I am building a trusted execution environment on IMX6Q with a Linux Yocto version in the untrusted processor mode. When I switch to non-secure for the first time after reset to load the linux kernel, I get flooded with data and prefetch abort exceptions after I jump to the kernels bootloader.It also seems like, that those exceptions occur as soon as the MMU is switched on.
Booting the Kernel without changing to non-secure state works fine.
Is it possible, that the control bits of the non-secure copy of the first-stage page tables are written with the NS-Bit cleared which causes the MMU to refuse any access to those regions ?
Where can I find the startup code that is setting up the page tables in the Yocto-BSP for IMX6Q ?
How can I debug the Linux Bootloader?
Is it possible to simply change source code of the bootloader in the build-directory of the BSP and rebuild the image?
Thanks in advance,
Paul
How can I debug the Linux Bootloader?
Yes, you can with beautiful printf/puts... BTW if you want to really debug with jtag in early stages of uboot you can refer to this NXP forum post
Is it possible to simply change source code of the bootloader in the build-directory of the BSP and rebuild the image?
You can easily work with the git directory of u-boot in your workbuild/tmp/work/.. dir
Modify what you need
compile it with bitbake -f -c compile u-boot-imx
Deploy it with bitbake -f -c deploy u-boot-imx
At the end your new u-boot will be placed in usual workbuild/tmp/deploy/images/...
Related
I want to make a bootable emergency USB-stick that automatically repartitions my system and unpacks a rootfs to the hard disk, installs the bootloader, etc.
I compiled my own kernel and created my own initrd with various scripts.
this works very well. only booting from an USB-stick causes problems when secureboot is active.
to work around the problem I took an official Ubuntu livecd and copied all the content like isolinux/ EFI/* and so on, I changed all grub-configuration-boot-entrys to my kernel and my initrd. So I think the bootloader should be secureboot capable.
i set the following parameters in grub.cfg and built a new iso:
set check_signatures=no
if secureboot is disabled, the system boots correctly.
if secureboot is active, the bootloader can be loaded. so the secureboot is done? but then the process aborts with the following error:
invalid signature: /boot/bzImage
although set check_signatures=no is set.
Does anyone have an idea?
Is there no other way than to sign my kernel and distribute the keys across all systems? - can I distribute the key via ssh without direct access to the hardware?
problem solved with signed-shim bootloader, free to download
i am trying to build a custom Linux kernel for the Intel nuc board.
first of all i have installed clearlinux(a Linux distribution) on bare metal. Im trying to install the custom Linux alongside the clearlinux by placing the kernel in /efi/boot and the added a entry in /efi/loader/entries . Im using systemd as my default boot loader.
Im getting kernel panic while im trying to boot the custom linux. The problem is i couldn't see the entire message in my console.
is there any way that i could load the message in to a file and viewenter code here or could add some options to the kernel parameters so that i can navigate through the entire kernel panic text
here is my kernel entry
title customoslinux
linux /EFI/custom/bzImage
options root=PARTUUID=0de21747-3184-47eb-a415-720247c9abc6 quiet console=tty0 console=ttyS0,115200n8 init=/usr/bin/initra-desktop
You may add "vga=ask" to your kernel commandline and before kernel start it will ask you for screen resolution. Just choose some big resolution and start the kernel.
Now a days debugging become so advanced that even 'core kernel source code' can be debugged using Virtual environment.
But after reading couple of blog related to Kernel Core development it was not clear whether they are debugging using Virtual environment.
They have mentioned that they rely on 'Printing message' rather than using debugging tool, at-least for core component.
So, I Request from 'Linux Kernel Experts' to let me know what is good practice followed while debugging Kernel?
I've tried multiple approaches when trying to debug the kernel.
Sometimes, the easiest way is to just add a few printk statements based on my own conditional values, monitor the serial log and see what's going on. Its especially useful when the function in question is invoked quite often, but you are interested only in a subset of those.
QEMU GDB debugging. I have a buildroot filesystem setup. This means the kernel is lean and it boots up real fast. I start qemu with the -s -S flags, and attach gdb as target remote :1234. Additionally, there aren't very many userspace processes in this setup so its easier to debug the kernel.
VMWare stub. Assuming you are running an Ubuntu VM, it is possible that you can attach gdb to a VMware stub and debug the kernel. Personally, I never have had to pursue this route, but I look forward to trying it out someday.
If you have a kernel for a device that gets stuck in a bootloop and it does not print out any debug information out onto serial, it still might be helpful to try and boot it up using QEMU. Sure, the booting up will probably fail as the kernel tries to load up drivers, but you should be able to attach gdb, get a stack trace and see what the root cause is(perhaps a recursive call).
EDIT: As stated in the comments, the question seems too broad to answer, so I'll leave the explanation of the problem and the questions, because they haven't changed, but I have changed the title (it doesn't seem good yet, but it's better than before) so they are more in tune.
What lead me to the question
I want to compile OpenWRT for my board. At the moment I am compiling it to a beagle bone black, and it's quite straight forward since there are tutorials available for that, but it got me thinking. How would I build it for a completely bare board? Like it or not BBB comes with u-boot and a version of linux (Amstrong if I'm not mistaken) so when I build OpenWRT for it maybe many things have already been taken care of for me.
I know that I need to first set up the board to boot from somehere, then it must have the bootloader and finally the kernel (there is the SPL and all that, but ok, let' leave it aside for now).
Hypothetical system
Let's imagine I have a hardware similar to the beaglebone, except it has a dipswitch connected to the boot pins in order to select from where I'm going to boot my device from. Imagine I have set it to boot from ethernet, which means that on startup a bootloader located in ROM will receive a binary file and store it in flash, all that via TFTP.
The questions
At this point I imagine that the binary file given via TFTP is the bootloader, am I right?
So after that I'd need to give the bootloader the kernel?
Does this mean that it is a 2 step process? First load the bootloader an dthen the kernel?
Is it possible to compile both at the same time and load it into the microprocessor?
Does OpenWRT build u-boot as well or do I need to compile it separately? I know it downloads the kernel and compiles it.
How would I build this for production? Imagining that I have to build u-boot and openwrt separately, would I create a script that compiles both and then does the entire process of downloading it into the microprocessor?
Is it possible to pre-configure the kernel so that it doesn't need to be configured after the code is downloaded? I mean, for example, compile it with initialization scripts instead of connecting to the device and configuring this. Is it possible or do I have to connect to the board and configure it manually?
PS: Sorry for such basic questions, but it's my first time compiling the kernel for real, and I've only worked with microcontrollers and RTOSs at most
Let's try to answer the queries one by one
At this point I imagine that the binary file given via TFTP is the bootloader, am I right?
No, It should be the firmware(kernel+HLOS). TFTP is available in uboot or only after SBL(Secondary boot loader) is loaded into memory.
So after that I'd need to give the bootloader the kernel?
bootloader needs to be present in the memory and if required it can get the firmware from ethernet, This can be simply done by changing the uboot env(bootcmd), can also be configured at compile time.
Does this mean that it is a 2 step process? First load the bootloader an dthen the kernel?
Yes, bootloader needs to be loaded earlier, but if you designing a custom board, you can combine the images in a big file and then flash/load that file at once.
Is it possible to compile both at the same time and load it into the microprocessor?
Does OpenWRT build u-boot as well or do I need to compile it separately? I know it downloads the kernel and compiles it.
Yes, Openwrt is very flexible and it compiling uboot, kernel, userspace package at once and create a desired image(based upon user configuration).
How would I build this for production? Imagining that I have to build u-boot and openwrt separately, would I create a script that compiles both and then does the entire process of downloading it into the microprocessor?
You can configure the openwrt to generate the appropriate image(based upon the flash and system requirement) and then flash that image in production(so, simple).
Is it possible to pre-configure the kernel so that it doesn't need to be configured after the code is downloaded? I mean, for example, compile it with initialization scripts instead of connecting to the device and configuring this. Is it possible or do I have to connect to the board and configure it manually?
Yes, use make kernel_menuconfig to configure the kernel parameter at compile time.
Hope, I have answered all the queries!!!
I am compiling my own Linux kernel and userland tools for a PXE environment meant for cloning and reimaging. Right now, I'm sticking to a specific kernel version and using preconfigured .config's for building the Linux kernel.
I need to change from using preconfigured .config's to automatically generating the default configuration for the specified architecture, and then enabling all ethernet, ATA, SATA, and SCSI drivers.
The reason I want to do this is:
Updating the kernel means updating the preconfigured .config's, which takes too much time to manually do. The way I'm doing it now is using menuconfig, enabling the options I need, and saving the resulting .config to my repository.
I know the kernel I'm building is missing some drivers because I've encountered some PC's that were not able to mount the NFS share because Linux could not find an ethernet device (which I've verified by booting an Ubuntu CD, which did find the ethernet device). I want an automated way of building any Linux kernel version that will guarantee that ALL drivers I need are pulled in.
Using a distribution's configuration pulls in too many unnecessary drivers and features for my purposes. It lengthens the kernel build time from 10-15 mintues to an hour or more, and the resulting image is too big.
Does anyone know how to write a Bash script to accomplish this?
Have you considered using a text editor to modify the .config file.
Then you can modify it using search and replace.
Plus, there are other choices for configuring the kernel than the menu-driven "menuconfig".