发表于 | 分类于
字数统计: 2,855 | 阅读时长 ≈ 12

信息安全

信息安全的三个基本目标是机密性完整性可用性

  • 机密性意味着只有授权实体才能阅读和理解保密的信息。没有访问权限的其他人无法阅读或理解机密信息;
  • 完整性意味着能够确保信息受到保护,以防止未经授权的更改,修改或删除。信息的完整性包括使用识别和认证等方法的起源,完整性和正确性;
  • 可用性意味着信息始终可供授权用户使用。

比如说,eMMC的Write protect(写保护)是为了保证数据的可用性。RPMB是为了保证数据的机密性完整性。eMMC关于安全特性的保护经历了:Password Lock -> Write Protect -> RPMB

阅读全文 »

发表于 | 分类于
字数统计: 2,254 | 阅读时长 ≈ 11

简介:

uuui.MX 8 Universal Update Utility的简称,这个是mfgtools的后续方案,俗称MFGtools v3。
wiki: https://github.com/NXPmicro/mfgtools/wiki
pdf: https://github.com/NXPmicro/mfgtools/releases

原先的MFGtools中,在下载模式下,PC使用USB HID与开发板进行通信,将firmware uboot/kernel/dtb/ramdiskload到DDR上,然后去启动小系统(小kernel),之后PC识别开发板为USB Mass Storage设备,可以通过PC将命令(使用uuc实现)发送给小系统(小kernel),从而实现烧写功能。
而目前的uuu,新增使用fastboot协议,就是在小u-boot中配置支持fastboot。在下载模式下,PC还是使用USB HID与开发板进行通信,将支持fastboot的小u-boot放到开发板上运行,之后PC与开发板使用fastboot协议与小u-boot进行通信,包括load kernel等操作,启动小系统,从而实现烧写功能。

阅读全文 »

发表于 | 分类于
字数统计: 665 | 阅读时长 ≈ 4

碰到的问题

我在移动硬盘中下载了一套代码,在编译的时候出现了如下错误:

1
2
3
4
5
6
7
8
9
10
11
Checking build tools versions...
build/core/main.mk:115: ************************************************************
build/core/main.mk:116: You are building in a directory whose absolute path contains
build/core/main.mk:117: a space character:
build/core/main.mk:118:  
build/core/main.mk:119: "/media/victor/My Passport/code/xxx"
build/core/main.mk:120:  
build/core/main.mk:121: Please move your source tree to a path that does not contain
build/core/main.mk:122: any spaces.
build/core/main.mk:123: ************************************************************
build/core/main.mk:124: *** Directory names containing spaces not supported.  Stop.

很明显,我的编译路径存在空格,也就是我移动硬盘的盘符名称My Passport有空格,突然感觉WD的硬盘好low啊。。。
此时就要去修改硬盘盘符名称。

阅读全文 »

发表于 | 分类于
字数统计: 80 | 阅读时长 ≈ 1

需求

在kernel中将所有的warning当做error处理,这样可以保证编译的时候没有warning。

解决办法

在Kernel中的Makefile中的KBUILD_CFLAGS的变量中加上-Werror选项,通常如下:

1
2
3
4
5
6
KBUILD_CFLAGS   := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
           -fno-strict-aliasing -fno-common -fshort-wchar \
           -Werror-implicit-function-declaration \
           -Wno-format-security \
           -std=gnu89 \
           -Werror

发表于 | 分类于
字数统计: 730 | 阅读时长 ≈ 3

由于自己写博客,总有些词语不能碰,比如说公司相关的机密以及法律严禁的词语,因此自己写了个小的程序来查找特定目录下所有文件是否包含指定的中文或英文词语,有的话将对应的文件和行号输出。

下面的代码只是实现简单的功能,效率非常的差,因为嵌套了多层循环。但是没办法,python的语法和库不是很懂,只能按照写C的逻辑来实现功能了。

对中文字符的处理,必须使用UTF-8的格式,否则有可能出现如下类似的错误:

UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0xc6 in position 18: invalid continuation byte

代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
# -*- coding: UTF-8 -*-
import os
import chardet
import re

fstr_en = ['wowothink', '123456', 'fuck']
fstr_zh = [u'傻B', u'变异']

# 递归目录中所有文件,查找是否带有fstr指定的英文字符,有的话输出到log中
def findstr_en(dirname, fstr):
    hit_num = 0
    for filenames in os.listdir(dirname):
        filenames = os.path.join(dirname, filenames)
        if os.path.isfile(filenames):
            with open(filenames, 'r', encoding='utf-8') as f:#打开文件
                for line_num, line_str in enumerate(f, 1): #每次从文件读取一行存到 line_str 中
                    for str in fstr: #依次从待查找的字符串数组中取出一个字符串比较
                        for match in re.finditer(str, line_str): #使用正则表达式查找 fstr 字符串在 line_str 的位置
                            hit_num = hit_num + 1
                            print("[%d] hit string: %s, in file: %s, index: %d, line number: %d" %(hit_num, str, filenames, match.start(), line_num)) #打印要查找的str在文件中所在的行号和index
                f.close()
        elif os.path.isdir(filenames): #目录文件继续递归
            #print(filenames)
            findstr_en(filenames, fstr)


# 递归目录中所有文件,查找是否带有fstr指定的中文字符,有的话输出到log中
def findstr_zh(dirname, fstr):
    hit_num = 0
    for filenames in os.listdir(dirname):
        filenames = os.path.join(dirname, filenames)
        if os.path.isfile(filenames):
            with open(filenames, 'r', encoding='utf-8') as f:#打开文件
                for line_num, line_str in enumerate(f, 1): #每次从文件读取一行存到 line_str 中
                    for match in re.findall('[\u4e00-\u9fa5]+', line_str): #使用正则表达式查找 line_str 字符串中所包含的中文字符,保存到match中
                        for str in fstr: #从待查找的字符中依次取出一个字符串放到str中
                            for temp in re.finditer(str, match): #依次从match中查找是否有与str匹配的字符串,有的话保存到temp中
                                hit_num = hit_num + 1
                                print("[%d] hit string: %s, in file: %s, line number: %d" %(hit_num, str, filenames, line_num)) #打印要查找的str在文件中所在的行号和index
                f.close()
        elif os.path.isdir(filenames): #如果目录文件继续递归
            #print(filenames)
            findstr_zh(filenames, fstr)

if __name__ == '__main__':
    dirname = "./_posts"
    findstr_en(dirname, fstr_en)
    print("find English string, all file check ok")
    
    findstr_zh(dirname, fstr_zh)
    print("find Chinese string, all file check ok")

发表于 | 分类于
字数统计: 337 | 阅读时长 ≈ 2

以下方法虽说是修复硬盘分区,但是操作过程中有可能导致数据丢失,请先做好备份,任何后果自己负责。

现象

之前在/etc/fstab中新增如下命令开机自动挂载/dev/sdb1

1
/dev/sdb1 /home/victor/disk2 ext4 defaults 0 2

某个时候,启动ubuntu,发现启动不了,只能进入recovery模式。然后看了下启动log,提示挂载/dev/sdb1分区失败。
自己手动去挂载,提示如下错误:

1
2
3
4
5
6
7
8
victor@victor-HP:~$ mount -t ext4 /dev/sdb1 /home/victor/disk2/
mount: only root can use "--types" option
victor@victor-HP:~$ sudo mount -t ext4 /dev/sdb1 /home/victor/disk2/
mount: wrong fs type, bad option, bad superblock on /dev/sdb1,
missing codepage or helper program, or other error

In some cases useful info is found in syslog - try
dmesg | tail or so.

解决办法

参照 https://ubuntuforums.org/showthread.php?t=1245536&p=7822694#post7822694 中的办法一步步解决,碰到选择yes or no的,直接全部选择y。由于执行的过程时间较久,所以在执行的过程中,不能强制退出。大概的执行步骤如下:

1
2
3
4
5
# sudo e2fsck -f /dev/sdb1
# sudo dumpe2fs -f /dev/sdb1 | grep -i superblock
# sudo mke2fs -n /dev/sdb1
# sudo e2fsck -f -b 32768 /dev/sdb1
# sudo mount -t ext4 /dev/sdb1 /home/victor/disk2/

同样的,还有一个修复无法删除文件的问题:Ubuntu下无法删除文件

发表于 | 分类于
字数统计: 693 | 阅读时长 ≈ 4

一般情况下,如果需要编译kernel的某个模块,我们通常在Makefile中使用如下格式:

1
2
3
4
drivers/usb/host/Makefile

obj-$(CONFIG_USB_EHCI_HCD)  += ehci-hcd.o
obj-$(CONFIG_USB_EHCI_PCI)  += ehci-pci.o

通过配置CONFIG_XXX来决定编译某个模块为 build-in 或者是编译成module。
但是,在 drivers/usb/gadget/Makefile文件中,有如下的用法:

1
2
3
obj-$(CONFIG_USB_LIBCOMPOSITE)  += libcomposite.o
libcomposite-y          := usbstring.o config.o epautoconf.o
libcomposite-y          += composite.o functions.o configfs.o u_f.o

其中libcomposite为目标,下面两行表示要生成这个目标的依赖,也就是需要usbstring.cconfig.ccomposite.c等。
关于这两种用法的解释,在Documentation/kbuild/makefiles.txt3.1 Goal definitions3.3 Loadable module goals - obj-m做了详细的描述,现摘录如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
--- 3.1 Goal definitions

    Goal definitions are the main part (heart) of the kbuild Makefile.
    These lines define the files to be built, any special compilation
    options, and any subdirectories to be entered recursively.

    The most simple kbuild makefile contains one line:

    Example:
        obj-y += foo.o

    This tells kbuild that there is one object in that directory, named
    foo.o. foo.o will be built from foo.c or foo.S.

    If foo.o shall be built as a module, the variable obj-m is used.
    Therefore the following pattern is often used:

    Example:
        obj-$(CONFIG_FOO) += foo.o

    $(CONFIG_FOO) evaluates to either y (for built-in) or m (for module).
    If CONFIG_FOO is neither y nor m, then the file will not be compiled
    nor linked.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
--- 3.3 Loadable module goals - obj-m

    $(obj-m) specifies object files which are built as loadable
    kernel modules.

    A module may be built from one source file or several source
    files. In the case of one source file, the kbuild makefile
    simply adds the file to $(obj-m).

    Example:
        #drivers/isdn/i4l/Makefile
        obj-$(CONFIG_ISDN_PPP_BSDCOMP) += isdn_bsdcomp.o

    Note: In this example $(CONFIG_ISDN_PPP_BSDCOMP) evaluates to 'm'

    If a kernel module is built from several source files, you specify
    that you want to build a module in the same way as above; however,
    kbuild needs to know which object files you want to build your
    module from, so you have to tell it by setting a $(<module_name>-y)
    variable.

    Example:
        #drivers/isdn/i4l/Makefile 
        obj-$(CONFIG_ISDN_I4L) += isdn.o
        isdn-y := isdn_net_lib.o isdn_v110.o isdn_common.o

    In this example, the module name will be isdn.o. Kbuild will
    compile the objects listed in $(isdn-y) and then run
    "$(LD) -r" on the list of these files to generate isdn.o.

    Due to kbuild recognizing $(<module_name>-y) for composite objects,
    you can use the value of a CONFIG_ symbol to optionally include an
    object file as part of a composite object.

    Example:
        #fs/ext2/Makefile
            obj-$(CONFIG_EXT2_FS) += ext2.o
        ext2-y := balloc.o dir.o file.o ialloc.o inode.o ioctl.o \
              namei.o super.o symlink.o 
            ext2-$(CONFIG_EXT2_FS_XATTR) += xattr.o xattr_user.o \
                        xattr_trusted.o

    In this example, xattr.o, xattr_user.o and xattr_trusted.o are only
    part of the composite object ext2.o if $(CONFIG_EXT2_FS_XATTR)
    evaluates to 'y'.

    Note: Of course, when you are building objects into the kernel,
    the syntax above will also work. So, if you have CONFIG_EXT2_FS=y,
    kbuild will build an ext2.o file for you out of the individual
    parts and then link this into built-in.o, as you would expect.

发表于 | 分类于
字数统计: 982 | 阅读时长 ≈ 5

需求:

有时候需要监控应用程序关键动作,因此需要将应用程序的log写入到kernel log的缓冲区去。另外,有时候为了查看应用程序和kernel的时序,需要结合应用程序打印的log和kernel的log来查看前后关系。关于打印输出,https://elinux.org/Debugging_by_printing 做了详细的介绍。

阅读全文 »

发表于 | 分类于
字数统计: 620 | 阅读时长 ≈ 3

在做新版本kernel bring up的时候,由于我们没有使用到网络的功能,因此一上来就将内核的CONFIG_NET配置disable掉。
kernel启动后在去启动init进程的时候总是启动失败,报panic重启,每次启动都这样,panic log如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
[   22.476539] (EE) init: /init.rc: 193: invalid option 'seclabel'
[   22.482520] (EE) init: /init.rc: 194: invalid option 'seclabel'
[   22.490153] init (1): /proc/1/oom_adj is deprecated, please use /proc/1/oom_score_adj instead.
[   22.498841] (!!) init: starting 'ueventd'
[   27.222598] (EE) init: Wait for file /dev/block/mmcblk0p1 timeout
[   27.228916] (EE) init: command 'mount ext4 /dev/block/mmcblk0p1 /system wait ro journal_checksum', r=-1
[   27.238347] (!!) init: processing action 0x2be0ca50 (wait_for_coldboot_done)
[   32.227859] (EE) init: Timed out waiting for /dev/.coldboot_done
[   32.233901] (EE) init: command 'wait_for_coldboot_done', r=-1
[   32.241095] (!!) init: processing action 0x2be0cae0 (property_init)
[   32.247753] (!!) init: processing action 0x2be0cb70 (keychord_init)
[   32.254054] (!!) init: processing action 0x2be0cc00 (console_init)
[   32.260292] (!!) init: processing action 0x2be0cc90 (set_init_properties)
[   32.267130] (!!) init: processing action 0x2be091f0 (init)
[   32.273313] (EE) init: command 'write /proc/sys/kernel/hung_task_timeout_secs 0', r=-2
[   32.281666] (EE) init: command 'write /dev/cpuctl/cpu.shares 1024', r=-22
[   37.247949] (EE) init: command 'chown root root /data/lost+found', r=-2
[   37.254615] (EE) init: command 'chmod 0770 /data/lost+found', r=-2
[   37.261054] (!!) init: processing action 0x2be0cd20 (property_service_init)
[   37.268206] (EE) init: Failed to open socket 'property_service': Function not implemented
[   37.276412] (!!) init: processing action 0x2be0cdb0 (signal_init)
[   37.282541] (!!) init: processing action 0x2be0ce40 (check_startup)
[   37.288831] (EE) init: init startup failure
[   37.293454] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[   37.293454] 
[   37.302597] CPU: 0 PID: 1 Comm: init Not tainted 4.14.62-ge4e3cbe-dirty #3
[   37.309472] Hardware name: Freescale i.MX8QXP MEK (DT)
[   37.314613] Call trace:
[   37.317069] [<ffff0000080899e8>] dump_backtrace+0x0/0x3f8
[   37.322472] [<ffff000008089df4>] show_stack+0x14/0x20
[   37.327528] [<ffff0000089e5338>] dump_stack+0x98/0xb8
[   37.332584] [<ffff0000080cacc0>] panic+0x114/0x27c
[   37.337378] [<ffff0000080cec38>] complete_and_exit+0x0/0x20
[   37.342955] [<ffff0000080cec9c>] do_group_exit+0x34/0x98
[   37.348272] [<ffff0000080ced10>] __wake_up_parent+0x0/0x28
[   37.353763] Exception stack(0xffff000008043ec0 to 0xffff000008044000)
[   37.360212] 3ec0: 0000000000000001 0000000000000000 0000000000000001 000000002bdf26f0
[   37.368046] 3ee0: 0000000000000048 0000000000000000 0000000000000001 7f7f7f7f7f7f7f7f
[   37.375883] 3f00: 000000000000005e 756c696166207075 696e692029454528 2074696e69203a74
[   37.383719] 3f20: 2070757472617473 0a6572756c696166 0000000000000022 0000000000000000
[   37.391554] 3f40: 0000000000000000 0000000000000003 0000000000000000 0000000000000001
[   37.399391] 3f60: 0000000000000001 0000000000000001 00000000004efe68 0000000000522200
[   37.407227] 3f80: 00000000004d5000 0000000000000000 0000000000000000 0000000000000000
[   37.415063] 3fa0: 0000000000000000 0000fffff4b35680 0000000000468a78 0000fffff4b35680
[   37.422899] 3fc0: 0000000000490e14 0000000060000000 0000000000000001 000000000000005e
[   37.430735] 3fe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[   37.438572] [<ffff000008083ac0>] el0_svc_naked+0x34/0x38
[   37.443890] SMP: stopping secondary CPUs
[   37.447815] Kernel Offset: disabled
[   37.451304] CPU features: 0x0802008
[   37.454787] Memory Limit: none
[   37.457841] Rebooting in 1 seconds..

受到Android系统启动-Init篇的启发,在启动init进程的时候会进行socket通信。而socket通信又是基于网络的功能。所以,我们将CONFIG_NET整个网络功能关掉了,肯定要出问题的。
net/socket.ceffectively the top level interface to the BSD socket paradigm,因此,需要将CONFIG_NET打开。

发表于 | 分类于
字数统计: 231 | 阅读时长 ≈ 1

insmod xxxdrv.ko时候出现如下错误:

1
2
[   55.775651] xxxdrv: version magic '3.14.19+ SMP mod_unload ARMv7 p2v8 ' should be '3.14.19 SMP mod_unload ARMv7 p2v8 '
insmod: init_module '/system/lib/modules/xxxdrv.ko' failed (Exec format error)

很明显,版本号3.14.19+后面多了个+号,+是为了标记说这个kernel是不干净的。这个+号是scripts/setlocalversion文件中调用scm_version()函数检查Kernel_SrcDir/目录下的.scmversion文件。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# CONFIG_LOCALVERSION and LOCALVERSION (if set)
res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}"

# scm version string if not at a tagged commit
if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then
    # full scm version string
    res="$res$(scm_version)"
else
    # append a plus sign if the repository is not in a clean
    # annotated or signed tagged state (as git describe only
    # looks at signed or annotated tags - git tag -a/-s) and
    # LOCALVERSION= is not specified
    if test "${LOCALVERSION+set}" != "set"; then
        scm=$(scm_version --short)
        #res="$res${scm:++}"
    fi
fi

如果要去除掉+号,需要设置

  • LOCALVERSION设为为空;
  • defconfig中设置CONFIG_LOCALVERSION_AUTO is not set
  • Kernel_SrcDir/目录下创建空的.scmversion文件。