[ts-7000] Re: SD card security features

To:
Subject:	[ts-7000] Re: SD card security features
From:	"Fabio Vaz" <>
Date:	Mon, 18 Aug 2008 14:25:44 -0000

I can't unlock it too. I tried : 
sdlock --unlock
sdlock -u
sdlock --password=12345 -u

Nothing seems to work.


--- In  "raaku12" <> wrote:
>
> 
> 

> I have successfully Locked the sd card and now i cant unlock it
> 
> 
> 
> :~# sdlock --u
> locked=1
> readonly=0
> unlock_ok=0
> cardsize=0
> :~# 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --- In  "Jesse Off" <joff@> wrote:
> >
> > I've just written some new programs for manipulating some of the 
> > unique-to-SD features.  For those who may not know, SD cards can 
be 
> > password protected in hardware and made permanently and 
> irreversibly 
> > write-protected.  Our 2 kbyte TS-SDBOOT firmware has the 
following 
> > features which exploit these:
> > 
> >   *) Ability to boot to locked SD cards by storing passwords in
> >      EEPROM.
> >   *) Ability to verify (CRC) the entire or partial contents of the
> >      SD card before allowing it to be booted.
> >   *) Optionally prevent booting of unlocked SD cards.
> > 
> > The 2 programs are at
> > ftp://ftp.embeddedARM.com/sdlock
> > ftp://ftp.embeddedARM.com/tsbootrom-update
> > 
> > These utilities are for TS-7300 and TS-7400 boards.  You can also 
> > use it on a TS-7260 with SD, but the default on that board is not 
> to 
> > boot Linux from the SD card as the TS-7260 uses RedBoot for a 
> > bootloader and boots from NAND flash.
> > 
> > ====================
> > To manipulate the SD card, the command "sdlock" is provided:
> > 
> > $ sdlock --help
> > Usage: sdlock [OPTION] ...
> > Controls SD card lock and permanent write-protect features.
> > 
> > General options:
> >   -p, --password=PASS     Use PASS as password
> >   -c, --clear             Remove password lock
> >   -s, --set               Set password lock
> >   -u, --unlock            Unlock temporarily
> >   -e, --erase             Erase entire device (clears password)
> >   -w, --wprot             Enable permanent write protect
> >   -h, --help              This help
> > 
> > ===============
> > To manipulate the BOOTROM, the utility "tsbootrom-update" is 
> > provided:
> > 
> > $ tsbootrom-update --help
> > Usage: tsbootrom-update [OPTION] ...
> > Updates TS-BOOTROM bootup program stored on EEPROM
> > 
> > General options:
> >   -n                      Do not actually write EEPROM
> >   -s, --sdboot            Write TS-SDBOOT bootup program
> >   -f, --flashboot         Write TS-FLASHBOOT bootup program
> >   -u, --burninboot        Write TS-BURNINBOOT bootup program
> >   -p, --spiflashboot      Write TS-SPIFLASHBOOT bootup program
> >   -b, --blastboard        Write to blast board EEPROM instead of 
SBC
> >   -h, --help              This help
> > 
> > EEPROM security block options:
> >   -m, --mac=X             Write X as ethernet MAC address
> >   -l, --verifylen=N       Checksum includes first N 512 byte 
sectors
> >   -d, --device=FILE       Use FILE to re-compute checksum value
> >   -V, --verifydat=N       Use N as pre-computed checksum value
> >   -L, --lockdat=X         Use X for the SD unlock data token
> >   -k, --verifylock        Do not boot to an unlocked SD card
> >   -c, --noconsole         Disable serial console bootup messages
> > 
> > TS-production specific options:
> >   -a, --alloc-mac         Get MAC address from /var/ts-
> production/mac
> > 
> > ====================
> > To lock an SD card, you must first use "sdlock" to set a 
password.  
> > Upon successful lock, a 40 character "sdboot_lockdat" string will 
> be 
> > generated and printed to stdout.  e.g.
> > 
> > # ./sdlock --set --password=foopassword
> > password="foopasswordfoopa"
> > locked=0
> > readonly=0
> > cardsize=246016
> > set_ok=1
> > sdboot_lockdat="0010666f6f70617373776f7264666f6f7061c43b"
> > # 
> > 
> > Notice the password is not exactly "foopassword" -- the program 
> will 
> > always expand your password to 16-bytes.
> > 
> > Locking is an optional SD card feature -- not all SD cards have 
it, 
> > especially some cheap ones I've found don't.
> > 
> > After the SD lock is set, you must tell TS-SDBOOT the 
> sdboot_lockdat 
> > in order for it to be able to boot it.  For this, you must run 
the 
> > following:
> > 
> > # ./tsbootrom-update --sdboot --
> > lockdat=0010666f6f70617373776f7264666f6f7061c43b
> > 
> > Note that TS-SDBOOT will still be able to boot unlocked cards.  
To 
> > disable this, run this command instead:
> > 
> > # ./tsbootrom-update --sdboot --verifylock  --
> > lockdat=0010666f6f70617373776f7264666f6f7061c43b 
> > 
> > 
> > //Jesse Off
> >
>



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ts-7000/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ts-7000/join
    (Yahoo! ID required)

<*> To change settings via email:
     
    

<*> To unsubscribe from this group, send an email to:
    

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

<Prev in Thread]	Current Thread	[Next in Thread>
[ts-7000] Re: SD card security features, Fabio Vaz <=

Previous by Date:	[ts-7000] Re: Kernel 2.6 TS7260, joris.durand
Next by Date:	[ts-7000] Re: TS-7260 and it's SDCARD module, segfault on invalid mounts, jaylimo84
Previous by Thread:	[ts-7000] 7800 SD Card Oddity, eric.robishaw
Next by Thread:	[ts-7000] ZigBee implementation (TS-RF2-ZIGBEE), mathlaj
Indexes:	[Date] [Thread] [Top] [All Lists]

Disclaimer: Neither Andrew Taylor nor the University of NSW School of Computer and Engineering take any responsibility for the contents of this archive. It is purely a compilation of material sent by many people to the birding-aus mailing list. It has not been checked for accuracy nor its content verified in any way. If you wish to get material removed from the archive or have other queries about the archive e-mail Andrew Taylor at this address: andrewt@cse.unsw.EDU.AU