It’s a widely held misconception that flashing a bootloader on a device in the field is risky. The reason is that if power is removed from the device during update, then the bootloader may only be partially flashed and thus won’t boot. This view is correct for devices that boot from a single location without …
Category: Tech Blog
Yocto Security Hardening: CVEs
The volume and complexity of the software running in embedded devices is not only astonishing but ever increasing – yet each additional line of code has the potential to introduce a security vulnerability. An attacker may only need to exploit one single vulnerability for a bad outcome to occur. Therefore the obvious way to reduce …
Booting Linux from Linux with kexec
The Linux kernel feature known as ‘kexec‘ allows you to boot from the currently running kernel into a new kernel – effectively turning a Linux distribution into a feature-rich bootloader. This shouldn’t be confused with virtualisation technologies that allow you to run Linux as a guest. This capability has been around since 2005 (2.6.13) and …
A Global Variable in U-Boot that caused a Hang
The best type of software bug is one where you get to learn something along the way. Like any good disaster, the bug we’re going to explore is one that arose from a chain of unexpected events and bad assumptions. This bug relates to uninitialised data and gives a good insight into the inner workings …
Multiple UVC cameras on Linux: an unexpected challenge
Earlier this year one of our customers presented us with an unexpected problem: they weren’t able to stream video from multiple USB UVC web cameras – instead they got a “No space left on device” error. In our quest to provide a solution we learnt a little about USB and so we thought we’d share …
Build and Boot U-Boot and Linux on a Raspberry Pi 3 Model B+
With more than 30 million units in existence, the Raspberry Pi provides for an accessible and low-cost way to play with an ARMv8 embedded device using the latest and greatest upstream sources. In this post we’ll walk through the steps required to build U-Boot, the Linux kernel and a filesystem, as well as the steps …
i.MX6 UL Bus Encryption Engine (BEE) in the Linux Kernel
The ubiquitous i.MX6 Ultra Lite is high performance processor that offers a wide range of hardware security features such as ARM TrustZone, High Assurance Boot (HAB) and a Cryptographic Acceleration and Assurance Module (CAAM). The exact features and details depend on the specific part and are documented in detail in the Security Reference Manual (locked …
Discovering CPU features from userspace with ELF_HWCAP
As hardware architectures evolve they introduce new features – many of these features are abstracted away by the kernel yet result in some benefit to the user such as improved security or performance. However some features, like the introduction of a new CPU instruction can only benefit user-space if user-space is able to determine that …
Booting ARM without an ARM
It’s possible (and easy) to develop software for ARM based platforms without having physical ARM based hardware on your desk – there are many ways to do this such as using the QEMU emulator. However by using something known as a Fixed Virtual Platform (FVP) it’s possible to run software on a simulation of some …
The indirection of outb, iowrite and friends
The {in,out}{b,w,l} functions of the kernel provide the mechanism for reading from and writing to what we may describe as port I/O (PIO). The API is not architecture specific and thus present in most architectures and used by a wide variety of device drivers. However the mechanism to support PIO varies widely between architectures and …