20170411_jeffrey - silenceuncrio/diary GitHub Wiki

0940

ariel 問到 Error: FEC1 address not set. 這個 issue

該 issue 是由 U-Boot 顯示

U-Boot 顯示細節如下

U-Boot 2015.04imx_v2015.04_4.1.15_1.2.0_ga+gede7538 (Apr 10 2017 - 02:08:36)

CPU:   Freescale i.MX6UL rev1.1 at 396 MHz
CPU:   Temperature 44 C
Reset cause: POR
Board: MX6UL 14x14 EVK
I2C:   ready
DRAM:  512 MiB
force_idle_bus: sda=0 scl=0 sda.gp=0x1d scl.gp=0x1c
NAND:  256 MiB
MMC:   FSL_SDHC: 0
Display: TFT43AB (480x272)
Video: 480x272x24
In:    serial
Out:   serial
Err:   serial
Net:   FEC1
Error: FEC1 address not set.

Normal Boot
Hit any key to stop autoboot:  0
run primary app
run bootargs_a
bootargs for room a

NAND read: device 0 offset 0x400000, size 0x800000
 8388608 bytes read: OK

NAND read: device 0 offset 0xe00000, size 0x100000
 1048576 bytes read: OK
Saving Environment to NAND...
Erasing NAND...
Erasing at 0x3e0000 -- 100% complete.
Writing to NAND... OK
Kernel image @ 0x80800000 [ 0x000000 - 0x4c1f38 ]
## Flattened Device Tree blob at 83000000
   Booting using the fdt blob at 0x83000000
   Using Device Tree in place at 83000000, end 8300a23c

Starting kernel ...

這是因為我們還沒有設定 MAC Address 的原因

只要設定了 MAC Address 後該 issue 便會消失

U-Boot 顯示細節如下


U-Boot 2015.04imx_v2015.04_4.1.15_1.2.0_ga+gede7538 (Apr 10 2017 - 02:08:36)

CPU:   Freescale i.MX6UL rev1.1 at 396 MHz
CPU:   Temperature 47 C
Reset cause: POR
Board: MX6UL 14x14 EVK
I2C:   ready
DRAM:  512 MiB
force_idle_bus: sda=0 scl=0 sda.gp=0x1d scl.gp=0x1c
NAND:  256 MiB
MMC:   FSL_SDHC: 0
Display: TFT43AB (480x272)
Video: 480x272x24
In:    serial
Out:   serial
Err:   serial
Net:   FEC1
Normal Boot
Hit any key to stop autoboot:  0
run primary app
run bootargs_b
bootargs for room b

NAND read: device 0 offset 0x8400000, size 0x800000
 8388608 bytes read: OK

NAND read: device 0 offset 0x8e00000, size 0x100000
 1048576 bytes read: OK
Saving Environment to NAND...
Erasing NAND...
Erasing at 0x3e0000 -- 100% complete.
Writing to NAND... OK
Kernel image @ 0x80800000 [ 0x000000 - 0x4c1f38 ]
## Flattened Device Tree blob at 83000000
   Booting using the fdt blob at 0x83000000
   Using Device Tree in place at 83000000, end 8300a23c

Starting kernel ...

如何設定 MAC Address 呢?

舉例: 您想要把 M300 的 MAC Address 設定成 00:01:02:03:04:05

如果您是在 U-Boot

setenv ethaddr 00:01:02:03:04:05
saveenv
reset

如果您是在 Linux 的 shell

fw_setenv ethaddr 00:01:02:03:04:05
reboot

先幫忙回一下吧

讓 M300 慢慢收斂

1010

參考上禮拜五 20170407_jeffrey

今天來 implement

1400

先整理一下目前所作的修改

先盤一下修改了那些

prosrc_0.1.bb
- 把這次的主角 ${S}/tools/firmware_patch.sh 搬到 image_types_proscend.bbclass 看的到的地方去
- 可由 bitbake prosrc -c install 單獨觸發作測試
image_types_proscend.bbclass
- 把 firmware_patch.sh 作加密
  - 把 firmware_patch.sh 加密成 firmware_patch.enc
- 把 rootfs 作加密
  - 把 rootfs.tar.bz2 加密成 rootfs.tar.bz2.enc
- 把 firmware 的副檔名從 tar 改成 img
FirmwareUpgrade.sh
- 把加密的 firmware_patch.enc 解開成 patch.sh 並執行它
- 把加密的 rootfs.tar.bz2.enc 解開成 rootfs.tar.bz2

新增的有

firmware_patch.sh

1430

來看一下細節

prosrc_0.1.bb
- 把這次的主角 ${S}/tools/firmware_patch.sh 搬到 image_types_proscend.bbclass 看的到的地方去
- 可由 bitbake prosrc -c install 單獨觸發作測試

diff --git a/meta-proscend/recipes-core/prosrc/prosrc_0.1.bb b/meta-proscend/recipes-core/prosrc/prosrc_0.1.bb
index 457d6a9..ddd9264
--- a/meta-proscend/recipes-core/prosrc/prosrc_0.1.bb
+++ b/meta-proscend/recipes-core/prosrc/prosrc_0.1.bb
@@ -168,6 +168,9 @@ do_install() {
     # The mcsv file will be used at generate_imx_nandflash() in image_types_proscend.bbclass
        cp ${D}/etc/mcsv ${DEPLOY_DIR_IMAGE}

+    # The firmware_patch.sh file will be used at generate_imx_nandflash() in image_types_proscend.bbclass
+       cp ${S}/tools/firmware_patch.sh ${DEPLOY_DIR_IMAGE}
+
 }

 do_install_append()  {

image_types_proscend.bbclass
- 把 firmware_patch.sh 作加密
  - 把 firmware_patch.sh 加密成 firmware_patch.enc
- 把 rootfs 作加密
  - 把 rootfs.tar.bz2 加密成 rootfs.tar.bz2.enc
- 把 firmware 的副檔名從 tar 改成 img

diff --git a/meta-proscend/classes/image_types_proscend.bbclass b/meta-proscend/classes/image_types_proscend.bbclass
index e524401..4e5a788 100644
--- a/meta-proscend/classes/image_types_proscend.bbclass
+++ b/meta-proscend/classes/image_types_proscend.bbclass
@@ -31,7 +31,7 @@ IMAGE_DEPENDS_nandflash = "parted-native:do_populate_sysroot \
                         virtual/kernel:do_deploy \
                         ${@d.getVar('IMAGE_BOOTLOADER', True) and d.getVar('IMAGE_BOOTLOADER', True) + ':do_deplo
y' or ''}"

-NANDFLASH= "${MACHINE}.tar"
+NANDFLASH= "${MACHINE}.img"

 NANDFLASH_GENERATION_COMMAND_mx6ul = "generate_imx_nandflash"

@@ -67,7 +67,10 @@ generate_imx_nandflash () {
         exit 1
     fi

-    cp ${NANDFLASH_ROOTFS} ${FIRMWARE_DIR}/${NANDFLASH_ROOTFS_NAME}
+    # Encrypt rootfs using triple DES in CBC mode with password(2wsx#EDC)
+    echo "Encrypt rootfs using triple DES in CBC mode with password(2wsx#EDC)"
+    openssl des3 -salt -in ${NANDFLASH_ROOTFS} -out ${FIRMWARE_DIR}/${NANDFLASH_ROOTFS_NAME}.enc -k 2wsx#EDC
+    #cp ${NANDFLASH_ROOTFS} ${FIRMWARE_DIR}/${NANDFLASH_ROOTFS_NAME}
     if [ $? != 0 ]; then
         bberror "NANDFLASH_ROOTFS is not found. To use nandflash image from Proscend it needs to be generated."
         exit 1
@@ -105,7 +108,20 @@ generate_imx_nandflash () {
     md5sum * > firmware.md5
     cd -

-    filename=$(date "+${MACHINE}_%Y%m%d%H%M%S.tar")
+    # Encrypt firmware_patch.sh file using triple DES in CBC mode with password(2wsx#EDC)
+    if [ -e "${DEPLOY_DIR_IMAGE}/firmware_patch.sh" ]
+    then
+        openssl des3 -salt -in ${DEPLOY_DIR_IMAGE}/firmware_patch.sh -out ${DEPLOY_DIR_IMAGE}/firmware_patch.enc
-k 2wsx#EDC
+        # Copy encryped firmware_patch.sh - firmware_patch.enc
+        cp ${DEPLOY_DIR_IMAGE}/firmware_patch.enc ${FIRMWARE_DIR}
+    else
+        bberror "firmware_patch.sh is not found. To use nandflash image from Proscend it needs to be generated."
+        exit 1
+    fi
+
+
+
+    filename=$(date "+${MACHINE}_%Y%m%d%H%M%S.img")
     cd ${DEPLOY_DIR_IMAGE}
     tar -cf ${filename} firmware
     ln -s ${filename} ${NANDFLASH}

FirmwareUpgrade.sh
- 把加密的 firmware_patch.enc 解開成 patch.sh 並執行它
- 把加密的 rootfs.tar.bz2.enc 解開成 rootfs.tar.bz2

diff --git a/proscend/prosrc/icos/script/FirmwareUpgrade.sh b/proscend/prosrc/icos/script/FirmwareUpgrade.sh
index 0d82481..40b7577 100755
--- a/proscend/prosrc/icos/script/FirmwareUpgrade.sh
+++ b/proscend/prosrc/icos/script/FirmwareUpgrade.sh
@@ -263,6 +263,31 @@ function burn_dtb {

+# Get rootfs from encrypted rootfs.tar.bz2.enc
+function get_rootfs {
+
+  log "\nGet rootfs from encrypted rootfs.tar.bz2.enc"
+  cd /tmp/firmware
+
+  if [ -e "rootfs.tar.bz2.enc" ]
+  then
+
+    log "rootfs.tar.bz2.enc exist, decrypt it to rootfs.tar.bz2"
+    log "decrypt rootfs.tar.bz2.enc"
+    openssl des3 -d -salt -in rootfs.tar.bz2.enc -out rootfs.tar.bz2 -k 2wsx#EDC
+    if [ $? != 0 ]; then
+      log "Error: decrypt rootfs.tar.bz2.enc failed"
+      progress_fail "Error: decrypt rootfs.tar.bz2.enc failed"
+      exit 1
+    fi
+
+  fi
+
+  cd -
+}
+
+
+
 # Burn the rootfs to NAND
 function burn_rootfs {
   log "\nBurn the rootfs to NAND..."
@@ -477,6 +502,38 @@ function replace_primary_app {

+# Addtional patch for firmware upgrade shell script
+function patch {
+
+  log "\nAddtional patch for firmware upgrade shell script"
+  cd /tmp/firmware
+
+  if [ -e "firmware_patch.enc" ]
+  then
+
+    log "firmware_patch.enc exist, decrypt it and execute it"
+    log "decrypt firmware_patch.en"
+    openssl des3 -d -salt -in firmware_patch.enc -out patch.sh -k 2wsx#EDC
+    if [ $? != 0 ]; then
+      log "Error: decrypt firmware_patch.enc failed"
+      progress_fail "Error: decrypt firmware_patch.enc failed"
+      exit 1
+    fi
+
+    patch.sh
+
+  else
+
+    log "firmware_patch.enc not exit, bypass addtional patch"
+    progress_status "firmware_patch.enc not exit, bypass addtional patch"
+
+  fi
+
+  cd -
+}
+
+
+
 # main function - entry point
 function main {
   log_init
@@ -486,9 +543,11 @@ function main {
   mcsv_check
   burn_kernel
   burn_dtb
+  get_rootfs
   burn_rootfs
   sync_config_mtd
   replace_primary_app
+  patch
   finish
 }

firmware_patch.sh

#!/bin/bash
# Addtional patch for firmware upgrade shell script

echo "Addtional patch for firmware upgrade shell script"

1500

這樣 build 出來的 firmware 會是 m300_20170411051535.img

骨子裡還是 tar

不過從 V1.2 板的 M300 透過 WEB 作 firmware upgrade 時雖然可以順利 upgrade

重開機時發現 Kernel panic

...

VFS: Mounted root (ubifs filesystem) readonly on device 0:13.
devtmpfs: error mounting -2
Freeing unused kernel memory: 384K (80830000 - 80890000)
Kernel panic - not syncing: No working init found.  Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.
---[ end Kernel panic - not syncing: No working init found.  Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.
random: nonblocking pool is initialized

哈哈... 因為我把 rootfs.tar.bz2 加密成 rootfs.tar.bz2.enc

V1.2 版根本沒有能裡解開

1515

整理一下

V1.2 - 之前
- 不具備解開加密的 rootfs 的能力
V1.3 - 目前
- FirmwareUpgrade.sh
  - 把加密的 firmware_patch.enc 解開成 patch.sh 並執行它
  - 把加密的 rootfs.tar.bz2.enc 解開成 rootfs.tar.bz2
V1.4 - 之後
- 新增 firmware_patch.sh
- prosrc_0.1.bb
  - 把這次的主角 ${S}/tools/firmware_patch.sh 搬到 image_types_proscend.bbclass 看的到的地方去
  - 可由 bitbake prosrc -c install 單獨觸發作測試
- image_types_proscend.bbclass
  - 把 firmware_patch.sh 作加密
    - 把 firmware_patch.sh 加密成 firmware_patch.enc
  - 把 rootfs 作加密
    - 把 rootfs.tar.bz2 加密成 rootfs.tar.bz2.enc
  - 把 firmware 的副檔名從 tar 改成 img

針對這禮拜要 release 的 V1.3

我要確保 FirmwareUpgrade.sh 被新增的兩項能力的正確性

把加密的 firmware_patch.enc 解開成 patch.sh 並執行它
把加密的 rootfs.tar.bz2.enc 解開成 rootfs.tar.bz2

1645

還好有作測試

目前 FirmwareUpgrade.sh 的 patch 如下

# Addtional patch for firmware upgrade shell script
function patch {

  log "\nAddtional patch for firmware upgrade shell script"
  cd /tmp/firmware 

  if [ -e "firmware_patch.enc" ]
  then

    log "firmware_patch.enc exist, decrypt it and execute it"
    log "decrypt firmware_patch.en"
    openssl des3 -d -salt -in firmware_patch.enc -out patch.sh -k 2wsx#EDC
    if [ $? != 0 ]; then
      log "Error: decrypt firmware_patch.enc failed"
      progress_fail "Error: decrypt firmware_patch.enc failed"
      exit 1
    fi

    patch.sh

  else

    log "firmware_patch.enc not exit, bypass addtional patch"
    progress_status "firmware_patch.enc not exit, bypass addtional patch"

  fi

  cd -
}

有兩個問題

利用 openssl des3 -d -salt -in firmware_patch.enc -out patch.sh -k 2wsx#EDC 解密

解密之後會得到 patch.sh 沒錯

但檔案屬性是 0644 而不是 0755

另外的問題是 patch.sh 並不會執行當下目錄的 patch.sh

要改成 ./patch.sh 才行

1710

些改後的 patch 如下

# Addtional patch for firmware upgrade shell script
function patch {

  log "\nAddtional patch for firmware upgrade shell script"
  cd /tmp/firmware

  if [ -e "firmware_patch.enc" ]
  then

    log "firmware_patch.enc exist, decrypt it and execute it"
    log "decrypt firmware_patch.en"
    openssl des3 -d -salt -in firmware_patch.enc -out patch.sh -k 2wsx#EDC
    if [ $? != 0 ]; then
      log "Error: decrypt firmware_patch.enc failed"
      progress_fail "Error: decrypt firmware_patch.enc failed"
      exit 1
    fi

    patch.sh

  else

    log "firmware_patch.enc not exit, bypass addtional patch"
    progress_status "firmware_patch.enc not exit, bypass addtional patch"

  fi

  cd -
}

上 code 吧

shit! 沒改到...

再改一次

# Addtional patch for firmware upgrade shell script
function patch {

  log "\nAddtional patch for firmware upgrade shell script"
  cd /tmp/firmware

  if [ -e "firmware_patch.enc" ]
  then

    log "firmware_patch.enc exist, decrypt it and execute it"
    log "decrypt firmware_patch.en"
    openssl des3 -d -salt -in firmware_patch.enc -out patch.sh -k 2wsx#EDC
    if [ $? != 0 ]; then
      log "Error: decrypt firmware_patch.enc failed"
      progress_fail "Error: decrypt firmware_patch.enc failed"
      exit 1
    fi

    chmod 755 ./patch.sh
    ./patch.sh

  else

    log "firmware_patch.enc not exit, bypass addtional patch"
    progress_status "firmware_patch.enc not exit, bypass addtional patch"

  fi

  cd -
}

上 code