<div dir="ltr">I am strongly in favor of having devkeys either instantly generated or shipped on the machine. <br>I think that using a "cheat code," specifically the square gamekey which currently has no function assigned to it would be an excellent tool to break from prettyboot into a forth prompt.<br>
<br>I run a repair center for G1G1 laptops and there have been four or five instances where I have needed to generate a devkey for a donor's laptop - either in order to fix a software brick (copy-nand via serial dongle) or to update their XO to the latest testing build as per their request. <br>
Shipping XOs with devkeys would allow me to walk an average donor through the process of fixing software and any D6-like bricks which may occur in the future. This would require no shipping cost for repairs and would allow me to use my time for something such as actually developing software or helping donors who need a physical component of their XO replaced.<br>
<br>I believe that shipping XOs unlocked or simplifying the dev-key generation process would be a huge assistance in support efforts and would greatly outweigh the potential ramifications of donors upgrading to joyride builds. <br>
<br>A potential way around non-technically gifted donors upgrading to joyride builds would some sort of magic key combination a-la <a href="http://wiki.laptop.org/go/Cheat_codes">"Cheat codes" </a>which unlocks the XO. Specifically, I notice that the square gamekey has no function assigned to it. What's the the technical complexity of using this key to enter an "ok" forth prompt on boot, rather than go to prettyboot?<br>
<br>On a side note, in a different use-case, I have a large number of motherboard with which I have been working on some hardware hacking, esp enabling the second UART on the southbridge. It is a pain for a developer with a large number of screenless XOs and no <a href="http://activation.laptop.org">activation.laptop.org</a> account to wait 24hrs in order to get a devkey merely in order to have the laptop be useful. <br>
<br>Best,<br>-- <br>Ian Daniher<br>--<br>OLPC Support Volunteer<br>OLPCinci Repair Center Coordinator<br>--<br><a href="mailto:it.daniher@gmail.com">it.daniher@gmail.com</a><br>Skype : it.daniher<br><a href="http://irc.freenode.com">irc.freenode.com</a>: Ian_Daniher<br>
<br><br><div class="gmail_quote">On Fri, Oct 3, 2008 at 10:02 AM, Jim Gettys <span dir="ltr"><<a href="mailto:jg@laptop.org">jg@laptop.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Fri, 2008-10-03 at 00:27 -0400, John Watlington wrote:<br>
> How about providing dev. keys for G1G1 laptops with<br>
> no delay ? Would you consider it an improvement ?<br>
<br>
</div>Clearly an improvement, as is the prettyboot patch, which I think we<br>
should also do.<br>
- Jim<br>
<div><div></div><div class="Wj3C7c"><br>
><br>
> wad<br>
><br>
> On Oct 1, 2008, at 10:15 PM, John Gilmore wrote:<br>
><br>
> > Mitch and I have come up with a way to ship G1G1 laptops so that they<br>
> > will pretty-boot, but still come from the factory without any need<br>
> > for developer keys (in the Forth "disable-security" setting).<br>
> ><br>
> > This requires a small edit to /boot/olpc.fth in the OS build,<br>
> > to load the XO child image, freeze the screen, and put the<br>
> > first "progress dot" down just before jumping to Linux. It's<br>
> > detailed here:<br>
> ><br>
> > <a href="http://dev.laptop.org/ticket/7896" target="_blank">http://dev.laptop.org/ticket/7896</a><br>
> ><br>
> > I know the support crew would be much happier if G1G1 laptops were<br>
> > shipped able to run test builds and patched software, if users could<br>
> > interact with Forth to diagnose their hardware, if they could run<br>
> > unsigned Forth code from USB collector keys, etc.<br>
> ><br>
> > Unfortunately, an IRC discussion with Scott today revealed that the<br>
> > engineering team has decided that we *must* ship G1G1 laptops with a<br>
> > requirement for development keys. The reason: because too many kids<br>
> > in the third world will be getting lockdown laptops, and we want the<br>
> > G1G1 recipients to be guinea pigs to debug the laptops, to be sure the<br>
> > laptops work even when locked down (and that they unlock properly when<br>
> > the kid requests a jailbreak key).<br>
> ><br>
> > I see this is utterly backwards. The countries that want DRM on their<br>
> > laptops should be paying the price in support problems and<br>
> > infrastructure. Not the donors who sponsor a G1G1 laptop, and not the<br>
> > free software community who donate to help push this project along.<br>
> > As believers in freedom, we shouldn't be defaulting EVERY laptop to<br>
> > being locked by its manufacturer. Yet that's the argument: because<br>
> > some of them are locked, all of them must be locked. Or perhaps it's<br>
> > slightly more nuanced: A country that orders thousands can order them<br>
> > without DRM, but G1G1 users can't. That sounds reasonable, but I've<br>
> > interacted with several country teams (Nepal and South Pacific), who<br>
> > had come away from OLPC with the impression that it would be<br>
> > incredibly dangerous to turn off the "security" of the laptops. In<br>
> > Nepal's case I was unable to disabuse them of this odd notion. So no<br>
> > country asks for freedom in their laptop shipments, and no G1G1 is<br>
> > shipped with freedom, and thus every OLPC laptop is jailed, like every<br>
> > iPhone.<br>
> ><br>
> > John<br>
> ><br>
> > Date: Wed, 1 Oct 2008 08:34:09 -0400<br>
> > From: "Walter Bender" <<a href="mailto:walter.bender@gmail.com">walter.bender@gmail.com</a>><br>
> > To: "John Gilmore" <<a href="mailto:gnu@toad.com">gnu@toad.com</a>><br>
> > Subject: Re: devkeys, prettyboot, and G1G1<br>
> > Cc: "Mitch Bradley" <<a href="mailto:wmb@laptop.org">wmb@laptop.org</a>><br>
> ><br>
> > If Mitch is comfortable with his fix, I cannot see any reason not to<br>
> > ship developer keys with G1G1 machines--it would save everyone<br>
> > headaches, especially on support; but of course I cannot speak for<br>
> > OLPC these days.<br>
> ><br>
> > -walter<br>
> ><br>
> > On Tue, Sep 30, 2008 at 7:26 PM, John Gilmore <<a href="mailto:gnu@toad.com">gnu@toad.com</a>> wrote:<br>
> >>> I recall discussing this last time but don't recall the reasons not<br>
> >>> to do it this way. We did ship them all pre-activated.<br>
> >><br>
> >> I questioned people after the fateful meeting, and it seemed to me<br>
> >> that the problem was that Nicholas wanted pretty-boot, and Mitch was<br>
> >> unwilling to try to disentangle pretty-boot from secure-boot.<br>
> >> Secure-boot<br>
> >> was already a tangle of ugly Forth code, and he was sure that adding<br>
> >> more complexity there would result in security holes or bugs.<br>
> >><br>
> >> Since then, he has figured out the one-line circumvention that's<br>
> >> documented in bug #7896. The circumvention is in the OS (since OFW<br>
> >> keeps no state).<br>
> >><br>
> >> John<br>
> ><br>
> ><br>
> > --<br>
> > Walter Bender<br>
> > Sugar Labs<br>
> > <a href="http://www.sugarlabs.org" target="_blank">http://www.sugarlabs.org</a><br>
> ><br>
> ><br>
> > [gnu: I also cc'd this to support-gang, but that required sending it<br>
> > from a different email address, due to how I am subscribed there.]<br>
> > _______________________________________________<br>
> > Devel mailing list<br>
> > <a href="mailto:Devel@lists.laptop.org">Devel@lists.laptop.org</a><br>
> > <a href="http://lists.laptop.org/listinfo/devel" target="_blank">http://lists.laptop.org/listinfo/devel</a><br>
><br>
> _______________________________________________<br>
> Devel mailing list<br>
> <a href="mailto:Devel@lists.laptop.org">Devel@lists.laptop.org</a><br>
> <a href="http://lists.laptop.org/listinfo/devel" target="_blank">http://lists.laptop.org/listinfo/devel</a><br>
</div></div><font color="#888888">--<br>
Jim Gettys <<a href="mailto:jg@laptop.org">jg@laptop.org</a>><br>
One Laptop Per Child<br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@lists.laptop.org">Devel@lists.laptop.org</a><br>
<a href="http://lists.laptop.org/listinfo/devel" target="_blank">http://lists.laptop.org/listinfo/devel</a><br>
</div></div></blockquote></div><br><br clear="all"><br><br>
</div>