1.If BIOS is from OLPC, we can have control in software that will decide BIOS should be updated or not. And there should be no reason not to allow user to auto update BIOS signed by OLPC.
A scenario Jim noted previously (in passing): Motivation: Hacker (or group) says "gee, lots of OLPC's, would make great botnet. I personally would make $$$$$$ from it." Method: Hacker waits for root compromise exploit *at OLPC headquarters* - I've seen several of this level of security hole appear over the years, it WILL happen again. Hacker grabs root certs, makes himself a botnet BIOS, and automatically compromises (possibly useful but now botnet members) say.... 250,000 OLPC's. Being smart, he simultaneously changes the BIOS update keys. Result: Nothing we can do about it short of manually opening every laptop and reflashing it, and we'll get the rep as bot-infested PC's. If the button is in place along with the key, the attack vector becomes key theft + phishing. That drops the potential gain in machines by a LOT, and slows the attack (allows response)... phishing isn't instantaneous, so we'd have time to deal with the key theft. The downside of having the buttonpress requirement seems like a minor irritation that will only come up when the OLPC is used in situations it's not designed for. (Even a 6-year old can handle the buttons for two OLPC's at once, and the kids are supposed to have the laptops all the time.) The dangers of a fully automated BIOS update aren't fully understood, but a few examples demonstrate enough risk to scare me off. I'd ask those who want fully automated updates if they'd be willing to have their own BIOSes on all PC's they use updated under the same scheme as what they're proposing, but I realize that's not an entirely fair question. :-) "But it's different when it's me/just one PC/not children..." It is different... but I still lobby for the button, not that *I* have any say in it other than trying to convince you through the list. This seems to come up repeatedly on the list; should it be documented/discussed on the Wiki? --DTVZ _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
