Generating signed builds for Afghanistan
Ed McNierney
ed at laptop.org
Mon Jun 14 08:38:28 EDT 2010
Javed -
The best way to get support for your efforts is to work through OLPC's country support team, since we have a working relationship with the Afghan MOE. I will follow up with contact information so you can get the support you need. Thanks!
- Ed
Ed McNierney
CTO
One Laptop per Child
ed at laptop.org
+1 (978) 761-0049
On Jun 14, 2010, at 8:11 AM, Bernie Innocenti wrote:
> [cc += devel at lists.laptop.org]
>
> El Mon, 14-06-2010 a las 15:07 +0430, javed khan escribió:
>> i am working in Ministry of Education Kabul Afghanistan OLPC team as
>> software developer and technical support officer.
>
> Say hello to Mike Dawson from me!
>
>
>> which linux os is best for developing olpc custom images?
>
> I'm using Fedora 13 (x86_64) to create my images. Older versions of
> Fedora also work.
>
> If you also need to rebuild system RPM packages, you may also need to
> keep an old Fedora 11 box around. I use one of our servers for this
> purpose.
>
>
>> how to sign a custom image for xo's in my country ?
>
> I thought that laptops in Afghanistan were being deployed unlocked.
> In which case, you don't need to sign your builds.
>
> If you need to implement the theft-deterrence system, you should
> generate a set of key-pairs for your deployment using the bios-crypto
> package, and load the public firmware key into the manufacturing data of
> all your laptops.
>
> Some info:
>
> http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
> http://wiki.laptop.org/go/OLPC_Bitfrost
>
>
> You will also have to setup a central activation server, or use the new
> delegation scheme developed for Peru, which enables schoolservers to
> generate activations autonomously. Martin Langhoff and Daniel Drake are
> the most up-to-date people on this topic.
>
> Some information here:
>
> http://wiki.laptop.org/go/Theft_deterrence_protocol
>
>
> Then, you can configure olpc-os-builder to create signed builds. This is
> the easiest part. All you have to do is add something like this to your
> configuration:
>
> [signing]
> bios_crypto_path=/home/bernie/src/olpc/bios-crypto
> skey=/home/bernie/src/olpc/keys/pys1
> okey=/home/bernie/src/olpc/keys/pyo1
> wkey=/home/bernie/src/olpc/keys/pyw1
>
>
> The entire anti-theft scheme is very complicated and requires a lot of
> expertise to implement. In Paraguay, we have to deal with it almost
> every day even after one year.
>
> In my opinion, the engineering effort to implement the anti-theft system
> is justified only if large quantities of laptops are being stolen every
> year.
>
>
>> how to put custom image into school server so the xo's can update
>> from ?
>
> This requires olpc-update. The server side is a python program which
> wraps rsync. Depending what version of the OS your laptops are running,
> they may or may not ask the schoolserver for updates. Try running
> olpc-update from the command line and spy what it is doing on the
> network.
>
> Another effective way to update many laptops consists in setting up a
> NANDblaster server in the school:
>
> http://wiki.laptop.org/go/Multicast_NAND_FLASH_Update
>
>
> This will wipe the flash, so children and teachers need to be warned
> ahead of time so they have time to backup important activities to a USB
> stick.
>
>
>
> PS: I suggest you change your subscription to non-digest mode, as it
> makes very hard to follow threads and reply to others. Usually email
> clients can filter incoming mailing-list mail into separate folders.
>
> --
> // Bernie Innocenti - http://codewiz.org/
> \X/ Sugar Labs - http://sugarlabs.org/
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
More information about the Devel
mailing list