OS builder generated ZD, 4 button install on unlocked XO1
James Cameron
quozl at laptop.org
Mon Jan 18 15:28:58 EST 2016
Our 13.2.6 build for SD on XO-1 contains an olpc.fth with fs-update encapsulated in a zip bundle which is then signed. So it already supports four button install.
It boils down to; if you need four button install, you must use keys.
On Mon, Jan 18, 2016 at 06:09:37AM -0800, George Hunt wrote:
> The context that got me started on this was Sora's desire for an easy way to
> install the os builder image you were helping her with. She was needing to
> process 400 units, and you suggested that the 4 button install would work in
> that instance on unlocked xo1 devices.
>
> If I self sign the fs0.zip, there's still the issue of introducing my key into
> the keylist of the unlocked laptops.
>
> I guess you were suggesting that she use a small olpc.fth stub to introduce her
> own key into each of the laptops, so that the self signed fs0.zip would be
> accepted by the firmware, and the install would proceed.
>
> For Adam's Unleashedkids project, I'm wondering if there is an olpc.fth file,
> that includes fs-update , and would work on an xo1, installing to an SD card,
> similar to the one documented for xo1.5, xo1.74, xo4, at [1]http://
> wiki.laptop.org/go/Firmware/Storage#
> How_to_automatically_install_an_unsigned_build
>
> Or do you suggest that I take the self signing approach?
>
> On Mon, Jan 18, 2016 at 12:16 AM, James Cameron <[2]quozl at laptop.org> wrote:
>
> On Sun, Jan 17, 2016 at 11:04:30AM -0800, George Hunt wrote:
> >
> > I've been exploring an exchange with James Cameron:
> >
> > <I wrote>
> > So then as I understand it, on an unlocked machine, the installers would
> need
> > to type "fs-update 32018ht0.zd" at the OK> prompt to kick off the
> install. Is
> > that correct?
> >
> > <James responded>
> > No, an unlocked machine will work like a locked machine when given the
> > four game keys held on boot.
> >
> > I've been trying to generate an unsigned ZD image that will load with the
> 4
> > button install.
> >
> > I've generated an unsigned fs0.zip and placed the xxx.ZD and fs0.zip in
> the
> > root directory of a USB key.
>
> Your fs0.zip must be signed.
>
> > The firmware finds the fs0.zip, but complains "no signature for our key
> list".
>
> Your key list must be changed.
>
> > There's probably some setting in os-builder that I have not found yet.
>
> [3]http://wiki.laptop.org/go/OSBuilder#Signing_preparation shows steps for
> preparing a builder for signing.
>
> [4]http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/
> README?h=v7.0 describes the signing module in the builder.
>
> [5]http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
> describes how to change the key list on a laptop. Add an o1 tag using the
> add-tag-from-file command. This is straightforward on unlocked laptops.
>
> --
> James Cameron
> [6]http://quozl.netrek.org/
>
> References:
>
> [1] http://wiki.laptop.org/go/Firmware/Storage#How_to_automatically_install_an_unsigned_build
> [2] mailto:quozl at laptop.org
> [3] http://wiki.laptop.org/go/OSBuilder#Signing_preparation
> [4] http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/README?h=v7.0
> [5] http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
> [6] http://quozl.netrek.org/
--
James Cameron
http://quozl.netrek.org/
More information about the Devel
mailing list