Hi,
I've ordered a V6 and am waiting for it to arrive. In the meantime I've been looking at mot's source and the zip of the firmware's filesystems that was posted. I would like to replace the kernel with one I configure differently from Mot's sources.

In general the things I've noticed are:
1. PKI everywhere: there are 3 certs related to code signing for content which seem unrelated to other certs visible directly in the P2K flash file (used to sign the flash and verified just by the PC utility?)

2. engr vs prod states appear to go all the way back to the kernel (fusedrv)->hardware IO, but there is no I/O write operation for fuse in the kernel. If I made my own kernel I see no reason it can't lie about the hardware state and I see no sign the kernel itself is subject to PKI verification. I'm not quite sure what else besides inetd.conf->telnet engr may affect in mot's non-GPL bits.

3. CG52/preloadapps/qtapps: it would be interesting to see if things placed here are allowed to run (and what they are run as.)

4. firmware update- it looks like motorola ported the support into the kernel source so it looks like if we booted our own version of their kernel from boot_usb we would have one that flashes the device.

5. On a bit of a tangent, deleting certain things, like their mot specific kernel modules looks like it may get the phone into interesting states. Deleting has the advantage of not having to worry if the individual object signed/verified(i.e. modules.hash) and once one is done using the state one could put the original item back.

Conclusion:
boot_usb looks like it at a minimum needs a configuration lines for the LJ devices. Once we can boot our own kernel it looks like we can permanently replace it in a way we can redo without the original firmware and we have the full source to make it functionally replace motorola's kernel to our choosing. The one catch is if the bootloader is doing verification but from the description of usb booting EZX phones it doesn't sound likely it does.

-way