for people who have valid needs to get signatures.
- How/when do we start distributing developers keys? When we turn this
all on, we'll need a process for the shippers.
- All the security stuff is contingent on new versions of OFW (at
least q2c27).
Mitch -
- He is going to put startup sound and pretty boot into OFW. The
rotate button will disable on boot (the opposite of what it does now).
- Food for thought (probably post FRS): Partition the flash for a
'real' solution for saving the user files during upgrade problem.
- Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070918/f472efba/attachment.htm
More information about the Testing
mailing list