Android/Security
< Android
Jump to navigation
Jump to search
Firmware security for the Android and Sugar build.
- set up for signing using firmware security and the bios-crypto source,
- copy /boot/kernel and /boot/ramdisk from the Android build,
- sign the Android kernel
sign-os.sh os vmlinuz runos4.zip
- sign the Android ramdisk
sign-os.sh os initrd runrd4.zip
- make a /boot/alt directory,
mkdir alt
- place both in /boot/alt,
- link the activation mode to the Sugar activation kernel and ramdisk,
ln -s ../runos4.zip actos4.zip ln -s ../actrd4.zip actrd4.zip
- test booting using the O game key to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled.
Removes the boot menu, because the boot menu is implemented in olpc.fth, and olpc.fth is not used during secure boot.
proposed for next release
- set up for signing using firmware security and the bios-crypto source,
- copy /boot/alt/vmlinuz and /boot/alt/initrd.img from the Android build,
- sign the Android kernel
sign-os.sh os vmlinuz runos4.zip
- sign the Android ramdisk
sign-os.sh os initrd.img runrd4.zip
- place both in /boot/alt,
- link the activation mode to the Sugar activation kernel and ramdisk,
ln -s ../runos4.zip actos4.zip ln -s ../actrd4.zip actrd4.zip
- sign the Q7B39 firmware release with the deployment firmware key,
- copy the signed bootfw4.zip file to /boot/
- test booting using the O game key to select Android, or no O game key to select Sugar, using the X game key to enable security if it is not enabled,
- test booting using the rocker down key to display the boot menu.
- implemented svn 3722 and q7b38ja,