The attached "saver.fth" is an improved version of the earlier script.
This one has an expiration date built in. If the system time is bad, or
if it is after Sept 12, the script won't run (it will display a message
and suspend, powering off when you bring it out of suspend).
The expiration date is on line 35; if the one-week expiration is too
short or too long, please change it.
I do not wish to participate in discussions of how long the interval
should be.
I have tested the script on a system with q2e15, with today's date and
with the system clock artificially set to a date after the expiration.
It works correctly in both cases. There are also a few error checks for
firmware that is so down-rev that a few key security functions are
missing. If those checks fail, the script tells you to update the
firmware. I don't know how old the UY firmware is.
Erik Garrison wrote:
Techteam and Security,
Attached is a 32-line OFW Forth script which, when run from OFW on a XO,
saves the NAND FLASH of the XO to a file on the usb flash drive from
which it is run, then shuts down the machine. For convenience the
filename corresponds to the equipment's serial number. Users are
notified if an error occurs during the process.
The script is necessary because it allows the acquisition of such images
in cases where the laptop is locked, unbootable, or it is otherwise
inconvenient or impossible to acquire a developer key so that the NAND
FLASH can be copied from OFW. It will allow us to speed the acquisition
of system images from the field and improve available feedback about the
usage of our systems in the wild.
I wrote the script with the guidance of Mitch Bradley, and have tested
it from the OFW prompt of an unlocked machine.
Please approve and sign this image ASAP so that it can be used to copy
the disk images of unsecured laptops here in Uruguay. There is some
time sensitivitiy to this issue, as I only have one more day at LATU to
acquire NAND images to start testing our upgrade systems.
Erik
\ OLPC Boot Script for automatically saving OS images
\ by Erik Garrison <[EMAIL PROTECTED]>
\ with help from Mitch Bradley <[EMAIL PROTECTED]>
\ Version number
." syscopy key version: 2008-09-04 19:02Z" cr
screen-ih stdout ! \ show output to show process progress
no-page \ but don't use the pager, because the keyboard isn't turned on
\ (the keyboard is only turned on if we boot holding down a game key)
' . to .error \ suppress fancy abort messages
' noop to load-started \ suppress the load progress spinner
' noop to ?show-device \ suppress the boot progress icons
' false to auto-boot? \ suppress automatic booting after this finishes
\needs halt code halt hlt c;
: $die ( message$ -- )
red-letters type cr
suspend \ Save power while showing message
h# 8000 0 acpi-l! \ The WAK_FLAG bit prevents power-off
power-off
begin halt again \ Just in case power-off fails
;
: must-update ( -- ) " Update firmware" $die ;
\needs expiration-to-seconds must-update
\needs date-bad? must-update
\needs current-seconds must-update
: ?expire-script ( -- )
date-bad? if
" The date on this machine is invalid." $die
then
" 20080912T000000Z" expiration-to-seconds 0= if ( seconds )
current-seconds <= if
" This script has expired." $die
then
then
;
h# 100 buffer: $cmd-buf
: save-named-image ( -- ) \ save NAND image to USB storage device
?expire-script
" save-nand " $cmd-buf place ( )
make-sn-name $cmd-buf $cat ( )
$cmd-buf count ( adr len )
." Saving system NAND FLASH" cr ( adr len )
['] evaluate catch if ( x x )
" Save failed - try another USB key" $die ( x x )
then ( )
green-letters ." Save complete, powering off in three seconds" cr ( )
d# 3000 ms power-off
;
save-named-image
_______________________________________________
Security mailing list
[email protected]
http://lists.laptop.org/listinfo/security
