Developer locking an unlocked XO

James Cameron quozl at laptop.org
Tue Feb 15 00:43:14 EST 2011


On Tue, Feb 15, 2011 at 04:11:30PM +1100, Sridhar Dhanapalan wrote:
> On 15 February 2011 13:27, Chris Ball <cjb at laptop.org> wrote:
> > Hi,
> >
> > ? > # You can reverse the disable-security command by entering
> > ? > enable-security at the 'ok' prompt. Security will then be
> > ? > permanently enabled until disabled again.
> >
> > Yes, but that'll use OLPC's keys (if they were installed in
> > manufacturing). ?You might want to use your own keys, which
> > would involve a different procedure.
> 
> Is that the developer key mentioned at
> http://wiki.laptop.org/go/Firmware_security#Deployment_Key_Manufacturing_Data_Tags
> ?

Yes, that is one of the OLPC master keys.  See the list of five public
keys?  Just after it is the text:

"An OLPC "master" version of _each_ of those public keys is stored within
the Open Firmware image, so that it will be rewritten upon a firmware
update."

I've emphasised "each".

So if you have not injected your deployment keys into a laptop that is
in the field, and then you go and enable-security on it, then you will
require an OLPC developer key to unlock it again.  I can't imagine you
wanting that.

Inject your deployment keys first.  The OLPC "master" keys will always
be there if you use OLPC firmware.

-- 
James Cameron
http://quozl.linux.org.au/



More information about the Devel mailing list