3mdeb: Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment)

Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment)
April 5, 2018
Arek Cichocki

Work related to a hardware carries some restrictions which don’t occur when working only with a software. One of them is a limited number of devices. This one may cause a problem with a accessibility to the platform. The limited number of users could slow development and testing. What is more work with a hardware requires a minimal knowledge of the theory of circuits and signals to eliminate platform damage by a user. Hardware can be expensive too. Remote Testing Environment project was made to resolve mentioned problems. […]

https://3mdeb.com/firmware/minnowboard-turbot-remote-firmware-flashing-with-rte-remote-testing-environment/

Tianocore Security Advisory 27: Minnowboard UEFI Variable Deletion/Corruption

Tianocore EDK2 security advisory page has been updated, for the first time since 2016! It looks like a single entry:

https://edk2-docs.gitbooks.io/security-advisory/content/

27. UEFI Variable Deletion/Corruption

Description: Input validation error in MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.

Recommendation: This update improves input validation by firmware and is strongly recommended. For firmware development projects, incorporate the updates in https://github.com/tianocore/edk2-platforms/tree/devel-MinnowBoard3-UDK2017. When using MinnowBoard 3, update to version 0.65 or later. Updated firmware is available at https://firmware.intel.com/projects/minnowboard3

Acknowledgments: Reported by Intel.

References: CVE-2017-5699

The referenced CVE is still empty, hopefully someone at Intel/MITRE/NIST is going to take care of that sometime.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5699
https://nvd.nist.gov/vuln/detail/CVE-2017-5699

 

Passmark’s memtest86 issues [with Minnowboards]

You might want to re-run memtest on some machines before discarding systems as broken. Some Minnowboards were failing memory tests. Intel looked into it and says:

We have tracked down the issue and found that memtest86 tool is using a function call with rare but legitimate NULL value which causes memory test failure.
Currently we are working to update BIOS firmware with fix to prevent this memory test function call failure from memtest86 tool.
Again this is protocol interface issue between memtest86 and our FW driver, there is no hardware issue found with memory on Minnowboard.

See elinux-minnowboard thread for details:

https://www.memtest86.com/troubleshooting.htm

https://www.memtest86.com/technical.htm

http://lists.elinux.org/pipermail/elinux-minnowboard/Week-of-Mon-20170828/thread.html

 

Intel updates Minnowboard firmware, and Firmware Engine for Windows

Intel has updated their UEFI firmware for the Minnowboard, and has updated Intel Firmware Engine for Windows.

 

 

Asset Intertech on debugging Minnowboard firmware

Asset Intertech has a blog series on debugging Minnowboard firmware using their debugger product. Even if you can’t afford their product, you can still learn about debugging UEFI firmware from this post. 🙂

The Minnowboard Chronicles – Episode 3

As I continue the journey to learn about the internals of UEFI and to debug it with SourcePoint, I encounter some issues doing the firmware build. Last week, I played around with the UEFI shell, and then updated the firmware on my Minnowboard to the latest release (v0.94). Then, I used SourcePoint to look at disassembled code when the platform was sitting in the UEFI shell, waiting for keyboard input. From last time, we can see a number of “INT 3” instructions, with opcode CC. […]

http://blog.asset-intertech.com/test_data_out/2017/01/sourcepoint-debugging-the-minnowboard-turbot.html

http://blog.asset-intertech.com/test_data_out/2017/01/the-minnowboard-chronicles-episode-2.html

http://blog.asset-intertech.com/test_data_out/2017/01/the-minnowboard-chronicles-episode-3.html

new Minnowboard variant

It sounds like this new Minnowboard Turbot Quad Core from ADI will be out in December for around $190.

“ADI Engineering announced an upcoming Quad Core varient of the MinnowBoard Turbot that will used the E3845 SoC. Compatible with the existing MAX and Turbots this brings a new level of performance to the SoC for those computationally expensive tasks.”

For more info, click on the G+ link in the above tweet, WordPress appears to discard G+-based URLs today.

From the Netgate pre-order page:

Improvements over MinnowBoard Turbot Dual Core
* Twice the core count. Higher clock speed.
* Over 2.5 times FASTER than the MinnowBoard Tubot dual core.
*  Better Ethernet! This board has Intel i211 vs Realtek NIC.
* Fansink keeps it cool! Suitable for higher temp applications.

http://store.netgate.com/Turbot4.aspx

Nothing here yet AFAICT: http://minnowboard.org/

Intel updates Firmware Engine

https://twitter.com/FirmwareEngine/status/735564887267500032

Intel® Firmware Engine Release 2.0.0
Program installer for Microsoft* Windows 7/8/8.1/10.
Includes program and MinnowBoard Max and MinnowBoard Turbot platform support.

https://firmware.intel.com/learn/intel-firmware-engine/downloads

<soapbox>
Intel: please port Firmware Engine to Linux (and FreeBSD, which also has UEFI support), the current Windows-only release only helps Windows subset of your target firmware vendor ecosystem. Thanks!
</soapbox>

Minnowboard is part of GSoC16

The Minnowboard project is part of the Google Summer of Code project. If you are a student, this might be a good opportunity for you to start on a new project. There’s dozens of things that should be done with coreboot, U-Boot, UEFI, SeaBIOS.

According to the wiki, students will get a Minnowboard Turbot, and some cables.

The MinnowBoard project is an open hardware platform that uses Intel Architecture. While the project, overall, is focused on hardware there are a lot of things surrounding this effort that can, and are, useful both to the project and to the greater open source community. As such the MinnowBoard project (from a GSoC perspective) is more of an umbrella giving a home to a number of other projects to collectively work on and around the enablement of the MinnowBoard. These projects not only help the MinnowBoard project, but also enable other open source projects and software. These tend to be smaller projects or projects that are more tightly focused and would not otherwise be apart of GSoC, but that could benefit from additional contributors.

More information:

http://wiki.minnowboard.org/GSoC2016

Board Design Files for Minnowboard Turbot available

John Hawley of Intel announced on the Minnowboard mailing list the availability of board design files for the ADI MinnowBoard Turbot, released by Mentor Graphics.

3D STEP files now available – Courtesy of Mentor Graphics. Just wanted to let everyone know that Mentor Graphics has just released accurate STEP files for ADI MinnowBoard Turbot. I know there’s been folks interested in getting these for a variety of reasons, and while I’ve attempted to respond to the folks who have pinged me directly, I wanted to make sure that everyone is aware that those are now available. If you’ve got any problems with them, let me know, and serious thanks go out to Mentor Graphics for doing this!

More information:
http://wiki.minnowboard.org/MinnowBoard_Turbot#MinnowBoard_Turbot_Rev_X205_.28PCB_Rev_F200.29
http://lists.elinux.org/mailman/listinfo/elinux-minnowboard
http://minnowboard.57273.x6.nabble.com/MinnowBoard-3D-STEP-files-now-available-Courtesy-of-Mentor-Graphics-td2061.html
https://firmwaresecurity.com/tag/minnowboard/

Two quotes from the Minnowboard wiki:

“The design files are released under Creative Commons CC-BY-SA.”

“The MinnowBoard Turbot is intended to comply with all requirements and guidelines set forth by the Open Source Hardware Association (OSHWA).”

The word “intended” is probably significant; regardless I’m happy to see Minnowboard intending to be OSH. I hope they fulfill this intended goal! 🙂

ADI’s MinnowBoard Turbot in stock at Mouser

Mouser is now shipping the Minowboard Turbot, the latest flavor of Minnowboard, from ADI Engineering.

Mouser Electronics, Inc. is now stocking the MinnowBoard Turbot, an enhanced open source development board. The MinnowBoard Turbot, now available from Mouser Electronics, is a powerful and expandable open-source platform that allows endless customization and integration potential. This compact embedded board is compatible with MinnowBoard MAX but adds the higher-performing dual-core Intel® Atom(TM) processor, FCC and CE certification, and designs and features that support commercial usage. With 2GBytes of DDR3L, Intel(R) HD Graphics, micro HDMI, Gigabit Ethernet, USB 3.0 and 2.0, and a Lure expansion board interface, the MinnowBoard Turbot combines robust hardware with support for several different operating systems (including Windows 10, Android 4.4, Debian GNU/Linux, Ubuntu, and Fedora) to help designers develop high-performance embedded applications. […]

http://www.mouser.com/publicrelations_adi_engineering_minnowboard_turbot_2015final/
http://www.mouser.com/new/adi-engineering/minnowboard-turbot/
https://firmware.intel.com/projects/minnowboard-uefi-firmware
http://lists.elinux.org/pipermail/elinux-minnowboard/
http://minnowboard.org/

Teddy Reed on bypassing Linux Secure Boot

Teddy Reed has a second article on UEFI, MinnowboardMax and Linux! This one is called “Minnowboard Max: Booting Linux Securely”, and talks about how the Linux shim is used, and enumerates the various ways this boot security can be bypassed.

[…] I say ‘more-or-less’ because there are tons of places where the verification can be subverted. Unfortunately, if you start examining the implementation and configuration details of the streamlined Secure Boot support, you’ll find plenty of bypasses. Let’s talk briefly about each bypass and conclude with a simple way to use Secure Boot and enforce a signed kernel execution on Ubuntu. To be clear, there are no vulnerabilities here as there is no documented intention to boot Linux securely (e.g., BUG/1401532), only to support a Secure Boot and boot Linux. […]

http://prosauce.org/blog/2015/10/31/booting-linux-securely

https://firmwaresecurity.com/2015/09/19/teddy-reed-research-on-minnow-firmware/
https://firmwaresecurity.com/2015/07/17/secure-boot-strength-varies-by-linux-implementation/

Minnowboard status

The Minnowboard community has given an update on the status of current and upcoming models:

“There have been a lot of reports / misconceptions of the MAX being discontinued (or being End of Lifed), these are not entirely accurate.  Some distributors are reporting the board is going EOL because we are coming up on a product SKU change due to user facing changes (things like pin 26 in the LSE are changing to provide a MCLK reference for example).  So while the A2 PCB based MinnowBoard MAXes are being EoLed, the A4s should be available shortly, and the MinnowBoard Turbot’s should be publicly available, in quantity, in early November (assuming production holds to the current schedule). We aren’t going anywhere folks, we have a lot of exciting things coming down the line, lures and software and we are hard at work on things for the future, so stay tuned!”

Below is URL of Google+ post:

Low-cost UEFI debugging options for Intel

The other day I asked on the UEFI development list about hardware options for debugging UEFI, for security researchers (many UEFI debugging solutions only target OEMs/IBVs/IHVs). I was mainly thinking about Intel Tunnel Mountain, and related widgets like the Intel ITP-XDP, and other options in addition to AMI’s AMIdebug and Arium’s ITP products. It looks interesting; previously, all I knew of was Arium’s ITP and AMI’s AMIdebug products. Some of the commercial tools (eg, Arium) have new, expensive, closed-source debuggers, and don’t enable use of existing GDB/Windbg skills.

Zachary Gray of of the Intel System Studio debugger team replied with some answers:

Tunnel Mountain is OK but it is a bit old (by Intel standards) If you are looking for a small target for UEFI research purposes I *strongly* recommend the MinnowBoard Max.  This target has a freely available firmware that is mostly public, you can compile the firmware with GCC or MSVC, it is debuggable using JTAG (Arium,  or our Intel System Studio debugger with the ITP-XDP3 probe) and it is also debuggable using the Agent-based solution that is built into the image (cheap and easy!).

With regards to Intel System Studio vs Arium, I would say that the Arium JTAG debugger has a broader feature set that is proportional to their price, but the System Studio JTAG debugger also provides a useful feature set at a lower cost.  We can debug all the UEFI code from reset to boot loader, and also into the OS if you have an interest there as well.  With any of these debug tools you do not need a special compiler, you just use a standard debuggable build of the firmware.

Another even cheaper alternative would be to debug an Intel Galileo board using a low-cost FTDI probe such as an Olimex with the OpenOCD open-source JTAG debug server.  The board + probe would be <$200 and the firmware is publicly available.  For a front-end to the OpenOCD debug server you can use either the Intel System Studio debugger, or simply use GDB.  Some google searches will lead you to some documentation on all this.  The catch is that Galileo is not a “normal” Intel CPU so depending on your research interest the firmware may not present the concepts you are interested in.

Bruce Cran also replied with a lower-cost options:

Another even cheaper alternative, if you don’t need real hardware, is qemu+OVMF. It’s what I use to debug UEFI problems with the PCI driver I  work on (using gdb).

Alternatively, if you don’t need an x86-based system, I believe the BeagleBone/BeagleBoard (with ARM CPU) can be reflashed to edk2 firmware and debugged with a Flyswatter2 – with the main problem likely being being surface-mounting the JTAG header!

I also received some more advice via private email, from a firmware security researcher. Paraphrasing, they felt that the MinnowboardMAX is not much better than the Galileo for UEFI debugging, because it has many more blobs in it’s “open source” BIOS, and the Minnow is harder to debug than Galileo, since modern Atom CPUs are complex. Their advice was low-cost debugging was Galileo over Minnow, $20 for JTAG probe, and free GDB.

Thanks for all the advice!!

Obviously, this post doesn’t cover ARM [much], just Intel and virtual solutions. I’m still learning the best options for ARM-based hardware and UEFI, and will post another article on ARM in the future.

More Information:
https://software.intel.com/en-us/articles/using-intel-system-debugger-with-openocd
https://communities.intel.com/docs/DOC-22203
https://communities.intel.com/message/220257
https://communities.intel.com/message/220383
https://communities.intel.com/thread/48127
https://software.intel.com/en-us/forums/topic/391211
https://software.intel.com/en-us/forums/topic/531765
https://designintools.intel.com/product_p/itpxdp3brext.htm
https://communities.intel.com/community/makers
http://openocd.org/
http://www.minnowboard.org/
https://www.olimex.com/Products/ARM/JTAG/_resources/OpenOCD/
https://www.olimex.com/Products/ARM/JTAG/ARM-USB-OCD-H/
https://www.olimex.com/Products/ARM/JTAG/ARM-JTAG-20-10/
http://www.tincantools.com/wiki/Compiling_OpenOCD
http://linuxgizmos.com/intel-toolsuite-supports-linux-device-software-developers/
http://blog.hansenpartnership.com/anatomy-of-the-uefi-boot-sequence-on-the-intel-galileo/
https://designintools.intel.com/product_p/itpxdp3brext.htm
http://firmware.intel.com/develop/intel-uefi-tools-and-utilities/intel-uefi-development-kit-debugger-tool#overlay-context=develop
https://software.intel.com/en-us/intel-system-studio
https://software.intel.com/en-us/intel-system-debugger
http://tunnelmountain.net/
http://www.dediprog.com/

WinZent releases wION BIOS for Minnow

Today, WinZent, a Swedish-based BIOS vendor, released wION BIOS and wIOS operating system for the MinnowBoard MAX. The release is registration-required freeware.

Some excerpts from their press release:

“WinZent Technologies AB today announced the general availability of its wION BIOS and wIOS operating system for the MinnowBoard Max open hardware board. WinZent’s software allows the embedded systems developer to use any operating system, from legacy operating systems such as MS-DOS, to most Linux distributions and the latest Microsoft Windows versions. The software also boosts the board with lightening-fast performance. WinZent’s wION BIOS cold boots the MinnowBoard Max in 0.56 seconds, and completes a warm reboot in 0.21 seconds. wION is bundled with WinZent’s real-time POSIX compliant operating system wIOS, which can provide multiples to magnitudes improved performance for applications and programs.”

“WinZent Technologies AB develops and markets the world’s fastest and most compact firmware and kernel software. wION, our BIOS, is characterized by sub-second boot time and full support for both legacy and the latest operating systems. wIOS, our POSIX-compliant operating system, is characterized by its deterministic real-time capabilities and its lightening-fast speed. WinZent Technologies AB is headquartered in Stockholm in Sweden.”

More Information:

http://winzenttech.com/
http://lists.elinux.org/pipermail/elinux-minnowboard/Week-of-Mon-20150622/001660.html

Book Review: Embedded Firmware Solutions

Embedded Firmware Solutions: Development Best Practices for the Internet of Things
APress Media
ISBN 978-4842-0071-1
February 2015
Jiming Sun, Marc Jones, Stefan Reinauer, Vincent Zimmer
http://www.apress.com/9781484200711

[I recently finished reading this book. Sadly, I didn’t know about it until the other day, after my LinuxFestNorthWest talk on firmware security tools, someone from Sage pointed out that I omitted this from my More Information slides.]

If you care about firmware development — or just understanding current firmware architecture — you should have this book. It is the only current book with information about modern firmware in use today. The authors are all experienced and well-known firmware developers, including members of the Coreboot and UEFI teams, and there is also an impressive list of tech reviewers. There are 4 areas that this book focuses on:
* Intel Firmware Support Package (FSP), and it’s use in Coreboot and UEFI.
* UEFI and it’s dev platform.
* Coreboot and Chrome use of it.
* Intel Quark and UEFI firmware.

Intel Press has a handful of other UEFI books, but they are years old, this book is only a few months old, and has fresher details on UEFI. I don’t know of any other book with this kind of information on Coreboot, or on Intel FSP. There are a variety of books on Intel’s Minnowboard and Quark/Galileo IoT hardware: most of those books talk about how to write user-level apps, this is the only book that talks about updating the firmware of Intel IoT devices.

I’m looking forward to a second edition in a year or so, once tech changes enough.