I've just written some new programs for manipulating some of the
unique-to-SD features. For those who may not know, SD cards can be
password protected in hardware and made permanently and irreversibly
write-protected. Our 2 kbyte TS-SDBOOT firmware has the following
features which exploit these:
*) Ability to boot to locked SD cards by storing passwords in
EEPROM.
*) Ability to verify (CRC) the entire or partial contents of the
SD card before allowing it to be booted.
*) Optionally prevent booting of unlocked SD cards.
The 2 programs are at
ftp://ftp.embeddedARM.com/sdlock
ftp://ftp.embeddedARM.com/tsbootrom-update
These utilities are for TS-7300 and TS-7400 boards. You can also
use it on a TS-7260 with SD, but the default on that board is not to
boot Linux from the SD card as the TS-7260 uses RedBoot for a
bootloader and boots from NAND flash.
====================
To manipulate the SD card, the command "sdlock" is provided:
$ sdlock --help
Usage: sdlock [OPTION] ...
Controls SD card lock and permanent write-protect features.
General options:
-p, --password=PASS Use PASS as password
-c, --clear Remove password lock
-s, --set Set password lock
-u, --unlock Unlock temporarily
-e, --erase Erase entire device (clears password)
-w, --wprot Enable permanent write protect
-h, --help This help
===============
To manipulate the BOOTROM, the utility "tsbootrom-update" is
provided:
$ tsbootrom-update --help
Usage: tsbootrom-update [OPTION] ...
Updates TS-BOOTROM bootup program stored on EEPROM
General options:
-n Do not actually write EEPROM
-s, --sdboot Write TS-SDBOOT bootup program
-f, --flashboot Write TS-FLASHBOOT bootup program
-u, --burninboot Write TS-BURNINBOOT bootup program
-p, --spiflashboot Write TS-SPIFLASHBOOT bootup program
-b, --blastboard Write to blast board EEPROM instead of SBC
-h, --help This help
EEPROM security block options:
-m, --mac=X Write X as ethernet MAC address
-l, --verifylen=N Checksum includes first N 512 byte sectors
-d, --device=FILE Use FILE to re-compute checksum value
-V, --verifydat=N Use N as pre-computed checksum value
-L, --lockdat=X Use X for the SD unlock data token
-k, --verifylock Do not boot to an unlocked SD card
-c, --noconsole Disable serial console bootup messages
TS-production specific options:
-a, --alloc-mac Get MAC address from /var/ts-production/mac
====================
To lock an SD card, you must first use "sdlock" to set a password.
Upon successful lock, a 40 character "sdboot_lockdat" string will be
generated and printed to stdout. e.g.
# ./sdlock --set --password=foopassword
password="foopasswordfoopa"
locked=0
readonly=0
cardsize=246016
set_ok=1
sdboot_lockdat="0010666f6f70617373776f7264666f6f7061c43b"
#
Notice the password is not exactly "foopassword" -- the program will
always expand your password to 16-bytes.
Locking is an optional SD card feature -- not all SD cards have it,
especially some cheap ones I've found don't.
After the SD lock is set, you must tell TS-SDBOOT the sdboot_lockdat
in order for it to be able to boot it. For this, you must run the
following:
# ./tsbootrom-update --sdboot --
lockdat=0010666f6f70617373776f7264666f6f7061c43b
Note that TS-SDBOOT will still be able to boot unlocked cards. To
disable this, run this command instead:
# ./tsbootrom-update --sdboot --verifylock --
lockdat=0010666f6f70617373776f7264666f6f7061c43b
//Jesse Off
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|