> Nepal should receive its shipment of 200 XO's in roughly 14 days Congratulations!
> How do I get developer keys for all 200 XO's and then how do I > deactivate the developer keys after I no longer need access to the > firmware? (You also need developer keys to install a new OS or kernel release, not just firmware.) Make a "collection stick" (a USB stick with a particular Forth script on it), which will collect up all the serial numbers and UUIDs as you boot each XO with it plugged in. Then submit that laptops.dat file, containing 200 serial/uuid combinations, to OLPC (if you have no better contact, you can email it to [EMAIL PROTECTED]). In a day or two you'll get back a develop.sig file with 200 developer keys in it. You can put that on the USB stick, and reboot each XO with the stick inserted. While the stick is inserted, the firmware will see the developer key and bring the machine up in developer mode. When you remove the stick, you will no longer be in developer mode. Full details here: http://wiki.laptop.org/go/Activation_and_Developer_Keys (You can do this in parallel with several USB sticks to speed up the process, if you have several people helping. Combine the collected laptops.dat files into a single file to submit to OLPC. And you can duplicate the received develop.sig file onto several USB sticks to unlock the machines in parallel.) I recommend that once you have developer keys, you leave the machines unlocked. You are going to be running a lot of unsigned builds in the future -- you're customizing your builds. It's trivial to install new customized builds on an unlocked machine (and in the future, it'll be possible to just upgrade one laptop, then have that laptop share its upgraded software with others that it comes in contact with -- one of the joys of free software). It's painful to install customized build upgrades on a locked machine (you have to plug in each individual machine's developer key again). Also, I helped with the support crew for the G1G1 rollout. We had many problems that were hard to diagnose or fix because the machines were locked. (The worst of these are fixed in 656.) To unlock the machines: while you have the USB stick with the developer key installed, interrupt the firmware boot messages with the Escape key (upper left corner of keyboard), and type "disable-security". You may have to type it twice (it'll tell you). (On a machine with "disable-security" set, you can later re-enable the security by interrupting the firmware boot and typing "enable-security". If you like, you could keep a few machines locked, give their teacher a USB stick containing the developer keys for emergencies, and see how much difference it makes in production use. The "disable-security" state is not *permanent*, it is just remembered by the laptop without having to use a USB stick.) > Which anti-theft features of Bitfrost have been implemented on the XO's > we will receive? None. The 656 release doesn't include any of them. It's known as "security by obscurity". Only "activation", which keeps them from being useful if stolen during shipment, is included. > I distinctly recall there was some kind of mechanism > where the XO would "phone home" periodically to a central database to > see if it matched a list of stolen XO's. Not implemented. Though there is something similar -- it thinks about phoning home roughly every 15 minutes, to see if it should do a forced upgrade to a different OS release (and actually does so at a random time once a day or so). My own laptop got hammered this way by a test run of force-upgrading 100 randomly selected laptops in the field. I suppose this misfeature could be used to download and install a trashed (non-working) software release onto a stolen laptop. You can disable this by removing /etc/cron.d/olpc-update-query or /usr/sbin/olpc-update-query. If you're running customized builds, I recommend disabling it, since otherwise it can trash your kid's laptop at the whim or mistake of somebody in Boston. John _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel