Manufacturing Data Specification: Difference between revisions

From OLPC
Jump to navigation Jump to search
(Split up manufacturing data into two pages)
 
Line 140: Line 140:
(In the tag name DQ, the "first name character" is "D", the "second name character" is "Q")
(In the tag name DQ, the "first name character" is "D", the "second name character" is "Q")


<table border=1>
<table border="1" cellpadding="6" cellspacing="0">
<tr><th>Tag Name</th><th>Data Length<br>(including null)</th><th>Req</th><th>Meaning</th><th>Encoding</th></tr>
<tr><th>Tag Name</th><th>Data Length<br>(including null)</th><th>Req</th><th>Meaning</th><th>Encoding</th></tr>
<tr><td>ww</td><td>0</td><td></td><td>Write Allow</td><td>(No Data) Presence at beginning of tag list prevents bootloader from enabling hardware write protect of SPI FLASH. This can be used to allow incremental updates to the tag list during multiple manufacturing phases. See [[#Write Protect Behavior]]. Set by ''disable-security''.</td></tr>
<tr><td>ww</td><td>0</td><td></td><td>Write Allow</td><td>(No Data) Presence at beginning of tag list prevents bootloader from enabling hardware write protect of SPI FLASH. This can be used to allow incremental updates to the tag list during multiple manufacturing phases. See [[#Write Protect Behavior]]. Set by ''disable-security''.</td></tr>

Revision as of 03:38, 27 March 2013

  This page is monitored by the OLPC team.

This document defines the method for storing manufacturing data on an OLPC laptop, as well as the interaction with the security system.

Manufacturing data is information about a specific OLPC laptop that is known at time of manufacture and stored in the unit's SPI FLASH. It includes basic manufacturing data such as the product model, part number, and motherboard model number; unique identifying information such as the serial number, unique user ID, and WLAN MAC address; and language localization information such as the keyboard version and language locale. There are also flag indicating the anti-theft "status" of the laptop (activated, developer).

Goals

  • Security: When an OLPC machine leaves the factory, the SPI FLASH must be write protected, if the customer has requested that anti-theft be enabled.
  • Manufacturability: The procedures should be fast, reliable, and convenient within the constraints of the manufacturing flow.
  • Extensibility: The data formats should make it easy to revise or extend the manufacturing data set in the future.
  • Sanity: The validity of the manufacturing data should be easy to verify.
  • Robustness: Programs that read or write manufacturing data should continue to work when the data set is revised.
  • Simplicity: The implementation programs should be small and easy to write and verify.

Version History

Version 3.3, 2010-07-08 KM value for mechanical keyboard is now "olpcm"

Version 3.2, 2010-07-06 Corrected olpc2 usage with respect to KV and new mechanical keyboard

Version 3.1, 2010-06-03 Added olpc2 info in KM and KV, for new mechanical keyboard

Version 3.0, 2009-06-18 (lots of other updates have happened) Added SKU 53 and 54 for Nicaragua

Version 2.9, 2007-11-20 us,ng -> ng

Version 2.8, 2007-11-14 Corrected a couple of keyboard table entries - us,ur -> us,pk, and ng -> us,ng

Version 2.7, 2007-11-14 Added SK tag for SKU number

Version 2.6, 2007-10-21 Revised SG tag per input from Quanta

Version 2.5, 2007-10-19 Added SG tag information

Version 2.4, 2007-10-17 Revised SD tag format

Version 2.3, 2007-10-11 Revised KA tag, fixed lengths and example values for other tags to match reality.

Version 2.2, 2007-10-09 Clarified LA and LO values, added dk and ak tags.

Version 2,1, 2007-10-07 add keyboard data

Version 2.0, 2007-05-24 manufacturing data now lives in Sector E, not Sector 0.

Version 1.0, 2006-11-16 added some example data values from Quanta.

Version 0.2, 2006-09-14 added approvals process, added wp/ww to tags list, specified tag registration process

Version 0.1, 2006-09-13

Specification

Location

The manufacturing data shall start at SPI FLASH offset 0xeffff and grow downwards. 2K of space is currently "reserved" for this purpose, although at that time of this writing (2007-05-24, ROM version Q2C14), there is nothing else in that 64K sector, so the 2K limit is not hard and fast.

Historical note: Prior to the C-series firmware, i.e. up to and including Q2B87, the manufacturing data was located at the end of the first 64K sector of the SPI FLASH chip, growing down toward the "EC" code area. The VSA code was above the upper boundary of the manufacturing data.

Rationale

This rationale is obsolete now that the manufacturing data is no longer in the EC sector, but remains here for historical background.

  • Placing the manufacturing data near the EC code results in a single boundary below which the data is effectively immutable. This simplifies and increases the reliability of the code for field updates to OFW.
  • 64K is the size of an erase sector; the EC code plus the manufacturing data should "never need to be erased".
  • The current size of the EC code is approximately 16K, so there should be plenty of space for manufacturing data within that 64K sector.

Data Format

The manufacturing data shall be stored using the following extensible tagged representation:

  1. Each item shall consist of a tag header plus optional binary data.
  2. There are two tag formats - a 4-byte format that can have from 0 to 127 bytes of data, and a 5-byte format that can have from 0 to 16383 bytes of data (the practical limit is less because of the overall size limits on the manufacturing data area).
    1. The 4-byte tag shall consist of:
      1. Two name bytes, each containing a case-sensitive 7-bit ASCII character
      2. A length byte whose binary value is from 0 to 127, indicating the number of additional data bytes (not including the 4-byte tag).
      3. A check byte whose binary value is the one's complement of the length byte
    2. The 5-byte tag shall consist of:
      1. Two name bytes, each containing a case-sensitive 7-bit ASCII character
      2. A check byte whose binary value is from 128 to 255, computed as described below.
      3. A low length byte (0..127), containing the 7 least significant bits of the data length
      4. A high length byte (0..127), containing the 7 most significant bits of the data length.
      5. The data length is given by ((high_length << 7) + low_length). (If the most-significant bit of either low_length or high_length is set, the tag is invalid.)
      6. The check byte value is calculated as (low_length ^ high_length ^ 0xff). Note that this guarantees that the most-significant bit of the check byte will be 1, thus distinguishing the 5-byte tag from the 4-byte tag format.
  3. The list of manufacturing data is the concatenation of individual items.
  4. The list grows in the "downward" direction, reflecting the fact that the manufacturing data is stored at the end of a region.
  5. There is no padding for alignment purposes - each tagged item is immediately adjacent to (i.e. just below) its predecessor.
  6. The end of the list is denoted by the absence of a valid tag "after" (i.e. at the address just below) the last item.
  7. Within a tagged item, the order of bytes is:
    1. Highest address: second name character
    2. Highest address minus 1: first name character
    3. Highest address minus 2: length byte of 4-byte format (0-127) or check byte of 5-byte format (128-255)
    4. Highest address minus 3: check byte (~length) of 4-byte format or low length of 5-byte format
    5. Highest address minus 4: last data byte (if any) of 4-byte format or high length byte of 5-byte format
    6. Highest address minus 5: next-to-last data byte (if any) of 5-byte format or last data byte (if any) of 5-byte format
    7. ... (additional data bytes)
  8. The interpretation of the data bytes within an item varies from name to name; code that operates on such data must know the appropriate data interpretation for the names that it uses. (But see also #Data Value Encoding Conventions .)

Rationale

  • The list grows down because it has to start at a known location at the end of an erase sector
  • The order of characters within tag names makes it easier to "visually parse" the data when looking at memory dumps, with no adverse effect on program code.
  • Note that a valid check byte always has the most-significant bit set, and the other three tag bytes always have that bit clear.
  • Erased FLASH storage (all bytes FF) does not constitute a valid tag, nor does all-zero storage.
  • Software that inspects specific items of manufacturing data need not understand the details of all tags. It can just skip tags to find the one it's looking for.
  • Appending a tag to the end of the list involves skipping to the end of the list and writing the new tag.
  • Changing the value of an existing tag is difficult, except for the special case of changing some bits from 1 to 0 (which can be done without erasing the FLASH).
  • It is possible to distinguish the 4-byte and 5-byte header formats from either direction. From the direction of the name bytes (going downward in memory), if the next byte is <128, it is the 4-byte format. Conversely, from the direction of the data bytes (going upward in memory), if the next byte is <128, it is the 5-byte format.
  • The 5-byte format is not supported by any firmware version <= q2c28, and systems <= C1 do not have any 5-byte tags. It follows that systems that use 5-byte tags must have firmware > q2c29.

Write Protect Behavior

  1. Prior to starting execution of the main operating system, the bootloader shall control the hardware write protection for the SPI FLASH as follows:
    1. If the location of the first tag (i.e. the bytes at SPI FLASH offset 0xfffc-0xffff) is erased (i.e. all four byte values are 0xff), the bootloader shall not enable the hardware write protection.
    2. If the location of the first tag contains a valid tag with the name 'ww' and zero data length (i.e. 'w' at 0xffff, 'w' at 0xfffe, 0x0 at 0xfffd , and 0xff at 0xfffc), the bootloader shall not enable the hardware write protection.
    3. Otherwise, the bootloader shall enable the hardware write protection.

Rationale

  • The "all erased" clause handles the "virgin FLASH" case, for initial manufacturing procedures.
  • The "ww" clause enables the possibility of "incremental logging" during the manufacturing flow. The first manufacturing phase that adds an item to the manufacturing data area creates a "ww" tag at the beginning. Subsequent phases can extend the list with other tags as necessary. The final step in the manufacturing flow changes the "ww" to "wp", thus causing the bootloader to enable write protection.
  • Note that changing "ww" to "wp" drives three bits from 1 to 0, which can be done without erasing. The only way to return to "ww" (or to 0xff) is to erase the entire sector.
  • (Need a link to the document defining the auto-bootloader-update procedure).

Data Value Encoding Conventions

  1. The following conventions should be observed when defining data formats for new tags:
    1. Store text strings with the first character at the lowest address, null terminated.
    2. Store variable length text strings using only the amount of space needed (including the null terminator).
    3. Consider storing numeric values as human-readable ASCII text when it is reasonable to do so.
    4. Store multi-byte binary numbers in little-endian form, i.e. with the least-significant byte at the lowest address.

Rationale

  • The order of characters within text strings makes it easier to "visually parse" the data when looking at memory dumps, while also being easier (or at least no harder) to operate on with program code.
  • Null termination makes it easy to use C library routines.
  • There's no need to pad out strings to a predefined maximum length, because the tag encapsulation can tell you the actual length.
  • Note that there is no guarantee that multi-byte binary numbers will be naturally-aligned.

Tag Registration

  1. The most recent version of this document at http://wiki.laptop.org/go/Manufacturing_Data contains the definitive list of tag names and values.
  2. The method for arbitrating changes to the list is as follows: Someone associated with the OLPC project will be designated as the gatekeeper of the list. The gatekeeper is currently Mitch Bradley, wmb@firmworks.com . Upon request, the gatekeeper will add tags to the list. Such requests should include complete definitions of the proposed new tags and their value encodings.

Rationale

  • The assumption is that new tags will be defined infrequently.

Defined Tags

Use '.mfg-data' at the OK prompt to get the tag settings.
(In the tag name DQ, the "first name character" is "D", the "second name character" is "Q")

Tag NameData Length
(including null)
ReqMeaningEncoding
ww0Write Allow(No Data) Presence at beginning of tag list prevents bootloader from enabling hardware write protect of SPI FLASH. This can be used to allow incremental updates to the tag list during multiple manufacturing phases. See #Write Protect Behavior. Set by disable-security.
wp0Write Protect(No Data) Change 'ww' to 'wp' to enable hardware write protect. Note that if the first tag is not 'ww', write protect will be enabled, so if the entire tag list is written at once (no incremental tagging), it is not necessary to include the 'wp' tag. Set by enable-security.
ak0oActivation Key(No Data) Presence of this field indicates that this system is persistently activated, requiring no temporal lease to run the operating system. Open Firmware uses this as an input to its secure boot algorithm. For certain SKUs, this field might be set at the factory.
dk0oDeveloper Key(No Data) Presence of this field indicates that this system is persistently unlocked and can be used without going through the Open Firmware secure boot algorithm. Typically, this flag would not be set at the factory, but would instead be added to the manufacturing data by individuals who have acquired a developer key and wish to unlock the machine permanently. Overrides the wp tag on XO-1 and XO-1.5 only.
rt0oRTC Anti-rollback(No Data) Presence of this field enables the RTC Anti-rollback feature as described in RTC Anti-rollback
SN12YSerial NumberFormat: AABYWWSSSSS

AA - Area, where SH is QSMC (Shanghai), and CS is CSMC (Changshu)
B - Factory. C is QSMC F2, F is QSMC F6
Y - Last digit of year of production
WW - ISO week number of production
SSSSS - unique identifier (in hex)

Example: SHF80801FA0 is a laptop made at QSMC in Factory 6 (F), in 2008 during the 8th week, given the unique ID (for that week) of 01FA0
SG1Board RevisionExample: 0xC2. A single binary byte whose hexadecimal representation matches the "letter number" designation of the board revision. The value for an XO-1 B2 machines was 0xB2, for B3 was 0xB3, and for B4 was 0xB4. For XO-1 C1 machines, the value was 0xA9, due to an error of unknown origin. For XO-1 C2 versions (MP), this value was 0xC2. For XO-1.5, 0xD0 indicates A2, 0xD1 indicates B2, 0xD2 indicates B3, 0xD3 indicates C1, and 0xD4 indicates a C2 version (and MP).
B#15Motherboard NumberExample: QTFLCA72400085
U#37YUUID#Example: DADD886B-C2F7-4B9C-89CB-43B9A81A388C (Random Generate)
P#12YPart NumberExample: 1CL11ZU0KD9
M#4Product Model NumberExample: CL1C
LAvariesYCountry CodeThree-letter ISO 3166-1-alpha-3 country code specifying the target country for this system. (See http://en.wikipedia.org/wiki/ISO_3166-1_alpha-3). In prototype systems, the use of this tag was inconsistent, sometimes specifying the target country and sometimes specifying the target country's predominant language. The meaning for future systems is hereby clarified to be the country, not the language. In cases where the same SKU is to be used for multiple countries, this field should contain the name of an arbitrary one of those countries. The detailed use of this field is unspecified, but the OS might, for instance, use it as a "hint" in case other fields are missing (as with prototype systems) or insufficiently specific.
LOvariesYProduct LocalizationDefault value for the POSIX locale (LANG environment variable). The Linux startup code uses this to configure the language environment. If not present, the Linux startup code will chose a default according to some heuristic. Example value: en_US.UTF-8
KA111YKeyboard ASCII mapSpecifies the keyboard key numbers for the US ASCII characters on this system's keyboard. This lets Open Firmware automatically adapt to different keyboard layouts. See #Keyboard ASCII Map.
KMvariesYKeyboard Model"olpc" for the OLPC rubber membrane keyboard, "olpcm" for the newer OLPC mechanical keyboard; see below
KLvariesYKeyboard LayoutLayout of the keyboard: "es", "fi", "us,ar", "us,ru"; see table below for settings for OLPC Keyboards
KVvariesYKeyboard VariantKeyboard variant for OLPC Keyboards; see below.
CC11Configuration CodeExample: 2222XXXXXX
F#3Factory NumberExample: F6
L#2Line NumberExample: H
S#11SWID #OS Build that was loaded in the factory. Example: CL1XL00406
T#13TSWID#Example: TSIMG_V3.0.2
WM18YWireless MAC #Example: 00-17-C4-03-56-8A
MN5Model NameExample: XO-1.5 HS
BV6BIOS VersionExample: Q2C18
TS3Test StationExample: DL for DOWNLOAD (SMT/ASSY/DL/RUNIN/FINAL/SHIP/FQA) (See this tip on using this tag to disable pretty boot.)
BD3Boot DeviceExample: u:\boot\olpc.fth cifs:\\user:password@10.20.0.2\directory\olpc.fth
This is the value of the boot-device list to use in the manufacturing phase indicated by the TS tag. XO-1.5 and later only.
MS3Manufacturing ServerExample: cifs:\\user:password@10.20.0.2\directory\
This is the server to use in the manufacturing phase indicated by the TS tag.
SS3SMT StatusExample: EN (for END), ST (for START)
FQ3FQAExample: NA (START/END)
SD7SWDL DateExample: 20071017 (for 17 November 2007)
MD16Manufacturing DateExample: 20081014T200700Z (for 14 October 2008, 8:07:00 PM UTC)
md16Manufacturing Grace PeriodBetween manufacturing and distribution, this tag will exist, and after ten days at next boot the tag will be automatically changed to MD.
SKvariesStock Keeping Unit numberThe SKU number, expressed as a decimal number in ASCII, null terminated, without leading zeros. Examples: "1" (length is 2 including null), "13" (length 3 including null), "237" (length 4 including null).
AP0Auto PowerWhen external power is applied, the laptop will power up if it was on when the power failed. (On XO-1 requires Q2F05 or later.) Note that if the laptop battery is missing, or runs down low enough over time (which will require weeks after a shutdown due to low battery), the "power-on" state will be lost and the laptop will not turn back on when power is reapplied.
CP0Constant PowerWhen external power is applied, the laptop will power up unconditionally. (On XO-1 requires Q2F05 or later.)
TIvariesTouchscreen InversionUsed by OFW's EXC7200 touchscreen driver. If the value string contains the letter 'x', the driver will invert the X axis. If the value string contains the letter 'y', the driver will invert the Y axis. Otherwise, or if the tag is not present, the driver will not invert those axes. This is intended for development use, on the small number of XO-3 systems fitted with non-OLPC touchscreens. It is not needed for OLPC touchscreens.
NNvariesnetwork namedefault network name (ESSID) for wireless.

The "Req" field indicates which tags are required for proper operation of the laptop. The KA tag is required unless the keyboard type is US, in which case OFW will default to the correct key map. The ak and dk flags may be viewed as required, if they were already set!

Keyboards

The scheme selected (using the KM, KL, and KV flags) maps directly to the X Window System Xkb extension.

The AK field is used to designate pre-activated or not activated coming out of the factory. 'Yes' means the AK flag exists in the mfg-data; and the laptop is pre-activated. 'No' means there is no AK flag, and the laptop will have to be activated at the delivery site.

The KM field is the model of the keyboard: For the OLPC rubber membrane keyboard, its value is "olpc". For the OLPC mechanical keyboard, its value is "olpcm". Note that the KM values "olpc" and "olpcm" have different meanings than the KV values "olpc" and "olpc2". KM specifies the physical keyboard hardware, whereas KV indicates different ways that software can interpret a given keyboard.

The KL field specifies the layouts on the keyboard. Keyboards may have multiple layouts, which can be switched between at run time. The names for these layouts generally bear resemblance to ISO country codes, as a given keyboard is often (but not necessarily) in use in particular countries. One or more layouts can be present on a keyboard. If there are multiple layouts, the layout codes are separated by the "," character.

The KV field specifies one or more variant usage plans for a given layout. Example values include strings such as "olpc", "olpc2", "dvorak", "winkeys", "bksl", and comma-separated lists of such base values. It is important to understand that KV does not specify the physical layout, but rather changes the way that the "xkb" X Keyboard Extension software interprets the keys for a given layout. For example, either the "olpc" or "olpc2" variant can be used for the OLPC rubber keyboard. When the "olpc" variant is in use, the multiply and divide keys are treated as multiply and divide. When the "olpc2" variant is in use, those keys are treated as "switch group".

The OLPC mechanical keyboard does not have multiply and divide keys, so there is no effective difference between KV=olpc and KV=olpc2 for that keyboard. The variation only affects key codes that the mechanical keyboard cannot generate. Therefore, including "olpc2" in the KV value list for the mechanical keyboard is pointless, but probably harmless.

The LO field is both language and region specific: The first two letters are the language code; the second two letters are the country code. Note that many langauge/region variants can share a common keyboard, e.g., Russian (ru_RU) and Ukrainian (uk_UA) both use the Cyrillic keyboard, but will need different SKUs to accommodate the different language settings on the laptop.

Keyboard LayoutAKKMKLKVLOSKU(s)KA Reference†Comment
US International keyboardyesolpcusolpcen_US.UTF-81,2,19 27, 33, 34, 39, 44, 45usDevelopers, other
US International keyboardyesolpcusolpcen_US.UTF-820,28,21usAlabama, Nigeria (temp), Rwanda (temp)
Spanish keyboardnoolpcesolpces_UY.UTF-85,6,18,40esUruguay, Paraguay
Spanish keyboardnoolpcesolpces_MX.UTF-83,4,17esMexico/Peru
Spanish keyboardyesolpcesolpces_UY.UTF-826esGeneral Spanish laptops
Portuguese keyboardyesolpcbrolpcpt_BR.UTF-810,42ptBrasil
Amharic keyboardnoolpcus,etolpc2,basicam_ET.UTF-811usEthiopia
Arabic keyboardyesolpcus,araolpc2,olpcar_EG.UTF-87,41us
Nigerian keyboardyesolpcngolpcen_US.UTF-89us(?)(US/International keyboard only) for Igbo, Yoruba, and Hausa
French keyboardyesolpcfrolpcfr_FR.UTF-8fr(not approved for MP)
Thai keyboardyesolpcus,tholpc2,olpcth_TH.UTF-88usThailand
Urdu keyboardyesolpcus,pkolpc2,olpcur_PK.UTF-812usPakistan
Cyrillic keyboardyesolpcus,ruolpc2,olpcuk_UA.UTF-830usRussia
Turkish keyboardyesolpctrolpctr_TR.UTF-8usTurkish-Q approved
Nepali keyboardyesolpcus,npolpc2,olpcne_NP.UTF-815, 46usNepal
Mongolian keyboardyesolpcus,mnolpc2,olpcmn_MN.UTF-813,43usMongolia
Kazakh keyboardyesolpcus,kzolpc2,olpckk_KZ.UTF-8us(not approved for MP)
Devanagari keyboardyesolpcus,inolpc2,olpchi_IN.UTF-814usIndia
Dari keyboardyesolpcus,afolpc2,fa-olpcfa_AF.UTF-822usAfghanistan
Uzbec keyboardyesolpcus,afolpc2,uz-olpcuz_AF.UTF-8us
Pashto keyboardyesolpcus,afolpc2,pa-olpcps_AF.UTF-8us
Khmer keyboardyesolpcus,kholpc2,olpckm_KH.UTF-825usCambodia
Pulaar keyboardyesolpcffolpcff_SN.UTF-8 (not approved for MP)
Armenian keyboardyesolpcus,amolpc2,olpchy_AM.UTF-8us(not approved for MP)
Italian keyboardyesolpcitolpcit_IT.UTF-823itItaly
French Canadian keyboardyesolpccaolpcht_HT.UTF-824htKreyòl for Haiti
†KA Reference is a hint as to which Keyboard ASCII Map to load for both OFW and the Console. It is not the actual KA string, which is described below, but it can be used with the 'loadkeys' command on the console (It should match the value of the KEYTABLE field in /etc/sysconfig/keyboard).

Keyboard ASCII Map

The KA tag specifies the locations of US ASCII characters on the keyboard. It is primarily intended for use by Open Firmware, whose command character set is US ASCII. This tag makes it unnecessary to revise the firmware for new keyboard layouts.

The tag value is a compact encoding specifying the keyboard scanset-1 scan codes that generate US ASCII characters. The encoding takes advantage of these facts and assumptions to save space:

  • Scanset-1 values are less than 0x60 for keys in the alpha/numeric/punctuation region.
  • The lower case letters a-z are always on unshifted keys and the upper case equivalents are generated with the Shift key.
  • The numbers and punctuation characters can be unshifted, shifted, or in the AltGr map.
  • If a particular key combination results in a printable ASCII character, holding down the Ctrl key will result in the corresponding control character.
  • The dedicated keys that generate the ASCII characters Esc, Tab, Enter, Erase, and Space and the non-ASCII function and arrow keys are the same for all keyboard layouts.

Given those assumptions, 68 scancodes must be specified:

  • 26 unshifted scancodes for a-z
  • 42 possibly-modified scancodes for numbers and punctuation

The KA tag value consists of 110 data bytes plus an extra null terminator byte. Bytes 0-25 are the scancodes for a-z. Bytes 26-109 are 42 pairs of bytes, each pair consisting of a scancode and a keymap number, for numbers and punctuation. Byte 110 is an extra null terminator byte to protect the data from any software that might strip a trailing null from tag values.

Bytes 26-109 specify characters in this order:

   0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

The first byte of pair is the scancode number, the second is the keymap number, as follows:

NumberKeymap
0Unshifted
1Shifted
2AltGr

The firmware keyboard driver currently has only these three maps; it does not distinguish between shifted and unshifted AltGr variants, nor does it have a special keymap for the Function key.

For ASCII codes with no corresponding key, the scancode and keymap numbers should be 0, but it is best not to leave such "holes" in the ASCII character set.