Talk:Activation and developer keys: Difference between revisions
(Refine answers) |
|||
(19 intermediate revisions by 12 users not shown) | |||
Line 1: | Line 1: | ||
Question: Reinstalling Developer key |
|||
Updated firmware and installed 802, thus erasing develop.sig. Had inadvertebtly saved it to USB simply as develop.sig, not /security/develop.sig, so I re-downloaded key from Request link on Browser page. Here's how my security file now looks: |
|||
`drwx------ 4 root root 0 2010-01-07 00:08 . |
|||
drwxr-xr-x 24 root root 0 2010-01-09 20:38 .. |
|||
-rw-rw-r-- 1 root root 1260 2010-01-07 00:08 develop.sig |
|||
drwxr-xr-x 2 root root 0 2009-12-24 20:57 .private |
|||
drwx------ 4 root root 0 2009-12-24 20:57 state |
|||
-rw-r--r-- 1 root root 0 2010-01-09 20:41 update-attempt |
|||
bash-3.2# exit |
|||
XO still starts up in secure mode. |
|||
How can I reactivate the key? |
|||
Cal3iban 1/9/10 |
|||
==Booting to Open Firmware== |
|||
Can someone add that some USB keys don't seem to work if you put your developer key in /security on the USB drive. I had issues and then I just decided to try the same thing but with an SD card and it worked. [[User:Mick|Mick]] 11:11, 11 February 2009 (UTC) |
|||
==Activation and Developer Keys as DRM== |
|||
The XO's "firmware security" is an essential part of the [[Bitfrost|Bitfrost security system]], yet it is also a good example of "[[Wikipedia:Tivoization|Tivoization]]". |
|||
:I edited some of the more pointed language about the evils of DRM out of the page while preparing it for translation, but set up this entry in the discussion because it is a valid point. |
|||
:The firmware security is there to allow users and deployments to ensure that laptops are running base operating system code that has not been modified (either maliciously or intentionally). OLPC does not intend that this prevent laptops owners from modifying or reinstalling whatever software they want to, hence the notion of a developer key. For laptops obtained through a large scale deployment, this unfortunately must include a delay of several weeks to allow reporting of stolen laptops from areas without connectivity --- the anti-theft system relies on firmware security. OLPC is working to make the process of [[Wikipedia:Privilege escalation|jailbreaking]] simply a button on the control panel for all users, with instantaneous results for laptops obtained through the [[G1G1|Give One, Get One]] program.--[[User:Wad|Wad]] 05:38, 10 December 2008 (UTC) |
|||
==Copy and paste woe== |
|||
The page you get to once a developer key is made directs you to copy and paste a long wget command to the terminal. It is not at all obvious how to do that. I managed to, but only with a great deal of hackery. I suppose you could always write down the string, but that is ugly and error-prone. |
The page you get to once a developer key is made directs you to copy and paste a long wget command to the terminal. It is not at all obvious how to do that. I managed to, but only with a great deal of hackery. I suppose you could always write down the string, but that is ugly and error-prone. |
||
Line 6: | Line 32: | ||
:Another option is to update the terminal activity first, since the new version supports cut and paste. |
:Another option is to update the terminal activity first, since the new version supports cut and paste. |
||
==Bad Browse instructions== |
|||
The instruction for getting a developer key by starting Browse and clicking the Library link 'other' and then 'about your xo' didn't make sense on my G1G1. There is no 'other' link. Perhaps this is out of date or just unclear. The file:///home/.devkey.html approach does work for me. |
The instruction for getting a developer key by starting Browse and clicking the Library link 'other' and then 'about your xo' didn't make sense on my G1G1. There is no 'other' link. Perhaps this is out of date or just unclear. The file:///home/.devkey.html approach does work for me. |
||
Line 13: | Line 40: | ||
:24 June 2008 |
:24 June 2008 |
||
:When you start the browser, it loads an HTML page from the 'disk' (NAND flash memory) showing a google search bar and some quick links to the OLPC web site. To the left of this is a vertical menu listing various headings e.g. 'books', 'media', 'images', etc. The last item in this menu is 'other'. Click on other, and a submenu with the single item 'About your XO' appears. Click on this, and a lengthy file of screen shot images demonstrating XO usage is loaded from 'disk'. So far all this is done offline, and no internet connection is needed. Finally, page to the bottom, and there you will find the link for obtaining a developer key. This loads the .devkey.html file, and when you press 'submit', your keyrequest will be sent out over the internet, assuming you have a connection. |
:When you start the browser, it loads an HTML page from the 'disk' (NAND flash memory) showing a google search bar and some quick links to the OLPC web site. To the left of this is a vertical menu listing various headings e.g. 'books', 'media', 'images', etc. The last item in this menu is 'other'. Click on other, and a submenu with the single item 'About your XO' appears. Click on this, and a lengthy file of screen shot images demonstrating XO usage is loaded from 'disk'. So far all this is done offline, and no internet connection is needed. Finally, page to the bottom, and there you will find the link for obtaining a developer key. This loads the .devkey.html file, and when you press 'submit', your keyrequest will be sent out over the internet, assuming you have a connection. |
||
:: I updated the instructions on the page to mention this and other ways of navigating to the form. -- [[User:Skierpage|Skierpage]] 06:08, 31 July 2008 (UTC) |
|||
:A useful and non-obvious use of the browser activity is as a graphical file browser, which beats the terminal command line any day. When you open the browser and the local disk google HTML page loads, click on the text in the URL bar at the top of the screen. The text will change to show the directory path of the current page. Move the cursor to the end and erase all the characters except the "file:///" and press enter. This will show the root directory, which you can navigate by clicking on entries. When you click on a file entry, e.g. .devkey.html (check the show hidden files box to see this file), the file will be opened and displayed. From there you can click 'submit' as before. A defect of the file browser is there is no right click mechanism for moving, copying, or deleting files. |
:A useful and non-obvious use of the browser activity is as a graphical file browser, which beats the terminal command line any day. When you open the browser and the local disk google HTML page loads, click on the text in the URL bar at the top of the screen. The text will change to show the directory path of the current page. Move the cursor to the end and erase all the characters except the "file:///" and press enter. This will show the root directory, which you can navigate by clicking on entries. When you click on a file entry, e.g. .devkey.html (check the show hidden files box to see this file), the file will be opened and displayed. From there you can click 'submit' as before. A defect of the file browser is there is no right click mechanism for moving, copying, or deleting files. |
||
==Why the wait for a key?== |
|||
Out of curiosity, why does it take so long to get a key? I can understand there being a bit of a delay if it has to generate one, but you know exactly how long it'll take (i.e. 24 hours) so is it just some sort of vetting process to make sure that people are Really Sure they want to get a key? Also, the key retrieval process is a bit annoying - it seems that we should be able to just provide an email address to send the key to when it's ready. [[Special:Contributions/70.90.171.153|70.90.171.153]] 00:11, 19 September 2008 (UTC) |
|||
:OLPC is working to make the process of obtaining a key for laptops obtained through the [[G1G1|Give One, Get One]] program faster. The delay is present to allow time for reporting of thefts in foreign countries, the firmware security is central to the anti-theft system--[[User:Wad|Wad]] 05:38, 10 December 2008 (UTC) |
|||
== Security certificate has expired == |
|||
{{Activation.laptop.org}} |
|||
When I click on the "request a developer key" in Browse, I get an error message that the security certification for that page is out-of-date. It gives me an option to "add an exception," but that doesn't work either. I used the https://activation.laptop.org/devkey/post/ website on another computer to request the key, (I also got a security warning there, but was able to override it). It would be nice to be able to do this directly from the XO as I have half a dozen with invalid system date problems that I need to fix. I'm making a collection stick, but is there any chance the security certificate could be updated? |
|||
[[User:Janissa|Janissa]] 21:22, 9 May 2011 (UTC) |
|||
:What version of Browse are you using? What operating system version? --[[User:Quozl|Quozl]] 07:59, 16 May 2011 (UTC) |
|||
::It was on several XOs with the old Sugar, ones that had no "Control Settings" option. I didn't note the exact OS information before fixing the problem. But, I got the same security warning when I accessed the website via Internet Explorer on a Windows Vista computer. [[User:Janissa|Janissa]] 18:08, 16 May 2011 (UTC) |
|||
:::The certificate is issued by OLPC, and we placed it on the laptops so that no warning should appear. You will get a warning when using other operating systems, and we don't intend to fix that. I've tested it on the current release and no warning appears. The certificate should be in /etc/pki/tls/cert.pem ... it starts with MIIHPDCCBSS. Perhaps those old XOs had an unstable build installed. Please upgrade them next time; we can't expect unstable builds to keep working. --[[User:Quozl|Quozl]] 23:35, 16 May 2011 (UTC) |
|||
== file:///home/devkey.html "File Not Found" error == |
|||
I have another G1G1 XO-1 with an early Sugar OS. When I go into Browse, there is no "request a developer key." I tried typing in the address file:///home/devkey.html but got a "File Not Found" error. Is there a typo in the name, or is this incorrect information? |
|||
[[User:Janissa|Janissa]] 21:22, 9 May 2011 (UTC) |
|||
:Possibly an OS version that predates the instructions, or filesystem corruption has removed the file. Reinstall the latest stable build and try again. --[[User:Quozl|Quozl]] 23:37, 16 May 2011 (UTC) |
|||
== Trouble with OFW "enable-security" command == |
|||
While trying to permanently re-enable security, when I enter "enable-security" at the OK prompt, I get the error message "unexpected end-of-line" |
|||
Any suggestions? |
|||
:Add the serial number before pressing enter? --[[User:Quozl|Quozl]] 02:41, 19 June 2012 (UTC) |
Latest revision as of 23:55, 9 January 2014
Question: Reinstalling Developer key Updated firmware and installed 802, thus erasing develop.sig. Had inadvertebtly saved it to USB simply as develop.sig, not /security/develop.sig, so I re-downloaded key from Request link on Browser page. Here's how my security file now looks:
`drwx------ 4 root root 0 2010-01-07 00:08 . drwxr-xr-x 24 root root 0 2010-01-09 20:38 .. -rw-rw-r-- 1 root root 1260 2010-01-07 00:08 develop.sig drwxr-xr-x 2 root root 0 2009-12-24 20:57 .private drwx------ 4 root root 0 2009-12-24 20:57 state -rw-r--r-- 1 root root 0 2010-01-09 20:41 update-attempt bash-3.2# exit
XO still starts up in secure mode. How can I reactivate the key? Cal3iban 1/9/10
Booting to Open Firmware
Can someone add that some USB keys don't seem to work if you put your developer key in /security on the USB drive. I had issues and then I just decided to try the same thing but with an SD card and it worked. Mick 11:11, 11 February 2009 (UTC)
Activation and Developer Keys as DRM
The XO's "firmware security" is an essential part of the Bitfrost security system, yet it is also a good example of "Tivoization".
- I edited some of the more pointed language about the evils of DRM out of the page while preparing it for translation, but set up this entry in the discussion because it is a valid point.
- The firmware security is there to allow users and deployments to ensure that laptops are running base operating system code that has not been modified (either maliciously or intentionally). OLPC does not intend that this prevent laptops owners from modifying or reinstalling whatever software they want to, hence the notion of a developer key. For laptops obtained through a large scale deployment, this unfortunately must include a delay of several weeks to allow reporting of stolen laptops from areas without connectivity --- the anti-theft system relies on firmware security. OLPC is working to make the process of jailbreaking simply a button on the control panel for all users, with instantaneous results for laptops obtained through the Give One, Get One program.--Wad 05:38, 10 December 2008 (UTC)
Copy and paste woe
The page you get to once a developer key is made directs you to copy and paste a long wget command to the terminal. It is not at all obvious how to do that. I managed to, but only with a great deal of hackery. I suppose you could always write down the string, but that is ugly and error-prone.
- 28 June 2008
- The cut (highlight selection and ctrl-c) works fine in the old builds, however, paste (ctrl-v) does not work with the terminal activity in the old builds. Use alt-tab to switch back and forth beteen browse and terminal activities in order to copy manually with accuracy without having to write down the long command.
- Another option is to update the terminal activity first, since the new version supports cut and paste.
Bad Browse instructions
The instruction for getting a developer key by starting Browse and clicking the Library link 'other' and then 'about your xo' didn't make sense on my G1G1. There is no 'other' link. Perhaps this is out of date or just unclear. The file:///home/.devkey.html approach does work for me.
- 28 June 2008
- I just updated to build 703. The 'other' link referred to above and below disappears in this build. If you click on the link "Activities" in build 703's browser vertical menu, however, and then click on the sub-menu "find activities", the "apply for developer key" link can be found at the bottom of the page that displays, just as it was found at the bottom of the "about your XO" page in the older builds.
- 24 June 2008
- When you start the browser, it loads an HTML page from the 'disk' (NAND flash memory) showing a google search bar and some quick links to the OLPC web site. To the left of this is a vertical menu listing various headings e.g. 'books', 'media', 'images', etc. The last item in this menu is 'other'. Click on other, and a submenu with the single item 'About your XO' appears. Click on this, and a lengthy file of screen shot images demonstrating XO usage is loaded from 'disk'. So far all this is done offline, and no internet connection is needed. Finally, page to the bottom, and there you will find the link for obtaining a developer key. This loads the .devkey.html file, and when you press 'submit', your keyrequest will be sent out over the internet, assuming you have a connection.
- I updated the instructions on the page to mention this and other ways of navigating to the form. -- Skierpage 06:08, 31 July 2008 (UTC)
- A useful and non-obvious use of the browser activity is as a graphical file browser, which beats the terminal command line any day. When you open the browser and the local disk google HTML page loads, click on the text in the URL bar at the top of the screen. The text will change to show the directory path of the current page. Move the cursor to the end and erase all the characters except the "file:///" and press enter. This will show the root directory, which you can navigate by clicking on entries. When you click on a file entry, e.g. .devkey.html (check the show hidden files box to see this file), the file will be opened and displayed. From there you can click 'submit' as before. A defect of the file browser is there is no right click mechanism for moving, copying, or deleting files.
Why the wait for a key?
Out of curiosity, why does it take so long to get a key? I can understand there being a bit of a delay if it has to generate one, but you know exactly how long it'll take (i.e. 24 hours) so is it just some sort of vetting process to make sure that people are Really Sure they want to get a key? Also, the key retrieval process is a bit annoying - it seems that we should be able to just provide an email address to send the key to when it's ready. 70.90.171.153 00:11, 19 September 2008 (UTC)
- OLPC is working to make the process of obtaining a key for laptops obtained through the Give One, Get One program faster. The delay is present to allow time for reporting of thefts in foreign countries, the firmware security is central to the anti-theft system--Wad 05:38, 10 December 2008 (UTC)
Security certificate has expired
When I click on the "request a developer key" in Browse, I get an error message that the security certification for that page is out-of-date. It gives me an option to "add an exception," but that doesn't work either. I used the https://activation.laptop.org/devkey/post/ website on another computer to request the key, (I also got a security warning there, but was able to override it). It would be nice to be able to do this directly from the XO as I have half a dozen with invalid system date problems that I need to fix. I'm making a collection stick, but is there any chance the security certificate could be updated? Janissa 21:22, 9 May 2011 (UTC)
- What version of Browse are you using? What operating system version? --Quozl 07:59, 16 May 2011 (UTC)
- It was on several XOs with the old Sugar, ones that had no "Control Settings" option. I didn't note the exact OS information before fixing the problem. But, I got the same security warning when I accessed the website via Internet Explorer on a Windows Vista computer. Janissa 18:08, 16 May 2011 (UTC)
- The certificate is issued by OLPC, and we placed it on the laptops so that no warning should appear. You will get a warning when using other operating systems, and we don't intend to fix that. I've tested it on the current release and no warning appears. The certificate should be in /etc/pki/tls/cert.pem ... it starts with MIIHPDCCBSS. Perhaps those old XOs had an unstable build installed. Please upgrade them next time; we can't expect unstable builds to keep working. --Quozl 23:35, 16 May 2011 (UTC)
file:///home/devkey.html "File Not Found" error
I have another G1G1 XO-1 with an early Sugar OS. When I go into Browse, there is no "request a developer key." I tried typing in the address file:///home/devkey.html but got a "File Not Found" error. Is there a typo in the name, or is this incorrect information? Janissa 21:22, 9 May 2011 (UTC)
- Possibly an OS version that predates the instructions, or filesystem corruption has removed the file. Reinstall the latest stable build and try again. --Quozl 23:37, 16 May 2011 (UTC)
Trouble with OFW "enable-security" command
While trying to permanently re-enable security, when I enter "enable-security" at the OK prompt, I get the error message "unexpected end-of-line" Any suggestions?
- Add the serial number before pressing enter? --Quozl 02:41, 19 June 2012 (UTC)