signed /boot/olpc.fth
James Cameron
quozl at laptop.org
Wed Oct 15 19:04:28 EDT 2014
G'day Sebastian,
Thanks for the questions.
1. Signing a boot script
To sign a Forth boot script, rename it to data.img, sign it with your
deployment o1 key, then wrap it in runos.zip, copy to actos.zip, and
place on boot media.
The laptop will open runos.zip (if it has a lease) or actos.zip (if
there is no lease), will verify the signature, and will then execute
the script.
In the bios-crypto build tree;
./sign-os.sh o1 olpc.fth runos.zip
cp runos.zip actos.zip
This is further documented on the Wiki [1], with a couple of usage
examples [2] [3], but is possibly best described by the bios-crypto
documentation.
2. Forth menus
Yes, there is some nice simple menu code. It uses the same
infrastructure as the diagnostics test menu [6] [7]. You can find it
in cpu/arm/olpc/bootmenu.fth from SVN 3722 [4].
The same code during development was in an olpc.fth file, before being
moved into the firmware [5].
The icon definitions can be read from USB drive, but since that path
is not signed it is best to use icons that already exist.
Other examples of the menu code can be found in the firmware source.
Let me know if you have problems with it.
References:
1. http://wiki.laptop.org/go/Firmware_security
2. http://wiki.laptop.org/go/Customization_stick_development
3. http://wiki.laptop.org/go/Android/Security
4. http://code.coreboot.org/p/openfirmware/source/commit/3722/
5. http://dev.laptop.org/git/users/quozl/mkzd/tree/olpc.fth?id=f8bedce34b2ea4326a1fa0918e73921aec9480d1
6. http://wiki.laptop.org/go/XO_Self_Test
7. http://wiki.laptop.org/go/File:Menu.png
--
James Cameron
http://quozl.linux.org.au/
More information about the Devel
mailing list