Create and sign Country specific XO image

Philipp Kocher philipp.kocher at gmx.net
Mon Jun 29 21:56:01 EDT 2009


The XOs got manufactured some time ago and just not delivered because
localization wasn't finished (localization is still not finished, but
the XO arrived yesterday).
So getting our own keys in the manufacturing data is not an option.

I hoped for an easier image creation and signing process. What is the
problem with the process described here
http://blog.olenepal.org/index.php/archives/183?

1. setup one XO the way you want it (I would use a script to do this)
2. delete a few files
3. create the image with save-nand at the ok prompt.
4. If I could send the CRC file of the image to OLPC and they would give
me a fs.zip in return, that would be great.

This way I could use the NandBlaster for the first installation and
would be much faster than installing os802.img from USB flash drive and
call the customization script on the flash drive on each XO.

Daniel Drake wrote:
> On Fri, 2009-06-26 at 11:25 +0700, Philipp Kocher wrote:
>> Hello
>>
>> Cambodia is getting 1000 new XOs very soon. This are the first ones with 
>> a Khmer keyboard.
>>
>> To make the installation process easier, I would like to create a 
>> country specific image based on build 802, which includes Khmer keyboard 
>> support, fonts, the newest language pack with software translations, 
>> Activities and some customizations.
> 
> Image builder can do all this:
> http://wiki.laptop.org/go/Image_builder
> You'll have to script some of those customizations.
> 
> The other option is to use pilgrim, which is what I think they do in
> Nepal. Looking back, I think this is a better option than image builder
> for the non-activity customizations, but image builder is probably a bit
> easier to get started with.
> 
> You have to decide if you want to sign your own builds, or if you want
> to get OLPC to do it (if they will do so).
> 
> To do it yourself you have to generate your own public/private keys and
> somehow get those public keys to be present in the manufacturing data on
> all of your laptops. Full details here:
> http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
> The bios-crypto code is what you will use to sign your images.
> 
> Daniel
> 
> 




More information about the Devel mailing list