Long Term OLinuXino supply – How it works?

Screenshot from 2019-05-16 14-50-39

We got question from customer of ours: “We are using your A20-OLinuXino in our product and I’ve heard that you are going to stop the production soon, is this true?”

Most of our customers are industrial machine producers and they need long term supply from their vendors. They do certification for their machines which cost a lot and they can’t afford to spend more money every year because the Linux module is not produced or changed. We already wrote several post on our blog that we supply our boards until there is demand for them and that we have long term supply agreement with Allwinner, but some people spread rumors and I have to write it and make it clear again: We will produce OLinuXino boards until there is demand. It’s even included in our GTC.

When back in 2014 I posted that we can supply OLinuXino forever many people were skeptical (well yes it is exaggerated 🙂 ) and wrote back – do not believe Chinese suppliers, they will let you down etc. etc.

Allwinner though is keeping their promise and we can buy all Allwinner SOCs we use without problem. Our volumes allow us to meet their MOQ.

For instance A13 SOC is very old and Allwinner discontinued it several years ago, it’s even not listed on their web as product, but we still keep buying it and producing A13 boards for our customers. We have also many customers which used our boards as template to make their own variants and now we supply them with A13 SOCs so they keep manufacturing them. You will not find A13 for sale anywhere even in China, but we are expecting next lot of 90Kpcs A13 to come from Allwinner in few weeks. Yes we have to order such quantities as Allwinner need 3 month to produce the SOCs from the order to shipment.

Many customers ask can you guarantee 10-15-20 years of supply? I doubt anyone in industry can see so long ahead. Allwinner is young company, founded September 2007, i.e. less 12 years old. Who knows what they will do after 20 years? We see that Western companies with much more history change owners every year and no one knows what the new owner will decide to do, so no one can give you 10-20 years prediction or will simply intentionally or unintentionally mislead you.

For A13 and A20 this agreement works well last 7 years. Both we at Olimex and Allwinner has no reason stop production, which brings money to both of us. We got visit from Allwinner sales manager in March this year and he said that they never though they can sell A13 and A20 for so long time. Most of other SOCs they sell target consumer market where lifetime is 1-2 years top.

Linux and Open Source Hardware works well for them and prolong their sales.

SC1000 Open Source Pocket size Portable Scratch Digital instrument you can build by yourself and impress your friends

[rasteri] released small pocket size digital scratch instrument and the video above explains how to assembly one. A13-SOM256 is used inside with small PIC to sense the rotating plate position and potentiometers.

Looks like a fun project! We are very tempted to build one for ourselves 🙂

How secure are Allwinner SOC we use in our OLinuXino boards?

spyware

From time to time customers ask us:

You are using Chinese SOCs. I’ve heard that Chinese government forces all Chinese vendors to place back-doors in their SOCs which to spy on you. Can you guarantee that your Linux boards have no back doors to spy on us”

I already posted about Linux-Sunxi community, which develops the Allwinner SOC mainline Linux support. What I forgot to mention is that most of the SOC features and tuning they do is done almost without any official help or documentation from Allwinner and based mostly on tips from Allwinner employees and reverse engineering.

I do remember A20 CAN module was not mention at all as existent in Allwinner datasheets at the beginning and Linux-Sunxi developers found it while hacking the chip.

So I will have to disappoint people, who believe in such myths that no, A20 chips are for quite some time now and there is nothing hidden inside, even the Boot ROM which resides in the SOC internal ROM code and is executed first is disassembled and known code.

This for sure do not give any warranty that these SOCs are bug free and that someone latter may not find and exploit some bugs (I already wrote about the level of the SOC software developers in my previous post) and to create back door to install malware or spyware, but this is not done intentional and IMO above the capacity of the software developers working in the SOC vendors.

I still do remember Allwinner released few years ago SDK where they were forgotten to remove the debug flags and if you send message “rootmydevice” to /proc/sunxi_debug/sunxi_debug, you get root privileges, but was this intentional and forced by Chinese government? I doubt so.

We build our Linux Images from Armbian project sources using their repositories and our images has MD5, so if you load our Linux Images and use in our boards we are sure there are no back doors. I know the guys who are behind Armbian project and I can guarantee they do not work for the Chinese government.

Now you can say if you found undocumented CAN inside the SOC, there may be other undocumented modules as well which to spy on us. Yes, this is possible, but even if there are such hidden resources the software we run on the SOC does not take advantage of them and activate them, you can always monitor your USB/LAN etc traffic packets and see what information go outside the chip and so far for the last 6 years A20 is existent no one ever has detected such suspicious traffic.

Linux Users Group Bulgaria annual meeting is April 6th in Plovdiv

LUGBG_1

Linux Users Group is annual meeting of people who use and develop with Linux in Bulgaria. The LUG-BG meeting this year is on 6th of April in Plovdiv. The web page of the meeting is here.

I signed for discussion about how to make one ARM Linux system tamper proof.

This is topic which is very interesting for all our OLinuXino customers. OLinuXino is used in many industrial product and machines and the designers want to be sure that no one except them can change the Linux image as these machines pass safety approvals etc and any intervention in the code is illegal.

The Allwinner SoCs do have TrustZone support and also crypto hardware to support a secure boot path for it, but parts of the ARM TrustZone specifications is under NDA and no one has seen it. The secure boot paths are also undocumented. Last time I attempt to receive any useful information about this I got reply: A20 is 5 years old processor and we do not offer technical support for the old processors, when I asked them for info how TrustZone and Secure boot is implemented in their newer processors I didn’t got any reply. My guess is this is something licensed from ARM which they never used so can’t support.

Currently all Allwinner SOC boot without using TrustZone and Secure boot path, they has so caller BROM a small code located in SOC ROM, which initializes the memory and processor registers with some safe values then try to boot from different peripherals. If UBOOT GPIO is held low they enter FEL mode where you can type some commands and load code via USB, else they try to boot from SD-CARD, if fails then try -> internal NAND Flash if fails then try -> SD-CARD2/eMMC, if fails then try -> SPI Flash, if all fails it go in FEL mode.

This is done intentionally so you can never brick your board if internal NAND or EMMC or SPI Flash get corrupted you can always boot from SD-card or USB and replace the image. This of course is big security hole, as anyone with physical access to your board can always replace your images with his own.

The TrustZone and Secure boot path solve this issue, but no one has documentation how this is done on Allwinner SOCs.

I hope to get some interesting ideas how this could be solved, one radical approach is to remove physically the SD-card connectors 🙂

A64-OLinuXino got mainline Linux Kernel 5.0 images

Linux-Kernel-5-featured

Linux kernel 5.0 was just released and as we were working this week to the release of mainline Linux image for A64-OLinuXino (as till now it has the ugly android based 3.10 kernel) we decided to release latest kernel.

The images are available on our FTP.

There are two images Debian headless or Ubuntu desktop.

Known issues with these images:

  • LCDs are not supported yet, HDMI output is only available, we need one more week to figure out how to automatically detect if the Ethernet or LCD are enabled (there is jumper on the board which switch between LCD or Ethernet as both share pins and can’t work together). So to make the DTS configurations  automatic at boot time.
  • eMMC do not work in the fastest possible mode yet. We need some time, right now 50MB/s is the max speed to read write instead of 100-200MB/s which the installed eMMC supports, we will update the image soon with HS200/400 modes enabled.
  • No CPU thermal. A64 has 3 thermal zones – CPU, GPU0 and GPU1. The driver doesn’t support monitoring them.

How to build the images is explained here.

Mainline Linux Kernel 5.0 images for A13, A20 and A33 OLinuXino and SOMs is in progress.

openSUSE leap 15 on the TERES-I

images

Torsten Duwe send us note that he is working on openSUSE Leap 15 image for TERES-I which is at same state like the Armbian image.

For these who are interested they can follow the progress here.

TERES-I Open Source Hardware Laptop has new experimental Armbian Mainline Linux image for download

TERES

We uploaded few days ago Armbian experimental mainline linux image for TERES-I on our ftp.

There are still few known issues which we work on, but we wanted to upload this experimental image so other people can start playing with.

What is new?

  • eMMC now run x3 times faster which improves the overall user experience.
  • OpenGL with LIMA

Known issues:

  • Automatically turns on upon applying power via the PWR_JACK, we need time to patch mainline uboot
  • No sleep or suspend, WIP.
  • Bluetooth not working out-of-the-box – fixed in Olimex release if you install the package
    ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres-bluetooth_0.2-1_arm64_armbian.deb
    with command:

    dpkg -i teres-bluetooth_0.2-1_arm64_armbian.deb

  • Keyboard LEDs not working – fixed in Olimex release – install the package

    ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres1-ledctrl_0.1-1_armbian_arm64.deb

    with command:

    dpkg -i teres1-ledctrl_0.1-1_armbian_arm64.deb

  • The LCD brightness is low by default (20%) – fixed in Olimex release – to increase it type in the console

    echo 9 > /sys/class/backlight/backlight/brightness

  • no video player acceleration, to be fixed in the next release planned for 22.02.2019

 

Previous Older Entries