ed at laptop.org
Tue Dec 1 08:04:03 EST 2009
An OS image signed by OLPC can be booted by any XO-1.0 laptop in the world, except for those which have been reconfigured by a deployment to only respect software signed by other security keys. That implies a higher level of testing and certification than an image that can be selectively adopted by specific deployments who can do their own testing to decide whether that release is suitable for their application. As OLPC's deployments grow both in number of total laptops deployed and in the number of different localities supported, it becomes increasingly burdensome / difficult to package and test One Image to Boot Them All worldwide.
As Martin points out, we are continuing to try to move users toward either (a) using machines with boot-image security disabled, so they can run any software, or (b) using locally-developed and locally-maintained signature authorities to sign OS images for secure boot in local deployments.
On Dec 1, 2009, at 4:14 AM, Philipp Kocher wrote:
>> - It won't be signed by OLPC. You have to be on an unlocked XO, or be
>> a deployment signing your own builds.
> Is there a reason why 8.2.2 doesn't get signed by OLPC?
> I do understand that the main target group are big deployments which can
> sign the build, but why are others excluded?
> In the past even release candidates like build 800 got signed by OLPC.
> Cheers Philipp
> Devel mailing list
> Devel at lists.laptop.org
More information about the Devel