On Tue, Jun 3, 2008 at 11:58 PM, Michael Stone <[EMAIL PROTECTED]> wrote: > Scott - were there other justifications given for the NAND reflash lock? > I vaguely recall that you argued that, by default, OFW ought to be > prohibited from writing unsigned data to the NAND on the grounds that > bugs in the prohibited code paths might otherwise violate security goals > of clients shipping passive-kill or active-kill technologies. Did I > recall your justification correctly?
I'm confused, Michael. I outlined the reasons above for shipping the machines with security enabled. But you seem to be talking about reflash capability, which is strange. No one seems to be arguing that G1G1 machines want to be using copy-nand except you -- and maybe Kim? Briefly restating my opinion: 1) I find the additional testing of the secure code path and the developer key request mechanism achieve by shipping G1G1 with activation but not developer keys extremely useful. But then, I'm the primary developer/maintainer of these systems, so I feel more strongly the necessity of making them work. 2) I feel that developers program machines (as opposed to G1G1 machines) should probably be shipping out with security disabled, or with instruction on how to get a developer key, so that developers don't have to jump an unnecessary "how do I upgrade to a development build" hurdle. But this can probably be accomplished by sending developers program folks an email when we approve their request. 3) Once security is enabled on the machine, our current security architecture requires that we will need to restrict writes to NAND in order to protect the root account. I'm not going to revisit this debate now, because it's off-topic and dependent on our security work with Uruguay next week, etc, etc. This thread is about #1, which we did for G1G1v1 and I would support for G1G1v2, and #2, which we did in the past but apparently have not been doing recently. Let's start a different thread (preferably post-Uruguay's visit) if we want to reopen #3. --scott -- ( http://cscott.net/ ) _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
