Secure upgrade: Difference between revisions

From OLPC
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 111: Line 111:
# Plug in the USB key and boot
# Plug in the USB key and boot
# Immediately hit the "X" Escape key
# Immediately hit the "X" Escape key
# At the firmware '''OK''' prompt, type '''disable-security''' The XO should reboot. Leave in the USB key.
# At the firmware '''OK''' prompt, type '''copy-nand u:\os698.img'''. The XO should reboot once it is finished.
# At the firmware '''OK''' prompt, type '''copy-nand u:\os698.img'''. The XO should reboot once it is finished.
# You can't reenable security in the firmware until you have copied the develop.sig to /security/develop.sig. You'll need a root shell to do that; it can't be done from the Journal or the GUI.
# Leave the USB key in the XO
# You will get an error if you try to boot w/ the USB inserted now, but the XO should boot properly
# The developer key is not automatically copied to your laptop's internal flash memory. You can do that once you have Linux running on it, by copying security/develop.sig from the USB memory stick into /security/develop.sig in the root filesystem of the laptop. You'll need a root shell to do that; it can't be done from the Journal or the GUI.
# The XO will not boot unless you copy the develop.sig to /security/develop.sig
# The terminal is not part of some of the new base builds so you will have to install it separately using a [[Customization key]]
# The terminal is not part of some of the new base builds so you will have to install it separately using a [[Customization key]]



Revision as of 10:08, 12 March 2008

  This page is monitored by the OLPC team.

This page describes how to reinstall the operating system of an activated laptop.

This process destroys all the data on the laptop, wiping out all user data, and resetting the laptop to booting from a new, standard, signed operating system build. Please use olpc-update if you wish to keep your data.

Steps for Activated Upgrade, in Plain English

  For the general public


0. Before performing the upgrade, please note that EVERYTHING previously created will be deleted!

1. You need a formatted USB stick that is larger than 300 MB, and it is better that you format it before copying any files over.

2. Download the following two files from the Internet and put them on the USB stick:

http://download.laptop.org/xo-1/os/official/656/jffs2/fs.zip

http://download.laptop.org/xo-1/os/official/656/jffs2/os656.img

  • To download those files, plug in the USB stick to another computer that is connected to the Internet. Right-click (Ctrl-click for Mac) on each of the above two URLs in the browser and choose "Save Target As" ("Save Link As" for Firefox). Save both files to the USB stick. Eject/Remove the USB stick, and unplug it.

The first file is about 194KB, and the second file is quite large (about 293 MB), which might take a while to download.

After you have finished this step, there should be two files on the USB stick, the fs.zip file, and the img file.

3. Make sure the XO laptop is OFF. Make sure that the battery is installed, and that you have external (AC) power plugged in as well. Plug in the USB stick, and do not unplug it until instructed.

4. With the USB stick inserted, power up the laptop while holding down ALL four game buttons on the right side of screen (the four buttons above the power button, and they are marked with O, V, X, and square). Please be sure to press all of them firmly; use two thumbs if that helps.

5. When the screen says 'release the game key to continue', release all four buttons.

6. You will see arrays of colored grids running on the screen. We are now re-writing the laptop with the new operating system.

7. Once done with re-writing, the laptop will reboot itself.

8. Next, the laptop may update the firmware, if necessary, and reboot itself. (You don't have to do anything; just watch.)

9. After done with the update, the laptop will boot to the prompt for your preferred user name. You can now remove the USB key, and it is no longer needed.

Verify your update

10. Go to the Terminal activity (click on the taskbar icon Activity-terminal.svg)

  • The screen should say something like [olpc@xo-05-2D-2F ~]$
  • The numbers don't matter, but be sure that you type things after the $ sign.

11. Type the following to check which version you XO is running:

  cat /etc/issue

12. Press the Enter key

13. If the screen says something that begins with

  OLPC build 656

then we are one step closer to finishing the upgrade process!

14. Go to Home view and mouse over the XO guy in the center.

15. Select the "Shutdown" option to power off the machine. Now you should be able to power it up as usual, with build 656.


Make sure you won't lose your activation lease

G1G1 recipients do not need a lease, and should skip this section.

(Here we check to see whether your laptop has the ak flag set or an activation lease. This doesn't work if your laptop won't boot, so if you're doing this upgrade to get your laptop to start booting again, just proceed to the next section and do the upgrade.)

  1. Get to a terminal on the laptop, and type: ls /security
    • On XO-1 this requires root permissions. Press the Ctrl+Alt+Mesh key f1 small.png keys together to get to the console, log in as root and then enter the command above as stated.
    • If there is a lease.sig file, you will want to save this lease before re-flashing the laptop.
      1. To do so, insert a USB stick, wait for it to mount, and then type: cp /security/lease.sig /media/{name_of_usb_stick}
      2. Then, switch to the home view, go to the journal, mouse over the USB icon, and click unmount.
      3. Remove the USB stick from the USB slot, but make sure the lease.sig file is stored on it. You will have to boot the laptop with this USB stick inserted after the upgrade.
    • If there is no lease.sig file, your manufacturing data is probably set for pre-activation, and you probably don't need to do anything.
    • If you want to check that this is in fact true, in a terminal, type: ls /ofw/mfg-data/
    • If there is an 'ak' there, then the laptop is pre-activated.

Upgrade the Activated Laptop, with a Signed Image

To put the latest signed image on the laptop, follow these steps:

  1. Create a USB stick with the files os{number}.img and fs.zip on the disk in the top-level directory. (We recommend that you use a "factory-formatted" USB stick.)
  2. With the USB stick inserted into your XO, and the battery installed, and AC power plugged in, power up the laptop while holding down all four game buttons on the right side of screen.
  3. When prompted to release the game keys, do so.
    • This will re-write the internal flash memory image.
  4. Once done with this re-flash, the laptop will reboot itself.
  5. Next, the laptop may update the boot firmware, if necessary, and reboot itself.
  6. After done with the upgrade(s), the laptop will either boot to the prompt you for a name. (If the laptop is not activated, it will fail to boot; all G1G1 laptops are shipped activated.)
  7. From the Terminal activity check that the laptop is at the version you wanted by typing the command:
cat /etc/issue

(If your laptop failed to boot, insert the USB stick with lease.sig on it, and boot the laptop. This can be the same USB stick you used in Step 1 above. This should get you to the prompt for a name.)

Upgrade the Activated Laptop, with an Unsigned Image

To put an unsigned image (not a stable release), follow these steps:

  1. Create a USB stick with the files os{number}.img and os{number}.img.crc on the disk in the top-level directory. (We recommend that you use a "factory-formatted" USB stick.)
  2. Create a folder security on the top-level and place your develop.sig in this folder. Go to the Activation and Developer Keys page for details on how to get a develop.sig developer key
  3. Plug in the USB key and boot
  4. Immediately hit the "X" Escape key
  5. At the firmware OK prompt, type disable-security The XO should reboot. Leave in the USB key.
  6. At the firmware OK prompt, type copy-nand u:\os698.img. The XO should reboot once it is finished.
  7. You can't reenable security in the firmware until you have copied the develop.sig to /security/develop.sig. You'll need a root shell to do that; it can't be done from the Journal or the GUI.
  8. You will get an error if you try to boot w/ the USB inserted now, but the XO should boot properly
  9. The terminal is not part of some of the new base builds so you will have to install it separately using a Customization key

Note: There currently do not appear to be fs.zip files for some of the newer builds. That is why you need to manually run the copy-nand command. Berrybw 05:55, 12 March 2008 (EDT)