**** BEGIN LOGGING AT Thu Jan 28 02:59:59 2016 Jan 28 03:23:17 it looks like my custom kernel build for a bbb-compatible board is generating a random mac address on every boot. any idea why? i thought it's supposed to take the address from the eFUSE. Jan 28 03:23:45 wait, that may not be corect. nm Jan 28 03:28:11 yes, it is correct. Jan 28 03:28:23 any idea why? this is happening? Jan 28 03:32:54 any ideas, veremit? Jan 28 04:17:56 anyone? Jan 28 04:36:55 zmatt: you thought i was bad about staying on the channel? Ivy was in and out in 2 minutes! Jan 28 05:14:30 join Jan 28 05:14:43 help Jan 28 05:16:28 * vagrantc hands wen a / Jan 28 05:19:03 when I do with this http://prosauce.org/blog/2013/2/11/embedded-trust-p2-u-boot-secured-boot.html,I move the mlo and u-boot.img to my beaglebone,but my beaglebone not work Jan 28 05:19:27 what wrong with my beaglebone black Jan 28 05:20:22 hand Jan 28 05:35:52 help Jan 28 05:37:50 when I take tpm_nvdefine,it come Tspi_NV_DefineSpace failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed Jan 28 05:38:10 who can help me Jan 28 05:38:35 thanks Jan 28 05:48:37 wen: this is pointless, you cannot do secure boot on a bbb Jan 28 05:49:20 "secure boot" using an external TPM is only as secure as the connection between BBB and the TPM, which in this case is a trivial to attack i2c bus Jan 28 05:49:52 (and if you don't need security against attackers with physical access, you don't really need a TPM in the first place) Jan 28 05:50:56 but I want make beaglebone auto change PCR Jan 28 05:51:13 and now I can't get it Jan 28 05:51:46 I use cryptocape Jan 28 05:52:43 as for why it's not working or what that error means, I have no idea. but please realize that even if you get it to work, you will not have secure boot Jan 28 05:54:07 why?my cryptocape have a tpm Jan 28 05:57:17 like I said, you cannot achieve secure boot with an external TPM. Jan 28 05:58:17 ok,but how can I change the PCR Jan 28 05:58:54 my tpm_extend is not useble Jan 28 05:59:25 here's a summary of the issue I once emailed someone: http://pastebin.com/RJ0TAg2a Jan 28 05:59:34 and I have no idea why you can't extend the PCR Jan 28 06:00:02 ok,thank you for your help Jan 28 06:00:47 (someone = the cryptocape people actually) Jan 28 06:01:54 my beaglebone does't have tpm_extend Jan 28 06:03:43 forgive me,I can't open it Jan 28 06:04:00 can you help me? Jan 28 06:07:11 no Jan 28 06:12:31 thank you all the same Jan 28 06:18:19 good luck with your effort to get not-actually-secure boot working Jan 28 06:19:44 the cryptotronix tpm page mentions they had trouble getting it to work also, and the page you linked to is very old and involved ancient uboot and linux versions, so it will probably not be easy to get this stuff to work at all Jan 28 06:21:23 Any attempt to secure a computer that does not store keys directly in the CPU is bound to fail. Jan 28 06:21:38 yep Jan 28 06:21:57 you can try to extend the boundary of "CPU" with lots of epoxy of course Jan 28 06:23:01 ok Jan 28 06:23:27 Otherwise, the keys must traverse an external bus at least once, whereby it is vulnerable to attack. Even then, data to be encrypted must traverse the bus one way and the same data encrypted must traverse the bus the opposite way, ultimately giving enough examples to discover the key. Jan 28 06:23:47 CathyInBlue: the latter is not true Jan 28 06:23:54 No? Jan 28 06:24:17 no, that's called a known-plaintext attack and if a cipher isn't secure against them it's considered broken Jan 28 06:24:48 a TPM *is* useful to store keys and only allow use of them (but not copying them) Jan 28 06:25:48 e.g. if you store an SSH private key in that way, then if your system is compromised the attacker can use your private key but as soon as you cut him off (e.g. unplug network) he loses that access again Jan 28 06:26:29 * vagrantc didn't know botnets had gender Jan 28 06:26:32 of course such a thing is just called an authentication token Jan 28 06:27:00 security by trying to hide things in a box is a waste of time Jan 28 06:27:23 Security through obscurity. Jan 28 06:27:26 security should be in the head of the users Jan 28 06:27:35 ds2: lol, that's never gonna happen Jan 28 06:27:56 thank you trivially brute-forceable passwords. Jan 28 06:28:06 then security will never happen either Jan 28 06:28:07 and sealing things in a box *can* result in real security benefits Jan 28 06:28:13 but you do need to understand their properties Jan 28 06:28:22 Air gaps can be bridged. Jan 28 06:28:45 if I want use beaglebone and cryptocape to achieve secure boot,what shall I do?who can help me? Jan 28 06:28:56 security isn't an event, it's a continual process of evaluation and risk and threat model mitigation Jan 28 06:29:30 wen: noone can help you achieve secure boot with an external TPM since it is impossible to achieve secure boot with an external TPM Jan 28 06:29:37 pray to the diety of your choice Jan 28 06:29:48 (assuming you mean a boot process secured against attackers with physical access) Jan 28 06:30:02 or hope that luck favors you in getting quantum mechanics to line up for you :D Jan 28 06:30:18 it helps to start by clarifying for yourself what exactly you mean by "secure" ... secure what? against whom? Jan 28 06:30:42 ok Jan 28 06:30:55 thanks Jan 28 06:31:15 * vagrantc wants to keep a laptop secure against the chickens in the yard Jan 28 06:32:20 if your need security against physical attackers, your best bet is using an enclosure with tamper-detection that causes essential keys to be erased. if your design is custom then the first attack on it will hopefully fail, and since the attacker only gets to try once security is achieved Jan 28 06:32:59 this is especially true if the attacker doesn't expect such a mechanism is in place. if he/she does the problem gets much harder Jan 28 06:33:06 yeah, but one of them can fly. Jan 28 06:33:07 (and dependent on the level of sophistication of the attacker) Jan 28 06:35:20 you can also hope to keep the system secure once booted, even if physical access is subsequently gained. this is somewhere inbetween "reasonably doable" and "very very hard" depending on expected level of sophistication of the attacker Jan 28 06:36:22 if that,what shall I do Jan 28 06:36:37 wen: that's a bit of a broad question... Jan 28 06:36:46 achieve system secure boot Jan 28 06:37:11 if you cannot even read, noone can help you. Jan 28 06:37:34 sorry Jan 28 06:39:10 clarify for yourself what your security goals are. do research. learn about how attacks work and security mechanisms fail in practice. Jan 28 06:40:31 in particular, until you understand why an external TPM connected by insecure means to the CPU can _never_ get you secure boot, there's no point in continuing. Jan 28 06:41:11 this particular security failure is a well known one and plenty has been published about it Jan 28 06:41:54 I think if link beaglebone with IIC,may be I can get it Jan 28 06:41:54 (some TPM-equipped platforms could be attacked by literally just bending a pin) Jan 28 06:42:41 we're going in circles now. I'm not going to waste any more of my time on you, sorry. Jan 28 06:43:21 oh,thanks all the same Jan 28 06:47:23 BeagleCore BCM1. Gnarly. Jan 28 06:48:49 the usbarmory is interesting, it's a pity how little IO they pinned out however Jan 28 06:50:36 and it's way too expensive Jan 28 06:56:31 and they're not pushing it to mainline :( Jan 28 06:59:24 CathyInBlue: the beaglecore strikes me as bizarrely pointless Jan 28 06:59:39 if you still need to design a pcb around that thing, you might as well design one around the am335x itself Jan 28 06:59:57 Hello everyone! General question: how working C code with assembly code? For example, i have a loop in C code, where i change the DATA RAM value. Jan 28 07:00:44 It might be useful for a high-density, low-power, high-computational throughput cluster system. Jan 28 07:01:34 doubtful Jan 28 07:01:51 oh wow its IO also sucks Jan 28 07:02:02 there are higher density cores for that Jan 28 07:03:29 Why i asked: i want to know, assembler code executed for each value in C code or not? Jan 28 07:03:33 the advertised extensibility implies only one of the two ethernet interfaces is usable (and only at 100 Mbit), only one of the two USB ports, and only one of the three SD/MMC interfaces Jan 28 07:04:22 and I just ran out of tolerance for their horrible website to suffer browsing it any further Jan 28 07:05:01 ah wait only one of the two remaining SD/MMC interfaces, there's on-board eMMC Jan 28 07:05:15 still sucky enough Jan 28 07:06:00 the am335x isn't that bad of a processing block Jan 28 07:06:06 especially the fact they apparently failed to make it rgmii capable Jan 28 07:06:06 takes some creativity Jan 28 07:06:59 ds2: it would not exactly be an obvious choice for a high-throughput parallel computational cluster though Jan 28 07:07:38 sounds more like something you'd use keystones for Jan 28 07:11:26 more tea. Jan 28 11:56:31 Guys, how worked intterupt, if we use MOV 31.b0 35? Jan 28 11:56:42 MOV 31.b0, 35 Jan 28 12:08:46 Why 35? Jan 28 12:14:34 it's half way between 23 and 42 Jan 28 12:17:59 Is there something like a interrupts table for R31[29:0]? Jan 28 12:18:36 i really dont understand, why 35. Jan 28 12:24:22 What is the connection between HOST-2 and 0x00100011 into R1.b0? Jan 28 13:14:30 hey guys anybody have any idea when the strawson robotics cape or thos beaglebone blue board, whatever they are calling it, is coming out? I have been waiting for like a year plus to get my hands on it after seeing a ti video with it. Jan 28 14:15:56 KotH: lol Jan 28 14:16:54 zmatt: dont tell me you would have answered differently ;) Jan 28 14:17:45 I could have said RTFM, but snowstaff has been pointed to the TRM often enough already Jan 28 14:18:22 plus his questions rather frequently look like a word salad Jan 28 14:27:20 it looks like my custom kernel build for a bbb-compatible board is generating a random mac address on every boot. any idea why? i thought it's supposed to take the address from the eFUSE. Jan 28 14:27:47 it's an am3352, if that makes a difference. Jan 28 14:28:47 i am finding the mac address via "ifconfig" Jan 28 14:37:05 i see a place in u-boot, /net/eth.c, where that is set if eth_getenv_enetaddr_by_index() returns a zero mac address. Jan 28 14:47:40 Hello, I'm working on a embedded device and I want to display a simple shutdown message like in the old windows days - something like "It's now safe to shut down the device". Do you have any idea how to solve this? Jan 28 15:06:54 Hello, I'm working on a embedded device and I want to display a simple shutdown message like in the old windows days - something like "It's now safe to shut down the device". Do you have any idea how to solve this? Jan 28 15:07:29 repeating your question frequently decreases your chances for an answer Jan 28 15:07:35 Sorry. Jan 28 15:08:36 graphical or text Jan 28 15:08:49 perhaps you can investigate Plymouth for graphical. Jan 28 15:08:53 <= out Jan 28 15:09:56 essentially you can throw anything at the framebuffer, just need to make sure you halt and don't power off, etc. plymouth is probably a more orderly way to do that Jan 28 15:11:24 yates: weird, but no idea Jan 28 15:12:05 Hm, I'm a beginner with BBB, where would I configure this? I tried following the steps in https://groups.google.com/forum/#!topic/beagleboard/DhMw7cMkimk, but I don't see a splash screen. Jan 28 15:12:23 yates: the authoritive source for the MAC address is indeed the control module Jan 28 15:12:45 A simple text would be enough Jan 28 15:13:25 tfeldmann: assuming X (or any other app writing to the framebuffer) has been killed you can just write a raw 16-bit color image to /dev/fb0 Jan 28 15:15:02 (if the display resolution is fixed and you prefabricate the image it's a simple matter of cat shutdown-image >/dev/fb0 ) Jan 28 15:16:06 Ok, sound good! And where would I put the line  cat shutdown-image >/dev/fb0? Jan 28 15:16:48 ok maybe I should have read what you asked before answering... since showing it after the system has halted is obviously a bit trickier Jan 28 15:18:22 the most obvious thing that comes to mind is to make the shutdown procedure 1. terminate all apps and services 2. remount the root fs as readonly 3. sync 4. display the message 5. halt Jan 28 15:19:27 that will require some diving into how the shutdown procedure is normally done by systemd Jan 28 15:20:13 I know fedora (which is the native home of systemd) actually performs a "reverse pivot" at shutdown, effectively reentering the initramfs environment Jan 28 15:20:20 that would be a very elegant solution Jan 28 15:21:59 but, why do you want this instead of just powering off? Jan 28 15:22:30 since actually killing external power is not really completely safe until a genuine poweroff has been done Jan 28 15:23:14 since it causes the cpu voltage rails to go down improperly sequenced Jan 28 15:23:52 Ah, ok - I did not know this. I want to do it like that because the BBB is connected to some external hardware, which needs to be shut down prior to powering off the bbb and whole system. Jan 28 15:23:53 hmm. Jan 28 15:24:23 there's no way to make the BBB control the power to that external hardware? Jan 28 15:24:56 No, they are both connected to the same hardware power switch, which instantly cuts power Jan 28 15:25:26 that sounds like asking for trouble indeed Jan 28 15:26:02 I'm guessing the external hardware is driving signals to the BBB ? Jan 28 15:27:24 the easiest solution may be to insert some buffer that's powered from the BBB's 3.3V and tolerant of its inputs being driven while unpowered Jan 28 15:28:53 or for slow signals use open drain / open collector outputs and pull ups to the BBB's 3.3V Jan 28 15:30:56 in general making the setup tolerant of independently powering up/down the two units would be my recommendation... trying to power them up/down simultaneously is virtually impossible to achieve in practice and will likely result in undesirable currents flowing during power-up/down that may adversely affect long-term reliability even if it seems to work at first glance Jan 28 15:32:01 or, if the external unit is tolerant of unannnounced power cut, have its power gated by the BBB Jan 28 15:32:45 Thank you for your help. I think I'm looking into the systemd shutdown routine for the message or just do a regular poweroff and explain it to the users. I'll look into gating the power by the BBB. Jan 28 15:33:39 note that a poweroff of the BBB is not permitted if the external device is driving a high signal into the BBB Jan 28 15:34:11 It isn't. Just a RS232 connection Jan 28 15:34:27 "high" as in logic high Jan 28 15:34:45 which an uart signal (which is presumably what you meant) is by default Jan 28 15:35:19 unless you're only using the console port of the BBB, which has an isolation buffer integrated Jan 28 15:36:06 (actual RS232 involves voltages that would instantly fry the BBB) Jan 28 15:37:34 in general the voltage on an IO pin may not exceed the IO supply voltage by more than 0.3V-0.5V (check datasheet to be sure), this is true of most ICs Jan 28 15:37:36 Sry, I'm using a UART signal to a Arduino Due, so it's 3V3 Jan 28 15:37:50 when powered down the IO supply voltage is 0V Jan 28 15:38:08 hence you may not drive a 3.3V signal into the BBB at such time Jan 28 15:39:13 power domain crossings are a headache :P Jan 28 15:40:33 Ok, good to know! So I have to change that part of the design. Jan 28 15:41:10 this isn't really BBB specific though, most likely the arduino due also will not tolerate its inputs being driven while unpowered... although some ICs do allow it (but as explicit featuer) Jan 28 15:41:15 *feature Jan 28 15:43:19 Yep, thought so, too. But if they are both connected via uart - which one do I power down first? ;) Or is it enough to simply close the serial connection before powering down the arduino? Jan 28 15:44:38 one solution would be to arrange for the arduino to go into reset whenever the BBB does Jan 28 15:44:51 that disables all output drivers Jan 28 15:45:33 or better yet, kill arduino power when BBB nRESET is asserted, since at that time the BBB isn't driving any outputs either so the arduino may be safely powered off Jan 28 15:46:05 actually either solution should work equally well I think Jan 28 15:47:48 if one device is unpowered, the other should be unpowered or in reset Jan 28 15:48:46 you can of course also manually force pins to be tristated using software, but that's more effort then asserting reset Jan 28 15:50:02 if you're lucky, a well-placed schottky diode might do the trick even Jan 28 15:51:17 I'm assuming here the arduino has an externally accessible reset pin, active low Jan 28 15:51:33 Currently looking into this… where would you place the diode? Jan 28 15:51:45 (I don't know anything whatsoever about the arduino due beyond what I quickly glanced from the first google hit) Jan 28 15:52:12 first maybe check whether the arduino due's cpu tolerates its input being driven while unpowered Jan 28 15:53:27 The Due features this CPU: http://www.atmel.com/Images/Atmel-11057-32-bit-Cortex-M3-Microcontroller-SAM3X-SAM3A_Datasheet.pdf Jan 28 15:53:59 or well, maybe the reset solution is actually easiest... Jan 28 15:54:51 that would be from the arduino's nRESET to the BBB's, hence when the BBB nRESET is driven low, the arduino is taken along Jan 28 15:55:21 Yes, sounds good Jan 28 15:55:31 but in all cases you need to carefully look at what's actually happening at power-up and power-down Jan 28 15:57:08 and yes that's annoying, and work, and easy to mess up (the BBB itself also has some minor suboptimalities in that regard) Jan 28 15:58:03 ideally everything would be powered from a single big power supply rail, but unfortunately that's often not practical Jan 28 15:59:11 the BBB itself already has two 3.3V supply rails (with some associated issues, especially in earlier revisions) Jan 28 16:04:35 Thank you very much for your help. I'm looking into this right now. Jan 28 16:05:58 good luck Jan 28 16:06:03 Ty! Jan 28 16:35:59 I have a beagleboard REV c Jan 28 16:36:03 from 2009 Jan 28 16:36:26 Can I get all the kernel images Jan 28 17:13:50 Hi, I have qt creator installed on my BBB - debian Jessie - and when I run an example I get a run time error "failed to open OMAP_MUX: Permission denied" Jan 28 17:14:09 I don't want to run qt creator as root, but do I have to? Jan 28 17:52:46 Just downloaded the latest debian image for bbg and running it from sdcard, but cannot access via 192.168.7.2, instead theres another ip but thatone doesnt seem to publish the start.html page either (probably due services not being up?)... any ideas or am i missing out a newbie thing here? Jan 28 18:03:27 d3k0s: do you have the usb connected? Jan 28 18:03:59 are you powering over usb? Jan 28 18:04:49 what happens if you just put x.y.z.w into your browser (instead of x.y.z.w/start.html)? Jan 28 18:05:45 yeah, going over usb Jan 28 18:06:01 just ip gives connection refused Jan 28 18:06:36 are you holding the boot switch down before plugging in the usb? Jan 28 18:07:10 i did it first time, got long lights on and when they died i released Jan 28 18:07:33 but now, when initiating bbg, im not holding it down no Jan 28 18:07:41 seems to boot straight from sdcard Jan 28 18:07:55 d3k0s: you need to do it everytime time if you want to ensure it boots from the sdcard Jan 28 18:07:56 removing sd, its booting from emmc Jan 28 18:08:21 without the boot switch pressed, it FIRST tries to boot from emmc Jan 28 18:08:28 with the boot switch pressed, it FIRST tries to boot from sdcard Jan 28 18:09:04 okay, does it still matter even if not holding user btn and it seems to boot from sd ? Jan 28 18:09:19 how do you know it's booting from sd? Jan 28 18:09:58 could be booting from an old image on mmc. Jan 28 18:10:05 when bbg is up, im still able to screen into it (am on mac) and im able to access it Jan 28 18:10:33 ok, well none of that changes what i have stated to you. Jan 28 18:11:07 okay.... am holding userbtn down now Jan 28 18:11:22 led1 &2 are blinking intesively Jan 28 18:11:50 give it about a minute and see if you can access the web server Jan 28 18:13:20 yeah... ill see now, only led1 is blinking now, the led2 has stopped Jan 28 18:15:03 still same Jan 28 18:15:19 192.168.7.2 gives err-connectio-refused Jan 28 18:15:53 tho screening to it gives Debian GNU/Linux 8 beaglebone ttyGS0 BeagleBoard.org Debian Image 2016-01-24 Support/FAQ: http://elinux.org/Beagleboard:BeagleBoneBlack_Debian default username:password is [debian:temppwd] The IP Address for usb0 is: 192.168.7.2 beaglebone login: debian Jan 28 18:17:15 apache2 is up but seems to be confed towards /var/www and network/interfaces seems to be setting up 192....7.2 Jan 28 18:21:44 this is network setting on osx http://d.pr/i/1cGRm Jan 28 18:21:56 seems to conf another ip, still unreacable Jan 28 18:22:21 added test index.html in /var/www/html but cant reach it either Jan 28 18:26:14 c9 is unreachable as well :/ Jan 28 21:05:27 d3k0s: i'm confused. it looks like everything is fine to me if you can get a prompt. Jan 28 22:13:33 hello beagle community, my /sys/class/uio is empty, but on an old OS i was able to access uio0 to read the address of the PRU shared memory, etc. i was hoping somebody could help me regain this functionality. i am happy to provide any information needed Jan 28 22:44:49 Hello, is anybody available there to assist with a beaglebone black PRU issue? Jan 28 23:12:30 zmatt: yes, keystone has better raw processing power but depending on how your model it, the Am33's aren't too far. I am thinking of all the resources such as the GPU. Jan 28 23:58:10 Hi everyone! I am trying to build a linux image with buildroot. I have some problems to get a LCD working. I am using a Chipsee LCD. Could you tell me something about needed drivers, kernel patches, place to look for some information? I am kind of lost :( **** ENDING LOGGING AT Fri Jan 29 02:59:59 2016