Developer locking an unlocked XO
James Cameron
quozl at laptop.org
Tue Feb 15 00:43:14 EST 2011
On Tue, Feb 15, 2011 at 04:11:30PM +1100, Sridhar Dhanapalan wrote:
> On 15 February 2011 13:27, Chris Ball <cjb at laptop.org> wrote:
> > Hi,
> >
> > ? > # You can reverse the disable-security command by entering
> > ? > enable-security at the 'ok' prompt. Security will then be
> > ? > permanently enabled until disabled again.
> >
> > Yes, but that'll use OLPC's keys (if they were installed in
> > manufacturing). ?You might want to use your own keys, which
> > would involve a different procedure.
>
> Is that the developer key mentioned at
> http://wiki.laptop.org/go/Firmware_security#Deployment_Key_Manufacturing_Data_Tags
> ?
Yes, that is one of the OLPC master keys. See the list of five public
keys? Just after it is the text:
"An OLPC "master" version of _each_ of those public keys is stored within
the Open Firmware image, so that it will be rewritten upon a firmware
update."
I've emphasised "each".
So if you have not injected your deployment keys into a laptop that is
in the field, and then you go and enable-security on it, then you will
require an OLPC developer key to unlock it again. I can't imagine you
wanting that.
Inject your deployment keys first. The OLPC "master" keys will always
be there if you use OLPC firmware.
--
James Cameron
http://quozl.linux.org.au/
More information about the Devel
mailing list