Create and sign Country specific XO image

Martin Langhoff martin.langhoff at
Tue Jun 30 03:01:30 EDT 2009

On Tue, Jun 30, 2009 at 3:56 AM, Philipp Kocher<philipp.kocher at> wrote:
> So getting our own keys in the manufacturing data is not an option.

It still is. Google for keyjector :-)

> What is the
> problem with the process described here

For a more complete explanation, see the 'multiple keys' page you will
find googling for keyjector. Some major points:

 - Forces you to depend on OLPC.
 - Forces OLPC to audit your image before signing it.
 - Your OLPC-signed image can be used on _any_ secure XO that uses
OLPC keys (instead of their own), not only the ones in your
 - By using OLPC's keys in your deployment, your XOs can be re-flashed
with any other OLPC signed image.


 martin.langhoff at
 martin at -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first

More information about the Devel mailing list