Secure upgrade

This page describes how to do a re-flash of an activated laptop.

This process destroys all the data on the internal flash memory of the laptop, wiping out all user data, and resetting the laptop to booting from a new, standard, signed operating system build.

Make sure you won't lose your activation lease

G1G1 recipients do not need a lease, and should skip this section.

(Here we check to see whether your laptop has the ak flag set or an activation lease. This doesn't work if your laptop won't boot, so if you're doing this upgrade to get your laptop to start booting again, just proceed to the next section and do the upgrade.)

1. Get to a terminal on the laptop, and type: ls /security
   • On XO-1 this requires root permissions. Press the Alt+Ctrl+Mesh keys together to get to the console, log in as root and then enter the command above as stated.
   • If there is a lease.sig file, you will want to save this lease before re-flashing the laptop.
     1. To do so, insert a USB stick, wait for it to mount, and then type: cp /security/lease.sig /media/{name_of_usb_stick}
     2. Then, switch to the home view, go to the journal, mouse over the USB icon, and click unmount.
     3. Remove the USB stick from the USB slot, but make sure the lease.sig file is stored on it. You will have to boot the laptop with this USB stick inserted after the upgrade.
   • If there is no lease.sig file, your manufacturing data is probably set for pre-activation, and you probably don't need to do anything.
   • If you want to check that this is in fact true, in a terminal, type: ls /ofw/mfg-data/
   • If there is an 'ak' there, then the laptop is pre-activated.

Upgrade the Activated Laptop

(To put the latest signed image on the laptop, follow these steps)

1. Create a USB stick with the os{number}.img and fs.zip file at the top level of the disk.
   • You can get these files from the latest official release
2. With the USB stick inserted, power up while holding all four game buttons on the right side of screen.
3. When prompted to 'release the game keys', do so.
   • This will re-write the internal flash memory image.
4. Once done with this re-flash, the laptop will reboot itself.
5. Next, the laptop may update the boot firmware, if necessary, and reboot itself.
6. After done with the upgrade(s), the laptop will either boot to the prompt for a name (if you have an ak flag), or fail to boot because it's not activated.
7. If your laptop failed to boot, insert the USB stick with lease.sig on it, and boot the laptop. (So, can this be the same USB stick?)
   • This should get you to the prompt for a name.
8. Go to the terminal, and check that the laptop is at the version you wanted. (Run the command 'cat /etc/issue') (Does "the terminal" mean the Terminal activity, or Ctrl-Alt-mesh?)
9. type root, enter, and poweroff to shut down the laptop. (One can't simply type 'root' in the Terminal activity.)