Android/Security: Difference between revisions
< Android
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 11: | Line 11: | ||
ln -s ../runos4.zip actos4.zip |
ln -s ../runos4.zip actos4.zip |
||
ln -s ../actrd4.zip actrd4.zip |
ln -s ../actrd4.zip actrd4.zip |
||
:*For a laptop without activation lease, the actrd4.zip must obtain a lease, write it to /security/lease.sig on the first partition, then reboot. To skip this step, link actrd4.zip to runrd4.zip instead, and the firmware will boot Android even if there is no activation lease. |
|||
:*For a laptop preactivated with the {{code|ak}} tag, actrd4.zip is not used. |
|||
* sign the Q7B40 firmware release with the deployment firmware (w1) key, |
* sign the Q7B40 firmware release with the deployment firmware (w1) key, |
||
* copy the signed bootfw4.zip file to /boot/ |
* copy the signed bootfw4.zip file to /boot/ |
Revision as of 01:40, 24 September 2014
Firmware security for the Android and Sugar build.
- set up for signing using firmware security and the bios-crypto source,
- copy /boot/alt/vmlinuz and /boot/alt/initrd.img from the Android build,
- sign the Android kernel with the deployment operating system (o1) key,
sign-os.sh os vmlinuz runos4.zip
- sign the Android ramdisk
sign-os.sh os initrd.img runrd4.zip
- place both in /boot/alt,
- link the activation mode to the Sugar activation kernel and ramdisk,
ln -s ../runos4.zip actos4.zip ln -s ../actrd4.zip actrd4.zip
- For a laptop without activation lease, the actrd4.zip must obtain a lease, write it to /security/lease.sig on the first partition, then reboot. To skip this step, link actrd4.zip to runrd4.zip instead, and the firmware will boot Android even if there is no activation lease.
- For a laptop preactivated with the ak tag, actrd4.zip is not used.
- sign the Q7B40 firmware release with the deployment firmware (w1) key,
- copy the signed bootfw4.zip file to /boot/
- test booting using the O game key to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled,
- test booting using the rocker down key to display the boot menu.