On Tue, Jun 30, 2009 at 3:56 AM, Philipp Kocher<philipp.koc...@gmx.net> wrote:
> So getting our own keys in the manufacturing data is not an option.

It still is. Google for keyjector :-)

> What is the
> problem with the process described here
> http://blog.olenepal.org/index.php/archives/183?

For a more complete explanation, see the 'multiple keys' page you will
find googling for keyjector. Some major points:

 - Forces you to depend on OLPC.
 - Forces OLPC to audit your image before signing it.
 - Your OLPC-signed image can be used on _any_ secure XO that uses
OLPC keys (instead of their own), not only the ones in your
 - By using OLPC's keys in your deployment, your XOs can be re-flashed
with any other OLPC signed image.


 mar...@laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
Devel mailing list

Reply via email to