Android/Security: Difference between revisions
< Android
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
Removes the boot menu, because the boot menu is implemented in olpc.fth, and olpc.fth is not used during secure boot. |
Removes the boot menu, because the boot menu is implemented in olpc.fth, and olpc.fth is not used during secure boot. |
||
== proposed for next release == |
|||
* set up for signing using [[Firmware security#Making_New_Deployment_Keys|firmware security]] and the bios-crypto source, |
|||
* copy /boot/alt/vmlinuz and /boot/alt/initrd.img from the [[Android]] build, |
|||
* sign the Android kernel |
|||
sign-os.sh os vmlinuz runos4.zip |
|||
* sign the Android ramdisk |
|||
sign-os.sh os initrd.img runrd4.zip |
|||
* place both in /boot/alt, |
|||
* link the activation mode to the Sugar activation kernel and ramdisk, |
|||
ln -s ../runos4.zip actos4.zip |
|||
ln -s ../actrd4.zip actrd4.zip |
|||
* sign the Q7B39 firmware release with the deployment firmware key, |
|||
* copy the signed bootfw4.zip file to /boot/ |
|||
* test booting using the [[Cheat codes|O game key]] to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled, |
|||
* test booting using the [[Cheat codes|rocker down key]] to display the boot menu. |
Revision as of 22:48, 10 April 2014
Firmware security for the Android and Sugar build.
- set up for signing using firmware security and the bios-crypto source,
- copy /boot/kernel and /boot/ramdisk from the Android build,
- sign the Android kernel
sign-os.sh os vmlinuz runos4.zip
- sign the Android ramdisk
sign-os.sh os initrd runrd4.zip
- make a /boot/alt directory,
mkdir alt
- place both in /boot/alt,
- link the activation mode to the Sugar activation kernel and ramdisk,
ln -s ../runos4.zip actos4.zip ln -s ../actrd4.zip actrd4.zip
- test booting using the O game key to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled.
Removes the boot menu, because the boot menu is implemented in olpc.fth, and olpc.fth is not used during secure boot.
proposed for next release
- set up for signing using firmware security and the bios-crypto source,
- copy /boot/alt/vmlinuz and /boot/alt/initrd.img from the Android build,
- sign the Android kernel
sign-os.sh os vmlinuz runos4.zip
- sign the Android ramdisk
sign-os.sh os initrd.img runrd4.zip
- place both in /boot/alt,
- link the activation mode to the Sugar activation kernel and ramdisk,
ln -s ../runos4.zip actos4.zip ln -s ../actrd4.zip actrd4.zip
- sign the Q7B39 firmware release with the deployment firmware key,
- copy the signed bootfw4.zip file to /boot/
- test booting using the O game key to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled,
- test booting using the rocker down key to display the boot menu.