On Fri, Aug 01, 2008 at 12:49:31AM -0400, Mikus Grinbergs wrote: >>> I have a general question. I'm going to be helping some Ship.2 G1G1 >>> users (without developer keys) to perform off-line-upgrades of their >>> systems. Currently I have to "data mine" through the wiki to verify >>> which builds are "signed" (and can be "applied" from an USB stick). >> >> Things in >> >> http://download.laptop.org/xo-1/os/official/ >> http://download.laptop.org/xo-1/os/candidate/ >> >> can be installed on locked machines. >> >> When we sign candidates or make candidates official, we send >> announcements and publish the signed build in the appropriate directory. > >Thank you for the information. > >I'm concluding from your answer that there is _no_ way to tell, by >examining the 'binary' of the build (e.g., os___.ucb), whether that >build is "signed" or not.
NAND-reflash-lock signatures are external to the build and are contained in the attached fs.zip. Boot-lock signatures on the kernel, initramfs, and firmware are contained in 'actos.zip', 'actrd.zip', 'runos.zip', and 'runrd.zip', on the installed filesystem. SPI-reflash-lock signatures are contained in the 'bootfw.zip'. olpc-update is presently only runnable on machines which have already passed the boot-lock; therefore its operation does not require any additional signatures. Michael _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
