Linux Users Group Bulgaria annual meeting is April 6th in Plovdiv

Linux Users Group is annual meeting of people who use and develop with Linux in Bulgaria. The LUG-BG meeting this year is on 6th of April in Plovdiv. The web page of the meeting is here.

I signed for discussion about how to make one ARM Linux system tamper proof.

This is topic which is very interesting for all our OLinuXino customers. OLinuXino is used in many industrial product and machines and the designers want to be sure that no one except them can change the Linux image as these machines pass safety approvals etc and any intervention in the code is illegal.

The Allwinner SoCs do have TrustZone support and also crypto hardware to support a secure boot path for it, but parts of the ARM TrustZone specifications is under NDA and no one has seen it. The secure boot paths are also undocumented. Last time I attempt to receive any useful information about this I got reply: A20 is 5 years old processor and we do not offer technical support for the old processors, when I asked them for info how TrustZone and Secure boot is implemented in their newer processors I didn’t got any reply. My guess is this is something licensed from ARM which they never used so can’t support.

Currently all Allwinner SOC boot without using TrustZone and Secure boot path, they has so caller BROM a small code located in SOC ROM, which initializes the memory and processor registers with some safe values then try to boot from different peripherals. If UBOOT GPIO is held low they enter FEL mode where you can type some commands and load code via USB, else they try to boot from SD-CARD, if fails then try -> internal NAND Flash if fails then try -> SD-CARD2/eMMC, if fails then try -> SPI Flash, if all fails it go in FEL mode.

This is done intentionally so you can never brick your board if internal NAND or EMMC or SPI Flash get corrupted you can always boot from SD-card or USB and replace the image. This of course is big security hole, as anyone with physical access to your board can always replace your images with his own.

The TrustZone and Secure boot path solve this issue, but no one has documentation how this is done on Allwinner SOCs.

I hope to get some interesting ideas how this could be solved, one radical approach is to remove physically the SD-card connectors 🙂

A64-OLinuXino got mainline Linux Kernel 5.0 images

Linux kernel 5.0 was just released and as we were working this week to the release of mainline Linux image for A64-OLinuXino (as till now it has the ugly android based 3.10 kernel) we decided to release latest kernel.

The images are available on our FTP.

There are two images Debian headless or Ubuntu desktop.

Known issues with these images:

• LCDs are not supported yet, HDMI output is only available, we need one more week to figure out how to automatically detect if the Ethernet or LCD are enabled (there is jumper on the board which switch between LCD or Ethernet as both share pins and can’t work together). So to make the DTS configurations  automatic at boot time.
• eMMC do not work in the fastest possible mode yet. We need some time, right now 50MB/s is the max speed to read write instead of 100-200MB/s which the installed eMMC supports, we will update the image soon with HS200/400 modes enabled.
• No CPU thermal. A64 has 3 thermal zones – CPU, GPU0 and GPU1. The driver doesn’t support monitoring them.

How to build the images is explained here.

Mainline Linux Kernel 5.0 images for A13, A20 and A33 OLinuXino and SOMs is in progress.

How to use A20 CAN interface with the A20 universal Armbian image for OLinuXino

To use A20 CAN interface you need A20-OLinuXino board and A20-CAN board.

Then you have to install the armbian A20 CAN overlay:

• Download the dts file from:
  https://github.com/armbian/sunxi-DT-overlays/blob/master/sun7i-a20/sun7i-a20-can.dts
• Backup your SD card where the Linux image for OLinuXino is.
• Copy to the SD card the downloaded file.
• Insert the SD card into you A20-Olinuxino.
• Power on the board and after boot enter following command:

 

$ sudo armbian-add-overlay <path_to_the_dts_file>

 

• connect A20-CAN to your OLinuXino and reboot.

You can see if CAN is available now:

$ ifconfig -a

   can0     Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
            NOARP MTU:16 Metric:1
            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:10
            RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
            Interrupt:51

 

To use CAN interface you can install can-utils and setup the CAN interface:

$ sudo apt-get install can-utils 
$ ip link set can0 down
$ ip link set can0 type can bitrate 100000 triple-sampling on loopback off
$ ip link set can0 up

 

Now conect A20-CAN to the CAN network two wire interface.

To send a packet over CAN use :

cansend <can_interface> <packet>

 

For instance:

$ cansend can0 5AA#10.10.10

 

To sniff for CAN network messages you can use candump :

$ candump can0

 

Now you can log your car CAN networking messages and interpret them. There is plenty of info on the web about the different CAN messages which are exchanged on car CAN bus.

TERES-I Open Source Hardware Laptop has new experimental Armbian Mainline Linux image for download

We uploaded few days ago Armbian experimental mainline linux image for TERES-I on our ftp.

There are still few known issues which we work on, but we wanted to upload this experimental image so other people can start playing with.

What is new?

• eMMC now run x3 times faster which improves the overall user experience.
• OpenGL with LIMA

Known issues:

• Automatically turns on upon applying power via the PWR_JACK, we need time to patch mainline uboot
• No sleep or suspend, WIP.
• Bluetooth not working out-of-the-box – fixed in Olimex release if you install the package
  ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres-bluetooth_0.2-1_arm64_armbian.deb
  with command:

  dpkg -i teres-bluetooth_0.2-1_arm64_armbian.deb

• Keyboard LEDs not working – fixed in Olimex release – install the package

  ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres1-ledctrl_0.1-1_armbian_arm64.deb

  with command:

  dpkg -i teres1-ledctrl_0.1-1_armbian_arm64.deb

• The LCD brightness is low by default (20%) – fixed in Olimex release – to increase it type in the console

  echo 9 > /sys/class/backlight/backlight/brightness

• no video player acceleration, to be fixed in the next release planned for 22.02.2019

 

FOSDEM 2019 is this weekend in Bruxelles

FOSDEM the biggest FOSS/OSHW event in Europe is this weekend in Universite Libre de Bruxelles

FOSDEM traditionally starts Friday evening in Delirium Cafe.

With 47 devrooms, 7 main tracks, Keynotes and Lighting talks everyone can find group with his interest.

Olimex will present our new IoT developments with KiCAD at CAD and Open hardware devroom in Sunday.

If you want to meet and talk please send email to info@olimex.com, we will be in Delirium Cafe this evening and at ULB in the weekend.

Working with A20 OLinuXino or SOM GPIOs when using new Armbian based A20 universal Linux image

A20 GPIO ports are 32 bit registers listed in alphabetical order PA, PB, PC, PD, PE, PF, PG, PH, PI.

In Armbian GPIO ports are numbered from 0 to 287 corresponding from PA0 to PI31.

The GPIO number is calculating using this formula:

gpioNumber = (Port Letter - 'A') * 32 + pinNumber

 

For instance GREEN STATUS LED on A20-OLinuXino-LIME2 is connected to port PH2. This will correspond to GPIO number:

('H'-'A' = 7) * 32 + 2 = 226

 

All GPIO operations in shell should be made as super user. First we have to register the gpio in the Linux Kernel with this command:

sudo echo 226 > /sys/class/gpio/export

 

to check if we did registered this gpio successfully we use ls command:

sudo ls /sys/class/gpio

 

If you did everything correctly you will see gpio226 listed.

Then you have to specify what will be this GPIO input or output. This is done with writing “in” or “out” in gpioxx direction directory. In this case we want to drive the STATUS LED so we have to make it output:

sudo echo out > /sys/class/gpio/gpio226/direction

 

Once we set the GPIO as output we can write 1 or 0 to it’s value and this will make GPIO port to supply 3.3V when 1 is written or 0V when 0 is written.

To switch the LED on we have to write 1:

sudo echo 1 > /sys/class/gpio/gpio226/value

 

Yay the green LED is now lighting. If we want to switch it off we have to write 0:

sudo echo 0 > /sys/class/gpio/gpio226/value

 

To read the GPIO state it has to be set as input first with the command:

sudo echo in > /sys/class/gpio/gpioXXX/direction

 

where XXX is GPIO port number calculated as described above. Then to read the GPIO state you use this command:

sudo cat /sys/class/gpio/gpioXXX/value

the result will be 0 if the GPIO voltage is between 0.0-1.0V and 1 if the voltage is between 2.3-3.3V. If the voltage on the GPIO is between 1.0 and 2.3V the attempt to read will return randomly value 0 or 1.

Be careful when playing with the GPIO ports, some of them are wired to important peripherials like LCD, Ethernet, USB, SATA etc and writing bad values may break the functionality or even damage the board. Test your knowledge on GPIOs which are not connected to anything is best approach.

We are prepare now new version of PyA20 Python module which will add access to GPIO, SPI, I2C, Serial resources of A20 directly from Python code to work with the new universal A20 Armbian Linux image.

EDIT 2019-01-25 14:24:

We got question how fast is the access to the GPIOs via shell. Sure it’s not fast and made just for slow processes like switching on and off relays, or polling status of buttons or sensors which do not change often their state. Running this code below:

nano toggle_led_lime2.sh

 

Enter inside the file this code:

#!/bin/bash
# the lime2 led is PH2 - 32*(8-1) + 2 = 226

echo 226 > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio226/direction
while [ 1 -eq 1 ]
do
echo 1 > /sys/class/gpio/gpio226/value
echo 0 > /sys/class/gpio/gpio226/value
done

 

Save and exit, then make executable and run

chmod +x toggle_led_lime2.sh
./toggle_led_lime2.sh

 

We can see square wave with oscilloscope on PH2 with frequency between 3 and 4 kHz. i.e. pulses with high state 125-150uS and low state 125-150uS.

Shell is slow, if we write same code in C:

#include <stdio.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>

#define PH2        226    // (32 * 7) + 2
#define GPIO_PATH  "/sys/class/gpio/gpio226/value"

int main() {
    int ret;
    int fd;

    fd = open(GPIO_PATH, O_RDWR);
    if (fd < 0)
        return errno;

    while(1) {
        ret = write(fd, "1", 1);
        ret = write(fd, "0", 1);
    }

    return 0;
}

 

The new code produces square wave with 2.13 us high and low state i.e. approx 235 kHz or about 50 times faster than access via shell.

A20-OLinuXino universal image updated – now supporting our new boards with SPI+eMMC

We just uploaded new A20-OLinuXino universal image at our FTP.

With this image we add support for the new OLinuXino boards with eMMC+SPI.

Few things need some more attention and will be fixed in new image next week: boot from SPI with rootFS on HDD or USB Flash. The new LCD-15.6 eDP display also doesn’t like the new kernel and drivers, but will be fixed too. These are explained in the ISSUES.txt.

The new image also support our new 5″, 7″ and 10″ capacitive touch displays (not on our web for sale yet as still testing) automatically i.e. plug and play and no need to run display script, each time at boot it recognizes the connected display and configure the drivers.

All other peripherals and devices are tested to work with: A20-OLinuXino-LIME, A20-OLinuXino-LIME2, A20-OLinuXino-MICRO, A20-SOM and A20-SOM204.