Collection stick: Difference between revisions

Revision as of 14:24, 24 June 2010

A Collection stick is a USB flash storage device (USB stick) that is used to collect Developer keys, the unique cryptographic signatures for XO laptops that permit access to the system firmware.

Note: Collection sticks were previously called Collection keys, but the use of key in this context is overloaded with alternate meanings and leads to confusion.

Making a collection stick

You'll need a FAT-formatted or FAT32-formatted USB storage device for this, as well as a computer with internet access. The USB storage device does not need to be empty.

Create a /boot directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector stick to gather data from a number of XOs, there may be a laptops.dat file in the /boot directory. Do not delete laptops.dat.)
On the computer with internet access, Actos.zip and Runos.zip (source code) into that /boot directory. You should now have 2 files (3, if you have laptops.dat in a /boot directory on the root of your USB storage device.

Collecting with a collection stick

For each XO you need a developer key from:

Make sure the XO is powered off.
Plug the USB storage device into the XO, then power it on.
You will see a graphical "XO" screen and then a short message like "SHFxxxxxxxx nnnnnnnnnnnnnnn; Laptop data recorded successfully". The XO will then power itself off or otherwise indicate that it is done.
Remove the USB storage device from the XO.

When you have finished this process on all the XOs you need developer keys from, plug the USB storage device into the computer with Internet access and attach the /laptops.dat file from the USB storage device to an email to help at laptop dot org indicating whether you want a developer key or an activation key.

Making an Unlock stick

(formerly called an Unlock key) You will receive back one or two files from OLPC after submitting your laptops.dat file (this may take several days). Here is what to do once you get these files.

Get a USB storage device. This can be your old Collection stick; you will have to rename the /boot directory to something else like /collection. If you don't do this, your laptop will just re-run the collection script.
If you requested a Developer key: You will get a file called develop.sig. Make a directory called security/ in the root directory of your USB storage device and copy this file into it.
If you requested an activation key: You will get a file called lease.sig. Copy this file into the root directory of your USB storage device.

You are now ready to use your Unlock stick.

Unlocking with an Unlock stick

For each XO you are trying to unlock:

Make sure the XO is powered off.
Plug the USB storage device into the XO, then power it on.
That's it!
Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see #Permanently unlocking with an Unlock stick.

Permanently unlocking with an Unlock stick

Activation keys

No action is required. Activation keys are automatically copied to /security/lease.sig on your XO. Keep the activation key around (or copy it to your School Server) in case you later need to reflash the XO.

Developer keys

When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key). This is your indication that the Developer key has been found.

To permanently disable secure booting, press Escape and type "disable-security", then power cycle and repeat that command. See Activation and developer keys.

The Developer key is not automatically copied to your laptop's internal flash memory. You can do that by copying security/develop.sig from the USB flash drive into /security/develop.sig on the XO. You'll need to be root in a Terminal activity to do that.

sudo cp /media/USBDRIVE/security/develop.sig /security/develop.sig

@@ Line 1: / Line 1: @@
+<noinclude>{{TOCright}}
-== Making a collection key ==
+[[Category:Firmware]]
+[[Category:Security]]
+[[Category:Deployment]]
+<noinclude>
+A '''Collection stick''' is a USB flash storage device (USB stick) that is used to collect '''Developer keys''', the unique cryptographic signatures for XO laptops that permit access to the system [[Firmware|firmware]].
+'''Note:''' Collection sticks were previously called Collection keys, but the use of key in this context is overloaded with alternate meanings and leads to confusion.
+== Making a collection stick ==
 You'll need a FAT-formatted or FAT32-formatted USB storage device for this, as well as a computer with internet access. The USB storage device does not need to be empty.
-# Create a <code>/boot</code> directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector key to gather data from a number of XOs, there may be a <code>laptops.dat</code> file in the <code>/boot</code> directory. Do not delete <code>laptops.dat</code>.)
+# Create a <code>/boot</code> directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector stick to gather data from a number of XOs, there may be a <code>laptops.dat</code> file in the <code>/boot</code> directory. Do not delete <code>laptops.dat</code>.)
 # On the computer with internet access, [[media:Actos.zip|Actos.zip]] and [[media:Runos.zip|Runos.zip]] [http://dev.laptop.org/git?p=users/cscott/actkey (source code)] into that <code>/boot</code> directory. You should now have 2 files (3, if you have <code>laptops.dat</code> in a <code>/boot</code> directory on the root of your USB storage device.
-== Collecting with a collection key ==
+== Collecting with a collection stick ==
-For each XO you need a key for:
+For each XO you need a developer key from:
 # Make sure the XO is powered off.
@@ Line 15: / Line 24: @@
 # Remove the USB storage device from the XO.
-When you have finished this process on all the XOs you need developer keys for, plug the USB storage device into the computer with internet access and attach the <code>/laptops.dat</code> file from the USB storage device to an email to <code> help at laptop dot org </code> indicating whether you want a [[developer key]] or an [[activation key]].
+When you have finished this process on all the XOs you need developer keys from, plug the USB storage device into the computer with Internet access and attach the <code>/laptops.dat</code> file from the USB storage device to an email to <code> help at laptop dot org </code> indicating whether you want a [[developer key]] or an [[activation key]].
-== Making an unlock key ==
+== Making an Unlock stick ==
+(formerly called an Unlock key)
 You will receive back one or two files from OLPC after submitting your <code>laptops.dat</code> file (this may take several days). Here is what to do once you get these files.
-# Get a USB storage device. This can be your old collection key; you will have to rename the <tt>/boot</tt> directory to something else like <tt>/collection</tt>. If you don't do this, your laptop will just re-run the collection script.
+# Get a USB storage device. This can be your old Collection stick; you will have to rename the <tt>/boot</tt> directory to something else like <tt>/collection</tt>. If you don't do this, your laptop will just re-run the collection script.
-# '''If you requested a developer key:''' You will get a file called <tt>'''develop.sig'''</tt>. Make a directory called <tt>'''security/'''</tt> in the root directory of your USB storage device and copy this file into it.
+# '''If you requested a Developer key:''' You will get a file called <tt>'''develop.sig'''</tt>. Make a directory called <tt>'''security/'''</tt> in the root directory of your USB storage device and copy this file into it.
 # '''If you requested an activation key:''' You will get a file called <tt>'''lease.sig'''</tt>. Copy this file into the root directory of your USB storage device.
-You are now ready to use your unlock key.
+You are now ready to use your Unlock stick.
-== Unlocking with an unlock key ==
+== Unlocking with an Unlock stick ==
 For each XO you are trying to unlock:
@@ Line 34: / Line 43: @@
 # Plug the USB storage device into the XO, then power it on.
 # That's it!
-# Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see [[#Permanently unlocking with an unlock key]].
+# Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see [[#Permanently unlocking with an Unlock stick]].
-== Permanently unlocking with an unlock key ==
+== Permanently unlocking with an Unlock stick ==
 === Activation keys ===
-No action is required. Activation keys are automatically copied to <tt>'''/security/lease.sig'''</tt> on your XO.  Keep the activation key around (or copy it to your school server) in case you later need to reflash the XO.
+No action is required. Activation keys are automatically copied to <tt>'''/security/lease.sig'''</tt> on your XO.  Keep the activation key around (or copy it to your School Server) in case you later need to reflash the XO.
 === Developer keys ===
-When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key).  This is your indication that the developer key has been found.
+When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key).  This is your indication that the Developer key has been found.
 To permanently disable secure booting, press ''Escape'' and type "<tt>disable-security</tt>", then power cycle and repeat that command.  See [[Activation_and_developer_keys#Disable_the_security_system|Activation and developer keys]].
-The developer key is not automatically copied to your laptop's internal flash memory.  You can do that by copying <tt>security/develop.sig</tt> from the USB flash drive into <tt>'''/security/develop.sig'''</tt> on the XO.  You'll need to be [[root]] in a [[Terminal activity]] to do that.
+The Developer key is not automatically copied to your laptop's internal flash memory.  You can do that by copying <tt>security/develop.sig</tt> from the USB flash drive into <tt>'''/security/develop.sig'''</tt> on the XO.  You'll need to be [[root]] in a [[Terminal activity]] to do that.
  sudo cp /media/USBDRIVE/security/develop.sig /security/develop.sig

Collection stick: Difference between revisions

Revision as of 14:24, 24 June 2010

Contents

Making a collection stick

Collecting with a collection stick

Making an Unlock stick

Unlocking with an Unlock stick

Permanently unlocking with an Unlock stick

Activation keys

Developer keys

Navigation menu

Collection stick: Difference between revisions

Revision as of 14:24, 24 June 2010

Making a collection stick

Collecting with a collection stick

Making an Unlock stick

Unlocking with an Unlock stick

Permanently unlocking with an Unlock stick

Activation keys

Developer keys

Navigation menu

Search