10.1.0/Signature procedure

From OLPC
< 10.1.0
Revision as of 21:19, 17 December 2009 by DanielDrake (talk | contribs) (New page: Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Due to changes in the XO-1.5 hardware and the tools used to build the OS images, the signature procedure has changed a little for 10.1.0. It is a more manual process than before, but it is also hoped to be a one-off; the next OS release will be built from a revamped build tool.

  • Take the (unsigned image) that you want to build, and install it onto an XO
    • this should be the final -rc release that was announced
  • Copy kernel, and initramfs and firmware from the booted XO onto USB
    • the files you want are /boot/vmlinuz /boot/initrd.img and /boot/bootfw.zip
  • On your workstation, sign the kernel and firmware, using the tools in bios-crypto/build
./makekey mykey
./sign-os.sh mykey vmlinuz runos.zip
./sign-os.sh mykey initrd.img runrd.zip
./livecd-iso-to-xo.sh osXX.iso osXX signedcontent.zip
  • Create .zd and .zsp files from the output .img from livecd-iso-to-xo:
zhashfs 0x20000 sha256 osXX.img osXX.zsp osXX.zd
  • Create a fs.zip made with your own signature
./sign-zsp.sh mykey osXX.zsp