Partial key autonomy: Difference between revisions
Jump to navigation
Jump to search
(New page: '''Proposal:''' For each party P who so requests, # ask party P to generate #* P_OS_key -- per Firmware security, guards the theft-deterrence code-path thr...) |
mNo edit summary |
||
| Line 12: | Line 12: | ||
# have OLPC return a signed version of the customized firmware to party P. |
# have OLPC return a signed version of the customized firmware to party P. |
||
By installing the signed customized firmware on a stock machine, party P will be able to autonomously provide builds and activation leases and will be able to execute or modify the theft-deterrence protocol for that machine. Party P may also further delegate these abilities, e.g. with [[Firmware Key and Signature Formats#Version_2|version-2 lease signatures]]. |
By installing the signed customized firmware on a stock machine, party P will be able to autonomously provide builds and activation leases and will be able to execute or modify the theft-deterrence protocol for that machine. Party P may also further delegate these abilities, e.g. with [[Firmware Key and Signature Formats#Version_2|version-2 lease signatures]]. OLPC will retain responsibility for providing developer keys and firmware updates. |
||
Revision as of 22:50, 24 December 2008
Proposal:
For each party P who so requests,
- ask party P to generate
- P_OS_key -- per Firmware security, guards the theft-deterrence code-path through the kernel and initramfs
- P_FS_key -- see the bottom of OFW's loaddropins.fth; opens the NAND reflash lock.
- P_LEASE_key -- per Firmware security, opens the activation lock
- P_OATS_key -- per Theft deterrence protocol and Mass olpc-update, verifies theft-deterrence messages.
- generate a firmware, initramfs, and olpc-update which contain the public values of these keys.
- alternately, provide the keys through /ofw and rewrite the initramfs and olpc-update code to read /ofw
- have OLPC return a signed version of the customized firmware to party P.
By installing the signed customized firmware on a stock machine, party P will be able to autonomously provide builds and activation leases and will be able to execute or modify the theft-deterrence protocol for that machine. Party P may also further delegate these abilities, e.g. with version-2 lease signatures. OLPC will retain responsibility for providing developer keys and firmware updates.