Boot process: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(link to Early boot which I think is the next steps.) |
||
| (6 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
This is the sequence that [[OFW]] goes through before [[Early boot|booting an image]]. The canonical specification should be at [[Firmware Security]]. |
|||
# If all four buttons are held down (secure copy-nand) |
# If all four game-pad buttons are held down (secure copy-nand) |
||
## Firmware looks at fs.zip (should be in root directory of usb key, along with the os{build_number}.img) |
## Firmware looks at fs.zip (should be in root directory of usb key, along with the os{build_number}.img) |
||
##* fs.zip should have data.img and data.sig in it |
##* fs.zip should have data.img and data.sig in it |
||
| Line 7: | Line 7: | ||
# If your laptop is insecure (the ww flag is set instead of the wp flag) |
# If your laptop is insecure (the ww flag is set instead of the wp flag) |
||
#* The laptop boots the old insecure way (loads /boot/olpc.fth and runs whatever script is there) |
#* The laptop boots the old insecure way (loads /boot/olpc.fth and runs whatever script is there) |
||
#* NOTE: if you hold |
#* NOTE: if you hold the '×' game-pad key during startup, the laptop will go into secure mode for that one boot up |
||
# If your laptop is secure (wp flag set, or |
# If your laptop is secure (wp flag set, or '×' game-pad key was held), then... |
||
## If dk flag is set |
## If dk flag is set |
||
##* goto old insecure boot |
##* goto old insecure boot |
||
## If present and valid /security/develop.sig (in the usb, sd, or nand) |
## If present and valid /security/develop.sig (in the usb, sd, or nand) |
||
##* goto old insecure boot. |
##* goto old insecure boot. |
||
## If present |
## If present /boot/bootfw.zip (for secure reflash of OFW) (has... how should key be set up? data.rom and data.sig?) |
||
##* If signature is valid, then reflash |
##* If signature is valid, then reflash |
||
## If present, valid, and not expired /security/lease.sig '''OR''' the ak flag is set |
## If present, valid, and not expired /security/lease.sig '''OR''' the ak flag is set |
||
##* If present os.zip (contains data.sig and data.img) |
##* If present /boot/os.zip (contains data.sig and data.img) |
||
##** then, If data.sig and data.img are valid, boot |
##** then, If data.sig and data.img are valid, boot from the data.img. |
||
[[Early boot]] describes the Linux boot sequence after these steps in firmware. |
|||
[[category:documentation]] |
|||
[[Category:XO startup]] |
|||
Latest revision as of 22:35, 27 August 2009
This is the sequence that OFW goes through before booting an image. The canonical specification should be at Firmware Security.
- If all four game-pad buttons are held down (secure copy-nand)
- Firmware looks at fs.zip (should be in root directory of usb key, along with the os{build_number}.img)
- fs.zip should have data.img and data.sig in it
- If the data.sig lines up with the data.img, the os{build_number}.img is booted.
- Firmware looks at fs.zip (should be in root directory of usb key, along with the os{build_number}.img)
- If your laptop is insecure (the ww flag is set instead of the wp flag)
- The laptop boots the old insecure way (loads /boot/olpc.fth and runs whatever script is there)
- NOTE: if you hold the '×' game-pad key during startup, the laptop will go into secure mode for that one boot up
- If your laptop is secure (wp flag set, or '×' game-pad key was held), then...
- If dk flag is set
- goto old insecure boot
- If present and valid /security/develop.sig (in the usb, sd, or nand)
- goto old insecure boot.
- If present /boot/bootfw.zip (for secure reflash of OFW) (has... how should key be set up? data.rom and data.sig?)
- If signature is valid, then reflash
- If present, valid, and not expired /security/lease.sig OR the ak flag is set
- If present /boot/os.zip (contains data.sig and data.img)
- then, If data.sig and data.img are valid, boot from the data.img.
- If present /boot/os.zip (contains data.sig and data.img)
- If dk flag is set
Early boot describes the Linux boot sequence after these steps in firmware.