[Server-devel] how to copy activation leases to XS?
Daniel Drake
dsd at laptop.org
Mon Aug 10 01:17:13 EDT 2009
2009/8/10 Joshua N Pritikin <jpritikin at pobox.com>:
> I looked at one of our laptops, and there is no /security/lease.sig
>
> Once a laptop is activated, can the lease.sig be removed?
No. More likely, your laptops are preactivated, which means that the
antitheft features are not enabled. If a file claled /ofw/mfg-data/ak
exists then this is the case.
> Ultimately I want to be able to flash my own signed images.
Activation leases are unrelated to the security features around signed
images. Currently the only option for creating your own signed images
which can be installed at the OFW level is to insert your own "S"
security key into the manufacturing data. You will also need your own
"O" key if you are going to use a custom initramfs and/or kernel.
http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
Daniel
More information about the Server-devel
mailing list