[OLPC Security] G1G1: Security, to enable or disable...

Kim Quirk kim at laptop.org
Tue Jun 3 21:46:27 EDT 2008


Developer program laptops are shipped out as US/International
keyboards, English language, AK flag set, which means they do NOT need
activation. They are permanently activated in the manufacturing data.

The only thing they need to be a developer unit is a developer key.

One more reason to add to Scott's list of why laptops are sent out to
G1G1 'write protected' is so they are protected from non-signed images
coming from malicious sources. If you don't use a developer's key to
un protect the laptop, then you can only upgrade to OLPC signed
builds. This is an important part of the bitfrost security that is
implemented and working!

FFM - if you really got two laptops from the developer's program that
weren't activated, then could you put those details into an RT ticket
and we'll debug it there. If there really are laptops going out that
are un-activated that we don't know about, that will be a serious
problem.

The ONLY un-activated laptops are ones built for Peru, Mexico, and
Uruguay. These are very specific SKUs and that include Spanish
keyboards. Please open a ticket and let's figure that out.

Thanks,
Kim


On Tue, Jun 3, 2008 at 1:07 PM, C. Scott Ananian <cscott at laptop.org> wrote:
> On Tue, Jun 3, 2008 at 12:43 PM, Bert Freudenberg <bert at freudenbergs.de> wrote:
>> On 03.06.2008, at 18:33, ffm wrote:
>>> On Tue, Jun 3, 2008 at 12:29 PM, C. Scott Ananian
>>> <cscott at laptop.org> wrote:
>>>> Machines sent out via our developer program are always shipped out
>>>> unsecured.
>>>
>>> Yet I've just recived two laptops via said program that had security
>>> enabled.
>>
>> Indeed. The machines distributed at LinuxTag last week also came w/o
>> dev key - I think it is only the activation part that is disabled.
>
> My information may be out of date on the developer's program, since
> Adam has rebooted it recently and I don't think that developer's
> program machines actually come through OLPC any more.  I should have
> said, "used to be shipped out unsecured".  Adam, are the new
> developer's program machines shipped direct, or do we have an
> opportunity to (at least) include a flyer explaining how to disable
> security on the machine?
>  --scott
>
> --
>  ( http://cscott.net/ )
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>


More information about the Security mailing list