#cubox irc log of Thu 15 Dec 2016

IRC log of #cubox of Thu 15 Dec 2016. All times are in CET < Back to index

11:45 topi` any news about the 8040 community boards?

11:47 topi` cpuid: I got a half-length mPCIe gigabit ethernet adapter from Amazon, I think it's Syba

11:47 cpuid on the hummingboard?

11:47 topi` haven't tested it out in the HB Base, yet, but I should since I really need two ethernets now (got myself a Synology NAS)

11:48 topi` USB ethernets are always sucky

11:48 cpuid thanks for the info

11:48 topi` but I really should get a CloudFog Base ;)

11:48 cpuid yeah I'd like to package it nicely with a custom enclosure

11:48 topi` unfortunately I missed the window of opportunity when they were only $90

11:49 topi` I have a few different RPi enclosures at home, I'll be able to test if the mPCIe card fits in or not

11:49 cpuid yeah that would be easier, thing is I do not know if with its Marvell Armada SoC I can force signed the bootloader

11:49 topi` probalby it fits, since it's located right in the center of the board on the upper side

11:49 cpuid even if it fits, then you need to carve an hole for the ethernet port :)

11:50 topi` lower side is problematic, because the HB Pro carrier I have, has a mSATA connector in the bottom and most RPI cases won't fit

11:50 topi` the Syba comes with a PCI mounting bracket (for tower PC's), so just reroute those wires through e.g. headphone hole :)

11:52 cpuid ehehe, yeah, but I'd need a deployable casing that looks pro

11:52 cpuid ClearFog and its enclosure would be just perfect

11:53 cpuid but I can't get answered by SolidRun if Marvell SoC allows to turn on bootloader signature verification by programming the fusebox, as the i.MX6 does

11:54 cpui 11:54 * cpuid summons rabeeh:

11:56 vpeter cpuid: Are you searching for this? http://wiki.solid-run.com/doku.php?id=products:a38x:software:development:verified-boot

11:56 cpuid vpeter: no, that is just the second part

11:56 cpuid having u-boot to verify the signature of the kernel

11:57 cpuid which is useless if you can ovewrite u-boot with a version with disabled verification

11:57 vpeter I would assume that soc should support this function :)

11:58 cpuid so you need the ROM bootloader to check u-boot signature

11:58 cpuid and this is normally done by burning the keys in the efuse

12:01 cpuid I would assume that too

12:01 cpuid but it's a leap of faith

12:01 cpuid all I can get from ARMADA 38x Functional Spec document https://marvellcorp.wufoo.com/forms/marvell-armada-38x-functional-specifications/

12:04 cpuid is that efuses are ther

12:04 cpuid is that efuses are there

12:04 cpuid but there's no trace on how to use them and which bootloader features are controller by them

12:30 rabeeh cpuid: hi

12:30 cpuid great, it worked :)

12:31 rabee 12:31 * rabeeh is summoned :)

12:31 rabeeh so, A38x has secure boot feature

12:31 rabeeh i personally haven't used it :(

12:31 rabeeh but it's there; and u-boot supports blowing those fuses (you need to enable CONFIG_EFUSE as i recall)

12:32 rabeeh i can ask Marvell if they have a detailed document how to do it

12:32 cpuid yeah that would be great

12:32 cpuid the only documents that is available out of the extranet is not describing how they work

12:32 rabeeh but my guess is that it will secure boot u-boot; and the rest of the trust chain should be handled in another manner

12:32 rabeeh oh; you have extranet access

12:33 cpuid no I don't

12:33 cpuid the only doc I got is ARMADA 38x Functional Spec (Web Form)

12:33 cpuid from this page http://www.marvell.com/embedded-processors/armada-38x/

12:33 cpuid but it does not describe efuses

12:34 rabee 12:34 * rabeeh searches the extranet

12:34 cpuid in theory it should be: ROM Bootloader verifies u-boot signature -> verified u-boot verifies kernel config signature -> boot

12:35 cpuid I saw it working on NXP/Freescale i.MX6

12:36 Artox Exaga: very good

12:37 rabeeh cpuid: the boot sequence is correct

12:38 rabeeh so the bootloader inside the ROM will veritify u-boot; but then the rest of the chain is up to you

12:39 rabeeh i'll send Marvell an email asking about a document if they have

12:39 cpuid thank you very much

12:40 rabeeh for now please look at build.pl script in u-boot

12:40 cpuid I've PMed you my mail address

12:40 rabeeh that perl script should be able to sign a built u-boot; and has some information in it

12:40 cpuid ok, I'll have a look

13:44 cpuid for those of you looking for the same answers, inside u-boot-armada38x there are some nice comments

13:44 cpuid https://github.com/SolidRun/u-boot-armada38x/blob/u-boot-2013.01-15t1-clearfog/board/mv_ebu/a38x/cmd_efuse.c#L546

22:42 Exaga Artox: soon i will be comiling natively :>

22:43 Exaga compiling*

11:45	topi`	any news about the 8040 community boards?
11:47	topi`	cpuid: I got a half-length mPCIe gigabit ethernet adapter from Amazon, I think it's Syba
11:47	cpuid	on the hummingboard?
11:47	topi`	haven't tested it out in the HB Base, yet, but I should since I really need two ethernets now (got myself a Synology NAS)
11:48	topi`	USB ethernets are always sucky
11:48	cpuid	thanks for the info
11:48	topi`	but I really should get a CloudFog Base ;)
11:48	cpuid	yeah I'd like to package it nicely with a custom enclosure
11:48	topi`	unfortunately I missed the window of opportunity when they were only $90
11:49	topi`	I have a few different RPi enclosures at home, I'll be able to test if the mPCIe card fits in or not
11:49	cpuid	yeah that would be easier, thing is I do not know if with its Marvell Armada SoC I can force signed the bootloader
11:49	topi`	probalby it fits, since it's located right in the center of the board on the upper side
11:49	cpuid	even if it fits, then you need to carve an hole for the ethernet port :)
11:50	topi`	lower side is problematic, because the HB Pro carrier I have, has a mSATA connector in the bottom and most RPI cases won't fit
11:50	topi`	the Syba comes with a PCI mounting bracket (for tower PC's), so just reroute those wires through e.g. headphone hole :)
11:52	cpuid	ehehe, yeah, but I'd need a deployable casing that looks pro
11:52	cpuid	ClearFog and its enclosure would be just perfect
11:53	cpuid	but I can't get answered by SolidRun if Marvell SoC allows to turn on bootloader signature verification by programming the fusebox, as the i.MX6 does
11:54	cpui	11:54 * cpuid summons rabeeh:
11:56	vpeter	cpuid: Are you searching for this? http://wiki.solid-run.com/doku.php?id=products:a38x:software:development:verified-boot
11:56	cpuid	vpeter: no, that is just the second part
11:56	cpuid	having u-boot to verify the signature of the kernel
11:57	cpuid	which is useless if you can ovewrite u-boot with a version with disabled verification
11:57	vpeter	I would assume that soc should support this function :)
11:58	cpuid	so you need the ROM bootloader to check u-boot signature
11:58	cpuid	and this is normally done by burning the keys in the efuse
12:01	cpuid	I would assume that too
12:01	cpuid	but it's a leap of faith
12:01	cpuid	all I can get from ARMADA 38x Functional Spec document https://marvellcorp.wufoo.com/forms/marvell-armada-38x-functional-specifications/
12:04	cpuid	is that efuses are ther
12:04	cpuid	is that efuses are there
12:04	cpuid	but there's no trace on how to use them and which bootloader features are controller by them
12:30	rabeeh	cpuid: hi
12:30	cpuid	great, it worked :)
12:31	rabee	12:31 * rabeeh is summoned :)
12:31	rabeeh	so, A38x has secure boot feature
12:31	rabeeh	i personally haven't used it :(
12:31	rabeeh	but it's there; and u-boot supports blowing those fuses (you need to enable CONFIG_EFUSE as i recall)
12:32	rabeeh	i can ask Marvell if they have a detailed document how to do it
12:32	cpuid	yeah that would be great
12:32	cpuid	the only documents that is available out of the extranet is not describing how they work
12:32	rabeeh	but my guess is that it will secure boot u-boot; and the rest of the trust chain should be handled in another manner
12:32	rabeeh	oh; you have extranet access
12:33	cpuid	no I don't
12:33	cpuid	the only doc I got is ARMADA 38x Functional Spec (Web Form)
12:33	cpuid	from this page http://www.marvell.com/embedded-processors/armada-38x/
12:33	cpuid	but it does not describe efuses
12:34	rabee	12:34 * rabeeh searches the extranet
12:34	cpuid	in theory it should be: ROM Bootloader verifies u-boot signature -> verified u-boot verifies kernel config signature -> boot
12:35	cpuid	I saw it working on NXP/Freescale i.MX6
12:36	Artox	Exaga: very good
12:37	rabeeh	cpuid: the boot sequence is correct
12:38	rabeeh	so the bootloader inside the ROM will veritify u-boot; but then the rest of the chain is up to you
12:39	rabeeh	i'll send Marvell an email asking about a document if they have
12:39	cpuid	thank you very much
12:40	rabeeh	for now please look at build.pl script in u-boot
12:40	cpuid	I've PMed you my mail address
12:40	rabeeh	that perl script should be able to sign a built u-boot; and has some information in it
12:40	cpuid	ok, I'll have a look
13:44	cpuid	for those of you looking for the same answers, inside u-boot-armada38x there are some nice comments
13:44	cpuid	https://github.com/SolidRun/u-boot-armada38x/blob/u-boot-2013.01-15t1-clearfog/board/mv_ebu/a38x/cmd_efuse.c#L546
22:42	Exaga	Artox: soon i will be comiling natively :>
22:43	Exaga	compiling*