I've been reading the page on your Open Source support (well done, btw, on acknowledging your GPL responsibilities and even putting the toolchain up. That's great to see):
It left me with one or two questions which aren't wholly expounded upon though:
What happens when the secure boot lock is disabled? In addition to scrubbing the HDCP and DTCP keys, does it enable a full console anywhere? Otherwise, how would one actually put newly compiled binaries on the BrightSign's filesystem?