User:Martinlanghoff/Key Autonomy: Country PoV

From OLPC
Jump to navigation Jump to search

Main options / variables

  • Augment or Replace OLPC keys
  • Delivery Chain Security
  • Time-based activation + active kill

to do: Summarize the top level concerns

Simple Scenario: Delivery Chain Security and Signed Software

Preparations

  • Generate country keys
  • Setup an offline signing machine
  • Load keys on signing machine
  • Prepare and sign custom OS image
  • Handle first shipment

With each shipment:

  • Load data from Quanta to signing machine
  • Associate SNs to schools
  • Generate activation keys (universal, per school)

On every OS update

  • Sign OS / kernel / initrd / OFW images

Other:

  • If transitioning from OLPC keys, OLPC will provide a keyjector
  • Setup a formal workflow for developer key requests
  • Generate

Advanced Scenario: Time-based Activation + Active Kill

Preparations

  • Generate country keys
  • Setup an offline signing machine
  • Prepare and sign custom OS image
  • Activation Server
    • Procure internet accessible machine. (CoLo?)
    • Install, configure
    • Procure HTTPS cert (or self-sign)
  • Load keys on Activation Server

With each shipment:

  • Load data from Quanta to Activation Server
  • Generate activation keys (optional, may be used as a complement to XS-based activation)

On every OS update

  • Sign OS / kernel / initrd / OFW images

Other:

  • Setup a formal 'report XO as stolen' workflow, and mark the XOs as stolen on the Activation Server.
  • Review devkey request on the Activation Server.
  • Regularly update the delegations on the Activation Server -- weekly "trade" with signing machine.

What is?

What is: Signed OS images?

to do

What is: A signing server?

to do