oshug April 2017

oshug@oshug.org

2 participants
2 discussions

Notes from OSHUG #57
by Sevan Janiyan 24 Apr '17

24 Apr '17

Hello, I've written up the notes from last Thursday's workshop, give it a try if you have a Pi handy. You can use a Pi 3 if you have it hooked up to a HDMI monitor & keyboard. I skipped on the instructions for the BeagleBone Black, email me off list if you'd like to use such a device. Sevan Janiyan These notes cover 1) Cross compilation support (build.sh) 2) Tamper proofing / Tamper detection (Veriexec) *Useful link*: http://man.NetBSD.org - Man pages shipped with the OS available from a web browser http://www.netbsd.org/docs/guide/en/index.html - The NetBSD Guide http://cvsweb.netbsd.org/bsdweb.cgi/src/?only_with_tag=MAIN - Web interface to the OS source code *Cross compilation support as standard* *Requirements*: *Windows 10* Install Windows Subsystem for Linux https://msdn.microsoft.com/en-us/commandline/wsl/about https://msdn.microsoft.com/en-us/commandline/wsl/about Windows 10 / Linux (Debian/Ubuntu) build-essential zlib1g-dev flex libc6-dev-i386 *Mac OS X* GCC or clang via Xcode or command line tools xcode-select --install *Windows 8 & Prior* Install Linux dependencies via Cygwin. TODO: list dependencies *Fetch the sources*: download all source archives (.tgz files) from http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/201704222230Z/source/sets/ (It is likely this url will become invalid as old builds are purged and new ones are generated. Substitute 201704222230Z with the most recent release available on http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD. *Extract all fetched files*: for file in *.tar.gz do tar -xzf $file done *Change into the extracted source directory*: cd usr/src *List supported architectures and variations we can cross compile for*: ./build.sh list-arch Reduce the listing to the ARM evaluation board archs which devices such as the Pi family are categorised under: ./build.sh list-arch | grep evbarm MACHINE=evbarm MACHINE_ARCH=arm ALIAS=evboarm-el MACHINE=evbarm MACHINE_ARCH=armeb ALIAS=evboarm-eb MACHINE=evbarm MACHINE_ARCH=earm ALIAS=evbearm-el DEFAULT MACHINE=evbarm MACHINE_ARCH=earmeb ALIAS=evbearm-eb MACHINE=evbarm MACHINE_ARCH=earmhf ALIAS=evbearmhf-el MACHINE=evbarm MACHINE_ARCH=earmhfeb ALIAS=evbearmhf-eb MACHINE=evbarm MACHINE_ARCH=earmv4 ALIAS=evbearmv4-el MACHINE=evbarm MACHINE_ARCH=earmv4eb ALIAS=evbearmv4-eb MACHINE=evbarm MACHINE_ARCH=earmv5 ALIAS=evbearmv5-el MACHINE=evbarm MACHINE_ARCH=earmv5eb ALIAS=evbearmv5-eb MACHINE=evbarm MACHINE_ARCH=earmv6 ALIAS=evbearmv6-el MACHINE=evbarm MACHINE_ARCH=earmv6hf ALIAS=evbearmv6hf-el MACHINE=evbarm MACHINE_ARCH=earmv6eb ALIAS=evbearmv6-eb MACHINE=evbarm MACHINE_ARCH=earmv6hfeb ALIAS=evbearmv6hf-eb MACHINE=evbarm MACHINE_ARCH=earmv7 ALIAS=evbearmv7-el MACHINE=evbarm MACHINE_ARCH=earmv7eb ALIAS=evbearmv7-eb MACHINE=evbarm MACHINE_ARCH=earmv7hf ALIAS=evbearmv7hf-el MACHINE=evbarm MACHINE_ARCH=earmv7hfeb ALIAS=evbearmv7hf-eb MACHINE=evbarm64 MACHINE_ARCH=aarch64 ALIAS=evbarm64-el DEFAULT MACHINE=evbarm64 MACHINE_ARCH=aarch64eb ALIAS=evbarm64-eb eb and el indicate the endianness (big or little) hf refers to hardware floating point support. For the Pi, we'll target the ARMv6 with hardware floating point support in little endian mode as the lowest common denominator: evbearmv6hf-el *Build the cross compile toolchain*: To build the tools without requiring elevated privileges (root) the -U flag specifies unprivileged To save us have to specify the MACHINE/MACHINE_ARCH combination which would be done using -m/-a, we specify the ALIAS listed above to -m To speed up the build process we increase the number of parallel jobs the build we execute. This number should match the number of available cores & not exceed it. ./build.sh -U -m evbearmv6hf-el -j2 tools *Build a new kernel for the Pi or Pi2*: ./build.sh -U -m evbearmv6hf-el -j2 kernel=RPI or ./build.sh -U -m evbearmv6hf-el -j2 kernel=RPI2 *To build a complete operating system including images*: **WARNING** Depending on the system it may take a little time ./build.sh -U -m evbearmv6hf-el -j2 release When the build is finished, a report is printed out which contains details of where the generated files are located (this will be relative to your system) & the time it took to build. ===> Summary of results: build.sh command: ./build.sh -U -m evbearmv6hf-el -j2 kernel=RPI build.sh started: Mon Apr 24 17:19:18 BST 2017 NetBSD version: 7.99.70 MACHINE: evbarm MACHINE_ARCH: earmv6hf Build platform: NetBSD 7.99.70 i386 HOST_SH: /bin/sh MAKECONF file: /etc/mk.conf TOOLDIR path: /usr/src/obj/tooldir.NetBSD-7.99.70-i386 DESTDIR path: /usr/src/obj/destdir.evbarm RELEASEDIR path: /usr/src/obj/releasedir Updated makewrapper: /usr/src/obj/tooldir.NetBSD-7.99.70-i386/bin/nbmake-evbearmv6hf-el Building kernel without building new tools Building kernel: RPI Build directory: /usr/src/sys/arch/evbarm/compile/obj/RPI Kernels built from RPI: /usr/src/sys/arch/evbarm/compile/obj/RPI/netbsd build.sh ended: Mon Apr 24 17:27:42 BST 2017 ===> . *Writing Pi image to SD card*: Either you ran build.sh with the release target or you fetched a pre-built image from nycdn.NetBSD.org for your Pi, such as: http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/201704222230Z/evbarm-earmv6hf… (It is likely this url will become invalid as old builds are purged and new ones are generated. Substitute 201704222230Z with the most recent release available on http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD. *Uncompress image*: gunzip rpi.img.gz Use the flash instructions relevant to the operating system the SD card will be written on http://elinux.org/RPi_Easy_SD_Card_Setup Section 3.3 for Windows Section 3.4 for Mac OS X Section 3.5 for Linux Where the documentation refers to Raspbian images, substitute the NetBSD rpi.img you have. *Preparing to boot*: For the Pi 3, serial console access is not currently available in NetBSD. The system should work with an HDMI display & USB keyboard however. There is nothing further to do for you in this section. For the Pi & Pi 2, connect your USB to TTL adapter to the GND, TXD & RXD pins The location of the pins are the same on the Pi & Pi2, see https://www.raspberrypi.org/documentation/usage/gpio/images/gpio-led.png and https://pinout.xyz You'll need to run a terminal emulator set at 115200 BAUD. Use the cu utility on Linux & OS X. *On Windows*: Use Terraterm http://ttssh2.osdn.jp Set baud rate to 115200 Choose com port associated with your USB adapter. *On Debian & derivatives* (Ubuntu): you need to install the uucp package to obtain the cu utility. The ownership of the device file for the USB adapter need to be changed otherwise you will receive "line in use" error. chown uucp:uucp /dev/ttyUSB0 *On OS X*: Depending on the USB to TTL adapter, the device node in /dev will have a different name Run ls /dev/tty.* to see some of the serial devices detected. Such as /dev/tty.SLAB_USBtoUART or /dev/tty.usbserial-RANDOMCHARACTERS eg /dev/tty.usbserial-AM01Z4V3 *Running cu*: Replace /dev/ttyUSB0 with the device node relevant to your system. sudo cu -l /dev/ttyUSB0 -s 115200 *Exiting cu*: press ~. *Enable serial console on Pi* (not for Pi3): The rpi.img is split into a DOS partition (containing firmware & NetBSD kernel) and NetBSD UFS partition (containing NetBSD operating system). On the DOS partition there is file called cmdline.txt The first line reads root=ld0a console=fb Delete the console=fb so that it reads root=ld0a Save & exit text editor *Booting Pi*: Insert SD card into Pi Apply power Login as root (no password) *Tamper proofing / Tamper detection* (Veriexec) *A device node is needed for veriexec to function, it is currently not created automatically*: cd /dev sh MAKEDEV veriexec *Make a duplicate copy of the ls utility*: cp /bin/ls /bin/ls-2 *Set the veriexec mode to be IDS (Intrusion Detection System) when it runs*: echo veriexec_strict=1 >> /etc/rc.conf *Generate a has of all executables in search patch*: veriexecgen *Verify the hashes on for ls & ls-2 are listed*: grep ls /etc/signatures *Enable veriexec temporarily*: (ignore any errors related to /etc/signatures) /etc/rc.d/veriexec onestart *Confirm you are able to read /bin/ls-2*: cksum -a SHA256 /bin/ls-2 *Clobber /bin/ls-2*: echo 1 > /bin/ls-2 *Try to re-read /bin/ls-2 (it should fail with an error)*: cksum -a SHA256 /bin/ls-2

1 0

Open Source Hardware Camp 2017 (2nd & 3rd Sept) Call for Participation.
by Andrew Back 04 Apr '17

04 Apr '17

Hello, This year Open Source Hardware Camp will take place over the weekend of Saturday 2nd & Sunday 3rd September, hosted as part of the Wuthering Bytes festival in Hebden Bridge, which in 2017 will take place over the course of 10 days (again!) We will be returning to the Birchcliffe Centre in Hebden Bridge, which benefits from the convenience of adjoining, budget accommodation. Proposals for talks and workshops for OSHCamp 2017 are invited! There is no theme and topics may include, for example: * Open source hardware projects * Open development practices and principles * Novel/interesting/fun projects built using open source hardware * Tools (hardware and software) * Skills and techniques, e.g. PCB fab, DIY SMT assembly * Relevant technologies, e.g. SPI/I2C bus programming * ...something else relevant to the community If you would like to give a talk on the Saturday and/or run a workshop on the Sunday please contact me off-list. **** Note that the deadline for submitting titles and abstracts is Monday 1st May. If you would like to discuss ideas etc. please get in touch sooner, rather than later. **** Other events running as part of Wuthering Bytes 2017 and which may be of interest: * Fri 1st: Wuthering Bytes Festival Day * Wed 6th & Thurs 7th: Chip Hack (http://chiphack.org/) * Thurs 7th PM & Fri 8th AM: EDSAC Challenge * Fri 8th AM - Sunday 10th PM: GNU ORConf (http://orconf.org/) Further details on these events to be provided in due course. Cheers, Andrew PS. If you are planning on coming along and thinking of staying at the adjoining hosted, it is worth noting that this can book up quickly. http://www.hebdenbridgehostel.co.uk/ PPS. Super Early Bird tickets for the super organised: https://www.eventbrite.co.uk/e/open-source-hardware-camp-2017-tickets-31845… (pretty sure Eventbrite don't take payment until after the event). -- Andrew Back http://abopen.com

2 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

oshug April 2017