Heads testing

Insurgo · March 24, 2024, 3:22pm

Add in place programmer's flashing "best practices" and refer to ch341a rev 1.6+

opened 02:30PM - 30 Jan 23 UTC

There is a lot of information out there on ch341a programmer giving too much vol…tage (5v vs 3.3v). Users reports of having bricked their laptops (SPI chip to motherboards resistors). One of those example is a recent exchange on slack/matrix accessible at: https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$kcFoywTcHgKLIbRP3iJ1bgJ8vRUGZsZcCGvvJsCszgw?via=matrix.org&via=nitro.chat&via=talk.puri.sm xx20/xx30 chips and motherboard resistors are really resilient and cheap ch341a providing 5v never caused any issue, but this may vary for other SPI chips/motherboard when doing in place programming (with a PAMONA clip connected to the chip on the motherboard.) General guidelines, depending on motherboard is: 1. Make sure that CMOS, AC Adapter and battery is deconnected. 2. Make sure to connect the clip on CHIP prior of powering up the programmer (I never followed that even with black programmer and bricked 2 laptops to date because I didn't respect point 1 above. 3. Other guides suggest to modify ch341 programmer to make sure voltage provided is 3.3v (https://www.chucknemeth.com/laptop/lenovo-x230/flash-lenovo-x230-coreboot being one of them) 4. Other guides suggest unsoldering/resoldering the SPI for extra caution (never did that) 5. More expensive programmer (LC Technologies ch341a programmers) were suggested (good general advice) I would invite people into discussing facts here to be used to create additional flashing best practice page to the wiki.

github.com/linuxboot/heads

SPI programmer recommendation

opened 12:15AM - 04 Apr 17 UTC

jpouellet

documentation installation

I'm sure [your SPI programmer](https://trmm.net/SPI) works great, but for those …who do not happen to have a teensy on hand and would end up buying some hardware to flash things anyway, I would recommend picking up a CH341A-based ([datasheet](http://www.datasheetspdf.com/datasheet/CH341A.html)) programmer. These: - can read & write common SPI & I2C EEPROMs - can be acquired for ~$3 USD including taxes and shipping (!) [on ebay](http://www.ebay.com/sch/i.html?_nkw=CH341A) - have a [working open source driver](https://github.com/setarcos/ch341prog) to interface with them - are decently fast: writes my 8mb ME region in ~100 seconds, reads it in ~60s, erases it in ~25s SOIC8 clips can also be acquired (w/ tax & shipping!) for about $3 USD [on ebay](http://www.ebay.com/sch/i.html?_nkw=SOIC8+clip).

Litter_Box · April 29, 2024, 9:45am

Raspberry Pi works.

Insurgo · May 10, 2024, 9:53pm

Move to nix buildstack (and nix develop produced docker image used under CircleCI) by tlaurion · Pull Request #1661 · linuxboot/heads · GitHub was merged today!

Important building block (pun intended!) for Heads finally got merged, to be improved upon. Heads, once again, which was awaited for a really long while, produces reproducible ROM images again!

This means that you have no more reason to not replicate hashes and Rom images, locally, that were built from CircleCI! Each commit should produce the same exact bit by bit flashable ROM images.

But this time, you can also produce a reproducible docker image locally that can be used to test heads through qemu tcg/kvm locally, or download the latest available docker image built in the same exact way, thanks to Nix guaranteeing this contractually.

That was an NlNet grant milestone under NLnet; Heads-OpenPGP ongoing paid work, which reached its goal a bit later then expected initially. Well, this is how it goes when you swim in uncharted waters.

With heads/README.md at ecbfdbc57b23ef0b884b394e1ad97491b8d2f8b6 · tlaurion/heads · GitHub being the new building guidelines, which you are more then welcome to provide PR against for better documentation over linuxboot/heads-wiki

Cheers!

Insurgo · May 12, 2024, 3:42pm

Build documentation has been updated General Building | Heads - Wiki

Insurgo · May 12, 2024, 6:08pm

Wow nix is amazing.

Another goodie for you all that were afraid to test heads because it seemed too complex.

The entry barrier just vanished.

With this pull request, you can run locally built qemu q35 coreboot image with Heads as payload to experiment and develop without the need of real hardware anymore! None outside of your computer and a lot of ram assigned to your testing qube!

All you need is docker and plenty of disk space in your testing qube, thanks to qemu TCG, canokey-qemu to emulate OpenPGP usb smartcard, swtpm to emulate TPM1.2/TPM2… and all past work having led to this.
(You can sniff TPM communication, sniff OpenGPG communication, boards come with debug trace on screen and the board configs can be used as reference board to compare to other boards under boards dir…)

Someone is up to implement reverse HOTP in canokey?!?

Relevant announcement You're invited to talk on Matrix

PR: flake.nix + qemu.mk : add working qemu-canokey usable from all qemu boards by default by tlaurion · Pull Request #1671 · linuxboot/heads · GitHub