From 60eb2616ed83209b8e46aba14c19814ab4f4c1c6 Mon Sep 17 00:00:00 2001 From: ficus Date: Thu, 4 Oct 2012 16:13:54 +0200 Subject: sd card refactor --- README | 114 ++++++++++++--------- TODO | 12 ++- doc/sd_card.txt | 44 ++++++++ doc/uboot.txt | 45 ++++++++ freedom-maker/bin/copy2dream | 47 --------- freedom-maker/flashing-notes | 28 ----- .../source/boot/uboot.2012.04.01-2_armel.elf | Bin 0 -> 228948 bytes .../source/boot/uboot.2012.04.01-2_armel.kwb | Bin 0 -> 196076 bytes freedom-maker/source/boot/uboot.env | 8 ++ packages/torouter-prep/configs/etc/fstab | 4 +- packages/torouter-prep/configs/sbin/copy2dream | 2 +- packages/torouter-prep/src/torouter_preboot.sh | 38 +++---- 12 files changed, 197 insertions(+), 145 deletions(-) create mode 100644 doc/sd_card.txt create mode 100644 doc/uboot.txt delete mode 100644 freedom-maker/bin/copy2dream delete mode 100644 freedom-maker/flashing-notes create mode 100644 freedom-maker/source/boot/uboot.2012.04.01-2_armel.elf create mode 100644 freedom-maker/source/boot/uboot.2012.04.01-2_armel.kwb create mode 100644 freedom-maker/source/boot/uboot.env diff --git a/README b/README index 2a034e6..fef4a79 100644 --- a/README +++ b/README @@ -9,49 +9,56 @@ Project wiki page: https://trac.torproject.org/projects/tor/wiki/doc/Torouter = Repository Contents = README this file - ./doc (WIP) text file user and developer documentation + ./doc user and developer documentation ./freedom-maker firmware build scripts ./config torouter configuration files ./packages source for torouter-specific software packages = Installation and Build Instructions = -There are several ways to get the debian-based torouter system running on a +There are a couple ways to get the debian-based torouter system running on a DreamPlug device: - - Flash a pre-built image onto an external USB stick - - - Flash a pre-built image onto an internal microSD card - - - Build and flash a new image from source + - Flash a pre-built image onto an SD card - Install the FreedomBox distribution or a "vanilla" debian, then run a torouter takeover/upgrade script -For the later, see the "Building" section, then follow either the USB stick or -microSD card directions. + - Build and flash a new image from source (perhaps with modifications) + +For the later, see the "Building" section, then follow the SD card directions. Regardless of the installation method and target, if the device is in a "factory fresh" state some bootloader preparation is required. See the "DreamPlug Preparation" section below; you will need serial console access to -the DreamPlug, for example with the sometimes included GuruPlug JTAG device. +the DreamPlug, for example with the (sometimes bundled) GuruPlug JTAG device. -=== Flash Pre-Built Image to External USB stick === -TODO: +=== Flash Pre-Built Image to an SD card === - $ dd if=$IMGFILE of=$USBBASEDEV +The command to write a raw image file $IMGFILE to an SD card connected via a +USB adapter with block device $USBBASEDEV is: -=== Flash Pre-Built Image to Internal microSD card === + $ dd bs=1M if=$IMGFILE of=$USBBASEDEV -TODO: +On linux you can try to figure out the $USBBASEDEV using the 'lsblk' command; +you are looking for the base device (eg, /dev/sdb) not a partition (eg, +/dev/sdb2). The SD care should not be mounted; use 'umount' to unmount the card +if any partitions were mounted automatically for some reason. - $ dd if=$IMGFILE of=$USBBASEDEV + !!! Be careful not to overwrite the wrong base device !!! -Mount the device, make changes to /etc/fstab. Also need to make changes to the -initrd image? +If the downloaded image name is "torouter-unstable-20120928-4GB-USB.img.gz" and +the SD card block device is "/dev/sdb", first unzip the image file and dd it to +the card: -Make changes to u-boot configuration. + $ gunzip torouter-unstable-20120928-4GB-USB.img.gz + $ sudo dd bs=1M if=./torouter-unstable-20120928-4GB-USB.img of=/dev/sdb + $ sync # doesn't hurt + +You can then remove the SD card, put it in your DreamPlug, and boot up. If this +is the first boot with a factory-fresh DreamPlug, you'll need to configure +u-boot; see below. === Torouter Takeover Script === @@ -96,48 +103,61 @@ Then enter the freedom-maker directory and run a build: $ sudo ./buildrootfs.sh If that was ultimately successful (you can ignore some apt warnings and errors -that may scroll by), you now have a root filesystem ready to be copied to a USB -stick. Insert a USB storage device and partition it to have a small (~80MB) -boot partition followed by an ext3 root partition (1GB or so minimum). Make -note of the boot and root partition nodes (eg, $BOOTNODE=/dev/sdc1 and -$ROOTNODE=/dev/sdc2), then copy over the built distribution: +that may scroll by), you now have a root filesystem ready to be copied to an SD +card. Insert a card and partition it to have a small (~80MB) +boot partition followed by an ext3 root partition (1GB or so minimum). You +might want to take care and block align the partitions to get better write +performance; see ./doc/sd_card.txt for more info. Make note of the boot and +root partition nodes (eg, $BOOTNODE=/dev/sdc1 and $ROOTNODE=/dev/sdc2), then +copy over the built distribution: $ sudo ./copy2card.sh $BOOTNODE $ROOTNODE -If that was successful, contratulations, you now have a usable torouter thumb -stic! You could skip ahead now to DreamPlug Perparation. +If that was successful, contratulations, you now have a usable torouter SD +card! You could skip ahead now to DreamPlug Perparation. If you want to dump your fresh un-booted image to a static .img file (which -could be distributed to others or flashed to another stick quickly), run the +could be distributed to others or flashed to another card quickly), run the copy2img.sh script with the "base" device of the thumbstick as an argument (eg, $STICKNODE=/dev/sdc): $ sudo ./copy2img.sh $STICKNODE +And then rename the .img file produced to something more memorable. + === DreamPlug Preparation === Prepping a vanilla DreamPlug device is somewhat involved and will require a access to the hardware serial console (eg, using a GuruPlug-branded JTAG device functions as a USB serial console adapter). -First, upgrade u-boot to a recent version (see directions in freedom-maker -directory), then set the appropriate bootloader environment variables: - - baudrate=115200 - bootargs=console=ttyS0,115200 root=/dev/sdc2 rootdelay=10 - bootcmd=${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root}; bootm 0x6400000 0x6900000; - bootdelay=3 - filesize=2982D0 - stderr=serial - stdin=serial - stdout=serial - x_bootargs=console=ttyS0,115200 - x_bootargs_root=root=/dev/sdc2 rootdelay=10 - x_bootcmd_ethernet=ping 192.168.2.1 - x_bootcmd_initrd=fatload usb 2:1 0x6900000 uInitrd - x_bootcmd_kernel=fatload usb 2:1 0x6400000 uImage - x_bootcmd_usb=usb start - -FYI, there are at least two variants of the DreamPlug hardware, with slightly -differing chipsets. +The default SD card images include the u-boot firmware required to boot from +the card. Insert a flashed SD card into the DreamPlug and connect to the +powered-off DreamPlug using the serial converter with the screen command: + + $ screen /dev/ttyUSB0 115200 + +Power up the DreamPlug and quickly press enter in the screen session to +interrupt boot. Then enter the following commands into the running u-boot +session (change the last argument of the 'sf write' line, in hex, if the .kwb +file size changes from exactly 196076 bytes): + + usb start + fatload usb 1 0x6400000 uboot.2012.04.01-2_armel.kwb + sf probe 0 + sf erase 0x0 0x80000 + sf write 0x6400000 0x0 0x2fdec + setenv baudrate 115200 + setenv bootcmd '${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root} ${x_bootargs_console}; bootm 0x6400000 0x6900000;' + setenv x_bootargs_console 'ttyS0,115200' + setenv x_bootargs_root 'root=/dev/sdb2 rootdelay=10' + setenv x_bootcmd_initrd 'fatload usb 1:1 0x6900000 uInitrd' + setenv x_bootcmd_kernel 'fatload usb 1:1 0x6400000 uImage' + setenv x_bootcmd_usb 'usb start' + saveenv + reset + +The DreamPlug should now boot straight up as a torouter; connect via ethernet +on the LAN port (eth1, "to the right") to access the web user interface and +configure wifi. diff --git a/TODO b/TODO index 21dc926..cc82c0d 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,13 @@ - fix signing key for torrouter.torproject.org (should have a keyring .deb) - re-enable source builds in install.sh -- random apt-get segfault issue +- fix/clarify current broken DNS situation +- .onion addresses don't "just work" yet +- clarify u-boot and bootloader configuration in docs +- easy_setup is out of date +- need a custom kernel build and package system for grsec etc patches +- include updated u-boot image and env config in /boot +- include "man" and documentation files +- install/configure power management tools (to minimize consumption) + +might not fix: +- kernel flashing code in install.sh is kernel-version specific diff --git a/doc/sd_card.txt b/doc/sd_card.txt new file mode 100644 index 0000000..25a2d65 --- /dev/null +++ b/doc/sd_card.txt @@ -0,0 +1,44 @@ + +torouter is intended to boot and run from an SD. it could theoretically also +run from an internal microSD card, a USB stick, or an eSATA drive, but +specifying use of the SD card makes support, development, and documentation +easier. the SD card can easily be popped out of the router and reflashed with a +new image. + +The SD card should be at least 2GB in size and support reasonable read/write +speeds, so probably a "class 6" quality card, which can be ########## + +you really should get a decent card: there can be an order of magnitude +difference in performance between a cheap card and a fast card. + +quick (but shady?) way to check read and write card performance on a +high-performance machine: + + $ # unmount the card for read test + $ hdparm -t /dev/sdb # iff /dev/sdb is the card + $ # mount the card for write test + $ dd count=10 bs=1M if=/dev/urandom of=/mnt/disktest + + +HOWTO Prepare an SD Card for building (using debian) +-------------------------------------------------------- + +Insert a 4GB+ SD card into to your dev computer (using an adapter if necessary). + +Use lsblk to figure out which block device the card is (eg, /dev/sdc). + +Use gparted (as root) to create two logical paritions: first, a 128MB FAT32 +(msdos) boot partition, and second an ext4 root partition using the remainder +of the space. + +Once the paritions are created, and you have confirmed that the partitions +exist and are in the correct order (eg, small boot on /dev/sdc1, rootfs on +/dev/sdc2), you are ready to copy over a fresh build using +freedom-maker/copy2card.sh and then create an image file using +freedom-maker/copy2img.sh. + +Optionally, follow these directions to generate block-aligned partitions for +better write performance: + +http://linux-howto-guide.blogspot.de/2009/10/increase-usb-flash-drive-write-speed.html +http://www.olpcnews.com/forum/index.php?topic=4993.0 diff --git a/doc/uboot.txt b/doc/uboot.txt new file mode 100644 index 0000000..8904980 --- /dev/null +++ b/doc/uboot.txt @@ -0,0 +1,45 @@ + +Factory-configured DreamPlugs need their internal u-boot firmware updated and +re-configured to boot from the SD card. + +You may want to remove the internal microSD card for the sake of simplicity. +This will result in u-boot and linux boot warnings, but these can be ignored. + +The desired u-boot configuration is: + + baudrate=115200 + bootargs=console=ttyS0,115200 root=/dev/sdb2 rootdelay=10 + bootcmd=${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root}; bootm 0x6400000 0x6900000; + x_bootargs=console=ttyS0,115200 + x_bootargs_root=root=/dev/sdb2 rootdelay=10 + x_bootcmd_initrd=fatload usb 1:1 0x6900000 uInitrd + x_bootcmd_kernel=fatload usb 1:1 0x6400000 uImage + x_bootcmd_usb=usb start + +HOWTO: flash and configure u-boot +----------------------------------- + +The default SD card images include the u-boot firmware required to boot from +the card. Insert a flashed SD card into the DreamPlug and connect with screen: + + $ screen /dev/ttyUSB0 115200 + +Power up the DreamPlug and quickly press enter in the screen session to +interrupt boot. Then enter the following commands into the running u-boot +session (change the last argument of the 'sf write' line, in hex, if the .kwb +file size changes from exactly 196076 bytes): + + usb start + fatload usb 1 0x6400000 uboot.2012.04.01-2_armel.kwb + sf probe 0 + sf erase 0x0 0x80000 + sf write 0x6400000 0x0 0x2fdec + setenv baudrate 115200 + setenv bootcmd '${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root} ${x_bootargs_console}; bootm 0x6400000 0x6900000;' + setenv x_bootargs_console 'ttyS0,115200' + setenv x_bootargs_root 'root=/dev/sdb2 rootdelay=10' + setenv x_bootcmd_initrd 'fatload usb 1:1 0x6900000 uInitrd' + setenv x_bootcmd_kernel 'fatload usb 1:1 0x6400000 uImage' + setenv x_bootcmd_usb 'usb start' + saveenv + reset diff --git a/freedom-maker/bin/copy2dream b/freedom-maker/bin/copy2dream deleted file mode 100644 index 267c2b6..0000000 --- a/freedom-maker/bin/copy2dream +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# -# this script assumes the current root filesystem is the source, and the -# internal microSD on a DreamPlug is the target .. all existing content on -# the microSD card will be lost. -# - -# partition microSD card inside DreamPlug -echo "=> partition internal microSD card" -parted -s /dev/sda mklabel msdos -parted -s /dev/sda mkpart primary fat16 0 128 -parted -s /dev/sda mkpart primary ext2 128 100% - -# create filesystems on new partitions -echo "=> create filesystems on internal microSD card" -mkdosfs /dev/sda1 -mke2fs -j /dev/sda2 - -echo "=> mount target partitions" -mount /dev/sda2 /media -mkdir -p /media/boot -mount /dev/sda1 /media/boot - -echo "=> copy filesystem content from USB stick to target partitions" -(cd / ; tar cpSf - `/bin/ls | grep -v boot | grep -v proc | grep -v sys | grep -v media | grep -v dev`) | (cd /media ; tar xpf -) -# the following intentionally ignores subdirectories -cp /boot/* /media/boot/ - -echo "=> touch up target root partition" -mkdir /media/proc /media/sys /media/media /media/dev -mknod /media/dev/console c 5 1 -mknod /media/dev/random c 1 8 -mknod /media/dev/urandom c 1 9 -mknod /media/dev/null c 1 3 -mknod /media/dev/ptmx c 5 2 - -# patch up /etc/fstab entry for /boot -sed -e 's/sdc/sda/g' < /etc/fstab > /media/etc/fstab - -# flash the kernel and create the device's keys -chroot /media /etc/init.d/first-run - -echo "unmount target partitions" -umount /dev/sda1 -umount /dev/sda2 - -echo "=> installation complete, see docs to boot from internal microSD" diff --git a/freedom-maker/flashing-notes b/freedom-maker/flashing-notes deleted file mode 100644 index def3f61..0000000 --- a/freedom-maker/flashing-notes +++ /dev/null @@ -1,28 +0,0 @@ -Jason says: - - Sort of. The openocd config for the sheevaplug/guruplug is what I use, - and is distributed on the dreamplug download page [1]. It does _not_ - have support for the SPI flash. You can also use the sheevaplug.cfg - shipped with openocd. So, I use openocd or tftp to transfer to RAM, - then use u-boot to write to flash. - - To test images, or to reflash, I load the known-good u-boot into RAM via - openocd, then I'll either reflash it or load a new testing one from - there. - - To write a u-boot.kwb test image to flash, here is what I do: - - openocd$ sheevaplug_init - openocd$ load_image u-boot # known good from Marvell - openocd$ load_image u-boot.kwb 0x00800000 # monster I created - openocd$ resume 0x00600000 # run the known good - - then, in u-boot - - u-boot$ sf probe 0 - u-boot$ sf erase 0x0 0x100000 - u-boot$ sf write 0x00800000 0x0 0x100000 - - If time allows, I'd like to add SPI flash support to OpenOCD. - Unfortunately, time is short and the above process works. - diff --git a/freedom-maker/source/boot/uboot.2012.04.01-2_armel.elf b/freedom-maker/source/boot/uboot.2012.04.01-2_armel.elf new file mode 100644 index 0000000..ab58a26 Binary files /dev/null and b/freedom-maker/source/boot/uboot.2012.04.01-2_armel.elf differ diff --git a/freedom-maker/source/boot/uboot.2012.04.01-2_armel.kwb b/freedom-maker/source/boot/uboot.2012.04.01-2_armel.kwb new file mode 100644 index 0000000..c524936 Binary files /dev/null and b/freedom-maker/source/boot/uboot.2012.04.01-2_armel.kwb differ diff --git a/freedom-maker/source/boot/uboot.env b/freedom-maker/source/boot/uboot.env new file mode 100644 index 0000000..06cb618 --- /dev/null +++ b/freedom-maker/source/boot/uboot.env @@ -0,0 +1,8 @@ +setenv baudrate 115200 +setenv bootcmd '${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root} ${x_bootargs_console}; bootm 0x6400000 0x6900000;' +setenv x_bootargs_console 'ttyS0,115200' +setenv x_bootargs_root 'root=/dev/sdb2 rootdelay=10' +setenv x_bootcmd_initrd 'fatload usb 1:1 0x6900000 uInitrd' +setenv x_bootcmd_kernel 'fatload usb 1:1 0x6400000 uImage' +setenv x_bootcmd_usb 'usb start' +saveenv diff --git a/packages/torouter-prep/configs/etc/fstab b/packages/torouter-prep/configs/etc/fstab index 7c48827..c4318d3 100644 --- a/packages/torouter-prep/configs/etc/fstab +++ b/packages/torouter-prep/configs/etc/fstab @@ -1,6 +1,6 @@ -/dev/sdc2 / auto relatime,rw 0 0 +/dev/sdb2 / auto relatime,rw 0 0 proc /proc proc none 0 0 sys /sys sysfs none 0 0 none /dev/pts devpts defaults 0 0 tmpfs /tmp tmpfs rw,nosuid,nodev 0 0 -/dev/sdc1 /boot vfat defaults 0 0 +/dev/sdb1 /boot vfat defaults 0 0 diff --git a/packages/torouter-prep/configs/sbin/copy2dream b/packages/torouter-prep/configs/sbin/copy2dream index 267c2b6..d171bdf 100644 --- a/packages/torouter-prep/configs/sbin/copy2dream +++ b/packages/torouter-prep/configs/sbin/copy2dream @@ -35,7 +35,7 @@ mknod /media/dev/null c 1 3 mknod /media/dev/ptmx c 5 2 # patch up /etc/fstab entry for /boot -sed -e 's/sdc/sda/g' < /etc/fstab > /media/etc/fstab +sed -e 's/sdb/sda/g' < /etc/fstab > /media/etc/fstab # flash the kernel and create the device's keys chroot /media /etc/init.d/first-run diff --git a/packages/torouter-prep/src/torouter_preboot.sh b/packages/torouter-prep/src/torouter_preboot.sh index 70c08aa..267a462 100755 --- a/packages/torouter-prep/src/torouter_preboot.sh +++ b/packages/torouter-prep/src/torouter_preboot.sh @@ -16,49 +16,49 @@ export TORADMINGROUP="debian-tor" # if [ `apt-get --simulate install apt-utils tor torouterui ttdnsd` ] # Set us to have a default host name and hosts file -install -o root -g root -m 600 $config_dir/etc/hostname /etc/hostname -install -o root -g root -m 600 $config_dir/etc/hosts /etc/hosts +install -o root -g root -m 644 $config_dir/etc/hostname /etc/hostname +install -o root -g root -m 644 $config_dir/etc/hosts /etc/hosts # We need to prep apt to understand that we want packages from other repos -install -o root -g root -m 600 $config_dir/etc/apt/sources.list /etc/apt/sources.list +install -o root -g root -m 644 $config_dir/etc/apt/sources.list /etc/apt/sources.list # Reconfigure /etc/inittab here -install -o root -g root -m 600 $config_dir/etc/inittab /etc/inittab +install -o root -g root -m 644 $config_dir/etc/inittab /etc/inittab # Reconfigure fstab -install -o root -g root -m 600 $config_dir/etc/fstab /etc/fstab +install -o root -g root -m 644 $config_dir/etc/fstab /etc/fstab # Configure the network # eth0 is our "internet" interface with a dhcp client -install -o root -g root -m 600 $config_dir/etc/network/interfaces /etc/network/interfaces +install -o root -g root -m 644 $config_dir/etc/network/interfaces /etc/network/interfaces # Configure dnsmasq -install -o root -g root -m 600 $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf -install -o root -g root -m 600 $config_dir/etc/dnsmasq_lan.conf /etc/dnsmasq_lan.conf -install -o root -g root -m 600 $config_dir/etc/dnsmasq_wifi.conf /etc/dnsmasq_wifi.conf +install -o root -g root -m 644 $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf +install -o root -g root -m 644 $config_dir/etc/dnsmasq_lan.conf /etc/dnsmasq_lan.conf +install -o root -g root -m 644 $config_dir/etc/dnsmasq_wifi.conf /etc/dnsmasq_wifi.conf # new dns scheme -install -o root -g root -m 600 $config_dir/etc/default/dnsmasq /etc/default/dnsmasq -install -o root -g root -m 750 $config_dir/etc/init.d/dnsmasq_lan /etc/init.d/dnsmasq_lan -install -o root -g root -m 750 $config_dir/etc/init.d/dnsmasq_wifi /etc/init.d/dnsmasq_wifi +install -o root -g root -m 644 $config_dir/etc/default/dnsmasq /etc/default/dnsmasq +install -o root -g root -m 754 $config_dir/etc/init.d/dnsmasq_lan /etc/init.d/dnsmasq_lan +install -o root -g root -m 754 $config_dir/etc/init.d/dnsmasq_wifi /etc/init.d/dnsmasq_wifi # Configure ntp -install -o root -g root -m 600 $config_dir/etc/ntp.conf /etc/ntp.conf -install -o root -g root -m 600 $config_dir/etc/default/openntpd /etc/default/openntpd +install -o root -g root -m 644 $config_dir/etc/ntp.conf /etc/ntp.conf +install -o root -g root -m 644 $config_dir/etc/default/openntpd /etc/default/openntpd # Configure ssh -install -o root -g root -m 600 $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config +install -o root -g root -m 644 $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config # XXX We should configure ufw here # XXX We should configure denyhosts # torrc permissions get overwritten below -install -o root -g root -m 600 $config_dir/etc/tor/torrc /etc/tor/torrc +install -o root -g root -m 644 $config_dir/etc/tor/torrc /etc/tor/torrc -install -o root -g root -m 600 $config_dir/etc/default/ttdnsd /etc/default/ttdnsd +install -o root -g root -m 644 $config_dir/etc/default/ttdnsd /etc/default/ttdnsd # install tor firewall helper -install -o root -g root -m 750 $config_dir/sbin/tor-wireless-firewall.sh /usr/sbin/ +install -o root -g root -m 754 $config_dir/sbin/tor-wireless-firewall.sh /usr/sbin/ # Remove a bunch of stuff apt-get -f -y remove --purge polipo minissdpd @@ -70,7 +70,7 @@ apt-get install -f apt-get -y clean ## Disable ipv6 support for now -install -o root -g root -m 600 $config_dir/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf +install -o root -g root -m 644 $config_dir/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf ## add users and groups (ignore failures if groups already exist) addgroup $ADMINGROUP -- cgit v1.2.3