To make it less attractive to steal individual laptops and, in particular, to prevent contaminants from spreading across networked XOs as quick as lightning, the OLPC's officer for security issues recently presented the security concept called Bitfrost [4]. The concept came too late for BTest-2 so that we could not have a look at it.
We do know that Bitfrost prevents the XO from being used until it is activated. The codes for activation are found on a USB stick provided to the school and used in the local OLPC server. Once the unit has been activated and booted for the first time, the system creates a key pair consisting of the name of the child and an image taken of it. The child then has a digital identity. Local anti-theft servers will then regularly query the laptops, and the OLPC will be able to shut down the XO if an improper ID is detected.
![Bild 6 [250 x 188 Pixel @ 35,3 KB]](http://www.heise.de/altcms_bilder/88916/6_hires.jpg)
In TamTam, you can pick a musical instrument and play it via the keyboard with rhythm accompaniment if desired.
The software used on the XO is designed to allow children to change it to suit their needs. External backups and data recovery are therefore part of the security concept. Open systems are not supposed to have secret security protection; rather, users are to have as much control as possible – even if they cannot read. In other words, prompting the user with questions like "Do you really want to launch this program?" is not an option.
For administrators in the business world, allowing children to change program lines, see the code, and play around in Python would be a nightmare, but Bitfrost takes that into consideration by strictly controlling what an application is allowed to do every time the system performs an action. For instance, the kernel and the OS in the NAND flash memory remained unchanged. Some applications can only read, while others can only write and edit. Applications that are not essential for a current operation are only allotted 10 percent of the CPU. Documents that the user creates are not directly part of a file system; instead, a file memory service links to these documents.
Naturally, Bitfrost allows you to use your own software, but users are not allowed to change the preinstalled software. Users can sign their own programs with a "developer key." The official software updates will also consist only of signed applications.
