On Tue, Feb 15, 2011 at 04:11:30PM +1100, Sridhar Dhanapalan wrote: > On 15 February 2011 13:27, Chris Ball <[email protected]> wrote: > > Hi, > > > > ? > # You can reverse the disable-security command by entering > > ? > enable-security at the 'ok' prompt. Security will then be > > ? > permanently enabled until disabled again. > > > > Yes, but that'll use OLPC's keys (if they were installed in > > manufacturing). ?You might want to use your own keys, which > > would involve a different procedure. > > Is that the developer key mentioned at > http://wiki.laptop.org/go/Firmware_security#Deployment_Key_Manufacturing_Data_Tags > ?
Yes, that is one of the OLPC master keys. See the list of five public keys? Just after it is the text: "An OLPC "master" version of _each_ of those public keys is stored within the Open Firmware image, so that it will be rewritten upon a firmware update." I've emphasised "each". So if you have not injected your deployment keys into a laptop that is in the field, and then you go and enable-security on it, then you will require an OLPC developer key to unlock it again. I can't imagine you wanting that. Inject your deployment keys first. The OLPC "master" keys will always be there if you use OLPC firmware. -- James Cameron http://quozl.linux.org.au/ _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
