I game, I code, I break things
Technical, constructive, fun.
Menu

Running Debian on the Atmel SAMA5D3 Board April 24, 2014

So when I wanted to build a version of Linux for the SAMA5D3 board that wasn’t Yocto or a demonstration image, then I started to struggle to find solutions.

Then I happened upon Robert Nelson’s guide on EEWiki. However, I found that it was not as straightforward as I had hoped. A few instructions were confusing and out of order with one another.

Here I present the steps I took to have Debian working on the SAMA5D3, some are the same, others are importantly different. I also have a .IMG of the SD Card I created available.

I set this up using a laptop with Debian Linux installed; I imagine it doesn’t matter which version of Linux you have; you could probably use Cygwin on windows.

You will need:

  • An SD card (I tend to work with at least a Class 6, 8gByte)
  • An Atmel SAMA5D3 board
  • A computer with Linux (unless you’re able to translate the steps to Windows, feel free) with an internet connection
  • A Serial debug cable
  • Open up a terminal, create a directory to work in and run the following commands to grab Linaro, the ARM cross compiler:

    wget -c https://releases.linaro.org/14.03/components/toolchain/binaries/gcc-linaro-arm-linux-gnueabihf-4.8-2014.03_linux.tar.xz
    tar xf gcc-linaro-arm-linux-gnueabihf-4.8-2014.03_linux.tar.xz
    export CC=`pwd`/gcc-linaro-arm-linux-gnueabihf-4.8-2014.03_linux/bin/arm-linux-gnueabihf-

    Then test the version of gcc:

    ${CC}gcc – version

    Which should output something like this:

    arm-linux-gnueabihf-gcc (crosstool-NG linaro-1.13.1-4.8-2014.03 - Linaro GCC 2014.03) 4.8.3 20140303 (prerelease)
    Copyright (C) 2013 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions. There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

    Now we need to grab U-Boot and patch it for the SAMA5D3, you will need to have GIT installed on your distribution of Linux:

    git clone git://git.denx.de/u-boot.git
    cd u-boot/
    git checkout v2014.04 -b tmp
    wget -c https://raw.github.com/eewiki/u-boot-patches/master/v2014.04/0001-sama5d3_xplained-uEnv.txt-bootz-n-fixes.patch
    patch -p1 < 0001-sama5d3_xplained-uEnv.txt-bootz-n-fixes.patch make ARCH=arm CROSS_COMPILE=${CC} distclean make ARCH=arm CROSS_COMPILE=${CC} sama5d3_xplained_mmc_config make ARCH=arm CROSS_COMPILE=${CC}

    Now time to build a kernel for the board!

    git clone https://github.com/RobertCNelson/armv7_devel.git
    cd armv7_devel/

    As of the time of writing the current mainline kernel was v3.14:

    git checkout origin/v3.14.x-sama5-armv7 -b tmp
    ./build_kernel.sh

    After the kernel has compiled, you’re presented with a menu config screen where you can include or build additional modules. For example, you can incorporate GSPCA webcam support.

    Now, we want to acquire the root system files for Debian, which are handily available:

    wget -c https://rcn-ee.net/deb/minfs/wheezy/debian-7.4-minimal-armhf-2014-04-01.tar.xz
    tar x -f debian-7.4-minimal-armhf-2014-04-01.tar.xz

    Then insert your SDCard, either using a USB SDCard reader or one on your computer if you have one. I had to use a USB SDCard reader. In Linux we can type “dmesg” at a terminal to give us the /dev/ information for the device we’ve plugged in (for example mine’s /dev/sdb), in the following examples, we use mmcblk0, so just replace it for your relevant device id.

    In the following steps we will erase the SDCard and set it up with the relevant partitions:

    export DISK=/dev/mmcblk0
    sudo dd if=/dev/zero of=${DISK} bs=1M count=16

    sudo sfdisk – in-order – Linux – unit M ${DISK} < <-__EOF__ 1,48,0xE,* ,,,- __EOF__
    If the linux system you're using identifies the device as something similar to mmcblk0 then to format and mount, execute:

    sudo mkfs.vfat -F 16 ${DISK}p1 -n boot
    sudo mkfs.ext4 ${DISK}p2 -L rootfs

    sudo mkdir -p /media/boot/
    sudo mkdir -p /media/rootfs/

    sudo mount ${DISK}p1 /media/boot/
    sudo mount ${DISK}p2 /media/rootfs/

    Else if the device identifies itself as something similar to sdb then to format and mount, execute:

    sudo mkfs.vfat -F 16 ${DISK}1 -n boot
    sudo mkfs.ext4 ${DISK}2 -L rootfs

    sudo mkdir -p /media/boot/
    sudo mkdir -p /media/rootfs/

    sudo mount ${DISK}1 /media/boot/
    sudo mount ${DISK}2 /media/rootfs/

    Note: You may not need to mount the partitions as new(ish/er) distributions tend to automatically mount partitions upon detection/insertion/creation.

    Create a text file using your editor of choice (for the record I prefer vi …) called uEnv.txt and put in it the following, the sama board uses the ‘mmc’ naming convention:

    optargs=quiet init=/lib/systemd/systemd
    console=ttyS0,115200
    mmcroot=/dev/mmcblk0p2 ro
    mmcrootfstype=ext4 rootwait fixrtc

    Now we’ll extract and copy across all of the necessary files, the locations should all be relative to the initial directory we’ve been working in and you created, they should all be executed as root/sudo:

    sudo cp -v ./u-boot/spl/u-boot-spl.bin /media/boot/BOOT.BIN
    sudo cp -v ./u-boot/u-boot.img /media/boot/

    sudo cp -v ./uEnv.txt /media/boot/

    sudo tar -xvp – same-owner – numeric-owner -f ./debian-0.4-minimal-armhf-2014-04-01/armhf-rootfs-debian-wheezy.tar -C /media/rootfs

    sudo cp -v ./armv7_devel/deploy/3.14.0-sama5-armv7-r9.zImage /media/boot/zImage

    sudo mkdir -p /media/boot/dtbs/
    sudo tar xvo -f 3.14.0-sama5-armv7-r9-dtbs.tar.gz -C /media/boot/dtbs

    sudo tar xv -f 3.14.0-sama5-armv7-r9-modules.tar.gz -C /media/rootfs

    And to setup the partition mounting (if you don’t like vi, replace with nano, emacs or whatever your preferred editor is):

    sudo vi /media/rootfs/etc/fstab

    Insert into it (in vi, press ‘i’ on your keyboard, then type it in, or copy/paste it into your terminal window):

    /dev/mmcblk0p2 / auto errors=remount-ro 0 1
    /dev/mmcblk0p1 /boot/uboot auto defaults 0 2

    Close and save the file (in vi, press ESC then type in :x and hit enter, which saves and quits).

    Then setup the network interfaces:

    sudo vi /media/rootfs/etc/network/interfaces

    With the following at the end of the file (you can use your cursor keys to navigate vi until you get to where you want to insert):

    allow-hotplug eth0
    iface eth0 inet dhcp

    allow-hotplug eth1
    iface eth1 inet dhcp

    And setup our serial line:

    sudo vi /media/rootfs/etc/inittab

    With the following at the end of the file:

    T0:23:respawn:/sbin/getty -L ttyS0 115200 vt102

    Now we want to unmount our SD Card, so close down any windows/open files that’re on the card and run the following from a terminal:

    sync
    sudo umount /media/boot
    sudo umount /media/rootfs

    Our SD Card should be setup! The only thing to do now, is remove the jumper at JP5 on the SAMA5D3 to ensure it’ll boot from the SD Card, connect a serial cable to the debug header J23 so we can see what it’s doing, with the settings in minicom/Putty/your terminal editor of choice:

    Baud: 115200
    Data Bits: 8
    Stop Bits: 1
    Parity: None
    Flow Control: None

    Then connect the USB cable to power the board, then press the reset button for good measure and watch it boot up!

    Login details:


    User: root
    Pass: root

    User: debian
    Pass: temppwd

    When I created this image from scratch initially I encountered a number of problems. The main part is that the SD Card needs to be setup as root, with the files copied over as root. This is because of the permission level required to read the SD Card when the SAMA5D3 board loads up.

    The other problem I encountered was the settings for uEnv were confusing me on the eewiki guide.

    Something that might trip up anyone following this guide word for word in future is if the kernel version increases, this will need to be altered in the filenames in the guide above. Failing that, the SD Card img I have prepared should help:

    Debian-SAMA5D3-140409.zip (543mB)
    Debian-SAMA5D3-140409.md5 (211b)

    Comments Off on Running Debian on the Atmel SAMA5D3 Board

    SurfaceCoverTelemetry January 29, 2014

    From what I can gather. If you have a Microsoft Surface Pro 2 you’re going to have a hard time.

    When you update the firmware/perform a reset on the system the first problem you encounter is that your WiFi stops working. Granted this may not happen to everyone. So once you’ve updated that driver, the next flaw you have is that you’ve got an ‘Unknown Device‘ in your device manager.

    This problem is documented, complained about, etc. What I haven’t found, is a direct driver link. Everyone assumes that it’s in the driver pack you download from Microsoft.

    I haven’t seen it.

    So here you go. Take it. I pulled this from a Microsoft Surface Pro 2 tablet before it was wiped/reset/updated.

    surfacecovertelemetry.inf_amd64_636da5188c4bd231.zip 78kB

    Then maybe you want to rebuild your recovery partition.

    Comments Off on SurfaceCoverTelemetry

    Skype (in)Security September 9, 2013

    It had been a long time since there was a security breach on any of my accounts, but it’s now the in-thing for cyber security and it appears to be the Russians or at least someone pretending to be that is leading the charge.

    A number of months back my Electronic Arts Origin account was hijacked, I suspect this was through something on the Origin website that just allowed a bypass into the account as I received no notifications aside from when my e-mail address was changed on the account. The bot or person then changed all the details and settings into Russian and did nothing else aside from remove my friends from the friends list. At that time I had very few games on there and no associated details, so I didn’t mind.

    Before that happened the only security breach I had was in the days of using ICQ regularly when I was foolish to have the same password for it as I had set for a forum. I learnt then and kept everything separate since.

    So wonder be to my surprise when I’m notified that my e-mail address for my Skype account was changed.

    “Here we go again”

    I’ve used this account for a long time, I haven’t used it on an actual computer for years and it resides on a Skype phone, a DualPhone 3088 now a 4088. Only I use the account and I don’t login to a computer for it, why would I need to? It has an auto renewing, auto filling skype subscription. It solved itself.

    This is where it goes sour of course. I had it linked with PayPal. No sooner as I discovered my password had changed on the account and that the e-mail was changed that I checked my PayPal balance and, low, the “Russian” had pulled £90+ in Skype credit, but only onto the phone. Why? I’m not sure, there was a perfectly good subscription there.

    So I attempt to recover from this; Skype do not have a phone number you can contact them on. They only have a ‘live chat’ for ‘premium users’, was I a premium user? I have no idea. So I managed to get through to a person whose first language was definitely not English (was it Russian?) who then proceeded to not grasp that the e-mail address on my account had changed and so just resetting my password wasn’t going to cut it.

    At this point, might I add, that Skype’s recovery process entirely relies upon the thought that you only ever have one Skype account and that you’re able to access said account to report any problems in the trouble-shooting process before you even get through to an advisor. So I wasn’t a ‘premium user’ on the Skype account I could actually log in with.

    While clarifying which account I couldn’t access and trying to get over the language barrier the person in control of my account had spent a further £20 bringing the total to over £100. I’m now thinking that the Russians aren’t entirely bright.

    I answer the security questions and attempt to have my account reset, but all the while the advisor can’t confirm to me the e-mail address they’ve set it to, because of “security” and they can’t escalate the request to someone else (or won’t, I’m not sure). So I’m getting pretty frustrated and my “tokens have exceeded the amount given for that e-mail address” to be able to reset my password.

    I’m forced to resolve to “contact us again in 24 hours, until then the account is suspended”. My cries of “which account and which e-mail address?” cannot be confirmed, for security reasons.

    So, I’m sat here quite fraught with concern and so I decide to contact PayPal. Once logged into my account I find the contact details and there’s a number I can actually call (real people ahoy!) with a verification number so I don’t have to mess about. The menu system uses voice recognition so I don’t have to mess about with the numbers and I find that ‘claims and fraud’ line is only open until 8.30pm – well by now it’s quite late. Crap. So “Okay, let’s think about this another way” I figure. My Skype account was ‘linked’ to PayPal, surely they can severe the link?

    Yes. This was the key, I got through to a nice pleasant person who was actually sympathetic, said they were going to severe the link now and push forward to Skype to refund my money. Though, sadly, they stated they couldn’t do a great deal because it was “completed” already. Still, I’m satisfied that the little Russian can’t take my funds any more.

    A few hours pass and I get an e-mail through, it’s the password reset token. In Russian, then, in English. The delay only confirms to me that they’re having some great struggle. I can finally get into my account and it’s pre-loaded with £100+ and nothing else appears to be touched and no apparent calls made.

    So I’m not entirely sure how they managed to get into my account as it wasn’t a compromise on my computer, I’m pretty certain. Of course my e-mail account is a suspect but it shows no sign of foul access and I go between various phases of obscure methods of security with it. However, while it was nice at the time to have my Skype automatically renew the Skype Pro subscription you can’t get any longer; I’m certainly going to revise the best practices.

    Computing is still in its infancy and this was one, far too easy way to access my bank funds indirectly.

    Maybe I can call my family in Australia?

    Comments Off on Skype (in)Security
    Categories: security