Secure upgrade

From OLPC
Jump to navigation Jump to search
  This page is monitored by the OLPC team.

This page describes how to do a re-flash of an activated laptop.

Make sure you won't lose your activation lease

(Check to see whether your laptop has the ak flag set or an activation lease)
NOTE: G1G1 recipients do not have to worry about losing the lease. Skip this section.

  1. Get to a terminal on the laptop, and type: ls /security
    • On XO-1 this requires root permissions. Press the Alt+Ctrl+Mesh keys together to get to the console, log in as root and then enter the command above as stated.
    • If there is a lease.sig file, you will want to save this lease before re-flashing the laptop.
      1. To do so, insert a USB stick, wait for it to mount, and then type: cp /security/lease.sig /media/{name_of_usb_stick}
      2. Then, switch to the home view, go to the journal, mouse over the USB icon, and click unmount.
      3. Remove the USB stick from the USB slot, but make sure the lease.sig file is stored on it. You will have to boot the laptop with this USB stick inserted after the upgrade.
    • If there is no lease.sig file, your manufacturing data is probably set for pre-activation, and you probably don't need to do anything.
    • If you want to check that this is in fact true, in a terminal, type: ls /ofw/mfg-data/
    • If there is an 'ak' there, then the laptop is pre-activated.

Upgrade the Activated Laptop

(To put the latest signed image on the laptop, follow these steps)

  1. Create a USB stick with the os{number}.img and fs.zip file at the root.
  2. With the USB stick inserted, power up while holding all four game buttons on the right side of screen.
  3. When it says 'release the game keys', release all buttons.
    • This will re-write the nand image.
  4. Once done with the nand re-flash, the laptop will reboot itself.
  5. Next, the laptop may update the firmware, if necessary, and reboot itself.
  6. After done with the upgrade(s), the laptop will either boot to the prompt for a name (if you have an ak flag), or fail to boot because it's not activated.
  7. If your laptop failed to boot, insert the USB stick with lease.sig on it, and boot the laptop. (So, can this be the same USB stick?)
    • This should get you to the prompt for a name.
  8. Go to the terminal, and check that the laptop is at the version you wanted. (Run the command 'cat /etc/issue')
  9. type root, enter, and poweroff to shut down the laptop.