Insecure Upgrade

From OLPC
Revision as of 22:15, 12 December 2007 by AlexL (talk | contribs)
Jump to navigation Jump to search

This page is on how to re-flash an insecure laptop.

Save your developer Key if you have one

  1. Determine whether you have a developer key or a non-write protected machine.
    • Start up the laptop, and press esc to get to the ok prompt when you get the chance.
    • If the screen you are at has a little XO person on it and an unlocked lock symbol, you're laptop has a developer key.
      1. You should save your developer key before re-flashing, as it will be overwritten.
      2. Boot fully into sugar.
      3. Insert a clean usb key.
      4. Go to the terminal, and type:
        • mkdir /media/{name_of_usbkey}/security
        • cp /security/develop.sig /media/{name_of_usbkey}/security/
      5. Save this key for after you're done re-flashing, as you'll need to insert it to boot the laptop insecurely, and then you will want to copy it back to /security.
    • Otherwise, you're laptop is not write protected.
      • You can double check this by typing ok .mfg-data
      • The first thing listed should be 'ww'
  2. You can either follow the section below on doing an 'Insecure Re-flash,' or you can do a secure re-flash by following the instructions on Activated Upgrade under 'Upgrade the Activated Laptop' and replacing the key with lease.sig on it with your key that has /security/develop.sig on it.
    • Also note, that if you have a non-write protected machine, the firmware will not re-flash itself when you do a secure re-flash. The way to force this is to hold the 'x' button on bootup (with the key that has fs.zip and os{num}.img inserted). This will turn security on for just this boot, and the firmware will be re-flashed.

Insecure Re-flash

  1. First ensure you have a power adapter AND battery plugged into the laptop.
  2. For B3 or B4 units that have a really old build (406.14), you need to first flash the firmware
    1. Press the power button and hold all four gamekeys; then hit ESC when you get the message that you have 3 seconds to hit escape.
    2. Insert a USB key with the latest Firmware on it
    3. At the OK prompt type: 'flash u:{path_to_rom}'
    4. When it powers down hold the power button until it stays off (it will want to reboot).
  3. To put the latest signed image on the laptop, follow these steps
    1. Create a USB key with the os{number}.img and fs.zip file at the root.
    2. Insert the usb key into the shut down laptop.
    3. If you are not up to the latest firmware, Power up the laptop while holding the X button (forces secure boot)
    4. When it says 'release the game keys', release the button.
      • The laptop will rewrite the flash and reboot the laptop.
      • Hit esc to get to the ok prompt, and powerdown the laptop (hold the power button)
    5. With the usb key inserted, power up while holding all four game buttons.
    6. When it says 'release the game keys', release all buttons.
      • This will re-write the nand image.
    7. Once done with the nand re-flash, the laptop will reboot, and get to a prompt for a name.
    8. Press the Alt+Ctrl+Mesh keys together to get to the terminal, and check that the laptop is at the version you wanted.
    9. Type root, enter, and poweroff to shut down the laptop.
  4. To put a development build on the laptop, follow these steps
    1. Create a USB key based on the page Autoreinstallation image
    2. Insert the USB key into the laptop
    3. If you aren't at the latest firmware, follow the steps above for flashing the firmware on B3, B4, etc...
    4. Power up the laptop while holding the square button.
      • This will re-flash the nand image.
    5. When the laptop is done re-flashing, it will reboot the laptop up to the prompt for a name.
    6. Press the Alt+Ctrl+Mesh keys together to get to the terminal, and check that the laptop is at the version you wanted.
    7. Either shutdown the laptop by typing, root, enter, poweroff, or press Alt+Ctrl+Home to go back to the name prompt, and continue with the booting process.