Collection stick: Difference between revisions
m (moved Collection key to Collection stick: avoid confusion with activation/developer/other keys which are cryptograpic files) |
No edit summary |
||
Line 1: | Line 1: | ||
<noinclude>{{TOCright}} |
|||
⚫ | |||
[[Category:Firmware]] |
|||
[[Category:Security]] |
|||
[[Category:Deployment]] |
|||
<noinclude> |
|||
A '''Collection stick''' is a USB flash storage device (USB stick) that is used to collect '''Developer keys''', the unique cryptographic signatures for XO laptops that permit access to the system [[Firmware|firmware]]. |
|||
'''Note:''' Collection sticks were previously called Collection keys, but the use of key in this context is overloaded with alternate meanings and leads to confusion. |
|||
⚫ | |||
You'll need a FAT-formatted or FAT32-formatted USB storage device for this, as well as a computer with internet access. The USB storage device does not need to be empty. |
You'll need a FAT-formatted or FAT32-formatted USB storage device for this, as well as a computer with internet access. The USB storage device does not need to be empty. |
||
# Create a <code>/boot</code> directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector |
# Create a <code>/boot</code> directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector stick to gather data from a number of XOs, there may be a <code>laptops.dat</code> file in the <code>/boot</code> directory. Do not delete <code>laptops.dat</code>.) |
||
# On the computer with internet access, [[media:Actos.zip|Actos.zip]] and [[media:Runos.zip|Runos.zip]] [http://dev.laptop.org/git?p=users/cscott/actkey (source code)] into that <code>/boot</code> directory. You should now have 2 files (3, if you have <code>laptops.dat</code> in a <code>/boot</code> directory on the root of your USB storage device. |
# On the computer with internet access, [[media:Actos.zip|Actos.zip]] and [[media:Runos.zip|Runos.zip]] [http://dev.laptop.org/git?p=users/cscott/actkey (source code)] into that <code>/boot</code> directory. You should now have 2 files (3, if you have <code>laptops.dat</code> in a <code>/boot</code> directory on the root of your USB storage device. |
||
== Collecting with a collection |
== Collecting with a collection stick == |
||
For each XO you need a key |
For each XO you need a developer key from: |
||
# Make sure the XO is powered off. |
# Make sure the XO is powered off. |
||
Line 15: | Line 24: | ||
# Remove the USB storage device from the XO. |
# Remove the USB storage device from the XO. |
||
When you have finished this process on all the XOs you need developer keys |
When you have finished this process on all the XOs you need developer keys from, plug the USB storage device into the computer with Internet access and attach the <code>/laptops.dat</code> file from the USB storage device to an email to <code> help at laptop dot org </code> indicating whether you want a [[developer key]] or an [[activation key]]. |
||
⚫ | |||
⚫ | |||
(formerly called an Unlock key) |
|||
You will receive back one or two files from OLPC after submitting your <code>laptops.dat</code> file (this may take several days). Here is what to do once you get these files. |
You will receive back one or two files from OLPC after submitting your <code>laptops.dat</code> file (this may take several days). Here is what to do once you get these files. |
||
# Get a USB storage device. This can be your old |
# Get a USB storage device. This can be your old Collection stick; you will have to rename the <tt>/boot</tt> directory to something else like <tt>/collection</tt>. If you don't do this, your laptop will just re-run the collection script. |
||
# '''If you requested a |
# '''If you requested a Developer key:''' You will get a file called <tt>'''develop.sig'''</tt>. Make a directory called <tt>'''security/'''</tt> in the root directory of your USB storage device and copy this file into it. |
||
# '''If you requested an activation key:''' You will get a file called <tt>'''lease.sig'''</tt>. Copy this file into the root directory of your USB storage device. |
# '''If you requested an activation key:''' You will get a file called <tt>'''lease.sig'''</tt>. Copy this file into the root directory of your USB storage device. |
||
You are now ready to use your |
You are now ready to use your Unlock stick. |
||
== Unlocking with an |
== Unlocking with an Unlock stick == |
||
For each XO you are trying to unlock: |
For each XO you are trying to unlock: |
||
Line 34: | Line 43: | ||
# Plug the USB storage device into the XO, then power it on. |
# Plug the USB storage device into the XO, then power it on. |
||
# That's it! |
# That's it! |
||
# Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see [[#Permanently unlocking with an |
# Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see [[#Permanently unlocking with an Unlock stick]]. |
||
== Permanently unlocking with an |
== Permanently unlocking with an Unlock stick == |
||
=== Activation keys === |
=== Activation keys === |
||
No action is required. Activation keys are automatically copied to <tt>'''/security/lease.sig'''</tt> on your XO. Keep the activation key around (or copy it to your |
No action is required. Activation keys are automatically copied to <tt>'''/security/lease.sig'''</tt> on your XO. Keep the activation key around (or copy it to your School Server) in case you later need to reflash the XO. |
||
=== Developer keys === |
=== Developer keys === |
||
When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key). This is your indication that the |
When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key). This is your indication that the Developer key has been found. |
||
To permanently disable secure booting, press ''Escape'' and type "<tt>disable-security</tt>", then power cycle and repeat that command. See [[Activation_and_developer_keys#Disable_the_security_system|Activation and developer keys]]. |
To permanently disable secure booting, press ''Escape'' and type "<tt>disable-security</tt>", then power cycle and repeat that command. See [[Activation_and_developer_keys#Disable_the_security_system|Activation and developer keys]]. |
||
The |
The Developer key is not automatically copied to your laptop's internal flash memory. You can do that by copying <tt>security/develop.sig</tt> from the USB flash drive into <tt>'''/security/develop.sig'''</tt> on the XO. You'll need to be [[root]] in a [[Terminal activity]] to do that. |
||
sudo cp /media/USBDRIVE/security/develop.sig /security/develop.sig |
sudo cp /media/USBDRIVE/security/develop.sig /security/develop.sig |
Revision as of 14:24, 24 June 2010
A Collection stick is a USB flash storage device (USB stick) that is used to collect Developer keys, the unique cryptographic signatures for XO laptops that permit access to the system firmware.
Note: Collection sticks were previously called Collection keys, but the use of key in this context is overloaded with alternate meanings and leads to confusion.
Making a collection stick
You'll need a FAT-formatted or FAT32-formatted USB storage device for this, as well as a computer with internet access. The USB storage device does not need to be empty.
- Create a
/boot
directory in the root of your USB storage device. If such a directory already exists, it should be empty. (Exception: if you have already used this collector stick to gather data from a number of XOs, there may be alaptops.dat
file in the/boot
directory. Do not deletelaptops.dat
.) - On the computer with internet access, Actos.zip and Runos.zip (source code) into that
/boot
directory. You should now have 2 files (3, if you havelaptops.dat
in a/boot
directory on the root of your USB storage device.
Collecting with a collection stick
For each XO you need a developer key from:
- Make sure the XO is powered off.
- Plug the USB storage device into the XO, then power it on.
- You will see a graphical "XO" screen and then a short message like "SHFxxxxxxxx nnnnnnnnnnnnnnn; Laptop data recorded successfully". The XO will then power itself off or otherwise indicate that it is done.
- Remove the USB storage device from the XO.
When you have finished this process on all the XOs you need developer keys from, plug the USB storage device into the computer with Internet access and attach the /laptops.dat
file from the USB storage device to an email to help at laptop dot org
indicating whether you want a developer key or an activation key.
Making an Unlock stick
(formerly called an Unlock key)
You will receive back one or two files from OLPC after submitting your laptops.dat
file (this may take several days). Here is what to do once you get these files.
- Get a USB storage device. This can be your old Collection stick; you will have to rename the /boot directory to something else like /collection. If you don't do this, your laptop will just re-run the collection script.
- If you requested a Developer key: You will get a file called develop.sig. Make a directory called security/ in the root directory of your USB storage device and copy this file into it.
- If you requested an activation key: You will get a file called lease.sig. Copy this file into the root directory of your USB storage device.
You are now ready to use your Unlock stick.
Unlocking with an Unlock stick
For each XO you are trying to unlock:
- Make sure the XO is powered off.
- Plug the USB storage device into the XO, then power it on.
- That's it!
- Note that this process only unlocks your XO once - if you want to unlock your XO permanently without needing to plug in the USB storage device every time you boot, see #Permanently unlocking with an Unlock stick.
Permanently unlocking with an Unlock stick
Activation keys
No action is required. Activation keys are automatically copied to /security/lease.sig on your XO. Keep the activation key around (or copy it to your School Server) in case you later need to reflash the XO.
Developer keys
When the XO boots the first time, you should see a textual prompt, which you will see within the first few seconds of booting (along with a short countdown to give you time to hit the Escape key). This is your indication that the Developer key has been found.
To permanently disable secure booting, press Escape and type "disable-security", then power cycle and repeat that command. See Activation and developer keys.
The Developer key is not automatically copied to your laptop's internal flash memory. You can do that by copying security/develop.sig from the USB flash drive into /security/develop.sig on the XO. You'll need to be root in a Terminal activity to do that.
sudo cp /media/USBDRIVE/security/develop.sig /security/develop.sig