User:Mstone/Commentaries/Security 1

Jump to: navigation, search

It's crucial to distinguish between the security requirements and the infrastructure, UI, and deployment requirements of OLPC's 'hard' software theft-deterrence scheme. Here's my take on the former:

initial activation
Laptops must be "initially" lockable such that they require a token in order to boot.
Laptops must be capable of recording the passage of time at a scale at least as fine as the passage of a day.
The laptop must be able to respond to the expiration or absence of a satisfactory lease. Developer keys + user interaction are sufficient to disable this check.
passive-kill responses
Among other possible responses to lease expiration, the laptop must be able to refuse to boot until a satisfactory lease is supplied or the passive-kill mechanism is disabled.
active-kill responses
The laptop must be able to respond to a verifiable valid poison message by locking itself so that hardware modification or a verifiable valid antidote message is necessary to boot the laptop.
NB: The definition of 'antidote message' is presently hazy. As of today, developer keys are sufficient; however, there are alternative designs.