Firmware release procedures
Jump to navigation
Jump to search
Release procedure
Here is a draft of a BIOS release procedure.
Stage one: EC:
- Quanta e-mails EC release and changelog to the OLPC BIOS contact, signed and encrypted with PGP
- see notes below
- Quanta and OLPC test this version of EC
Stage two: Buildrom:
- Pull EC release from http://dev.laptop.org/pub/ec/, check hashes
- Update buildrom changelog and tag for release
- Update SPI flash version string in buildrom binary
- Create buildrom SRPM
- Build two flavors of binary RPM for the two RAM variants
Stage three: Testing:
- announce build to BIOS team and Ray, release candidate testing begins
- test on a 256M board
- install the binary RPMs on Tinderbox machines
- >12 hours of burn-in warm reboot testing on Tinderbox
- cold boot tests
- we need a cold boot solution; X10 doesn't seem to like the power at OLPC
- After automated tests, send "Who has tested?" mail asking for problem reports
- Release after twelve hours if no problem reports
Stage four: Release:
- Release builds kept in a separate directory
- Update the version number in LB from release candidate to final
- Announce new build and hashes to devel-boards@ (requires moderation).
Using PGP for EC code
For first release only
Download and run ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe
Download and install Thunderbird from http://www.mozilla.com/thunderbird/
Download Enigmail from http://www.mozilla-enigmail.org/downloads/enigmail-0.94.1.1-tb15-linux.xpi
Download http://dev.laptop.org/pub/ec/olpc-bios-key.pub ; this will be the public key that the mail is encrypted to.
Run Thunderbird
Set up an e-mail account; when asked for name, use "Quanta OLPC BIOS"
Tools menu->Extensions:
- Click install, find downloaded Enigmail .xpi
- Restart Thunderbird
OpenPGP menu->Key Management:
- choose "No", don't use wizard
- Generate menu->new key pair:
- Enter passphrase twice
- Set key expiry to 2 months
- Supply key fingerprint to OLPC out-of-band
- It is vital that the private key file (secring.gpg) is kept secure, and is not distributed from the computer it was created on
Tools menu->Account Settings->OpenPGP Security:
- OpenPGP support should be enabled
- Check "Encrypt messages by default" and "Sign encrypted messages by default"
Tools menu->Account Settings->Copies & folders:
- Uncheck "Place a copy in"
Tools menu->Account Settings->Composition & Addressing:
- Uncheck "Compose messages in HTML format"
OpenPGP menu->Key Management:
- File menu->Import keys from file
- Choose the downloaded olpc-bios-key.pub file
For subsequent releases
Click "Write":
- To: bios@laptop.org
- OpenPGP menu->"Send My Public Key"
- Attach changelog
- Attach EC file
- Click "Send"
- Choose "inline pgp"