> olpc-update is presently only runnable on machines which have already > passed the boot-lock; therefore its operation does not require any > additional signatures.
Thank you. Now it makes sense to me -- a wrongdoer can insert a device and try booting it (e.g., the four-game-button press) -- so *what* he is trying to load needs to be verified for authenticity. Whereas the 'olpc-update' user already has a running system, and root privilege, so he is allowed to load. Michael, thank you for this explanation (and for describing where the signatures are contained). This is *much* clearer than the wiki, which gives cookbook explanations but does not say "how come". mikus _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel