Krishna Sankar wrote: > a) How does the verification happen ? This is where the > vulnerability will be.
Small binary within the LB payload that uses standard crypto signature verification. This part can be assumed fully secure, as long as we ship the machines with a known-good BIOS, which we obviously will. > b) Where would the certs be stored ? The OLPC public key(s) would be stored in the LB payload. > c) Will we ship with an embedded cert ? If so, how can it be > updated securely ? A new BIOS is allowed to introduce new BIOS keys, if it fits some extra security requirements (that I won't document here, but will be detailed in the security spec I intend to release shortly). > d) Do we assume internet connectivity for cert verification as > well as for CRLS et al ? Not at all. > e) What else would this require in terms of infrastructure ? > Connected to power ? Absolutely nothing more than what's already there. > Will ask more Q as I think of. I would rather document this, think > through and then start implementing. Unless someone can find a concrete security flaw with this idea, we need to make the EC changes request sooner rather than later. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
