20170116_jeffrey - silenceuncrio/diary GitHub Wiki

Index

• 0935 - 早上遲到 - review 和寫 engineering notebook
• 1005 - 結合 dual image 和 sys led 整理 uboot env
• 1120 - 目前要完成 Fine Tune Firmware Built and Upgrade
• 1315 - 安排一下怎麼來檢查檔案的完整性
• 1415 - 檢查檔案的完整性
• 1500 - 產生 firmware 的時候還要考慮到 MCSV 的資訊
• 1630 - 盤 https://github.com/silenceuncrio/diary/blob/master/index_jeffrey_201612.md
• 1705 - 我們 firmware 裡面的 MCSV 資訊需要保護 - 對稱加密 - openssl

0935

早上沒注意到時間 遲到了一分鐘

記得請兩個小時

先 review 和寫 engineering notebook

1005

結合一下上禮拜的 dual image 和 sys led

重新整理了 uboot env

bootdelay=1
loadaddr=0x80800000
kernel_a_addr=0x00400000
kernel_b_addr=0x08400000
fdt_addr=0x83000000
dtb_a_addr=0x00E00000
dtb_b_addr=0x08E00000

nandread_a=nand read ${loadaddr} ${kernel_a_addr} 0x800000; \
nand read ${fdt_addr} ${dtb_a_addr} 0x100000;
nandread_b=nand read ${loadaddr} ${kernel_b_addr} 0x800000; \
nand read ${fdt_addr} ${dtb_b_addr} 0x100000;

bootargs_a=echo bootargs for room a; setenv bootargs console=ttymxc0,115200 ubi.mtd=4 root=ubi0:rootfs_a rootfstype=ubifs mtdparts=gpmi-nand:3m(boot),1m(boot_env),10m(kernel_a),2m(dtb_a),96m(rootfs_a),16m(config_a),4m(misc),10m(kernel_b),2m(dtb_b),96m(rootfs_b),-(config_b)

bootargs_b=echo bootargs for room b; setenv bootargs console=ttymxc0,115200 ubi.mtd=9 root=ubi0:rootfs_b rootfstype=ubifs mtdparts=gpmi-nand:3m(boot),1m(boot_env),10m(kernel_a),2m(dtb_a),96m(rootfs_a),16m(config_a),4m(misc),10m(kernel_b),2m(dtb_b),96m(rootfs_b),-(config_b)

app_primary=b
app_secondary=a
no_good=.

app_replace=if test ${app_primary} = a; \
then echo a to b; setenv app_primary b; setenv app_secondary a; \
else echo b to a; setenv app_primary a; setenv app_secondary b; \
fi

app_choose=if test ${no_good} = ".xx"; \
then echo replace primary app; run app_replace; setenv no_good .; saveenv; \
else echo run primary app; \
fi

bootcmd=mw 0x020A0004 00100000 1; mw 0x020E01CC 0x00000005 1; \
run app_choose; \
echo run bootargs_${app_primary}; run bootargs_${app_primary}; \
run nandread_${app_primary}; \
setenv no_good ${no_good}x; saveenv; \
bootz ${loadaddr} - ${fdt_addr}

1120

目前這個階段要完成的事為 Fine Tune Firmware Built and Upgrade

早上發生了 firmware upgrade fail 的小插曲

ariel 描述說她 firmwre upgrade 都會在 15% fail

從 <prosrc\proscend\prosrc\www\app\feature\firmware.js 開始追

    vm.timeout_3sec = function () {
        timer_3sec = $timeout(3000);
        timer_3sec.then(function () {
            icos.firmware.progress()
            .then(function(response) {
                vm.progress = response.data.progress.content;
                if (vm.progress.indexOf('finished') != -1) {
                    ...
                } else {
                    if (vm.progress.indexOf('Burn the kernel to NAND') != -1) {
                        if (_progress_valuenow < 15) {
                            _progress_valuenow = 15;
                            vm.progress_summary = "Burn the kernel to NAND";
                        }
                    }
                    ...
                    if (vm.progress.indexOf('Writting rootfs') != -1) {
                        if (_progress_valuenow < 84) {
                            _progress_valuenow += 3;
                            vm.progress_summary = "Writting rootfs";
                        }
                    }
                    ...
                    vm.progress_valuenow = _progress_valuenow;
                    vm.timeout_3sec();
                }

            });
        });
    }

在 Writting rootfs fail 了

直接查一下 M300 上的 /tmp/FirmwareUpgrade.log

看到 mount -t ubifs ubi2:rootfs_b /mnt/rootfs_b failed

使用 ubinfo -a 發現 rootfs_b 掛到 ubi1:rootfs_b 去了...

那是因為目前 ubi0:rootfs_a 所需要的 ubi1:config_a 並不存在的關係

查一下 /etc/rc.local 發現 ariel 不小心把 attach MTD device to UBI 的部分刪掉了

# ======================================================================
# | attach the related MTD device to UBI,
# | according to the current rootfs
# ======================================================================
/bin/mkdir -p /mnt/data
if df | grep rootfs_a
then
    echo "attach MTD device 5 (mtd5) to UBI - ubi1:config_a"
    ubiattach -m 5
    mount -t ubifs ubi1:config_a /mnt/data
else
    echo "attach MTD device 10 (mtd10) to UBI - ubi1:config_b"
    ubiattach -m 10
    mount -t ubifs ubi1:config_b /mnt/data
fi

還原該部分就可以解決這問題...

1315

來安排一下怎麼來檢查檔案的完整性

讓 m300 在做 firmware upgrade 的時候更安全

參考 http://www.arthurtoday.com/2015/06/how-to-check-md5sum-of-files-in-ubuntu-linux.html

知道 linux 上有 md5sum 可以使用

~# md5sum -h
md5sum: invalid option -- 'h'
BusyBox v1.23.2 (2017-01-06 03:20:46 UTC) multi-call binary.

Usage: md5sum [-c[sw]] [FILE]...

M300 上已經有 BusyBox 版本可以使用了

參考 https://www.busybox.net/downloads/BusyBox.html

md5sum
md5sum [OPTIONS] [FILE]... or: md5sum [OPTIONS] -c [FILE]

Print or check MD5 checksums

Options:

        -c      Check sums against given list
        -s      Don't output anything, status code shows success
        -w      Warn about improperly formatted checksum lines

來玩一下

1415

參考 http://192.168.0.242/RD/M300/commit/eb5615697a7e0510d3a6806e531a600c9398e19d

• Use bitbake image type to generate M300 firmware
• Rename the firmware rootfs to rootfs.tar.bz2
• Remove the bfirmware.sh

我需要在 meta-proscend/classes/image_types_proscend.bbclass 加上產生 md5 的描述

然後在 proscend/prosrc/icos/script/FirmwareUpgrade.sh 去比對各個 file 的 checksum 對不對

如果不對表示有某個 file 在上傳的過程出了錯

要拒絕進行 firmware upgrade 的動作

視情況修改 proscend/prosrc/www/app/feature/firmware.js 讓 web ui 符合這次的修改

1500

產生 firmware 的時候還要考慮到 MCSV 的資訊

FirmwareUpgrade.sh 除了比對各個 file 的 checksum 之外

還要把該 firmware 對應的 software MCSV 跟目前 M300 的 Hardware MCSV 作比對

參考公司往常的作法

https://docs.google.com/presentation/d/188DOCjJGKFmZpSQTP9JYEXu2CckA4c1Cq9b5CF_Fz54/edit?usp=sharing

MCSV

• MMMM-CCCC-VVV-DDDDD
  • Example 145A-0012-14007612
    • Model ID=145A(hex)=5210(dec)
    • Custom ID=0012(dec)=12
    • Sw version=140
    • Date code=07612(Hex)=20030226
• HW MCSV (Burn in Manufacture)
• SW MCSV (Board SW Image’MCSV)
• UP MCSV(Upgrade SW Image’s MCSV)

MCSV Coding

MMMM: Model ID

5110B		5110		13F6
5111B		5111		13F7

CCCC: OEM/ODM ID(2bytes)

Sample(No Brand) 	0	 	0000
Planet           		2	 	0002
CTCU           		12	 	0012

VVV: Software Version

vesion		140		140

DDDDD: Release Date

20130531		130531		1FDE3

MCSV Upgrade Rule

• Reject if the Upgrade Image with different Model ID with HW MCSV
• If HW MCSV’s and SW MCSV’s custom ID=0000/0001 (i.e. Proscend)
  • allow to upgrade the image with all custom ID
• If HW MCSV’s custom ID=0000/0001 (i.e. Proscend) and SW MCSV’s custom ID!=0000/0001
  • allow upgrade the image with the same CID as SW MCSV’s CID
  • reject other mcsv
• If HW MCSV’s CID!=0000/0001 (i.e. Proscend)
  • reject the upgrade image with different CID

1630

盤 https://github.com/silenceuncrio/diary/blob/master/index_jeffrey_201612.md

1705

考慮到我們 firmware 裡面的 MCSV 資訊需要保護

考慮用某種對稱加密的做法

因為我們 M300 有現成的 openssl 可以使用

root@M300:~# openssl version
OpenSSL 1.0.2d 9 Jul 2015

搭配 compile 環境的 openssl

➜  M300 git:(develop) openssl version
OpenSSL 1.0.2g  1 Mar 2016

來找一個簡單的對稱加解密作法吧