[Testing] Security Meeting Minutes, 9/18/07

Kim Quirk kim at laptop.org
Tue Sep 18 19:00:22 EDT 2007 

Attending: Jim, Mitch, Noah, Michael Stone, Scott, Ivan, Kim

   - To what extent can we test deployment with real activation? How
   soon?
      - Scott has written the code that looks at the WP bit; This
      should be in the next build, so we can enable WP on a particular
laptop and
      it should require an activation key.
      - Ivan is still working on the server code to generate key
      codes. He will make this work without Crypto first and then add HSM calls
      later if he runs into HSM problems.
      - Mitch's OFW version c27 should be available this evening and
      we should install it on test machines.


Scott: Three possible upgrade schemes -

   1. Updating a machine straight from the factory; don't need
   backup/restore, don't need to activate or 'register' it. Can't put arbitrary
   bits on -- they need to be signed. This has to be secure so you can't use it
   to bypass activation.
   2. Auto-reinstallation script v2.0; backup; put new signed image;
   restore; doesn't need to activate since the activation code is copied during
   backup/restore
   3. Real upgrade over the network from 1CC (global server or school
   server); student has logged in (pre-activated); needs to backup and restore


   - Today there is a bug in the upgrade from the OLPC Global server, but
   Scott and Michael are working on this. There might be a work around for this
   bug so they can get to the next level of debug to make sure the rest of it
   works.
   - Since this is XO code that needs to be in for Trial-3, they need to
   get it in now.


Activation (from USB key for Trial-3):

   1. Deployment team member with bar code scanner will send serial
   number, or enter by hand; and get back activation code
   2. Put activation codes on USB; before booting up laptop this USB
   should be inserted.
   3. We may be able to combine upgrade and activation (as we do today);
   but we can start with a separate test.


   - Scott has code that might make it possible to activate from the
   school server (needs to go into XO), so we need to review that for FRS.
   - XO side of this code is just about complete.


Ivan's Notes:

   - We might have to require signed activities from the first deployment
   rather than waiting for when we are ready to turn on rainbow.
   - This would require the private key of the original activity
   developer to upgrade that XO file.
   - We need to carefully analyze the security implications of installing
   a new activity or upgraded activity.
   - Ivan would like to treat all activities alike (no difference between
   'core' activities and add-ons).
   - We are trying to protect the student from clicking on something he
   normally clicks on, but get something totally different.
   - Ivan will send out a message to devel and sugar regarding these
   issues so we can get wider discussion. (Don't bother responding to this on
   questions since Ivan's email will be a better thread)


Michael: When to turn on Rainbow?

   - Rainbow needs to be running after the system bus and before X
   (before sugar).
   - Michael will need to work with appropriate boot and sugar people to
   get this into the build.


Containers:

   - Today camera and sound aren't working in rainbow, need to find time
   to work on those bugs.


Keys:

   - Developer keys, activation keys, os keys and firmware keys are all
   using sample keys
   - The real keys need HSM to be up and running; which is slightly lower
   priority than the other things Ivan is working on.
   - Mitch has to get the public key version into the firmware
   - Private version of those keys never leave the HSM; so we need the
   mechanism for people who have valid needs to get signatures.
   - How/when do we start distributing developers keys? When we turn this
   all on, we'll need a process for the shippers.
   - All the security stuff is contingent on new versions of OFW (at
   least q2c27).


Mitch -

   - He is going to put startup sound and pretty boot into OFW. The
   rotate button will disable on boot (the opposite of what it does now).
   - Food for thought (probably post FRS): Partition the flash for a
   'real' solution for saving the user files during upgrade problem.


- Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070918/f472efba/attachment.htm

More information about the Testing mailing list