Create and sign Country specific XO image

Martin Langhoff martin.langhoff at gmail.com
Tue Jun 30 03:01:30 EDT 2009


On Tue, Jun 30, 2009 at 3:56 AM, Philipp Kocher<philipp.kocher at gmx.net> wrote:
> So getting our own keys in the manufacturing data is not an option.

It still is. Google for keyjector :-)

> What is the
> problem with the process described here
> http://blog.olenepal.org/index.php/archives/183?

For a more complete explanation, see the 'multiple keys' page you will
find googling for keyjector. Some major points:

 - Forces you to depend on OLPC.
 - Forces OLPC to audit your image before signing it.
 - Your OLPC-signed image can be used on _any_ secure XO that uses
OLPC keys (instead of their own), not only the ones in your
deployment.
 - By using OLPC's keys in your deployment, your XOs can be re-flashed
with any other OLPC signed image.

cheers,


martin
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



More information about the Devel mailing list