gnu at toad.com
Wed Jul 2 04:26:13 EDT 2008
> ...I suspect that [delay]'s the ~1.5s it takes to verify the signature on the
> dev key. For many deployments that will be 1.5s to check a signature
> on an activation lease. The original design was to cache that check
> in some secure manner, but there's not really any appropriate
> protected space on the G1G1 design. (SPI flash would be it, but it's
> too risky to write to routinely.)
It's totally cacheable in the G1G1 design.
There's a place in SPI flash that marks the laptop as permanently
unlocked, eliminating the need for a dev key or cryptographic
signature verification. It's a field stored near the serial number
and Ethernet address, set by the "disable-security" Forth command,
and unset by "enable-security".
The page at http://wiki.laptop.org/go/Activation_and_developer_keys
originally recommended that people set this field immediately after
getting a developer key. But that recommendation was removed by OLPC
staff (Ivan) on December 28th.
More information about the Devel