[Testing] Security minutes, 9/26

Kim Quirk kim at laptop.org
Wed Sep 26 17:10:47 EDT 2007 

Attending: Kim, Ivan, Michel Stone, Jim, Scott, Walter


*Activation update:*

   - Mitch is implementing secure boot - refuse to boot if the OS and
   firmware are not signed; unlock the firmware if there is a developer's key;
   unlock if there is an activation key.
   - High Priority bug: Generating the secure keys on the HSM
   - Ivan's server code is at the point where the central management for
   tracking is beginning to work. The callback is there for key generation, but
   not done yet. Michael will help out this week so Ivan can concentrate on
   HSM.
   - How to generate activation keys; developers keys in the next week
   separately from how we will do it for FRS.
   - This Friday's drop to Quanta can have temporary public keys. Mitch
   generated these already and they are in the firmware.
   - Oct 5 drop to Quanta should have real public keys in the firmware.


   - Scott's update: Client code is checking signatures of OS images,
   developer key check. The code isn't getting a lease from the school server;
   and anti-theft doesn't call home on a regular basis to see if it is stolen.
   Still need to get agreement on protocol (Ivan, Scott, Michael).


Test Plan for Activation should look something like this (AlexL, can you
write this up in Test wiki?):

   1. Get the correct version of OFW
   2. Set the WP flag
   3. Check that the laptop doesn't boot up
   4. Obtain an activation key (preferably from bentham)
   5. Use the activation key; and boot up properly
   6. Do upgrades/downgrades - check which image you are on
   7. You should remain activated


Test Developer key:

   1. Activate; then boot with Developer's key
   2. Make sure you can get into the OFW (ok prompt)
   3. The laptop should boot with non secure boot up (no pretty boot)


*Boot and Upgrade:*
There are 2 boot sequences:

   - Secure - checks for signatures (pretty boot)
   - Insecure - developer's key puts you into this boot (no pretty boot)


   - Test upgrade then revert to old version
   - Boot back and forth to see that the two images are both there and
   can run - must use the new upgrade from server to get these images.
   - Automatic (required) upgrades - Scott is thinking about this
   - Need to finalize the design for auto upgrades; and scalability


   - Robust upgrade includes getting an image to laptops; both software
   and infrastructure need to be considered.
   - Ivan, Marco, Bert, Tomeu hashed out the details of secure activity
   installation
   - We will be moving to a model where we sign all activities (maybe
   just the core ones to get started)
   - Michael will prepare a list or report of what needs to be done
   - Ivan will focus on HSM; Michael is going to try and offload the
   Bentham open issues.

 *Rainbow update:*

   - Michael investigated Pilgrim. Made some progress.
   - Michael reported that when you upgrade - look for rainbow_0.6.5-1
   - Bugs for rainbow and security are tagged security-integration
   - Michael will review the Activity installation spec


*Other topics of discussion:*

   - Need to know if there are activities that are storing user configs
   in the 'wrong' place.
   - How to improve the current build server/process
   - How to make our translation process easier for community support and
   for getting translations into the build
   - We need to rewrite the USB auto-reinstallation scripts to follow the
   same architecture as the server upgrade preserving two images rather than
   wiping out the entire nand. [Incremental USB upgrade - Michael will look
   into that]



- Kim
http://laptop.org/teamwiki/index.php/Team:Security_Meeting_2007-09-26
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/private/testing/attachments/20070926/e1186b7d/attachment-0001.htm

More information about the Testing mailing list