"Walter Bender": Re: devkeys, prettyboot, and G1G1

Ian Daniher it.daniher at gmail.com
Fri Oct 3 11:30:07 EDT 2008


I am strongly in favor of having devkeys either instantly generated or
shipped on the machine.
I think that using a "cheat code," specifically the square gamekey which
currently has no function assigned to it would be an excellent tool to break
from prettyboot into a forth prompt.

I run a repair center for G1G1 laptops and there have been four or five
instances where I have needed to generate a devkey for a donor's laptop -
either in order to fix a software brick (copy-nand via serial dongle) or to
update their XO to the latest testing build as per their request.
Shipping XOs with devkeys would allow me to walk an average donor through
the process of fixing software and any D6-like bricks which may occur in the
future. This would require no shipping cost for repairs and would allow me
to use my time for something such as actually developing software or helping
donors who need a physical component of their XO replaced.

I believe that shipping XOs unlocked or simplifying the dev-key generation
process would be a huge assistance in support efforts and would greatly
outweigh the potential ramifications of donors upgrading to joyride builds.

A potential way around non-technically gifted donors upgrading to joyride
builds would some sort of magic key combination a-la "Cheat codes"
<http://wiki.laptop.org/go/Cheat_codes>which unlocks the XO. Specifically, I
notice that the square gamekey has no function assigned to it. What's the
the technical complexity of using this key to enter an "ok" forth prompt on
boot, rather than go to prettyboot?

On a side note, in a different use-case, I have a large number of
motherboard with which I have been working on some hardware hacking, esp
enabling the second UART on the southbridge. It is a pain for a developer
with a large number of screenless XOs and no activation.laptop.org account
to wait 24hrs in order to get a devkey merely in order to have the laptop be
useful.

Best,
-- 
Ian Daniher
--
OLPC Support Volunteer
OLPCinci Repair Center Coordinator
--
it.daniher at gmail.com
Skype : it.daniher
irc.freenode.com: Ian_Daniher


On Fri, Oct 3, 2008 at 10:02 AM, Jim Gettys <jg at laptop.org> wrote:

> On Fri, 2008-10-03 at 00:27 -0400, John Watlington wrote:
> > How about providing dev. keys for G1G1 laptops with
> > no delay ?    Would you consider it an improvement ?
>
> Clearly an improvement, as is the prettyboot patch, which I think we
> should also do.
>                  - Jim
>
> >
> > wad
> >
> > On Oct 1, 2008, at 10:15 PM, John Gilmore wrote:
> >
> > > Mitch and I have come up with a way to ship G1G1 laptops so that they
> > > will pretty-boot, but still come from the factory without any need
> > > for developer keys (in the Forth "disable-security" setting).
> > >
> > > This requires a small edit to /boot/olpc.fth in the OS build,
> > > to load the XO child image, freeze the screen, and put the
> > > first "progress dot" down just before jumping to Linux.  It's
> > > detailed here:
> > >
> > >   http://dev.laptop.org/ticket/7896
> > >
> > > I know the support crew would be much happier if G1G1 laptops were
> > > shipped able to run test builds and patched software, if users could
> > > interact with Forth to diagnose their hardware, if they could run
> > > unsigned Forth code from USB collector keys, etc.
> > >
> > > Unfortunately, an IRC discussion with Scott today revealed that the
> > > engineering team has decided that we *must* ship G1G1 laptops with a
> > > requirement for development keys.  The reason: because too many kids
> > > in the third world will be getting lockdown laptops, and we want the
> > > G1G1 recipients to be guinea pigs to debug the laptops, to be sure the
> > > laptops work even when locked down (and that they unlock properly when
> > > the kid requests a jailbreak key).
> > >
> > > I see this is utterly backwards.  The countries that want DRM on their
> > > laptops should be paying the price in support problems and
> > > infrastructure.  Not the donors who sponsor a G1G1 laptop, and not the
> > > free software community who donate to help push this project along.
> > > As believers in freedom, we shouldn't be defaulting EVERY laptop to
> > > being locked by its manufacturer.  Yet that's the argument: because
> > > some of them are locked, all of them must be locked.  Or perhaps it's
> > > slightly more nuanced: A country that orders thousands can order them
> > > without DRM, but G1G1 users can't.  That sounds reasonable, but I've
> > > interacted with several country teams (Nepal and South Pacific), who
> > > had come away from OLPC with the impression that it would be
> > > incredibly dangerous to turn off the "security" of the laptops.  In
> > > Nepal's case I was unable to disabuse them of this odd notion.  So no
> > > country asks for freedom in their laptop shipments, and no G1G1 is
> > > shipped with freedom, and thus every OLPC laptop is jailed, like every
> > > iPhone.
> > >
> > >     John
> > >
> > > Date: Wed, 1 Oct 2008 08:34:09 -0400
> > > From: "Walter Bender" <walter.bender at gmail.com>
> > > To: "John Gilmore" <gnu at toad.com>
> > > Subject: Re: devkeys, prettyboot, and G1G1
> > > Cc: "Mitch Bradley" <wmb at laptop.org>
> > >
> > > If Mitch is comfortable with his fix, I cannot see any reason not to
> > > ship developer keys with G1G1 machines--it would save everyone
> > > headaches, especially on support; but of course I cannot speak for
> > > OLPC these days.
> > >
> > > -walter
> > >
> > > On Tue, Sep 30, 2008 at 7:26 PM, John Gilmore <gnu at toad.com> wrote:
> > >>> I recall discussing this last time but  don't recall the reasons not
> > >>> to do it this way. We did ship them all pre-activated.
> > >>
> > >> I questioned people after the fateful meeting, and it seemed to me
> > >> that the problem was that Nicholas wanted pretty-boot, and Mitch was
> > >> unwilling to try to disentangle pretty-boot from secure-boot.
> > >> Secure-boot
> > >> was already a tangle of ugly Forth code, and he was sure that adding
> > >> more complexity there would result in security holes or bugs.
> > >>
> > >> Since then, he has figured out the one-line circumvention that's
> > >> documented in bug #7896.  The circumvention is in the OS (since OFW
> > >> keeps no state).
> > >>
> > >>        John
> > >
> > >
> > > --
> > > Walter Bender
> > > Sugar Labs
> > > http://www.sugarlabs.org
> > >
> > >
> > > [gnu: I also cc'd this to support-gang, but that required sending it
> > > from a different email address, due to how I am subscribed there.]
> > > _______________________________________________
> > > Devel mailing list
> > > Devel at lists.laptop.org
> > > http://lists.laptop.org/listinfo/devel
> >
> > _______________________________________________
> > Devel mailing list
> > Devel at lists.laptop.org
> > http://lists.laptop.org/listinfo/devel
> --
> Jim Gettys <jg at laptop.org>
> One Laptop Per Child
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20081003/9028fc9e/attachment.html>


More information about the Devel mailing list