[3mdeb blog]

Thoughts dereferenced from scratchpad noise

Failure of ECC508A crypto coprocessor initial triage with SAM G55 Xplained Pro Evaluation Kit

| Comments

Some time ago (around August 2016) embedded community media were hit with hype around simplified flow for AWS IoT provisioning (1, 2, 3). I’m personally very interested in all categories related to those news:

  • IoT – is 3mdeb business core and despite this term was largely abused these days, we just love to build connected embedded devices. Building this kind of devices is inherently related with firmware deployment, provisioning and update problems.

  • AWS – truly it is had to find similar level of quality and feature-richness and because I was lucky to invest my time and work with grandfather of AWS IoT (namely 2lemetry ThingFabric) I naturally try to follow this trend and make sure 3mdeb customers use best in class product in IoT cloud segment. To provide that service we try to be on track with all news related to AWS IoT.

  • Security – there will be not so much work for Embedded System Consultants if IoT will be rejected because of security issues. I’m sure I don’t have to convince anyone about important of security. Key is to see typical flow that we face in technology (especially in security area):

1
2
3
4
5
mathematics -> 
proof of concept software -> 
mature software -> 
hardware acceleration -> 
hardware implementation

AWS IoT cryptography is not trivial and doing it right is even more complex. Using crypt chips like ECC508A should simplify whole workflow.

Initial idea for this blog post was to triage ECC508A with some Linux or mbed OS enabled platform. Atmel SAM G55 seem to have support in mbed OS here, but diving into CryptoAuthentication with development stack that I’m not sure work fine is not best choice. That’s why I had to try stuff on Windows 10 and then after understanding things better I move to something more convenient.

I mostly relied on ATECC508A Node Authentication Example Using Asymmetric PKI Application Note.

What we need to start is:

Atmel Studio

Welcome in the world of M$ Windows. I wonder who get idea of excluding Mac and Linux users from Atmel SAM developers community, but this decision was really wrong. Of course there are options like ASF but this requires much more work for setup and is probably not feasible for initial triage post. Unfortunately number of examples in ASF is limited and I can’t find anything related to crypt or i2c.

Atmel Studio is obviously inspired or even build on Visual Studio engine.

CryptoAuthentication Node Basic Example Solution

To make things simple CryptoAuthentication Node Basic Example Solution.zip, which you can be downloaded here is 15MB and contain almost 2k of files. Download and unpack archive.

After starting Atmel Studio choose Open Project..., navigate to CryptoAuthentication example and choose node-auth-basic you should get funny pop-up that tells you to watch out for malicious Atmel Studio projects:

images

Then you have window with info Please select your project, so choose node-auth-basic, then try Build -> Rebuild Solution, of course this doesn’t work out of the box.

One of problems that I faced was described here this is just incorrect OPTIMIZE_HIGH macro. After fixing that both examples compile fine.

I realized that Atmel Studio use older ASF (3.28.1) then what is available (3.32.0), but upgrading ASF leads to upgrading whole project and take time. After upgrade you get report if everything went fine for your 2k files.

The problem with node-auth-basic is that it is not prepared for SAM G55. Whole code in AT88CKECC-AWS-XSTK documents target SAM D21. So you have to change target device and this is possible only after update. To change device enter node-auth-basic project properties and got to Device tab, then use Change Device find SAMG family and use SAMG55J19. Please note that SAM G55 devices are not visible if not change Show devices to All Parts. Result should look like this:

images

I can only imagine how outdated this post will be with next version of Atmel Studio.

Now we get more compilation errors:

1
2
Error       sam/sleepmgr.h: No such file or directory   node-auth-basic \
C:\(...)\cryptoauth-node-auth-basic\node-auth-basic\src\ASF\common\services\sleepmgr\sleepmgr.h 53

With above problem I started to think I’m getting really useless expertise. The issue was pretty clear – we compile for SAMG not for SAMD and we need different header.

ASF installation madness

Moreover when I tried to reinstall ASF I had to register on Atmel page which complained on LastPass and identify my location as Russian Federation (despite I’m in Poland). Of course Atmel Studio open Edge to login me into their website. This whole IDE sucks and do a lot of damage to Atmel – how I can recommend them after all that hassle ? Then after going through password/login Windows 10 detect that something is wrong with Atmel Studio and decided that it have to be restarted. What I finally started installation I get this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2016-11-26 23:46:10 - Microsoft VSIX Installer
2016-11-26 23:46:10 - -------------------------------------------
2016-11-26 23:46:10 - Initializing Install...
2016-11-26 23:46:10 - Extension Details...
2016-11-26 23:46:10 -   Identifier      : 4CE20911-D794-4550-8B94-6C66A93228B8
2016-11-26 23:46:10 -   Name            : Atmel Software Framework
2016-11-26 23:46:10 -   Author          : Atmel
2016-11-26 23:46:10 -   Version         : 3.33.0.640
2016-11-26 23:46:10 -   Description     : Provides software drivers and libraries to build applications for Atmel devices. The minimum supported ASF version is 3.24.2.
2016-11-26 23:46:10 -   Locale          : en-US
2016-11-26 23:46:10 -   MoreInfoURL     : http://asf.atmel.com/docs/latest/
2016-11-26 23:46:10 -   InstalledByMSI  : False
2016-11-26 23:46:10 -   SupportedFrameworkVersionRange : [4.0,4.5]
2016-11-26 23:46:10 - 
2016-11-26 23:46:10 -   Supported Products : 
2016-11-26 23:46:10 -           AtmelStudio
2016-11-26 23:46:10 -                   Version : [7.0]
2016-11-26 23:46:10 - 
2016-11-26 23:46:10 -   References      : 
2016-11-26 23:46:10 - 
2016-11-26 23:46:14 - The extension with ID '4CE20911-D794-4550-8B94-6C66A93228B8' is not installed to AtmelStudio.
2016-11-26 23:46:28 - The following target products have been selected...
2016-11-26 23:46:28 -   AtmelStudio
2016-11-26 23:46:28 - 
2016-11-26 23:46:28 - Beginning to install extension to AtmelStudio...
2016-11-26 23:46:29 - Install Error : System.IO.IOException: There is not enough space on the disk.

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.WriteCore(Byte[] buffer, Int32 offset, Int32 count)
   at System.IO.FileStream.Write(Byte[] array, Int32 offset, Int32 count)
   at Microsoft.VisualStudio.ExtensionManager.ExtensionManagerService.WriteFilesToInstallDirectory(InstallableExtensionImpl extension, String installPath, ZipPackage vsixPackage, IDictionary`2 extensionsInstalledSoFar, AsyncOperation asyncOp, UInt64 totalBytesToWrite, UInt64& totalBytesWritten)
   at Microsoft.VisualStudio.ExtensionManager.ExtensionManagerService.InstallInternal(InstallableExtensionImpl extension, Boolean perMachine, Boolean isNestedExtension, IDictionary`2 extensionsInstalledSoFar, List`1 extensionsUninstalledSoFar, IInstalledExtensionList modifiedInstalledExtensionsList, AsyncOperation asyncOp, UInt64 totalBytesToWrite, UInt64& totalBytesWritten)
   at Microsoft.VisualStudio.ExtensionManager.ExtensionManagerService.BeginInstall(IInstallableExtension installableExtension, Boolean perMachine, AsyncOperation asyncOp)
   at Microsoft.VisualStudio.ExtensionManager.ExtensionManagerService.InstallWorker(IInstallableExtension extension, Boolean perMachine, AsyncOperation asyncOp)

This should be enough to throw it away. Of course I have ~500MB on disk, but this is not enough. I assume that MS way in Windows 10 of providing information to user is throwing exceptions or this was method of handling lack of free space in Atmel Studio.

I gave up

Couple more things that I found:

  • There is no easy way to convert examples for ECC508A to make them work with SAMG55 as those examples are mostly created for SAMD21. Clearly Atmel do a lot noise about 250USD kit for which you don’t have examples.
  • CryptoAuthentication library doesn’t have HAL for SAMG55
  • Atmel engagement in process of supporting community is poor, what can be found here 1,2
  • Full datasheet is available only under NDA

Summary

I waste lot of time to figure out that evaluation of well advertised product is terribly difficult. I’m sure that lack of knowledge of Atmel ecosystem probably added to my problems. I also didn’t bother to contact community, which is not fair to judge from my side.

Key idea behind this triage was to check ECC508A in environment suggested by manufacturer. It happens that manufacturer didn’t prepare infrastructure and documentation to be able to evaluate product in advertised way. Initial triage was needed for implementation in more complex system with Embedded Linux on board. Luckily during whole this process I found cryptoauth-openssl-engine Github repository. Which I will evaluate in next posts.

If you will struggle with similar problems and pass through some mentioned above or you successfully triaged ECC508A on AT88CKECC-AWS-XSTK please let me know. Other comments as always welcome.

Starting with Nucleo-F411RE and mbed OS for command line enthusiasts

| Comments

When I first time read about mbed OS I was really sceptical, especially idea of having web browser as my IDE and compiler in the cloud seems to be very scary to me. ARM engineers proved to provide high quality products, but this was not enough to me. Then I heard very good words about mbed OS IDE from Jack Ganssle, this was still not enough. Finally customers started to ask about this RTOS and I had to look deeper.

There are other well known OSes, but most of them have issues:

  • FreeRTOS – probably most popular, GPL license with exceptions and restrictions, doesn’t have drivers provided this is mostly filled by MCU vendor in SDK. This can lead to problems ie. lack of well supported DTLS library or specific communication protocol. It often happen that MCU vendors doesn’t maintain community, so code base grows internally and is not revealed.

  • RIoT – well known and popular, LGPL 2.1 license what is typically problematic when your work affect system core. Contain lot of features, but number of supported platforms is limited. Targeted at academics and hobbyists.

  • Zephyr – great initiative backed by Linaro, Linux Foundation, Qualcomm/NXP/Freescale and Intel. License Apache 2.0, which IMO is much better for embedded then (L)GPL. Unluckily this is brand new and support is very limited. For sure porting new platform to Zephyr can be great fun and principles are very good, but support is very limited and it will take time to make it mature enough to seriously consider in commercial product.

  • mbed OS – this one looks really great. Apache 2.0. Tons of drivers, clean environment, huge, good-looking and well written documentation. Wide range of hardware is already supported and it came from designed of most popular core in the world. Community is big but it is still not so vibrant as ie. RIoT.

Below I want to present Linux user experience from my first contact with mbed OS on Nucleo-F411RE platform.

images

First contact

I have to say that at first glance whole system is very well documented with great look and feel. Main site requires 2 clicks to be in correct place for Embedded System Engineer. In general we have 3 main path when we choose developer tools: Online IDE, mbed CLI and 3rd party. Last covers blasting variety of IDEs including Makefile and Eclipse CDT based GCC support.

Things that are annoying during first contact we web page:

  • way to contribute documentation is not clear
  • there is no description how to render documentation locally
  • can’t upload avatar on forum – no information what format and resolution is supported

But those are less interesting things. Going back to development environment for me 2 options where interesting mbed CLI and plain Makefile.

mbed CLI

I already have setup vitrualenv for Python 2.7:

1
pip install mbed-cli

First thing to like in mbed-cli is that it was implemented in Python. Of course this is very subjective since I’m familiar with Python, but it good to know that I can hack something that doesn’t work for me. Is is Open Source.

I also like the idea of mimicking git subcommands. More information about mbed CLI can be found in documentation.

It is also great that mbed CLI tries to manage whole program dependencies in structured way, so no more hassle with external libraries versioning and trying to keep sanity when you have to clone your development workspace. Of course this have to be checked on battlefield, since documentation promise may be not enough.

So first thing that hit me when trying to move forward was this message:

1
2
3
4
5
6
7
8
9
10
11
$ mbed new mbed-os-program                                                  
[mbed] Creating new program "mbed-os-program" (git)
[mbed] Adding library "mbed-os" from "https://github.com/ARMmbed/mbed-os" at branch latest
[mbed] Updating reference "mbed-os" -> "https://github.com/ARMmbed/mbed-os/#d5de476f74dd4de27012eb74ede078f6330dfc3f"
[mbed] Auto-installing missing Python modules...
[mbed] WARNING: Unable to auto-install required Python modules.
---
[mbed] WARNING: -----------------------------------------------------------------
[mbed] WARNING: The mbed OS tools in this program require the following Python modules: prettytable, intelhex, junit_xml, pyyaml, mbed_ls, mbed_host_tests, mbed_greentea, beautifulsoup4, fuzzywuzzy
[mbed] WARNING: You can install all missing modules by running "pip install -r requirements.txt" in "/home/pietrushnic/tmp/mbed-os-program/mbed-os"
[mbed] WARNING: On Posix systems (Linux, Mac, etc) you might have to switch to superuser account or use "sudo"

This appeared to be some problem with my distro:

1
2
3
4
5
6
(...)
    ext/_yaml.c:4:20: fatal error: Python.h: No such file or directory
     #include "Python.h"
                        ^
    compilation terminated.
(...)

This indicate lack of python2.7-dev package, so:

1
2
sudo aptitude update && sudo aptitude dist-upgrade
sudo aptitude install python2.7-dev

After verifying that you can create program, let’s try to get well known hello world for embedded:

1
mbed import https://github.com/ARMmbed/mbed-os-example-blinky

Toolchain

To compile example we need toolchain. The easiest way would be to get distro package:

1
sudo apt-get install gcc-arm-none-eabi

Now you should set toolchain configuration, if you won’t error like this may pop-up:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
$ mbed compile -t GCC_ARM -m NUCLEO_F411RE
Building project mbed-os-example-blinky (NUCLEO_F411RE, GCC_ARM)
Scan: .
Scan: FEATURE_BLE
Scan: FEATURE_UVISOR
Scan: FEATURE_LWIP
Scan: FEATURE_COMMON_PAL
Scan: FEATURE_THREAD_BORDER_ROUTER
Scan: FEATURE_LOWPAN_ROUTER
Scan: FEATURE_LOWPAN_BORDER_ROUTER
Scan: FEATURE_NANOSTACK
Scan: FEATURE_THREAD_END_DEVICE
Scan: FEATURE_NANOSTACK_FULL
Scan: FEATURE_THREAD_ROUTER
Scan: FEATURE_LOWPAN_HOST
Scan: FEATURE_STORAGE
Scan: mbed
Scan: env
Compile [  0.4%]: AnalogIn.cpp
[ERROR] In file included from ./mbed-os/drivers/AnalogIn.h:19:0,
                 from ./mbed-os/drivers/AnalogIn.cpp:17:
./mbed-os/platform/platform.h:22:19: fatal error: cstddef: No such file or directory
compilation terminated.

[mbed] ERROR: "python" returned error code 1.
[mbed] ERROR: Command "python -u /home/pietrushnic/tmp/mbed-os-example-blinky/mbed-os/tools/make.py -t GCC_ARM -m NUCLEO_F411RE --source . --build ./BUILD/NUCLEO_F411RE/GCC_ARM" in "/home/pietrushnic/tmp/mbed-os-example-blinky"
---

Toolchain configuration is needed:

1
mbed config --global GCC_ARM_PATH "/usr/bin"

But then we get another problem:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
$ mbed compile -t GCC_ARM -m NUCLEO_F411RE
Building project mbed-os-example-blinky (NUCLEO_F411RE, GCC_ARM)
Scan: .
Scan: FEATURE_BLE
Scan: FEATURE_UVISOR
Scan: FEATURE_LWIP
Scan: FEATURE_COMMON_PAL
Scan: FEATURE_THREAD_BORDER_ROUTER
Scan: FEATURE_LOWPAN_ROUTER
Scan: FEATURE_LOWPAN_BORDER_ROUTER
Scan: FEATURE_NANOSTACK
Scan: FEATURE_THREAD_END_DEVICE
Scan: FEATURE_NANOSTACK_FULL
Scan: FEATURE_THREAD_ROUTER
Scan: FEATURE_LOWPAN_HOST
Scan: FEATURE_STORAGE
Scan: mbed
Scan: env
Compile [  1.9%]: main.cpp
[ERROR] In file included from ./mbed-os/rtos/Thread.h:27:0,
                 from ./mbed-os/rtos/rtos.h:28,
                 from ./mbed-os/mbed.h:22,
                 from ./main.cpp:1:
./mbed-os/platform/Callback.h:21:15: fatal error: new: No such file or directory
compilation terminated.

[mbed] ERROR: "python" returned error code 1.
[mbed] ERROR: Command "python -u /home/pietrushnic/tmp/mbed-os-example-blinky/mbed-os/tools/make.py -t GCC_ARM -m NUCLEO_F411RE --source . --build ./BUILD/NUCLEO_F411RE/GCC_ARM" in "/home/pietrushnic/tmp/mbed-os-example-blinky"
---

I’m not sure what is the reason but I expect lack of g++-arm-none-eabi but it is not provided by Debian at this point. So its time to switch to toolchain downloaded directly from GNU ARM Embedded Toolchain page.

1
2
wget https://launchpadlibrarian.net/287101520/gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2
tar xvf gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2

Then change your global mbed configuration:

1
mbed config --global GCC_ARM_PATH "/path/to/gcc-arm-none-eabi-5_4-2016q3/bin"

Now compilation works without problems:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
$ mbed compile -t GCC_ARM -m NUCLEO_F411RE
Building project mbed-os-example-blinky (NUCLEO_F411RE, GCC_ARM)
Scan: .
Scan: FEATURE_BLE
Scan: FEATURE_UVISOR
Scan: FEATURE_LWIP
Scan: FEATURE_COMMON_PAL
Scan: FEATURE_THREAD_BORDER_ROUTER
Scan: FEATURE_LOWPAN_ROUTER
Scan: FEATURE_LOWPAN_BORDER_ROUTER
Scan: FEATURE_NANOSTACK
Scan: FEATURE_THREAD_END_DEVICE
Scan: FEATURE_NANOSTACK_FULL
Scan: FEATURE_THREAD_ROUTER
Scan: FEATURE_LOWPAN_HOST
Scan: FEATURE_STORAGE
Scan: mbed
Scan: env
Compile [  1.9%]: BusIn.cpp
Compile [  2.3%]: AnalogIn.cpp
Compile [  2.7%]: BusInOut.cpp
(...)
Compile [ 99.2%]: serial_api.c
[Warning] serial_api.c@333,35: unused variable 'tmpval' [-Wunused-variable]
[Warning] serial_api.c@821,27: unused variable 'tmpval' [-Wunused-variable]
[Warning] serial_api.c@823,27: unused variable 'tmpval' [-Wunused-variable]
[Warning] serial_api.c@825,27: unused variable 'tmpval' [-Wunused-variable]
[Warning] serial_api.c@827,27: unused variable 'tmpval' [-Wunused-variable]
[Warning] serial_api.c@954,23: unused variable 'tmpval' [-Wunused-variable]
Compile [ 99.6%]: stm_spi_api.c
Compile [100.0%]: test_env.cpp
Link: mbed-os-example-blinky
Elf2Bin: mbed-os-example-blinky
+--------------------+-------+-------+------+
| Module             | .text | .data | .bss |
+--------------------+-------+-------+------+
| Fill               |   130 |     4 |    5 |
| Misc               | 21471 |  2492 |  100 |
| drivers            |   118 |     4 |  100 |
| hal                |   536 |     0 |    8 |
| platform           |  1162 |     4 |  269 |
| rtos               |    38 |     4 |    4 |
| rtos/rtx           |  5903 |    20 | 6870 |
| targets/TARGET_STM |  5950 |     4 |  724 |
| Subtotals          | 35308 |  2532 | 8080 |
+--------------------+-------+-------+------+
Allocated Heap: unknown
Allocated Stack: unknown
Total Static RAM memory (data + bss): 10612 bytes
Total RAM memory (data + bss + heap + stack): 10612 bytes
Total Flash memory (text + data + misc): 37840 bytes

Object file test_env.o is not unique! It could be made from: ./mbed-os/features/frameworks/greentea-client/source/test_env.cpp /home/pietrushnic/tmp/mbed-os-example-blinky/mbed-os/features/unsupported/tests/mbed/env/test_env.cpp
Image: ./BUILD/NUCLEO_F411RE/GCC_ARM/mbed-os-example-blinky.bin

So we have binary now we would like to deploy it to target.

Test real hardware

To test build binary on Nucleo-F411RE the only thing is to connect board through mini USB and copy build result to mounted directory. In my case it was something like this:

1
cp BUILD/NUCLEO_F411RE/GCC_ARM/mbed-os-example-blinky.bin /media/pietrushnic/NODE_F411RE/

This is pretty weird interface for programming, but simplified to the maximum.

Serial console example

Modify your main.cpp with something like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#include "mbed.h"

DigitalOut led1(LED1);
Serial pc(USBTX, USBRX);

// main() runs in its own thread in the OS
// (note the calls to Thread::wait below for delays)
int main() {
    int i = 0;

    while (true) {
        pc.printf("%d\r\n", i);
        i++;
        led1 = !led1;
        Thread::wait(1000);
    }
}

Recompile and copy result as it was described above. To connect to device please check your dmesg:

1
2
3
4
5
6
7
$ dmesg|grep tty
[    0.000000] console [tty0] enabled
[    0.935792] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    3.219884] systemd[1]: Created slice system-getty.slice.
[    4.058666] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[10721.756835] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[10727.552536] cdc_acm 3-1:1.2: ttyACM0: USB ACM device

This means that your Nucleo registered /dev/ttyAMA0 device and to connect you can use minicom:

1
minicom -b 9600 -o -D /dev/ttyACM0 

Summary

I hope this tutorial add something or help resolving some issue that you may struggle with. As you can see mbed is not perfect, but it looks like it may serve as great replacement for previous environments ie. custom IDE from various vendors. What would be useful to verify is for sure OpenOCD with STLink to see if whole development stack is ready to use under Linux. In next post I will try to start work with Atmel SAM G55 and mbed OS.

Chromium GStreamer backed for i.MX6 research

| Comments

Recently I work on i.MX6 based project that requires video hardware decoding in web browser (best case in QtWebEngine, which is entire Chromium platform in Qt).

Chromium

After some research it appears that Chromium is not interested in providing external support for GStreamer-backed video hardware decoding. Truly going through all discussion related to this topic was very dissapointing. Typically Chromium developers just close thread when discussion started to be noisy and there mass of complaining people raised. If you want to go through that path you can read:

In short Chromium developers are concerned about security and portability issues with their browser. Something more have to be behind the scenes, because this explanation was proved to not be consistent across various Chromium features.

As side note for some x86/x86_64 platforms it is possible to enable video hardware decoding. I’m not sure where is the list of available platforms but this post show how to enable that experimental support. On my platform with GeForce GTX 960 it works fine.

Firefox

This lead me to check what is going on on Firefox side and results were better, but recently GStreamer backend was disabled because of bugs that it leads to.

Chromium GStreamer backend

Despite all above problems surprisingly Samsung came with solution (at least at first glance). Company published Chromium GStreamer Backend project, which doesn’t seem to have big community, but recent commits are from September, so 1.5 month old. There 2 main contributors both from Samsung.

How I gave up and pivot to other solution

I tried to approach Chromium building from scratch as described in Samsung documentation. Unfortunately it consumed a lot of effort. Hardware requirements are ridiculous (>16GB RAM and 100GB storage). Then it happened that procedures are for Ubuntu and do not align great with Debian (especially Sid). On the other hand I broke my system so many time that I’m very resistant to any additional system modification – at this point I’m really in favour of separating environment using Docker.

So after realizing how complex Chromium is I reconsidered approach and decided that I have to focus on making GStreamer video hardware acceleration work smoothly in Qt. Final result will be less flexible but will add less headache.

Summary

I wanted to drop this note for community and 3mdeb further reference. Hope anyone trying similar will read that and can decide if it is worth digging deeper. I had this passivity to pivot, but I assume there were situation when you will have to go deeper, if so please drop me note in comments. Also if you feel that things moved forward in above area it would be great to know.

SAMG55 + OLED1 Xplained Pro Hello World!

| Comments

SAMG55 – recognition in the field

If you are considering working on SAMG55 Xplained Pro board here you will find some basic know-how to quickly get you started.

What you will need?

In this example I will be using SAMG55 Xplained Pro with OLED1 extension board, and Atmel Studio 7.0 with Data Visualizer addon, wich requires Windows to work. This however should be similar for other board with EDBG debugger.

Word of explanation

Before we start taking any action:

  • EDBG – on board debugger, that will simplify debugging process, and allow us to easily program chip without any external tools.
  • ASF – Atmel Studio Framework, used for downloading and installing useful stuff, like libraries and APIs for specific extensions.

Getting started

To get to know the code, and typical project setup check out example projects, you can find there samples for many boards, their extensions and their usages. e.g. getting MAC address from WIPC1500 or finding avalaible AP using same board.

Adding Support for extensions

Get some extension to work with your code may be tricky, and not always will work out of the box. Let’s follow the process of enabling OLED1 Xplained Pro on SAMG55 Xplained Pro, using ASF Wizard. As a starting point, im going to use example project Getting-Started Application on SAM - SAMG55 wich gives us simple code that will blink on-board led (LED0). This action however can be disabled using on-board button (SW0). Our goal is to print on OLED1 display whether function is currently on, or off. To do that, we will need to add OLED1 libraries first. You could add them by hand, but there is a tool that will do that for you. Open ASF Wizard, and find there SSD1306 OLED controller (component) select it, and apply changes.

Now your Solution Explorer got few more files. You may add simple chunk of code in the main function:

1
2
3
4
5
6
ssd1306_init();
ssd1306_display_on();
ssd1306_clear();
ssd1306_set_column_address(40);
ssd1306_set_page_address(2);
ssd1306_write_text("Hello World");

But this will not work yet, you sill need to do some configuration. Both files to change you can find in config/ folder first one is conf_board.h In there you have to add these lines:

1
2
3
4
#define BOARD_FLEXCOM_SPI FLEXCOM5
#define CONF_BOARD_OLED_UG_2832HSWEG04
#define CONF_BOARD_SPI
#define CONF_BOARD_SPI_NPCS1

Second one is conf_ssd1306.h In which you have to change:

1
2
3
4
# define SSD1306_SPI SPI5
# define SSD1306_DC_PIN UG_2832HSWEG04_DATA_CMD_GPIO
# define SSD1306_RES_PIN UG_2832HSWEG04_RESET_GPIO
# define SSD1306_CS_PIN UG_2832HSWEG04_SS

Note, that these values are there twice, one time in if, that check whether your board is XMEGA_C3_XPLAINED or XMEGA_E5_XPLAINED, if it is, then change these values. For every other board, values can be found at the end of the file. In the same place you will find comment explaining their meaning. comment. After these changes, all you have to do is connect the board, using microUSB and connecting it to EDBG USB port, wait for Atmel Studio to find board, select tool EDBG, interface SWD and program the chip. After short amount of time, you will see “Hello World” on display, and blinking led. To make it show whether function is active or inactive, change last while loop in main.c to something like this

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
while (1) {
    if (g_b_led0_active) {
        ioport_toggle_pin_level(LED0_GPIO);
        ssd1306_clear();
        ssd1306_set_column_address(40);
        ssd1306_set_page_address(2);
        ssd1306_write_text("Function is active!");
        printf("1 ");
    }else {
        ssd1306_clear();
        ssd1306_set_column_address(40);
        ssd1306_set_page_address(2);
        ssd1306_write_text("Function is inactive!");
    }
    mdelay(500);
}

You might have noticed that printf("1 ");, and was wondering where you can find it’s output? Serial console can be opened using Data Visualizer wich is in tools menu (if you have it installed), on the left side of it is configuration option, that will open panel, with several options to chose terminal can be opened selecting External Connection and Serial Port. Before connecting, remember to change baudrate to 115200. Now you are all set up, and ready to code.

Sources

SAMG55 Xplained Pro documentation

OLED1 Xplained Pro Documentation

Summary

As you can see, starting with Atmel SAMG55 Xplained Pro can be easy. I hope that provided information are easy to read, and useful. If they are not, please leave a comment. Thanks for reading.

FWTS on ARMv8 platform (HiKey LeMaker version) from scratch

| Comments

This is second post from series about LeMaker version of HiKey board from 96boards Customer Edition family. Previous post focused on describing hardware part. In this post I would like to show how to setup firmware development and testing environment.

This post highly rely on 96boards documentation, so kudos to 96boards and LeMaker for providing lot of information for developers.

Obtain pre-compiled binaries

1
2
3
4
5
6
7
wget https://builds.96boards.org/snapshots/hikey/linaro/uefi/latest/l-loader.bin
wget https://builds.96boards.org/snapshots/hikey/linaro/uefi/latest/fip.bin
wget https://builds.96boards.org/snapshots/hikey/linaro/uefi/latest/ptable-linux-8g.img
wget https://builds.96boards.org/snapshots/hikey/linaro/uefi/latest/nvme.img
wget https://builds.96boards.org/releases/hikey/linaro/debian/latest/boot-fat.uefi.img.gz
wget http://builds.96boards.org/snapshots/hikey/linaro/debian/latest/hikey-jessie_developer_20160225-410.emmc.img.gz
gunzip *.img.gz

Clone eMMC flashing tool:

1
git clone https://github.com/96boards/burn-boot.git

Follow flashing instructions. For Debian-based systems you may need:

1
sudo apt-get install python-serial android-tools-fastboot

On my Debian I see in dmesg:

1
2
3
4
5
6
7
8
[21174.122832] usb 3-2.2: USB disconnect, device number 15
[21343.166870] usb 3-2.1.1: new full-speed USB device number 17 using xhci_hcd
[21343.268348] usb 3-2.1.1: New USB device found, idVendor=12d1, idProduct=3609
[21343.268352] usb 3-2.1.1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[21343.268353] usb 3-2.1.1: Product: \xffffffe3\xffffff84\xffffffb0㌲㔴㜶㤸
[21343.268355] usb 3-2.1.1: Manufacturer: 䕇䕎䥎
[21343.269159] option 3-2.1.1:1.0: GSM modem (1-port) converter detected
[21343.269271] usb 3-2.1.1: GSM modem (1-port) converter now attached to ttyUSB2

Correct command and UART log should look similar to this:

1
2
3
4
5
6
7
8
9
[17:11:36] pietrushnic:images $ sudo python ../src/burn-boot/hisi-idt.py --img1=l-loader.bin -d /dev/ttyUSB2
+----------------------+
(' Serial: ', '/dev/ttyUSB2')
(' Image1: ', 'l-loader.bin')
(' Image2: ', '')
+----------------------+

('Sending', 'l-loader.bin', '...')
Done
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
usb reset intr
reset device done.
start enum.
enum done intr
Enum is starting.
usb reset intr
enum done intr
NULL package
NULL package
USB ENUM OK.
init ser device done....
USB:: Err!! Unknown USB setup packet!
NULL package
USB:: Err!! Unknown USB setup packet!
NULL package
USB:: Err!! Unknown USB setup packet!
NULL package
USB:: Err!! Unknown USB setup packet!
NULL package
uFileAddress=ss=f9800800
uFileAddress=ss=f9800800

Switch to aarch64 mode. CPU0 executes at 0xf9801000!

As result I saw that green LED on board is on, then I proceed with fastboot commands.

If above steps finish without the problems, then you know working procedure for flashing all required components. Now let’s proceed with fast boot and flashing remaining components:

1
2
3
4
5
sudo fastboot flash ptable ptable-linux-8g.img
sudo fastboot flash fastboot fip.bin
sudo fastboot flash nvme nvme.img
sudo fastboot flash boot boot-fat.uefi.img
sudo fastboot flash system hikey-jessie_developer_20160225-410.emmc.img

Output should look like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
$ sudo fastboot flash ptable ptable-linux-8g.img 
target reported max download size of 268435456 bytes
sending 'ptable' (17 KB)...
OKAY [  0.001s]
writing 'ptable'...
OKAY [  0.004s]
finished. total time: 0.006s
$ sudo fastboot flash fastboot fip.bin
target reported max download size of 268435456 bytes
sending 'fastboot' (1383 KB)...
OKAY [  0.060s]
writing 'fastboot'...
OKAY [  0.135s]
finished. total time: 0.196s
$ sudo fastboot flash nvme nvme.img
target reported max download size of 268435456 bytes
sending 'nvme' (128 KB)...
OKAY [  0.006s]
writing 'nvme'...
OKAY [  0.007s]
finished. total time: 0.014s
$ sudo fastboot flash boot boot-fat.uefi.img
target reported max download size of 268435456 bytes
sending 'boot' (65536 KB)...
OKAY [  2.645s]
writing 'boot'...
OKAY [  3.258s]
finished. total time: 5.903s
$ sudo fastboot flash system hikey-jessie_developer_20160225-410.emmc.img
target reported max download size of 268435456 bytes
sending sparse 'system' (262140 KB)...
OKAY [ 10.692s]
writing 'system'...
OKAY [ 11.868s]
sending sparse 'system' (262140 KB)...
OKAY [ 10.786s]
writing 'system'...
OKAY [ 11.838s]
sending sparse 'system' (262140 KB)...
OKAY [ 10.791s]
writing 'system'...
OKAY [ 11.812s]
sending sparse 'system' (262140 KB)...
OKAY [ 10.720s]
writing 'system'...
OKAY [ 11.803s]
sending sparse 'system' (262140 KB)...
OKAY [ 10.833s]
writing 'system'...
OKAY [ 11.830s]
sending sparse 'system' (116064 KB)...
OKAY [  4.854s]
writing 'system'...
OKAY [  5.219s]
finished. total time: 123.047s

Remove Boot Select jumper (link 3-4) and power on platform.

System configuration

Wireless network can be easily configured using this instructions. It is also required to setup DNS in /etc/resolv.conf ie.:

1
nameserver 8.8.8.8

Bug hunting

There was time when I asked myself what I can do ? Where to start ? Good way to analyze system compatibility (and find bugs) from firmware perspective is FirmwareTestSuit. It can be cloned using:

1
git clone git://kernel.ubuntu.com/hwe/fwts.git

To compile:

1
2
3
4
5
apt-get update
apt-get install autoconf automake libglib2.0-dev libtool libpcre3-dev libjson0-dev flex bison dkms
autoreconf -ivf
./configure
make -j$(nproc)

To run:

1
./src/fwts

At point of writing this post only 13 tests passed. Most of testes (243) were aborted since no support for given feature was detected. This results show that there is plenty to do before getting well-supported firmware on HiKey.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Test           |Pass |Fail |Abort|Warn |Skip |Info |
---------------+-----+-----+-----+-----+-----+-----+
acpiinfo       |     |     |     |     |     |    2|
acpitables     |     |     |    1|     |     |     |
asf            |     |     |    1|     |     |     |
aspm           |     |     |     |     |    1|     |
aspt           |     |     |    1|     |     |     |
bert           |     |     |    1|     |     |     |
bgrt           |     |     |    1|     |     |     |
bmc_info       |     |     |     |     |    1|     |
boot           |     |     |    1|     |     |     |
checksum       |     |     |     |     |     |     |
cpep           |     |     |    1|     |     |     |
cpufreq        |    5|     |     |     |    2|     |
csrt           |     |     |    1|     |     |     |
dbg2           |     |     |    1|     |     |     |
dbgp           |     |     |    1|     |     |     |
dmicheck       |     |    1|     |     |    2|     |
drtm           |     |     |    1|     |     |     |
ecdt           |     |     |    1|     |     |     |
einj           |     |     |    1|     |     |     |
erst           |     |     |    1|     |     |     |
facs           |     |     |    1|     |     |     |
fadt           |     |     |    6|     |     |     |
fpdt           |     |     |    1|     |     |     |
gtdt           |     |     |    1|     |     |     |
hest           |     |     |    1|     |     |     |
iort           |     |     |    1|     |     |     |
klog           |     |     |     |     |     |     |
lpit           |     |     |    1|     |     |     |
madt           |     |     |    5|     |     |     |
maxreadreq     |    1|     |     |     |     |     |
mchi           |     |     |    1|     |     |     |
method         |     |     |  192|     |     |     |
mpst           |     |     |    1|     |     |     |
msct           |     |     |    1|     |     |     |
msdm           |     |     |    1|     |     |     |
mtd_info       |     |     |     |     |    1|     |
nfit           |     |     |    1|     |     |     |
olog           |     |     |     |     |    1|     |
oops           |    2|     |     |     |     |     |
pcct           |     |     |    1|     |     |     |
pmtt           |     |     |    1|     |     |     |
prd_info       |     |     |     |     |    1|     |
rsdp           |     |     |    1|     |     |     |
rsdt           |     |     |    1|     |     |     |
sbst           |     |     |    1|     |     |     |
securebootcert |     |     |    1|     |     |     |
slic           |     |     |    1|     |     |     |
slit           |     |     |    1|     |     |     |
spcr           |     |     |    1|     |     |     |
spmi           |     |     |    1|     |     |     |
srat           |     |     |    1|     |     |     |
stao           |     |     |    1|     |     |     |
syntaxcheck    |     |     |     |     |     |     |
tcpa           |     |     |    1|     |     |     |
tpm2           |     |     |    1|     |     |     |
uefi           |     |     |    1|     |     |     |
uefibootpath   |     |     |     |     |    1|     |
version        |     |     |     |     |    1|    3|
waet           |     |     |    1|     |     |     |
wakealarm      |    5|    1|     |     |     |     |
wdat           |     |     |    1|     |     |     |
wpbt           |     |     |    1|     |     |     |
xenv           |     |     |    1|     |     |     |
xsdt           |     |     |    1|     |     |     |
---------------+-----+-----+-----+-----+-----+-----+
Total:         |   13|    2|  248|    0|   11|    5|
---------------+-----+-----+-----+-----+-----+-----+

Summary

As presented above HiKey developement process is not so simple. Using precompiled binaries is very useful for presentation purposes, but adding features to EDK2 will requires recompilation some of mentioned components. Documentation is not easy to search as well as forum, key probablem is that it needs more order, because various information (sometimes unrelated) are spread actoss directories and repositories.

Nevertheless hacking ARMv8 firmware may be fun and there huge undiscovered area to explore. Key question is what valid use cases may lead to extensive firmware development in this area ? First I would look into features that have to be exposed to operating system ie. verify boot for Linux OS use of TEE module in Linux.

As always please share if you feel this is valuable and comment if you have any questions or something is unclear.

Directory scheme for multiple projects

| Comments

How to keep clean organization while working on multiple projects ?

Answer to this question depends on workflow and nature of projects itself.

Below I would like to present my approach to manage sanity while having multiple projects going simultaneously. This would be Embedded Systems Consultant view and will mostly show directory organization, but I think it can be adopted to other programmers workflow.

Directory organization

Usually I have up to 10 projects from external customer running and ~3 internal. Obviously better organization minimize overhead related to searching and wondering where to put recently obtained file. During last 3 years I collected over 60 projects for 45 customers.

Based on that experience I created directory structure that work pretty good for above numbers. Scheme looks like this:

1
${HOME}/projects/<year>/<customer>/<project-name>/{logs,images,releases,src}

Customer/year order

One flaw that this setup has is for project that last more then year. I don’t think making it <customer>/<year> improve things, because then I would have tens of even hundred of directories in projects. Splitting it by year makes searching focused. For now, when I deal with project longer then year I just copy relevant part from previous year. By relevant part I mean something that I really have to use, not one time reference. This can be for example particular SD card image that is still used as development base.

Customer

Customer part is trivial, although sometimes can cause confusion. There are situation where I start research not knowing what company I work for, because I was reached not from company domain. There are also cases when someone reach me over freelance portals (Upwork, Guru etc.) that information provided are outdated or simply invalid.

Having correct customer name is important only at invoicing stage, before that if I’m not clear I just place some made up string that can uniquely identify customer. Usually this is company name and contact person name, if company unknown.

Project name

Usually prototype projects doesn’t have marketing name, but project can be called by SoC/CPU/dev board + main feature ie. a20_camera, bbb_canbus_reader etc.

What most embedded projects needs ?

After couple years I found that couple thing are typically needed:

  • logs – this directory is used most of the times, I tend to run minicom in it with enabled logging, you never know when you will need information form this directory, naming convention for log files is something I still struggle

  • images – this is directory for OS images, typically I have here SD card images and ISO images of distros used in project, sometimes you may end up keeping multiple instance of the same OS in various projects, but with 1TB disc this should not be big concern, you can always search for duplicates, knowing where your OS is and avoiding downloading it again can save some time

  • releases – this directory contain all releases, developers usually use work in progress code, but customer receive release version of deliverables and usually will report bugs against particular release version

  • src – this directory keep all source code related to project, those are mostly git repositories cloned inside directory

Sample directory structure may look like that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
.
└── projects
    ├── 2015
    │   └── acme1
    │       ├── foo1
    │       │   ├── images
    │       │   ├── logs
    │       │   ├── releases
    │       │   └── src
    │       └── foo2
    │           ├── images
    │           ├── logs
    │           ├── releases
    │           └── src
    └── 2016
        └── acme2
            ├── foo1
            │   ├── images
            │   ├── logs
            │   ├── releases
            │   └── src
            └── foo2
                ├── images
                ├── logs
                ├── releases
                └── src

Summary

I hope this concept is somehow useful for you. I want to keep above information for self reference, because I was asked couple times how to organize multiple projects. Explaining this each time leads to this article. Of course whole organization is very subjective and may not work good for everyone.

Powering on LeMaker HiKey (ARMv8)

| Comments

Embedded Systems Consultants have chance to live in interesting times. ARM expansion touch server market and UEFI coming to non-x86 platforms. Firmware gaining its importance and because handling real development is harder and harder lot of things starting to happen in open source. Big players trying to address security and virtualization issues, what leads to really interesting features in recent SoCs.

Couple weeks ago I decided to recover my knowledge about UEFI and take a look how it is implemented for architecture that have its momentum – namely ARM in its 8 version (ARMv8). Short review of technology reveal universe that should be studied by every aspiring Embedded Systems adept.

Choosing ARMv8 dev board

First problem was to choose development board. Probably simpler solution is to use platforms like Raspberry Pi 3 which features Broadcom Cortex-A53 or very interesting alternative like PINE64 with Allwinner flavour.

Of course rush on this market bring other players like Amlogic with Odroic-C2. It is worth to mention that adaptation of new architecture is very slow. It was announced in 2012. First real product was released by Apple (iPhone S5), but despite various commercial products, since 2012 not much appeared on low end development board market, which is probably main area for makers and prototyping shops. Things start to change last year.

I have RPi3 on my desk but playing with its low level side is not encouraging because of limitation Broadcom put on releasing any information about BCM2837. My goal was to work on UEFI and ARM trusted firmware the only board except expensive ARM reference platforms that seems to work with UEFI was LeMaker HiKey.

Why 96boards ?

  • this is open specification – IIRC this is first of its kind and it is high chance to be widely accepted
  • its driven by Linaro, which in my opinion do a lot of great work for whole community
  • its standardized way with big players behind, so knowing it and having in portfolio cannot damage Embedded Systems Consultant career
  • IMO this approach in long term will have better return on investment, then custom quick shots made by not-so-community-friendly vendors

Power supply

Expected power input is 8-18V. I understand the need for higher and wider voltage range, but this is for sure not standard in makers/hackers community. I have ton of 5V/2A power supplies in stock, also for 5V I can use my active USB hub or even PC port for not power hungry devices.

Reasoning behind this choice can be found here.

Finally to not add more USD to my ARMv8 development environment I used my Zhaoxin DC power supply and unused plug from universal power supply.

1.8V UART

My second surprise was that board use 1.8V level for UART. Cables for that level are built with FT230XS or similar chips, which cost ~3USD. To my suprise cable that work with 1.8V UART level cost 30USD. There are 2 separated UART pins to connect on HiKey. One for low level bootloader development and one for Linux kernel development. So I would need to cables. Board cost 75USD, so you paying almost the same price for cables. It was not acceptable for me.

Linaro developers seems to use this which is out of stock for 5 months!

While searching for alternatives I found this TI converter on SparkFun page. Luckily availability of various SparkFun distributors made delivery possible in less then 48h.

After wiring up with TXB0104 everything seems to work ok.

Note that board use 2 UARTs. UART0 for bootloader development. This is connector with not typical pitch (2.0mm) and UART3 as debug port for Linux kernel output.

The only problem with wiring is that using one TI chip you can only have one reference Vcc for USB to serial UART, so you have to select one of them as reference and assume that second will have very similar level without much noise. I understand this is electronically probably not perfect, but I moved forward with that budget solution.

Booting OS

Board is pre-installed with Debian, so +1 for choice. It boots smooth and you can also see bootloader logs.

On top there is bootloader on bottom booted Debian. Bootloader logs came from OP-TEE Trusted OS,

Summary

Setting up hardware to boot and having some debug output is initial step to start development. Once this point is passed I can start to deal with UEFI and(or) ARM Trusted Firmware (ATF). It is important to note that documentation on GitHub and in Hardware User Manual is very good and huge kudos should go to Linaro people for putting so much effort into that.

Things that I would like to write about in future posts:

  • UEFI setup for HiKey
  • UEFI capabilities and limitation
  • ATF development

As always please share if you think content maybe valuable to other.

PC Engines APU2 netboot Debian installation

| Comments

In previous post I described how to setup PXE server and boot Debian installer using it. I mentioned that provided setup is limited and some extensive configuration is needed to make it useful for real world example. Since that time I learned that there is chain command in iPXE, which give ability to use arbitrary TFTP server as boot file source.

Using RPi PXE server

For example by changing my test network topology from previous post to something like that:

In short Raspberry Pi contain our PXE server configured in previous post. TL-MR3420 is our DHCP server and PC Engines APU2A4 is our target box where we want to install Debian.

We need to change eth0 configuration, so our PXE server will get IP automatically from DHCP:

1
2
auto eth0
iface eth0 inet dhcp

Also disable udhcpd:

1
sudo update-rc.d udhcpd disable

Then reboot PXE server.

PXE booting

First enter iPXE on APU2 board by pressing <Ctrl-B> during boot. You should see something like that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
iPXE (http://ipxe.org) 00:00.0 C100 PCI2.10 PnP PMMpmm call arg1=1
pmm call arg1=0
+DFF490B0pmm call arg1=1
pmm call arg1=0
+DFE890B0 C100


iPXE (PCI 00:00.0) starting execution...ok
iPXE initialising devices...ok



iPXE 1.0.0+ (e303) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS FTP HTTP HTTPS iSCSI NFS SLAM TFTP VLAN AoE ELF MBOOT NBI PXE SDI bzImage COMBOOT Menu PXEXT
iPXE>

Then obtain DHCP address:

1
2
iPXE> dhcp net0
Configuring (net0 00:0d:b9:3f:9e:58)............... ok

Now we can boot over the network using RPi PXE server:

1
2
3
iPXE> set filename /srv/tftp/pxelinux.0
iPXE> set next-server 192.168.0.100
iPXE> chain tftp://${next-server}/${filename}

Note that 192.168.0.100 is RPi PXE server and /srv/tftp/pxelinux.0 is path on RPi exposed through TFTP configuration.

Debian installer modification

Hit Tab in the main installer window:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
             +---------------------------------------+
             | Debian GNU/Linux installer boot menu |
             |---------------------------------------|
             | Install                               |
             | Advanced options                    > |
             | Help                                  |
             | Install with speech synthesis         |
             |                                       |
             |                                       |
             |                                       |
             |                                       |
             |                                       |
             |                                       |
             +---------------------------------------+



          Press ENTER to boot or TAB to edit a menu entry

Change boot command line to print output to serial:

1
> debian-installer/i386/linux vga=788 initrd=debian-installer/i386/initrd.gz --- console=ttyS0,115200 earlyprint=serial,ttyS0,115200

Then hit Enter. You will see complains about video mode like this:

1
Press <ENTER> to see video modes available, <SPACE> to continue, or wait 30 sec

Follow this instruction by waiting or hitting Space. Then you should have running installer.

Debian installation

This is typical installation except it happen over serial. As a storage I used 16GB USB stick with guided partitioning. At the end I also installed GRUB on USB stick MBR.

Be patient if serial console will be blank for some time it happen when installing over network.

After reboot you should be able to choose USB stick from boot menu (F10) and your Debian on APU2 should be ready:

1
2
3
4
5
6
7
8
9
10
11
12
13
Debian GNU/Linux 8 Maedhros ttyS0

Maedhros login: pietrushnic
Password: 
Linux Maedhros 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
pietrushnic@Maedhros:~$ 

Summary

Now when you have Debian installed on your system you can think about various improvements. For example:

  • Xen installation
  • Putting together automated installation using PXE server
  • Setup NFS and TFTP for Linux kernel development and testing

I hope this post was useful. If you think that it can be improved please comment. Thanks for reading.

PXE server with Raspberry Pi 1

| Comments

Recent days we get the announcement about releasing Raspberry Pi 3. Those of you who play with embedded systems or just try to make things probably still got good old Raspberry Pi (1). Because during time old platforms loose value as potential candidate for new projects I decided to sacrifice my old RPi and make test server from it.

One of my customer required testing his software against PXE server with various configurations. I realized that using my home network with my TP-Link router I have no way to create such configuration on server machine I usually use. I would need to connect directly to server and with one Ethernet port this was not the solution for me. My other platforms like A20 boards, Odroid or RPi2 are occupied by some projects. I recall that I have old RPi that can be used for that purpose.

Configuration described below is very limited because it test just PXE booting, there is no outside world connection. This connection can be added by adding wifi dongle to Raspberry Pi and modifying iptables and routing.

Prerequisites

  • download recent Raspberry Pi image and flash it to SD card. I used Raspbian Jessie Lite.
  • if you don’t have free keyboard and HDMI monitor use UART to connect serial console – you can use this post, if you don’t konw how to connect it
  • flash recent iPXE to your hardware or use what is already provided by vendor

Raspbian Jessie Lite – initial setup

Setup TFTP

Install server TFTP:

1
sudo apt-get install tftpd-hpa

Change configuration according to your needs. My looks like that:

1
2
3
4
5
6
7
# /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
#TFTP_OPTIONS="--secure"
TFTP_OPTIONS=""

Download netboot files for Debian, which we will use for testing purposes:

1
wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz

Unpack netboot package in /srv/tftp:

1
2
cd /srv/tftp
sudo tar xvf /path/to/netboot.tar.gz

Setup udhcpd

Install udhcpd and remove conflicting packages:

1
2
sudo apt-get install udhcpd
sudo apt-get remove isc-dhcp-client 

At the end of /etc/udhcpd.conf add:

1
2
3
4
5
6
7
8
9
siaddr          192.168.0.1
boot_file       /srv/tftp/pxelinux.0
opt     dns     192.168.0.1 192.168.10.10
option  subnet  255.255.255.0
opt     router  192.168.0.1
opt     wins    192.168.0.1
option  dns     129.219.13.81
option  domain  local
option  lease   864000

You can also assign client MAC to given IP address by adding:

1
2
#static_lease 00:60:08:11:CE:4E 192.168.0.54
static_lease <mac> <ip>

Comment DHCPD_ENABLE in /etc/default/udhcpd:

1
2
3
4
5
6
7
8
9
# Comment the following line to enable
# DHCPD_ENABLED="no"

# Options to pass to busybox' udhcpd.
#
# -S    Log to syslog
# -f    run in foreground

DHCPD_OPTS="-S"

Change eth0 configuration to static IP:

1
2
3
4
5
auto eth0
iface eth0 inet static
        address 192.168.0.1
        netmask 255.255.255.0
        gateway 192.168.0.254

Then reboot device and connect your PXE client device.

Testing PXE server

When device boot press Ctrl-B to enter iPXE shell. If you cannot enter shell please replace iPXE with recent version using this instructions.

Entering iPXE you should see something like that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
iPXE (http://ipxe.org) 00:00.0 C100 PCI2.10 PnP PMMpmm call arg1=1
pmm call arg1=0
+DFF490B0pmm call arg1=1
pmm call arg1=0
+DFE890B0 C100


iPXE (PCI 00:00.0) starting execution...ok
iPXE initialising devices...ok



iPXE 1.0.0+ (e303) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS FTP HTTP HTTPS iSCSI NFS SLAM TFTP VLAN AoE ELF MBOOT NBI PXE SDI bzImage COMBOOT Menu PXEXT
iPXE>  

First let’s configure interface:

1
2
3
4
iPXE> ifconf net0
Configuring (net0 00:0d:b9:3f:9e:58)............... ok
iPXE> dhcp net0
Configuring (net0 00:0d:b9:3f:9e:58)............... ok

And boot Debian installer:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
iPXE> autoboot
net0: 00:0d:b9:3f:9e:58 using i210-2 on PCI01:00.0 (open)
  [Link:up, TX:20 TXE:0 RX:8 RXE:2]
  [RXE: 2 x "The socket is not connected (http://ipxe.org/380f6001)"]
Configuring (net0 00:0d:b9:3f:9e:58)............... ok
net0: 192.168.0.194/255.255.255.0 gw 192.168.10.2
net0: fe80::20d:b9ff:fe3f:9e58/64
net1: fe80::20d:b9ff:fe3f:9e59/64 (inaccessible)
net2: fe80::20d:b9ff:fe3f:9e5a/64 (inaccessible)
Next server: 192.168.0.1
Filename: /srv/tftp/pxelinux.0
tftp://192.168.0.1//srv/tftp/pxelinux.0... ok
pxelinux.0 : 42988 bytes [PXE-NBP]
PXELINUX 6.03 PXE 20150819 Copyright (C) 1994-2014 H. Peter Anvin et al+---------------------------------------+
| ^GDebian GNU/Linux installer boot menu |
|---------------------------------------|
| Install                               |
| Advanced options                    > |
| Help                                  |
| Install with speech synthesis         |
|                                       |
|                                       |
|                                       |
|                                       |
|                                       |
|                                       |
+---------------------------------------+Press ENTER to boot or TAB to edit a menu entry     

Summary

It took me some time to put this information together an correctly run this server, so for future reference and for those confused with udhcpd and other tools configuration this post should be useful. Thanks for reading and as always please share if you think this post is valuable. If anything is not clear or I messed something please let me know in comments.

Netcat - how to transfer files without scp or ftp

| Comments

One of my recent customers provided me hardware with custom Linux system. Distribution used on this hardware was very limited there was no developers tools, file transfer applications (like scp, ftp or even tftp) or communication clients like ssh. I had to deploy some firmware files to the system without modifying it. This was i386 machine. Of course I could compile something and add this software using usb stick or other stoarge, but what if I would not have direct access to hardware ? Also for development and testing purposes it would be much easier to use network transfer, then running with usb stick.

When looking for answer I found this. I heard before about netcat, but more in context of debugging then using it as file transfer application. Luckily nc as very small tool is in almost all distributions and it was also available in my small custom distro.

File transfer with netcat

nc by man page is described as TCP/IP swiss army knife , but can be used to transfer files.

What have to be done is setting receiving side ie.:

1
nc -l -p 2020 > my_file.bin

What tell nc to listen on inbound connection (-l) on port 2020 (-p 2020) and redirect content of incoming packages to my_file.bin.

On sender side we pipe my_file.bin to nc like that:

1
cat my_file.bin | nc <dest_ip_addr> 2020

Which cause nc to create TCP connection to <dest_ip_addr> on port 2020 and send everything it gets on standard input.

Known flaws

From what I saw sometimes nc doesn’t end at EOF and just hang waiting for next data, which never come. In that case I just break with Ctrl-C on both ends. Then check if all stuff was transfered correctly by verifying MD5 sum on sender and receiver side. In most cases files pass this integrity test.