Flashing » History » Version 2
tsaitgaist, 10/07/2017 02:39 PM
add secure boot
| 1 | 1 | tsaitgaist | h1. Flashing |
|---|---|---|---|
| 2 | |||
| 3 | There are several way to flash partitions (e.g. updating) manually: |
||
| 4 | * using @/usr/sbin/ubiupdatevol@: |
||
| 5 | <pre> |
||
| 6 | ubiupdatevol version 1.2 - a tool to write data to UBI volumes. |
||
| 7 | |||
| 8 | Usage: ubiupdatevol <UBI volume node file name> [-t] [-s <size>] [-h] [-V] [--truncate] |
||
| 9 | [--size=<size>] [--help] [--version] <image file> |
||
| 10 | |||
| 11 | Example 1: ubiupdatevol /dev/ubi0_1 fs.img - write file "fs.img" to UBI volume /dev/ubi0_1 |
||
| 12 | Example 2: ubiupdatevol /dev/ubi0_1 -t - wipe out UBI volume /dev/ubi0_1 |
||
| 13 | |||
| 14 | -t, --truncate truncate volume (wipe it out) |
||
| 15 | -s, --size=<bytes> bytes in input, if not reading from file |
||
| 16 | -h, --help print help message |
||
| 17 | -V, --version print program version |
||
| 18 | </pre> |
||
| 19 | * using @/APP/dev_only/swupd.sh@ |
||
| 20 | <pre> |
||
| 21 | swupd.sh - update flash partitions on the target |
||
| 22 | |||
| 23 | Easy mode: |
||
| 24 | using NFS: swupd.sh -i<IP> -p<PATH> |
||
| 25 | where: |
||
| 26 | <IP> = IP address of your VM (defaults to 192.168.16.18) |
||
| 27 | <PATH> = path of NFS directory (defaults to /home/femto/ftpdata) |
||
| 28 | |||
| 29 | using wget: swupd.sh -w<URL> |
||
| 30 | where: |
||
| 31 | <URL> = URL to fetch images from (e.g. ftp://user:pass@host/path) |
||
| 32 | |||
| 33 | Expert mode: (stay away from them!) |
||
| 34 | -k update kernel |
||
| 35 | -r update root fs |
||
| 36 | -a update application partition |
||
| 37 | -u update unitdata partition |
||
| 38 | -c update caldata partition |
||
| 39 | -x toggle banks |
||
| 40 | -z don't reboot after successful update |
||
| 41 | |||
| 42 | -o<str> Pass option string <str> to wget |
||
| 43 | </pre> |
||
| 44 | |||
| 45 | 2 | tsaitgaist | @/etc/init.d/flash_update@ takes care of flashing all partitions at once (also done during boot in @/etc/init.d/rcS@). |
| 46 | 1 | tsaitgaist | |
| 47 | Lastly the operator can also flash images remotely through @/APP/bin/oam_start@. |
||
| 48 | 2 | tsaitgaist | |
| 49 | h1. Secure boot |
||
| 50 | |||
| 51 | h2. System |
||
| 52 | |||
| 53 | The femtocell uses "secure boot" (see [[Bootlog]]). |
||
| 54 | You can check if it has been activated using @cat /proc/prc6000/otp_data/boot/secured@. |
||
| 55 | |||
| 56 | The partition signatures (kernel, rootfs, data) are stored in @/dev/mtdblock2/bootdata.ini@ (the only file in the @bootdata@ partition). |
||
| 57 | While @bootdata@ is not signed itself, it only contains the signatures. |
||
| 58 | You can also see the content using @/APP/dev_only/cat_bootdata.sh@ |
||
| 59 | The corresponding public key seems to be burned in the OTP section of the CPU, providing secure boot (this has not been verified). |
||
| 60 | |||
| 61 | @bootdata.ini@ also defines which system will be booted (A or B). |
||
| 62 | The file is updated using @/APP/dev_only/write_bootdata.sh@ |
||
| 63 | |||
| 64 | h2. Operator |
||
| 65 | |||
| 66 | The @unidata@ (mtd3) signature is checked in @/etc/init.d/flash_update@ (called by @/etc/init.d/rcS@) using @/boot/bc_cli -u${PARTNUM_UNITDATA} -q@ (with PARTNUM_UNITDATA=3): |
||
| 67 | * hash is sha1sum of 0x2000 (8192) first bytes |
||
| 68 | * signature is at 0x2000 (after the cramfs indicated size) |
||
| 69 | * public key is first 256 bytes of @/caldata/unitkey.bin@ |
||
| 70 | |||
| 71 | It the signature check fails, @unidata_backup@ is used. |
||
| 72 | If this signature check fails too, it enters recovery mode |
||
| 73 | |||
| 74 | @caldata@ in mounted without check (in @/etc/init.d/flash_update@) |
