Developer locking an unlocked XO

James Cameron quozl at
Tue Feb 15 00:43:14 EST 2011

On Tue, Feb 15, 2011 at 04:11:30PM +1100, Sridhar Dhanapalan wrote:
> On 15 February 2011 13:27, Chris Ball <cjb at> wrote:
> > Hi,
> >
> > ? > # You can reverse the disable-security command by entering
> > ? > enable-security at the 'ok' prompt. Security will then be
> > ? > permanently enabled until disabled again.
> >
> > Yes, but that'll use OLPC's keys (if they were installed in
> > manufacturing). ?You might want to use your own keys, which
> > would involve a different procedure.
> Is that the developer key mentioned at
> ?

Yes, that is one of the OLPC master keys.  See the list of five public
keys?  Just after it is the text:

"An OLPC "master" version of _each_ of those public keys is stored within
the Open Firmware image, so that it will be rewritten upon a firmware

I've emphasised "each".

So if you have not injected your deployment keys into a laptop that is
in the field, and then you go and enable-security on it, then you will
require an OLPC developer key to unlock it again.  I can't imagine you
wanting that.

Inject your deployment keys first.  The OLPC "master" keys will always
be there if you use OLPC firmware.

James Cameron

More information about the Devel mailing list