boot timings

[John Gilmore]

> ...I suspect that [delay]'s the ~1.5s it takes to verify the signature on the
> dev key.  For many deployments that will be 1.5s to check a signature
> on an activation lease.  The original design was to cache that check
> in some secure manner, but there's not really any appropriate
> protected space on the G1G1 design.  (SPI flash would be it, but it's
> too risky to write to routinely.)

It's totally cacheable in the G1G1 design.

There's a place in SPI flash that marks the laptop as permanently
unlocked, eliminating the need for a dev key or cryptographic
signature verification.  It's a field stored near the serial number
and Ethernet address, set by the "disable-security" Forth command,
and unset by "enable-security".

The page at http://wiki.laptop.org/go/Activation_and_developer_keys
originally recommended that people set this field immediately after
getting a developer key.  But that recommendation was removed by OLPC
staff (Ivan) on December 28th.

	John