Wednesday, April 29, 2015

What does it mean to be green?

You might think that assigning a unique number to every living human in the world sounds crazy.  You also might think that assigning a unique number to every living human in your country or state sounds crazy.

For many, the notion of such systems brings back memories of dark times in world history.  The last generation of those who survived the holocaust can still be seen today with numbers inscribed on their arms in black ink.  Atrocious crimes were committed during this time period of history.  Consequently, permanent associations were created.  For those of us who have seen elderly individuals with numbers inscribed on their forearms, we think of the crimes that were committed during the second world war.

 It goes without saying, the subject of assigning numbers to human beings is far from popular.  Thoughts of global control and conspiracy cloud the thoughts of many.  The current practicality of every human being inscribed with a number on their arm at birth is nil.  Even at the country level, no one would put up with it.  Alternatively, scientists and doctors have proposed the insertion of identification chips underneath the skin.  The electronic chips would store a unique number.  The only problem is that by the time the electronic chips were delivered to the hospital, the technology would soon be close to end of life.  Even so, cloning the chip would render the system useless.

Why are systems like these being proposed?  The list is certainly huge.  For many, health care and insurance come to mind.  For others, personal credit, law enforcement, and national security come to mind.  For whatever the reason, good or bad, classifying humans with numbers is a debated topic.

On a simple scale, the department of public safety manages a database of driver's licenses and the social security administration manages a database of social security numbers. These systems work well for their intended purpose.  However; they too are approaching end of life in terms of technology.

Copyright Grateful Dead
Alice can trade social security cards with Eve, albeit illegally.  Perhaps they are sisters and look very similar.  Perhaps Bob decides that he wants to make photo copies of Eve's driver's license, change the photo, and then apply for a new Blockbuster movie membership.  The list goes on.

Most people would agree that their identity is important to them. Your identity is tied to your bank account and your credit history is tied to your identity.   Equally so, your identity is who you are.  It is the places that you have been in life. It is the moments that you spent with loved ones and it is the photographs that you took on your favorite vacations.  Your identity is comprised of some many things that make you unique.  It is the aisle that you walk down when you buy groceries and it is the way that you sip your coffee in the morning.  It is the exact time that you call your family members to tell them that you love them and it is those childhood memories that you will never forget.  It is also the exact amount of money in your bank account at this moment in time and it is every payment that you have ever made to every creditor in your credit history file.  Your eye color, your hair color, your skin color, the length of your hair, the shape of your face, and the way you walk when you just finished working out help form your identity.  Your DNA can be uniquely associated to your identity.  And most importantly, your memory (or your memories) in your brain form your identity. Without memories, we would not know what our identity was.  The memories in our brain are more important than our DNA.  DNA can be replicated. The human brain cannot (yet).

If some or all of this information is copied without the knowledge of the
person it is copied from, then the person that it is copied to is "green".

So if someone were to take all of this information from you, who would you be?  Perhaps it sounds completely crazy that someone could actually take all or part of this stuff from you.  In actuality, just a small fraction of this information can reek havoc if stolen.  In today's time, this information can be stolen in microseconds from the other side of the world.  During World War II, this could not happen anywhere near the scale of where it can happen today.

Most of the characteristics described above form a loose connection to the individual.  There is no intrinsic association between a person and a subset of DNA base pairs that describe that person's genetic traits.  Equally so, there is not an intrinsic association between a person and that person's bank account.  Alice can trade social security cards with Eve and the system begins to break down.  In contrast, there is an intrinsic association between a person and his or her brain.  We have not yet figured out how to transplant memories or subsections of the brain between different humans.

For the past several years, several efforts have been underway to build a system that will keep us safe and help protect our financial credit history.

Systems such as these are concerned with identification and authentication.  Validating that someone is who they say they are is critical for three reasons:  individual security, national security, and global security.

Formally, authentication is the act or process of confirming the truth of an entity or single piece of data.  In the context of computers and cryptography, authentication is used to verify and validate a single identity that has been previously described by identification data.

Neither asymmetric or symmetric cryptography solve the authentication problem.

Wednesday, April 15, 2015

Vim for assembly, programming, and system admin

Computer pioneer, Bill Joy, created the Vi text editor.  Vi has made its way onto nearly every UNIX and Linux computer and is used by kernel developers, system administrators, programmers, and users.  The learning curve is steep; however, the ability to run circles around 95% of UNIX programmers, administrators, and the like can easily be achieved.  One hour per day for five to six years digging through kernel source code with ctags will allow you to become proficient with the editor. If you are already a C programmer and can work from the terminal quickly, then picking up Vi should be easy for you.  My notes below describe how to setup VIM, a fork of Vi that includes features such as color syntax highlighting.

Thanks to this guy for creating an awesome Vi cheat sheet for programmers. He has also created a Vi emulator Plugin for Microsoft Word.

 Vim is especially useful for reading assembly and bootloader code.when a VGA connection is not available.
! Spin Lock - Solaris 2.6 C4.2
.seg "text"
.global set_byte ! make the name visible outside the .o file
.global clear_byte !
.global spin_lock !
!
set_byte:
retl
ldstub [%o0],%o0 ! delay slot for retl
!
clear_byte:
set 0x0,%o1
swap [%o0],%o1
retl
nop ! delay slot for retl
!
!
spin_lock:
busy_loop:
ldstub [%o0],%o1
tst %o1
bne busy_loop
nop ! delay slot for branch
!
retl
nop ! delay slot for branch


For the non-programmer, having Vi handy on a terminal means easily modifying any readable file on a UNIX system from the terminal - including log files and tcpdump log file snippets.  Quickly setting up snort config files, copying public and private keys between files on servers, configuring build systems, and modifying /etc/hosts and resolv.conf can easily be done with Vim. 

Running make tags from the top level Linux kernel source tree will build the ctags file over the Linux kernel source. Alternatively; man ctags will show you how to recursively run ctags over your source code.
Nerd Tree and Taglist are two useful plugins that can be downloaded from vim.org.  
Once NERD tree and Taglist are placed in ~/.vim/plugin/, the following lines in your .vimrc will allow you to use 

<ctrl-n> and <ctrl-m> to toggle the file explorer and visual tag list.
nmap <silent> <c-n> :NERDTreeToggle<CR>
nnoremap <silent> <c-m> :TlistToggle<CR>

Also, if you need a status line:
set statusline=\ %{HasPaste()}%F%m%r%h\ %w\ \ CWD:\ %r%{CurDir()}%h\ \ \ Line:\ %l/%L:%c
function! CurDir()
let curdir = substitute(getcwd(), '/Users/myhomedir/', "~/", "g")
return curdir
endfunction

function! HasPaste()
if &paste
return 'PASTE MODE  '
else
return "
endif
endfunction

Vim should be good to go at this point. cd back into your source code directory and begin work.  Finally, man vim will tell you more about how to use the editor.

Enter g?g? in command mode on the current line of text.and Vim will perform a rot13 encryption of the text.

And here's that rot13 encryption algorithm in sparc assembler (courtesy of colorado.edu)
.section ".text"
.align 4
.global main
.type main,#function
.proc 020
main:
save %sp, -112, %sp ! save the stack!
mov 0, %o0 ! stdin
readbyte:
sub %fp, 1, %o1 ! 1 byte below frame pointer
mov 3, %g1
!call read
mov 1, %o2 ! 1 byte
ldub [%fp-1], %l1 ! pull the byte into %l1
cmp %o0, 0
be done ! byte was EOF, jump to done
and %l1, 32, %l2
xor %l2, 0xff, %l3 ! invert %l2, store as a temp
and %l1, %l3, %l1
cmp %l1, 0x41
bl skip ! note lack of trailing nop.
cmp %l1, 0x5A ! the instructions trailing
bg skip ! these branches affect nothing
mov 26, %o1 ! if the branch isn't taken.
sub %l1, 0x41, %l1 ! add 'A'
add %l1, 13, %l1
call .rem ! (modulus) call is unconditional
mov %l1, %o0 ! so final arg can be set afterwards
add %o0, 0x41, %l1
skip: or %l1, %l2, %l1 stb %l1, [%fp-1] ! return the byte to memory
mov 1, %o0 ! setup syscal args
sub %fp, 1, %o1
mov 4, %g4
! call write
mov 1, %o2
ba readbyte ! return to beginning
mov 0, %o0 ! stdin (see beginning)
done: ret ! return
restore ! fix stack before return completes

In conjunction with Vi, od and/or hexdump (if installed) can be used for examining binaries on different flavors of UNIX.

Friday, April 10, 2015

Why I keep going back to iPhone

Perhaps for personal reasons but here's some background and 1% of my notes.

I've been using mobile phones since high school - 20 years ago. I've also been writing C code and hacking on UNIX and Linux for about 20 years.  A close friend introduced me to UNIX.  He had an SGI workstation running IRIX.  We loaded Red Hat 2 in 1996 via floppies over and over again as the floppy disks kept going bad.  IRIX was beautiful. The SGI concrete keyboard is awesome.  The 4Dwm X Window manager was well thought out.  We hacked on computers across the LAN and ate pizza. The IRIX terminal interface was solid.  Running 3D animations while spawning xterms was smooth.  The Silicon Graphics (now the home of Google) workstation was well thought out - from hardware peripherals to firmware, the kernel, and user space.

As a programmer, efficiency is important to me.
I've run and written code on Solaris, FreeBSD, OpenBSD, NetBSD, 15 or 20 different Linux distributions, including Slackware and Android. 
Linux is comprised of the kernel only. The window manager and everything above the kernel consists of a bunch of independent software projects piled on. In contrast, FreeBSD consists of the kernel and all user space packages. Security, ease of use, architecture, and clean hardware integration are at the forefront of FreeBSD. 

Apple hired some of the FreeBSD core developers 10 or 15 yes ago to work on the operating system, OS X.  Their efforts were proper and hugely successful.  FreeBSD is an ideal platform to build on and integrate from due to its clean architecture.

I've worked on more than 25 different models of Android based mobile phones. They all run a Linux kernel with a clunky Java based user interface. The UI windows on my Nexus 6 continue to crash. (Sorry Google).  The user interface was not well thought out. The phone is hard to hold and the user interface is counter intuitive. I still use the phone but it's frustrating. The LTE modem firmware is buggy and the cell tower connection flip flops. It seems that the manufacturer is off to work on the next phone already. I was hoping to receive more updates on my Nexus 6, but it didn't happen. I love open hardware and software but it feels like everything was slapped together on my Nexus 6. And then there is the easily accessible boot loader.  Perhaps the subject of another blog post. Android has grown over the years however; it's a segmented architecture - there are multiple parties involved when it comes to a single handset, from the chip manufacturer, handset manufacturer, Google, and the telco, multiple parties are racing to get the product out and usability is overlooked 75% of the time.

Back to iPhone. It's solid. I picked up a Gold 6+ from the Apple Store. The user interface was meticulously thought out.  The hardware form factor is perfect. The whole stack from kernel, NFC firmware, and user space was built in one building.  Apple even manufactured the application processor.  This is great.  All of my music has been on iTunes for years.  The boot loader is not open.  The iPhone is efficient.  It makes life easy. 




Thursday, January 29, 2015

Customizing a Linux distribution for an ARM® Cortex®-A9 based SBC

We will be pulling Yocto 1.7.1 (Dizzy branch) from Freescale source and building a BSP for the i.MX 6 RIoTboard. The final image will consist of the following components

  • U-Boot version 2014.10 from the Freescale git repositories.
  • Linux kernel version 3.17.4 from the Freescale git repositories.
  • ext3 root filesystem with selected packages

Camas Lilies at Sunrise

The image will be built from the custom distribution (bsecdist) and custom image (bsec-image) defined in the last post. bsec-image is derived from core-image-minimal. The configuration changes below will add support for package tests to the baec-image. In addition, the profiling tools and static development libraries and header files will be added to the image. Finally, several standard userspace packages will be added to baec-image; namely, bison, flex, and and gunning. Last, several configuration directives will be added to the local configuration file so that source code archives, package versions, and accompanying license files are stored and cached in a local directory for future builds and compliance purposes.

Monday, December 29, 2014

Creating a custom Linux distribution for an ARM® Cortex®-A9 based SBC

The Yocto project provides an ideal platform for building a custom Linux distribution.  It's design was intended to model a machine.  The Yocto project or machine should take a number of inputs and produce an output.  The inputs to the machine are the specifications for the Linux distribution.  The output of the machine is the Linux distribution.


The Yocto project is the most widely supported system for building custom Linux distributions.
The Yocto project is very well supported by both communities and companies.  The project consists of a tool called bitbake and a build system that is based off of OpenEmbedded.  Together, these two components along with a defined set of metadata comprise what is called the Poky reference platform.

Tuesday, December 23, 2014

Setting up an ARM® Cortex®-A9 based SBC

The RiOTboard - an ARM® Cortex®-A9 based SBC

The RIoTboard is an ARM® Cortex®-A9 based single board computer (SBC).  The RIoTboard has a Freescale i.MX6 Solo application processor and an integrated Freescale Kinetis MCU for additional debugging and development.  The i.MX6 Solo supports the single ARM® Cortex®-A9 MPCore Platform.  The i.MX6 Solo contains ARM® TrustZone® technology and the i.MX 6 SoC on the RIoTboard has a 96 KB Boot Rom with support for high assurance boot.   Other features of the board include 1 GB of DDR3 memory, 4 GB eMMC, JTAG, Serial, mini USB for OpenSDA, mini USB for USB OTG, LVDS, parallel RGB expansion, 4 USB-A ports, HDMI, audio, reset button, microSD card slot, SD card slot, and boot onboard boot switches.   The board is very reasonably priced.  Last but not least, the Freescale i.MX 6 ARM® Cortex®-A9 application processor has ARM® TrustZone® technology.

ARM® TrustZone® Technology

The i.MX6 Solo processor on the RIoTboard is labeled MCIMX6S8DVM10AB.  According to the i.MX6 Solo data sheet, the processor supports a number of security related features. The list includes ARM® TrustZone® technology with TZ architecture support, a secure JTAG controller for locking down and protecting the JTAG port, a cryptographic acceleration and assurance module with secure RAM and a true PRNG, a central security unit (CSU) including secure non-volatile storage, high assurance boot, and the separation of memory and interrupts between secure world and normal world.  There are more security related features but this is a general list.

the view from above - a trusted zone

Monday, December 15, 2014

ARM®, NFC Technology, and the Single Wire Protocol



At the heart of an ARM Powered® smartphone with NFC technology is the contactless front end or CLF. The CLF is responsible for managing radio-frequency communication at 13.56 MHz.

A mobile phone with NFC technology contains only one CLF.  The CLF is connected to the ARM® processor or application processor via UART, I²C, and in some cases SPI.  These protocols are fairly basic and facilitate straightforward communication between the application processor and CLF via a typical Linux or UNIX-based kernel.  Updating the firmware on the CLF is a typical operation that is performed over the UART serial line.

While a mobile phone with NFC technology contains only one CLF, the phone may contain multiple secure elements. There may be a secure element on the UICC card, on the microSD card, and/or embedded with the CLF on the PCB.  Applets residing on each of the secure elements can serve both similar and different purposes.  Both the secure element and the CLF are small, self-contained computers with I/O communications interfaces. In the case where there are multiple secure elements residing on the phone, each of the secure elements is a small, self-contained computer with I/O communication interfaces.  A secure element differs from a normal computer in that it is embedded. It has limited resources available for performing computations.