OS builder generated ZD, 4 button install on unlocked XO1

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OS builder generated ZD, 4 button install on unlocked XO1

George Hunt

I've been exploring an exchange with James Cameron:

  <I wrote>
 So then as I understand it, on an unlocked machine, the installers would need to type "fs-update 32018ht0.zd" at the OK> prompt to kick off the install.  Is that correct?

<James responded>
No, an unlocked machine will work like a locked machine when given the
four game keys held on boot.

I've been trying to generate an unsigned ZD image that will load with the 4 button install.

I've generated an unsigned fs0.zip and placed the xxx.ZD and fs0.zip in the root directory of a USB key.

The firmware finds the fs0.zip, but complains "no signature for our key list".

There's probably some setting in os-builder that I have not found yet.


_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OS builder generated ZD, 4 button install on unlocked XO1

James Cameron-2
On Sun, Jan 17, 2016 at 11:04:30AM -0800, George Hunt wrote:

>
> I've been exploring an exchange with James Cameron:
>
>   <I wrote>
>  So then as I understand it, on an unlocked machine, the installers would need
> to type "fs-update 32018ht0.zd" at the OK> prompt to kick off the install.  Is
> that correct?
>
> <James responded>
> No, an unlocked machine will work like a locked machine when given the
> four game keys held on boot.
>
> I've been trying to generate an unsigned ZD image that will load with the 4
> button install.
>
> I've generated an unsigned fs0.zip and placed the xxx.ZD and fs0.zip in the
> root directory of a USB key.

Your fs0.zip must be signed.

> The firmware finds the fs0.zip, but complains "no signature for our key list".

Your key list must be changed.

> There's probably some setting in os-builder that I have not found yet.

http://wiki.laptop.org/go/OSBuilder#Signing_preparation shows steps for preparing a builder for signing.

http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/README?h=v7.0 describes the signing module in the builder.

http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support describes how to change the key list on a laptop.  Add an o1 tag using the add-tag-from-file command.  This is straightforward on unlocked laptops.

--
James Cameron
http://quozl.netrek.org/
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OS builder generated ZD, 4 button install on unlocked XO1

George Hunt
The context that got me started on this was Sora's desire for an easy way to install the os builder image you were helping her with. She was needing to process 400 units, and you suggested that the 4 button install would work in that instance on unlocked xo1 devices.

If I self sign the fs0.zip, there's still the issue of introducing my key into the keylist of the unlocked laptops.

I guess you were suggesting that she use a small olpc.fth stub to introduce her own key into each of the laptops, so that the self signed fs0.zip would be accepted by the firmware, and the install would proceed.

For Adam's Unleashedkids project, I'm wondering if there is an olpc.fth file, that includes fs-update , and would work on an xo1, installing to an SD card, similar to the one documented for  xo1.5, xo1.74, xo4, at http://wiki.laptop.org/go/Firmware/Storage#How_to_automatically_install_an_unsigned_build

Or do you suggest that I take the self signing approach?

On Mon, Jan 18, 2016 at 12:16 AM, James Cameron <[hidden email]> wrote:
On Sun, Jan 17, 2016 at 11:04:30AM -0800, George Hunt wrote:
>
> I've been exploring an exchange with James Cameron:
>
>   <I wrote>
>  So then as I understand it, on an unlocked machine, the installers would need
> to type "fs-update 32018ht0.zd" at the OK> prompt to kick off the install.  Is
> that correct?
>
> <James responded>
> No, an unlocked machine will work like a locked machine when given the
> four game keys held on boot.
>
> I've been trying to generate an unsigned ZD image that will load with the 4
> button install.
>
> I've generated an unsigned fs0.zip and placed the xxx.ZD and fs0.zip in the
> root directory of a USB key.

Your fs0.zip must be signed.

> The firmware finds the fs0.zip, but complains "no signature for our key list".

Your key list must be changed.

> There's probably some setting in os-builder that I have not found yet.

http://wiki.laptop.org/go/OSBuilder#Signing_preparation shows steps for preparing a builder for signing.

http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/README?h=v7.0 describes the signing module in the builder.

http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support describes how to change the key list on a laptop.  Add an o1 tag using the add-tag-from-file command.  This is straightforward on unlocked laptops.

--
James Cameron
http://quozl.netrek.org/


_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OS builder generated ZD, 4 button install on unlocked XO1

James Cameron-2
Our 13.2.6 build for SD on XO-1 contains an olpc.fth with fs-update encapsulated in a zip bundle which is then signed.  So it already supports four button install.

It boils down to; if you need four button install, you must use keys.

On Mon, Jan 18, 2016 at 06:09:37AM -0800, George Hunt wrote:

> The context that got me started on this was Sora's desire for an easy way to
> install the os builder image you were helping her with. She was needing to
> process 400 units, and you suggested that the 4 button install would work in
> that instance on unlocked xo1 devices.
>
> If I self sign the fs0.zip, there's still the issue of introducing my key into
> the keylist of the unlocked laptops.
>
> I guess you were suggesting that she use a small olpc.fth stub to introduce her
> own key into each of the laptops, so that the self signed fs0.zip would be
> accepted by the firmware, and the install would proceed.
>
> For Adam's Unleashedkids project, I'm wondering if there is an olpc.fth file,
> that includes fs-update , and would work on an xo1, installing to an SD card,
> similar to the one documented for  xo1.5, xo1.74, xo4, at [1]http://
> wiki.laptop.org/go/Firmware/Storage#
> How_to_automatically_install_an_unsigned_build
>
> Or do you suggest that I take the self signing approach?
>
> On Mon, Jan 18, 2016 at 12:16 AM, James Cameron <[2][hidden email]> wrote:
>
>     On Sun, Jan 17, 2016 at 11:04:30AM -0800, George Hunt wrote:
>     >
>     > I've been exploring an exchange with James Cameron:
>     >
>     >   <I wrote>
>     >  So then as I understand it, on an unlocked machine, the installers would
>     need
>     > to type "fs-update 32018ht0.zd" at the OK> prompt to kick off the
>     install.  Is
>     > that correct?
>     >
>     > <James responded>
>     > No, an unlocked machine will work like a locked machine when given the
>     > four game keys held on boot.
>     >
>     > I've been trying to generate an unsigned ZD image that will load with the
>     4
>     > button install.
>     >
>     > I've generated an unsigned fs0.zip and placed the xxx.ZD and fs0.zip in
>     the
>     > root directory of a USB key.
>
>     Your fs0.zip must be signed.
>    
>     > The firmware finds the fs0.zip, but complains "no signature for our key
>     list".
>
>     Your key list must be changed.
>    
>     > There's probably some setting in os-builder that I have not found yet.
>
>     [3]http://wiki.laptop.org/go/OSBuilder#Signing_preparation shows steps for
>     preparing a builder for signing.
>
>     [4]http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/
>     README?h=v7.0 describes the signing module in the builder.
>
>     [5]http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
>     describes how to change the key list on a laptop.  Add an o1 tag using the
>     add-tag-from-file command.  This is straightforward on unlocked laptops.
>    
>     --
>     James Cameron
>     [6]http://quozl.netrek.org/
>
> References:
>
> [1] http://wiki.laptop.org/go/Firmware/Storage#How_to_automatically_install_an_unsigned_build
> [2] mailto:[hidden email]
> [3] http://wiki.laptop.org/go/OSBuilder#Signing_preparation
> [4] http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/signing/README?h=v7.0
> [5] http://wiki.laptop.org/go/Firmware_security#Multiple-Key_Support
> [6] http://quozl.netrek.org/

--
James Cameron
http://quozl.netrek.org/
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel