1) To prepare the necessary tooling, kernel-package libncurese-dev
>sudo apt-get install kernel-package libncurses5-dev
2) To download kernel source from kernel.org.
>cd /usr/src
>sudo wget http://ww.kernel.org/pub/linux/lernel/v2.6/linux-2.6.24.7.tar.bz2
3) To de-compress the kernel sources.
>sudo tar jxvf linux-2.6.24.7.tar.bz2
4) To create a soft link to the kernel source.
>sudo ln -s linux-2.6.24.7 linux
5) To copy the kernel configuration.
> cd linux
>sudo cp /boot/config-'uname -r' .config
6) To config the kernel.
>sudo make menuconfig
7) To clean up the old stuffs first.
> sudo make distclean
8) Exciting now, start to build the kernel source.
> sudo make-kpkg --initrd kernel_image kernel_headers
9) To install the kernel.
>sudo dpkg -i linux-image-2.6.24.7_2.6.24.7-10.00.Custom_i386.deb linux-headers-2.6.24.7_2.6.24.7-10.00.Custom_i386.deb
10) Aftter installation, user can check /boot/grub/menu.lst to ensure the kernel was added to the menu.
11) Reboot. ^_^
Friday, July 18, 2008
Thursday, July 17, 2008
Setup a VMImage based on Ubuntu 8.04 for ARM Linux development.
Below is my blog to setup a VMImage based on Ubuntu 8.04 for accio development.
1) Install the VMWare workstation version 6.x or above. Please use the Bridge for network setting.
2) Since I am using static IP instead of the DHCP, please change the network setting of /etc/network/interfaces accordingly.
auto lo
iface lo inet loopback
#The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address "your IP"
netmask 255.255.255.0
network ""
broadcast ""
gateway ""
3) To install the ftp server.
sudo apt-get install proftpd
(PS: Please select to run proftp server from standalone.)
(reference link: http://www.ubuntugeek.com/settingup-an-ftp-server-on-ubuntu-with-proftpd.html)
4) To install the samba server.
sudo apt-get install samba (reference link: http://ubuntuforums.org/showthread.php?t=202605)
5) To install gcc.
sudo apt-get install build-essential (reference link: http://www.linuxforums.org/forum/ubuntu-help/104156-gcc-installation-ubuntu.html)
if internet can't connect, please try.
sudo apt-cdrom add
sudo apt-get update
sudo apt-get install build-essential
6) To install ncurses. (It is for kernel menuconfig.)
sudo apt-get install build-essentials
sudo apt-get install libncurses5-dev
(reference link: http://ubuntuforums.org/showthread.php?t=296224)
7) To install gcc compiler version 3.4.6 for ARM9 Linux Platform
i) Download the arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2 to /tmp directory
ii) Unzip the arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2
- cd /tmp
- tar jvxf /tmp/ arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2 –C /
iii) Set the environment variable of the user.
- Edit ~/.bashrc
- Add the line
ARM_GCC_TOOLS=/usr/local/arm/3.4.6/bin
PATH=$ARM_GCC_TOOLS:$PATH
8) TO install CVS client.
sudo apt-get install cvs
(reference link: http://sanatio.blogspot.com/2005/12/cvs-server-on-ubuntu.html)
(PS: User manual for ubuntu could be found here http://ubuntuguide.org/wiki/Ubuntu:Hardy)
1) Install the VMWare workstation version 6.x or above. Please use the Bridge for network setting.
2) Since I am using static IP instead of the DHCP, please change the network setting of /etc/network/interfaces accordingly.
auto lo
iface lo inet loopback
#The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address "your IP"
netmask 255.255.255.0
network ""
broadcast ""
gateway ""
3) To install the ftp server.
sudo apt-get install proftpd
(PS: Please select to run proftp server from standalone.)
(reference link: http://www.ubuntugeek.com/settingup-an-ftp-server-on-ubuntu-with-proftpd.html)
4) To install the samba server.
sudo apt-get install samba (reference link: http://ubuntuforums.org/showthread.php?t=202605)
5) To install gcc.
sudo apt-get install build-essential (reference link: http://www.linuxforums.org/forum/ubuntu-help/104156-gcc-installation-ubuntu.html)
if internet can't connect, please try.
sudo apt-cdrom add
sudo apt-get update
sudo apt-get install build-essential
6) To install ncurses. (It is for kernel menuconfig.)
sudo apt-get install build-essentials
sudo apt-get install libncurses5-dev
(reference link: http://ubuntuforums.org/showthread.php?t=296224)
7) To install gcc compiler version 3.4.6 for ARM9 Linux Platform
i) Download the arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2 to /tmp directory
ii) Unzip the arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2
- cd /tmp
- tar jvxf /tmp/ arm-linux-gcc-3.4.6-ssl-0.1.2.tar.bz2 –C /
iii) Set the environment variable of the user.
- Edit ~/.bashrc
- Add the line
ARM_GCC_TOOLS=/usr/local/arm/3.4.6/bin
PATH=$ARM_GCC_TOOLS:$PATH
8) TO install CVS client.
sudo apt-get install cvs
(reference link: http://sanatio.blogspot.com/2005/12/cvs-server-on-ubuntu.html)
(PS: User manual for ubuntu could be found here http://ubuntuguide.org/wiki/Ubuntu:Hardy)
Monday, June 2, 2008
WinCE 5 vs WinCE 6 ^_^
This is reference to http://www.e-consystems.com/WindowsCE5vs6.asp
The major changes in 6.0 are
- It supports safe SEH for security compliance (/GS)
- Secure C Run-Time Libraries
- PREfast support for ARM, MIPS, and SH
- Increase from 32 to 32,000 processes on the device
- Instead of a single 2GB VM for all processes now 2GB per process
- Separation of user and kernel mode space
- File system can support data encryption
- Added 802.11i support for WPA2 compliance
- Windows Media DRM 10 PD and ND
- Graphic windowing and events subsystem (GWES)
- Networking (TCP/IP, IPv6)
- Expanded file system
- More device drivers
- Critical OS components moved into kernel space (critical drivers, file system, and graphical window manager into the kernel)
- New shared heap (R/W for kernel R/O for user land)
- 1GB per process space
- New operating system layout
- In-depth security review of: System calls, Handles, Exception Handling, Memory Allocation, Loader,
- Improved parameter validation for system calls
- Per-Process page and handle tables - greatly improves process isolation, Improves code robustness
- System calls run on special kernel side stacks
- Safeguards system calls from stack tampering
- Heap control structures separated from heap data
- Safe Remote Heaps for OS components
- OS servers can open heaps in user process
- R/W for servers, R/only for user
- Performance optimization and safety from tampering
- Support for secure boot loaders
- Public / private key based
- Based around file signing
- Features supported in hardware (partial list)
- On-chip, tamper-resistant boot ROM
- On-chip RAM (secure key storage)
- Cryptographic support
- JTAG can be disabled
- Fusible or one-time programmable elements
- They acknowledge if JTAG is enabled, it all "falls apart"
- There are more complex attack scenarios that require secure PCB design to mitigate
- Embedded (nested) pointers and how they can be used for attack, such as:
- Pass an embedded pointer to some kernel address space and ask the driver to read/write to the addressed buffer, thereby potentially modifying the kernel
- There is a lot of emphasis around validation to mitigate this
- The kernel will perform parameter pointer validation
- It’s down to the API to perform embedded pointer validation
- The thread permissions model has changed in drivers
- There is strong emphasis on copying the "callers buffer" and then using that copy, as opposed to using the callers buffer itself
This is reference to http://www.e-consystems.com/WindowsCE5vs6.asp
The major changes in 6.0 are
- Process address space is increased from 32MB to 1 GB.
- Number of processes has been increased to 32K from 32.
- User mode and kernel mode device drivers are possible.
- Device.exe, filesys.exe, GWES.exe has been moved to Kernel mode.
- SetKMode and set process permissions not possible.
- System call performance will improve.
- It supports safe SEH for security compliance (/GS)
- Secure C Run-Time Libraries
- PREfast support for ARM, MIPS, and SH
- Increase from 32 to 32,000 processes on the device
- Instead of a single 2GB VM for all processes now 2GB per process
- Separation of user and kernel mode space
- File system can support data encryption
- Added 802.11i support for WPA2 compliance
- Windows Media DRM 10 PD and ND
- Graphic windowing and events subsystem (GWES)
- Networking (TCP/IP, IPv6)
- Expanded file system
- More device drivers
- Critical OS components moved into kernel space (critical drivers, file system, and graphical window manager into the kernel)
- New shared heap (R/W for kernel R/O for user land)
- 1GB per process space
- New operating system layout
- In-depth security review of: System calls, Handles, Exception Handling, Memory Allocation, Loader,
- Improved parameter validation for system calls
- Per-Process page and handle tables - greatly improves process isolation, Improves code robustness
- System calls run on special kernel side stacks
- Safeguards system calls from stack tampering
- Heap control structures separated from heap data
- Safe Remote Heaps for OS components
- OS servers can open heaps in user process
- R/W for servers, R/only for user
- Performance optimization and safety from tampering
- Support for secure boot loaders
- Public / private key based
- Based around file signing
- Features supported in hardware (partial list)
- On-chip, tamper-resistant boot ROM
- On-chip RAM (secure key storage)
- Cryptographic support
- JTAG can be disabled
- Fusible or one-time programmable elements
- They acknowledge if JTAG is enabled, it all "falls apart"
- There are more complex attack scenarios that require secure PCB design to mitigate
- Embedded (nested) pointers and how they can be used for attack, such as:
- Pass an embedded pointer to some kernel address space and ask the driver to read/write to the addressed buffer, thereby potentially modifying the kernel
- There is a lot of emphasis around validation to mitigate this
- The kernel will perform parameter pointer validation
- It’s down to the API to perform embedded pointer validation
- The thread permissions model has changed in drivers
- There is strong emphasis on copying the "callers buffer" and then using that copy, as opposed to using the callers buffer itself
Tuesday, May 27, 2008
開場白
For a opening speech, I think about it for quite a while. However, I still can't figure out what to say.
Anyway, I wanna to share my programming experience here with anyone whose do have interest in embedded system programming.
Good Luck.
Anyway, I wanna to share my programming experience here with anyone whose do have interest in embedded system programming.
Good Luck.
Subscribe to:
Posts (Atom)