Bitfrost: the OLPC DRM model [LWN.net]

Bitfrost: the OLPC DRM model

Posted Feb 9, 2007 1:49 UTC (Fri) by ikm (subscriber, #493)
In reply to: Bitfrost: the OLPC DRM model by dlang
Parent article: Bitfrost: the OLPC security model

What ARE the goals? Making the machine unusable for unwanted people makes the machine not quite usable for legitimate users, too. That's exactly what Hollywood has been doing for some time now -- trying to make their movies unusable for thieves, but usable for customers. Usually it's the legit users who suffer. Thieves can always figure out how to steal, but normal people are clueless when suddenly something goes down...

Also note that having a developer key on a machine suddenly turns all of the currently proposed protection down, which makes me think that the bulk of the machines are not supposed to have ones. I still somehow think that it would be hard to get one.

Ok, now about suggesting something better... I think the right way is to use biometrics, with no possibility to change the user id without the help of the administration. This way, the machine belongs to a kid, and to nobody else. And it should be possible to change everything else in system if one really wishes, with an easy way to restore at school.

I can understand that adding a fingerprint sensor adds a buck or two, though. But in any way I am against the no-modify/phone-back/self-id/degrade approach, if the owner can't turn it off of course.

(Log in to post comments)

Bitfrost: the OLPC DRM model

Posted Feb 9, 2007 4:53 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

but if the user doesn't have the right to bypass the biometric authentication it's still not completely free.

so this won't prevent theft, try again

Bitfrost: the OLPC DRM model

Posted Feb 9, 2007 14:03 UTC (Fri) by ikm (subscriber, #493) [Link]

Yes, that part will be closed for modifications. What matters is that it would work for a user, not for a remote party. And it will prevent theft. That's what only matters, really.

Bitfrost: the OLPC DRM model

Posted Feb 9, 2007 4:59 UTC (Fri) by gjmarter (subscriber, #5777) [Link]

It sounds to me like there is only one requirement to get the developer key that allows certain protections built into the computer to be disabled. You have to wait 14 days so that they can be sure that the laptop is not stolen.

Bitfrost: the OLPC DRM model

Posted Feb 9, 2007 9:47 UTC (Fri) by drag (subscriber, #31333) [Link]

That's what it seems like.

They stated the goal is to eliminate the chance of people making of with 'pallets' of laptops. I take that to mean you don't want people to hijack a shipment or bribe their way into a position were they obtain large numbers of laptops all at once in a attempt to get them for sale on the black market.

So the bitfrost is designed to prevent theft by requiring the developer key. Sure you could probably steal one or two laptops and get them unlocked, but you couldn't probably steal a few hundred unless you have the help of part of the government that is suppose to be the ones in charge of distributing them.

Phoning in 20-30 laptops at a time is a easy way to get busted very quickly. I figure you wouldn't be able to get even a sizable minority of them unlocked before they bricked themselves.

Then the second half is malware prevention, of course. Prevent people from tampering with the Bios and spreading effective viruses/worms to attack a 'monoculture' of these laptops similar to the botnets we have now of Windows XP machines.

Plus it pretty much allows people to muck around with the machine as much as they'd like and not have to worry about perminately brick them, unless they spring for the developer key (which would open them up to potential malware, theft, or bad bioses. But assuming people only interested in the key are people that are going to more or less know what they are doing, then it shouldn't be a big deal)

That is, of course, if it's only requirement is a 'phone home'. There could definately be a big hunk of Bitfrost that I don't know/understand or am glossing over in my ignorance.