XO-1 developer key does not work
sridhar at laptop.org.au
Mon Mar 14 20:22:14 EDT 2011
On 15 March 2011 11:01, Ed McNierney <ed at laptop.org> wrote:
> Sridhar -
> Yes, that's correct. Multiple valid keys weakens security, since the same rights can be obtained from multiple sources.
> Handling your own key-issuing authority is something we fully support, but it is a complex and substantial undertaking. It requires a reasonable commitment to both initial and ongoing staffing infrastructure on your end. I won't advise you not to consider it, but if you're considering it you should take it very seriously.
> That is particularly true if you are interested in replacing OLPC's various keys with your own (rather than adding to them). If you do so you can get yourself into situations in which no one else can help you. The very well-organized and professional team at Plan Ceibal (who replace OLPC's keys with their own) have had a few difficulties in the field. It's also important to realize that you'll need to provide support to Quanta's manufacturing team. Sometimes laptops require reworking due to test failures, and that can require them to be unlocked; if they're not using OLPC's keys you'll have to be able to provide those keys yourself.
Thanks for that, Ed.
At this point, we are having our deployment keys applied to XOs in the
factory and field in addition to the standard OLPC keys. Our XOs are
not developer locked, but I'm creating the option to lock them later
on should the situation ask for it. It likely will be quite a while
before we seriously consider it.
More information about the Devel