up to PR1.2(?) it was like: lockcode got stored in CAL (and could get cracked with john, see start of this thread), while the flag if lockcode is to be *used at all* got stored in rootfs (particularly gconf). So reflashing rootfs would allow to boot device without lockcode, though you still dunno the actual lockcode stored in CAL. with PR1,3(?) this obviously changed: lockcode can't be found in CAL anymore, at least not under the label it was before.[edit: seems incorrect. So it should still work] And the flag about actually asking for lockcode during boot now is stored in both rootfs and MyDocs, so you need to do a *full* reflash (both rootfs and eMMC) to regain access to a locked device. This is actually a sane thing, as now lockcode somewhat better protects your privacy, as flashing eMMC will clean all your private data on MyDocs. HTH jOERG