Linux Device Driver (Automotive & Embedded)

📱 Download: https://play.google.com/store/apps/details?id=com.piembsystech&pcampaignid=web_share
🌍 Learn more: https://piembsystech.com/linux-device-driver/
💾 Save this post for your driver bring-up checklist.

#Linux #DeviceDriver #EmbeddedSystems #AutomotiveEngineering #ECUDevelopment #AutomotiveSoftware #KernelDevelopment #CANBus #SocketCAN #AUTOSAR #MCAL #BSW #RTE #AutomotiveLinux #Yocto #Buildroot #ADAS #Powertrain #BMS #Infotainment #RealTimeLinux #PREEMPTRT #KernelSpace #UserSpace #HardwareAbstraction #ECUIntegration

tpm2sh 0.11.16

This is the release where things mostly work and is first usable version for wider audience than just me.

Functionality is focused on key management and it is quite limited on operations.

That said, it the most important functionalities, and most difficult to implement, in place:

1. Implicit creation of HMAC sessions to protect communication, and hiding its complexity . It is still a stub as parameter encryption is not in place but the mechanism is working correctly.
2. Key management including direct support for PKCS#1, PKCS#8 and SEC1 external keys with custom parsers so that dependencies are light for e.g., BuildRoot embedded/VM targets. 3, Seamless over-subscription with key context cache (in ~/.cache/tpm2sh). Detects stale contexts from previous power cycles. “Cache keys” can be referred bit “key:<hex grip>” type of “URI”, where grip is 8 bytes of the key’s name hash.
3. Seamless policy sessions with policy command, which can output both composite digest and session handle.
4. Intuitive way to download vendor certificates from the chip.
5. Full support for the TPMKey ASN.1 format, which is what kernel speaks.

Adding signing etc. ops would have been worse mistake to do before getting this basis right.

It’s not aiming to do all what tpm2-tools does but more like do stuff that I want to do and implementing that as a command-line tool :-) I.

#linux #kernel #tpm #rustlang #buildroot

Build and customize Linux on the RK3568 platform with Buildroot!
Easily configure and port libraries like Python3 for your Forlinx SBC.
Learn More 👉
https://www.forlinx.net/industrial-news/rk3568-buildroot-configure-port-libraries-736.html

#ForlinxEmbedded #RK3568 #Buildroot #EmbeddedLinux #IoT #EdgeComputing

Today the last #Buildroot patch I needed to get a fully working #SELinux build with Busybox init was merged, which allows setting policy booleans at build time (only persistent way to set them with monolithic policy). ​:neocat_floof_happy:​

My experiment build is fairly minimal, and I have a custom module with a few policy adjustments, but that's something that should be fixed upstream in refpolicy. SELinux with Busybox init is probably not a common setup, to say the least. ​:neocat_peek:​

(And there's still the overlayfs issue, but my priority is understanding how SELinux policy works.)

Got two more #Buildroot patches to send out once tests pass, and then… a bugfix that should probably got right to #SELinux refpolicy. Maybe a little extension, too. ​:blobcateyes:​

And next set of #Buildroot/#SELinux patches sent, mostly small cleanups, and a build option to drop dontaudit rules from the policy. With a monolithic policy semodule -DB does not work, and dropping dontaudit rules during build is the next best thing when you need to figure out why something is denied and don't see anything in the audit logs. ​:neocat_floof_happy:​
https://patchwork.ozlabs.org/project/buildroot/list/?series=476927

Hm, I think I see now why nobody bothered to make this work before. I got semanage to build and run, but turns out is only useful with a modular policy, and #Buildroot builds a monolithic one. The difference (starting with its existence) was sadly missing from the #SELinux class. Buildroot has options to add custom modules at build time, and audit2allow is available as a package, so maybe I'll look into that first and drop semanage if it does the job. ​:neocat_think:​

(Re-)Building a policy module was slow on the VM provided for class exercises, so maybe rebuilding the monolithic policy and rootfs/disk image on my desktop won't actually be too bad compared to trying that in Qemu or on an SBC. ​:neocat_laugh_sweat:​

2 day #SELinux class isn't over, and I already have some bugfix patches for #Buildroot to make auditd work right. Whoops. ​:neocat_laugh_sweat:​
https://patchwork.ozlabs.org/project/buildroot/list/?series=476719

Bonus: the default ("skeleton") #Buildroot /etc/fstab contains a line for /dev/root as /, which generally won't work (and for the issue at hand, confuse fsck). Makes me wonder why it exists at all. Just as an example? Would it break anyone's workflow to remove it? ​:neocat_think:​

Got into quite a rabbit hole with #Buildroot and fsck. It all started with wondering why the kernel warned about an unclean filesystem during boot. Turns out by default (at least with Busybox init) Buildroot doesn't do any fsck during boot. ​:blobcateyes:​

So we made another release, nothing fancy, like the big operating systems out there. We just did another LTS bump of all critical components, fixed all the high-severity bugs, AND added support for yet another platform, the Banana Pi-R3 this time.

So, nothing spectacular, just plain boring stability that you'd expect from a critical load-bearing component in your stack.

https://github.com/kernelkit/infix

#infix #immutable #buildroot #embedded #linux

Learn how to add files to the #Buildroot image for #Rockchip #RK3562 effortlessly. Follow these methods for seamless integration👇
https://www.forlinx.net/industrial-news/rk3562-buildroot-include-files-724.html
Method 1: Directly Put into Source Code for Compilation
Method 2: Mount rootfs.ext2

For anyone interested in using Kea DHCP server on buildroot, I have submitted a new package patch that is currently awaiting upstream review. You can check it out here:

https://patchwork.ozlabs.org/project/buildroot/patch/20250903113307.100754-1-zik@jambula.net/

@iscdotorg
#ZikTIPS #buildroot #dhcp #networking #linux #opensource

Run Erlang/Elixir on Microcontrollers and Embedded Linux
https://www.grisp.org/software
#ycombinator #GRiSP_software_stacks #embedded_BEAM #Erlang_runtime #Elixir_runtime #real_time_systems #embedded_Linux #RTEMS #Buildroot #Yocto #bare_metal_programming #IoT_development #industrial_automation #deterministic_systems #embedded_cloud_platform #multi_core_Erlang #distributed_Erlang #soft_real_time

#Buildroot's check-package script keeps leading me to shellcheck bugs… Well, second in a few days, but without specifically searching for bugs, just random false-positives. I can only conclude the combination of shellcheck and Busybox shell isn't very common. ​:blobcateyes:​ https://github.com/koalaman/shellcheck/issues/3285

@zuggamasta It works very well, I use a headless #RaspberryPi 3b+ as MIDI Router between 10+ MIDI devices connected via USB and MIDI interface. I compiled my own #buildroot system to have a stable and minimal system with a startup time under 20 seconds.