User:Martinlanghoff/Key Autonomy: Country PoV: Difference between revisions

From OLPC
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 7: Line 7:
to do: Summarize the top level concerns
to do: Summarize the top level concerns


= Simple Scenario: Delivery Chain Security =
= Simple Scenario: Delivery Chain Security and Signed Software =


Preparations
Preparations
Line 29: Line 29:
Other:
Other:


* If transitioning from OLPC keys, OLPC will provide a keyjector
* Setup a formal workflow for developer key requests
* Setup a formal workflow for developer key requests
* Generate
* Generate
Line 58: Line 59:
* Setup a formal 'report XO as stolen' workflow, and mark the XOs as stolen on the Activation Server.
* Setup a formal 'report XO as stolen' workflow, and mark the XOs as stolen on the Activation Server.
* Review devkey request on the Activation Server.
* Review devkey request on the Activation Server.
* Regularly update the delegations on the Activation Server.
* Regularly update the delegations on the Activation Server -- weekly "trade" with signing machine.


=What is?=
=What is?=

Latest revision as of 16:28, 19 October 2009

Main options / variables

  • Augment or Replace OLPC keys
  • Delivery Chain Security
  • Time-based activation + active kill

to do: Summarize the top level concerns

Simple Scenario: Delivery Chain Security and Signed Software

Preparations

  • Generate country keys
  • Setup an offline signing machine
  • Load keys on signing machine
  • Prepare and sign custom OS image
  • Handle first shipment

With each shipment:

  • Load data from Quanta to signing machine
  • Associate SNs to schools
  • Generate activation keys (universal, per school)

On every OS update

  • Sign OS / kernel / initrd / OFW images

Other:

  • If transitioning from OLPC keys, OLPC will provide a keyjector
  • Setup a formal workflow for developer key requests
  • Generate

Advanced Scenario: Time-based Activation + Active Kill

Preparations

  • Generate country keys
  • Setup an offline signing machine
  • Prepare and sign custom OS image
  • Activation Server
    • Procure internet accessible machine. (CoLo?)
    • Install, configure
    • Procure HTTPS cert (or self-sign)
  • Load keys on Activation Server

With each shipment:

  • Load data from Quanta to Activation Server
  • Generate activation keys (optional, may be used as a complement to XS-based activation)

On every OS update

  • Sign OS / kernel / initrd / OFW images

Other:

  • Setup a formal 'report XO as stolen' workflow, and mark the XOs as stolen on the Activation Server.
  • Review devkey request on the Activation Server.
  • Regularly update the delegations on the Activation Server -- weekly "trade" with signing machine.

What is?

What is: Signed OS images?

to do

What is: A signing server?

to do