XO-1 developer key does not work

Ed McNierney ed at laptop.org
Mon Mar 14 20:01:56 EDT 2011 

Sridhar -

Yes, that's correct.  Multiple valid keys weakens security, since the same rights can be obtained from multiple sources.

Handling your own key-issuing authority is something we fully support, but it is a complex and substantial undertaking.  It requires a reasonable commitment to both initial and ongoing staffing infrastructure on your end.  I won't advise you not to consider it, but if you're considering it you should take it very seriously.

That is particularly true if you are interested in replacing OLPC's various keys with your own (rather than adding to them).  If you do so you can get yourself into situations in which no one else can help you.  The very well-organized and professional team at Plan Ceibal (who replace OLPC's keys with their own) have had a few difficulties in the field.  It's also important to realize that you'll need to provide support to Quanta's manufacturing team.  Sometimes laptops require reworking due to test failures, and that can require them to be unlocked; if they're not using OLPC's keys you'll have to be able to provide those keys yourself.

	- Ed


On Mar 14, 2011, at 7:46 PM, Sridhar Dhanapalan wrote:

> On 14 March 2011 10:58, James Cameron <quozl at laptop.org> wrote:
>> On Sat, Mar 12, 2011 at 03:46:02PM +1100, Sridhar Dhanapalan wrote:
>>> There are three main questions raised by this process:
>>>   [...]
>>>   3. why must I wait 24 hours to get the developer key?
>> 
>> Presuming you are asking about an OLPC developer key rather than a
>> deployment developer key ... the delay is to allow time for the laptop
>> to be reported to OLPC as stolen.
> 
> If an XO has both the OLPC and our own deployment developer keys,
> would it be correct to say that it can receive a developer key from
> either OLPC or us?
> 
> Hence, an XO theft must be reported to both OLPC and OLPCAU?
> 
> Sridhar
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel

More information about the Devel mailing list