Long Term OLinuXino supply – How it works?

We got question from customer of ours: “We are using your A20-OLinuXino in our product and I’ve heard that you are going to stop the production soon, is this true?”

Most of our customers are industrial machine producers and they need long term supply from their vendors. They do certification for their machines which cost a lot and they can’t afford to spend more money every year because the Linux module is not produced or changed. We already wrote several post on our blog that we supply our boards until there is demand for them and that we have long term supply agreement with Allwinner, but some people spread rumors and I have to write it and make it clear again: We will produce OLinuXino boards until there is demand. It’s even included in our GTC.

When back in 2014 I posted that we can supply OLinuXino forever many people were skeptical (well yes it is exaggerated 🙂 ) and wrote back – do not believe Chinese suppliers, they will let you down etc. etc.

Allwinner though is keeping their promise and we can buy all Allwinner SOCs we use without problem. Our volumes allow us to meet their MOQ.

For instance A13 SOC is very old and Allwinner discontinued it several years ago, it’s even not listed on their web as product, but we still keep buying it and producing A13 boards for our customers. We have also many customers which used our boards as template to make their own variants and now we supply them with A13 SOCs so they keep manufacturing them. You will not find A13 for sale anywhere even in China, but we are expecting next lot of 90Kpcs A13 to come from Allwinner in few weeks. Yes we have to order such quantities as Allwinner need 3 month to produce the SOCs from the order to shipment.

Many customers ask can you guarantee 10-15-20 years of supply? I doubt anyone in industry can see so long ahead. Allwinner is young company, founded September 2007, i.e. less 12 years old. Who knows what they will do after 20 years? We see that Western companies with much more history change owners every year and no one knows what the new owner will decide to do, so no one can give you 10-20 years prediction or will simply intentionally or unintentionally mislead you.

For A13 and A20 this agreement works well last 7 years. Both we at Olimex and Allwinner has no reason stop production, which brings money to both of us. We got visit from Allwinner sales manager in March this year and he said that they never though they can sell A13 and A20 for so long time. Most of other SOCs they sell target consumer market where lifetime is 1-2 years top.

Linux and Open Source Hardware works well for them and prolong their sales.

SC1000 Open Source Pocket size Portable Scratch Digital instrument you can build by yourself and impress your friends

[rasteri] released small pocket size digital scratch instrument and the video above explains how to assembly one. A13-SOM256 is used inside with small PIC to sense the rotating plate position and potentiometers.

Looks like a fun project! We are very tempted to build one for ourselves 🙂

How secure are Allwinner SOC we use in our OLinuXino boards?

From time to time customers ask us:

You are using Chinese SOCs. I’ve heard that Chinese government forces all Chinese vendors to place back-doors in their SOCs which to spy on you. Can you guarantee that your Linux boards have no back doors to spy on us”

I already posted about Linux-Sunxi community, which develops the Allwinner SOC mainline Linux support. What I forgot to mention is that most of the SOC features and tuning they do is done almost without any official help or documentation from Allwinner and based mostly on tips from Allwinner employees and reverse engineering.

I do remember A20 CAN module was not mention at all as existent in Allwinner datasheets at the beginning and Linux-Sunxi developers found it while hacking the chip.

So I will have to disappoint people, who believe in such myths that no, A20 chips are for quite some time now and there is nothing hidden inside, even the Boot ROM which resides in the SOC internal ROM code and is executed first is disassembled and known code.

This for sure do not give any warranty that these SOCs are bug free and that someone latter may not find and exploit some bugs (I already wrote about the level of the SOC software developers in my previous post) and to create back door to install malware or spyware, but this is not done intentional and IMO above the capacity of the software developers working in the SOC vendors.

I still do remember Allwinner released few years ago SDK where they were forgotten to remove the debug flags and if you send message “rootmydevice” to /proc/sunxi_debug/sunxi_debug, you get root privileges, but was this intentional and forced by Chinese government? I doubt so.

We build our Linux Images from Armbian project sources using their repositories and our images has MD5, so if you load our Linux Images and use in our boards we are sure there are no back doors. I know the guys who are behind Armbian project and I can guarantee they do not work for the Chinese government.

Now you can say if you found undocumented CAN inside the SOC, there may be other undocumented modules as well which to spy on us. Yes, this is possible, but even if there are such hidden resources the software we run on the SOC does not take advantage of them and activate them, you can always monitor your USB/LAN etc traffic packets and see what information go outside the chip and so far for the last 6 years A20 is existent no one ever has detected such suspicious traffic.

Why we have so many OLinuXino Linux SBC with Allwinner SOCs

Many people ask us why we do OSHW boards with Allwinner SOCs and ignore other vendors. Allwinner do not do the best SOCs on the Chinese makers. Their software support is mostly about Android and are with proven GPL violations records.

The reason is simple – because the Linux-Sunxi community is the biggest and most friendly and if there is problem you have place where to ask for help or advice.

Most of the Allwinner SOC Linux mainlining work is not done by Allwinner software engineers but Linux-Sunxi community.

We want our boards to run Linux, and when we say Linux we mean mainline, not Linux 2.6 (what was the Freescale official iMX2XX, where all decent kernel work is also done by the community) neither Linux 3.X with patched Android kernels and binary blobs which usually all Chinese vendors provide.

This is why we are not interested to do something on these new SOCs which pop every 6 month and basically has nothing to offer differently as software support. We wait and release our boards when there is proper Linux support which we test or do not consider to waste our time on them.

Linux-Sunxi community was created naturally around 7 years ago after Luke Kenneth Casson Leighton rised a lot of noise for the new and cheap Allwinner A10 processor and later Tom Cubie (ex-employee of Allwinner) start to deliver some A10 based TV boxes to interested developers and revealed some inside “secrets” to the people who were gathered around the “ARM netbook project” which LKCL never delivered, but this is another story. At some point the developers just separated and formed what we know now as Linux-Sunxi. Since then Linux-Sunxi community is growing and is very active compared to all other SOCs communities and many talented Linux developers are contributing on daily basis. The Linux-Sunxi Allwinner SOCs mainlining efforts are here.

Unfortunately SOC vendors never have been good at writing software. This is expected as they are hardware vendors after all and their focus is the silicon. My guess is that they do want to offer good support, but they just have no idea how to do it. They can’t attract quality developers and lot of their developers leave after working year or two, leaving messy code to the next who comes.

Their management usually do not fully understand how important open source software support is for the longevity success of their silicon.

A20 for instance is SOC which is selling well for more than 6 years, Allwinner has no other processor which sells so well, why is this? Because there is mainline Linux support and because our OSHW reference designs which thousands of people use to make their own hardware.

So Open Source Software and Hardware create business for them, but I guess this is something they didn’t analyzed well. No one uses A20 with Android now (as the official A20 Android version is obsolete 4.2.2 and there are no updates since the chip release), but Linux help them to sell for years.

Linux-Sunxi developers do code mostly for hobby and fun in their free time. The result is that there are no deadlines to deliver code and when the code is delivered it’s good one. So good that Allwinner re-use it their own repositories instead the code of their own engineers.

A recent single line patch which triples the A20 SATA write speed just proves that the code done by the community is better than this one released by the SOC vendors.

With A10/A20 SATA the Allwinner developers delivered very poor code, which crippled the performance of their SATA controller and everyone believed that it’s so lame because this is poorly done at hardware level. It appears single value change in SATA DMA register triples the speed of the SATA write. Allwinner is supposed to know best their processors then why they do such lame initialization mistakes? My guess is lack of documentation and coordination between the different teams inside the company. They do not document well their silicone and other departments don’t know what what is doing.

Rockchip which 7 years ago was about the same level as Allwinner for software support has been pushed by Google as they use some of their chips in Chromebooks. So Rockchip is forced by Google to submit Linux upstream drivers support and patches, which is great., but what they produce is far from the best quality. For instance Recent GitHub repository I check contains Windows app to generate public and private keys used to encrypt their secure boot Linux images 🙂 I have just to guess which genius decide this approach, but it speaks well about what kind of decisions are taken in these companies.

EDIT: Jon is right Rockchip did it good, the windows apps to generate keys and encrypt images were in Allwinner SDK 🙂

 

FreedomBox – your private Box of Freedom for Decentralizing the Internet and keeping your privacy away from the Big Brother

We are pleased to announce that Pioneer-FreedomBox Home Server Kit is now in stock.

You can read more about how FreedomBox free open source software project started in the FreedomBox Foundation press release.

FroodomBox software is developing 8 years and got lot of coverage in USA, India, Russia:

• SoftwareFreedom.org
• New York Times
• Wall Street Journal
• India Times
• Novaya Gazeta 2011
• Novaya Gazeta 2019

Olimex’s OLinuXino Open Source Hardware Linux Single Board Computers are natural match for FreedomBox Free Open Source Software.

We are very proud that we have been selected by FreedomBox Foundation for Hardware manufacturing partner of Pioneer-FreedomBox Home Server Kit.

What makes OLinuXino LIME2 good platform for Home Server Kit is:

• The Low Power ARM Dual core Cortex-A7 processor running blob free mainline Linux;
• Native SATA interface for connecting external SATA HDDs with power supply backup;
• LiPo battery UPS power backup supply with Power Management Unit and Stepp Up convertors which allow Pioneer-FreedomBox-HSK to run 4-5 hours on battery;
• Metal enclosure;
• power supply adapter with plug adapters for EU, US, UK power supply sockets;
• 32GB micro SD-card for file storage;

What do you get with FreedomBox is:

• Tor browser
• Private encrypted file sharing
• Private encrypted chat
• Peer to Peer file sharing
• Voice chat
• Web proxy
• Virtual Private Network
• IRC client
• Private Calendar and Address book
• File synchronization
• Distributed File Storage
• Your own hosted Wiki and Blog

All these features are made configurable with simple mouse click:

 

Linux Users Group Bulgaria annual meeting is April 6th in Plovdiv

Linux Users Group is annual meeting of people who use and develop with Linux in Bulgaria. The LUG-BG meeting this year is on 6th of April in Plovdiv. The web page of the meeting is here.

I signed for discussion about how to make one ARM Linux system tamper proof.

This is topic which is very interesting for all our OLinuXino customers. OLinuXino is used in many industrial product and machines and the designers want to be sure that no one except them can change the Linux image as these machines pass safety approvals etc and any intervention in the code is illegal.

The Allwinner SoCs do have TrustZone support and also crypto hardware to support a secure boot path for it, but parts of the ARM TrustZone specifications is under NDA and no one has seen it. The secure boot paths are also undocumented. Last time I attempt to receive any useful information about this I got reply: A20 is 5 years old processor and we do not offer technical support for the old processors, when I asked them for info how TrustZone and Secure boot is implemented in their newer processors I didn’t got any reply. My guess is this is something licensed from ARM which they never used so can’t support.

Currently all Allwinner SOC boot without using TrustZone and Secure boot path, they has so caller BROM a small code located in SOC ROM, which initializes the memory and processor registers with some safe values then try to boot from different peripherals. If UBOOT GPIO is held low they enter FEL mode where you can type some commands and load code via USB, else they try to boot from SD-CARD, if fails then try -> internal NAND Flash if fails then try -> SD-CARD2/eMMC, if fails then try -> SPI Flash, if all fails it go in FEL mode.

This is done intentionally so you can never brick your board if internal NAND or EMMC or SPI Flash get corrupted you can always boot from SD-card or USB and replace the image. This of course is big security hole, as anyone with physical access to your board can always replace your images with his own.

The TrustZone and Secure boot path solve this issue, but no one has documentation how this is done on Allwinner SOCs.

I hope to get some interesting ideas how this could be solved, one radical approach is to remove physically the SD-card connectors 🙂

A64-OLinuXino got mainline Linux Kernel 5.0 images

Linux kernel 5.0 was just released and as we were working this week to the release of mainline Linux image for A64-OLinuXino (as till now it has the ugly android based 3.10 kernel) we decided to release latest kernel.

The images are available on our FTP.

There are two images Debian headless or Ubuntu desktop.

Known issues with these images:

• LCDs are not supported yet, HDMI output is only available, we need one more week to figure out how to automatically detect if the Ethernet or LCD are enabled (there is jumper on the board which switch between LCD or Ethernet as both share pins and can’t work together). So to make the DTS configurations  automatic at boot time.
• eMMC do not work in the fastest possible mode yet. We need some time, right now 50MB/s is the max speed to read write instead of 100-200MB/s which the installed eMMC supports, we will update the image soon with HS200/400 modes enabled.
• No CPU thermal. A64 has 3 thermal zones – CPU, GPU0 and GPU1. The driver doesn’t support monitoring them.

How to build the images is explained here.

Mainline Linux Kernel 5.0 images for A13, A20 and A33 OLinuXino and SOMs is in progress.