Secure upgrade

From OLPC
Revision as of 22:08, 2 January 2008 by LFaraone (talk | contribs)
Jump to navigation Jump to search
  This page is monitored by the OLPC team.

This page describes how to do a re-flash of an activated laptop.

This process destroys all the data on the internal flash memory of the laptop, wiping out all user data, and resetting the laptop to booting from a new, standard, signed operating system build.

Steps for Activated Upgrade, in Plain English

  For the general public

(for G1G1 Recipients)

0. Before performing the upgrade, please note that EVERYTHING previously created will be deleted!

1. You need a USB stick that is larger than 300 MB, and it is better that you format it before copying any files over.

2. Once you have the formatted USB stick, download the following two files from the Internet:

http://download.laptop.org/xo-1/os/official/653/jffs2/fs.zip

http://download.laptop.org/xo-1/os/official/653/jffs2/os653.img

(the second file is quite large, so it might take a while to download)

  • To download those files, please plug in the USB stick to another computer that is connected to the Internet. Open each of the above two URLs in the browser. You should see a message asking you whether to save/open the file. Save both files to the USB stick. Eject/Remove the USB stick, and unplug it.


3. Make sure the XO laptop is OFF. Plug in the USB stick.

4. With the USB stick inserted, power up the laptop while holding down ALL four game buttons on the right side of screen (the four buttons above the power button, and they are marked with O, V, X, and square).

5. When the screen says 'release the game keys', release all four buttons.

6. You will see arrays of colored grids running on the screen. We are now re-writing the NAND image.

7. Once done with re-writing the NAND, the laptop will reboot itself.

8. Next, the laptop may update the firmware, if necessary, and reboot itself. (You don't have to do anything; just watch.)

9. After done with the upgrade(s), the laptop will boot to the prompt for your preferred user name.

10. Go to the Terminal activity (click on the taskbar icon; it looks like a rectangle with a $ on the upper left corner) and type the following:

  cat /etc/issue
  • The screen should say something like [olpc@xo-05-2D-2F ~]$

The numbers don't matter, but be sure that you type things after the $ sign.

11. Press the Enter key

12. If the screen says something that begins with

  OLPC build 653

then we are one step closer to finishing the upgrade process!

13. Type the following:

  poweroff

14. Press the Enter key

15. Now the laptop is off. You should be able to remove the USB stick and power it up as usual.

Which are the game keys?

The four buttons to the lower right of the screen, with a square, circle, X, and checkmark on them. —Joe 09:32, 21 December 2007 (EST)

How to determine version?

How do you determine which version you are running?

Run the command 'cat /etc/issue'.


Make sure you won't lose your activation lease

G1G1 recipients do not need a lease, and should skip this section.

(Here we check to see whether your laptop has the ak flag set or an activation lease. This doesn't work if your laptop won't boot, so if you're doing this upgrade to get your laptop to start booting again, just proceed to the next section and do the upgrade.)

  1. Get to a terminal on the laptop, and type: ls /security
    • On XO-1 this requires root permissions. Press the Alt+Ctrl+Mesh keys together to get to the console, log in as root and then enter the command above as stated.
    • If there is a lease.sig file, you will want to save this lease before re-flashing the laptop.
      1. To do so, insert a USB stick, wait for it to mount, and then type: cp /security/lease.sig /media/{name_of_usb_stick}
      2. Then, switch to the home view, go to the journal, mouse over the USB icon, and click unmount.
      3. Remove the USB stick from the USB slot, but make sure the lease.sig file is stored on it. You will have to boot the laptop with this USB stick inserted after the upgrade.
    • If there is no lease.sig file, your manufacturing data is probably set for pre-activation, and you probably don't need to do anything.
    • If you want to check that this is in fact true, in a terminal, type: ls /ofw/mfg-data/
    • If there is an 'ak' there, then the laptop is pre-activated.

Upgrade the Activated Laptop

To put the latest signed image on the laptop, follow these steps:

  1. Create a USB stick with the files os{number}.img and fs.zip on the disk in the top-level directory. (We recommend that you use a "factory-formatted" USB stick.)
  2. With the USB stick inserted into your XO, power up while holding down all four game buttons on the right side of screen.
  3. When prompted to release the game keys, do so.
    • This will re-write the internal flash memory image.
  4. Once done with this re-flash, the laptop will reboot itself.
  5. Next, the laptop may update the boot firmware, if necessary, and reboot itself.
  6. After done with the upgrade(s), the laptop will either boot to the prompt you for a name. (If the laptop is not activated, it will fail to boot; all G1G1 laptops are shipped activated.)
  7. From the Terminal activity check that the laptop is at the version you wanted by typing the command:
cat /etc/issue

(If your laptop failed to boot, insert the USB stick with lease.sig on it, and boot the laptop. This can be the same USB stick you used in Step 1 above. This should get you to the prompt for a name.)