boot timings

John Gilmore gnu at
Wed Jul 2 04:26:13 EDT 2008

> ...I suspect that [delay]'s the ~1.5s it takes to verify the signature on the
> dev key.  For many deployments that will be 1.5s to check a signature
> on an activation lease.  The original design was to cache that check
> in some secure manner, but there's not really any appropriate
> protected space on the G1G1 design.  (SPI flash would be it, but it's
> too risky to write to routinely.)

It's totally cacheable in the G1G1 design.

There's a place in SPI flash that marks the laptop as permanently
unlocked, eliminating the need for a dev key or cryptographic
signature verification.  It's a field stored near the serial number
and Ethernet address, set by the "disable-security" Forth command,
and unset by "enable-security".

The page at
originally recommended that people set this field immediately after
getting a developer key.  But that recommendation was removed by OLPC
staff (Ivan) on December 28th.


More information about the Devel mailing list