10.1.0/Signature procedure: Difference between revisions
< 10.1.0
Jump to navigation
Jump to search
DanielDrake (talk | contribs) (New page: Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is...) |
(cat) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
[[category:10.1]] |
|||
Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is also hoped to be a one-off; the next OS release will be built from a revamped build tool. |
Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is also hoped to be a one-off; the next OS release will be built from a revamped build tool. |
||
Line 12: | Line 14: | ||
** Basically, stick runos.zip, runrd.zip and bootfw.zip(verbatim from the XO) into a zip file, and follow the "signing laptop" instructions at http://laptop.org/internalwiki/index.php/Signature_procedure#Signing_kernels.2C_initramfsen.2C_and_firmware |
** Basically, stick runos.zip, runrd.zip and bootfw.zip(verbatim from the XO) into a zip file, and follow the "signing laptop" instructions at http://laptop.org/internalwiki/index.php/Signature_procedure#Signing_kernels.2C_initramfsen.2C_and_firmware |
||
* Take the output from the signing laptop and feed it through livecd-iso-to-xo.sh manually, with the signing laptop output as a final parameter |
* Take the output from the signing laptop and feed it through livecd-iso-to-xo.sh manually, with the signing laptop output as a final parameter |
||
** '''Make sure that the previous-output .img file has been deleted in advance of running this''' otherwise the same one will be reused and the resultant file will be big |
|||
./livecd-iso-to-xo.sh osXX.iso osXX signedcontent.zip |
./livecd-iso-to-xo.sh osXX.iso osXX signedcontent.zip |
||
* Create .zd and .zsp files from the output .img from livecd-iso-to-xo: |
* Create .zd and .zsp files from the output .img from livecd-iso-to-xo: |
Latest revision as of 07:45, 17 February 2010
Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is also hoped to be a one-off; the next OS release will be built from a revamped build tool.
- Take the (unsigned image) that you want to build, and install it onto an XO
- this should be the final -rc release that was announced
- Copy kernel, and initramfs and firmware from the booted XO onto USB
- the files you want are /boot/vmlinuz /boot/initrd.img and /boot/bootfw.zip
- On your workstation, sign the kernel and firmware, using the tools in bios-crypto/build
./makekey mykey ./sign-os.sh mykey vmlinuz runos.zip ./sign-os.sh mykey initrd.img runrd.zip
- Follow usual steps of signing these files with the special OLPC signing laptop (the beholder of the OLPC private keys)
- Basically, stick runos.zip, runrd.zip and bootfw.zip(verbatim from the XO) into a zip file, and follow the "signing laptop" instructions at http://laptop.org/internalwiki/index.php/Signature_procedure#Signing_kernels.2C_initramfsen.2C_and_firmware
- Take the output from the signing laptop and feed it through livecd-iso-to-xo.sh manually, with the signing laptop output as a final parameter
- Make sure that the previous-output .img file has been deleted in advance of running this otherwise the same one will be reused and the resultant file will be big
./livecd-iso-to-xo.sh osXX.iso osXX signedcontent.zip
- Create .zd and .zsp files from the output .img from livecd-iso-to-xo:
zhashfs 0x20000 sha256 osXX.img osXX.zsp osXX.zd
- Create a fs.zip made with your own signature
./sign-zsp.sh mykey osXX.zsp
- Use signing laptop to resign this fs.zip with OLPC private key
- See signing laptop instructions at http://laptop.org/internalwiki/index.php/Signature_procedure#Signing_builds
- Upload results to download.laptop.org