Before designing my own Linux OTA stack, I'd better probe if anybody knows of an existing Linux OTA stack/framework that I could make use of/contribute to.
What I mean by Linux OTA stack/framework is a service capable of updating the Linux kernel on my device from a remote repository. Basically something like the OTA update feature found on most Linux smartphones today. It must be 99.99% fail-safe such that my devices (which will be mounted in 500 cars for 6-12 months) will not turn into useless bricks that require on-site service to become working again.
An open source solution is not a must - commercial solutions that do the job has equal interest.
Thanks in Advance.
Christian
Could you just use the APT, combined with suitable kernel packages?
Doing the actual update is pretty trivial, you can use any of the existing package management frameworks to provide a new kernel package that the system upgrades to when available.
The hard part is when your device reboots into the new kernel you need some way to detect if it doesn't boot, and boot it back into the old kernel. To do that without human intervention you'll need some sort of watchdog facility in your hardware.
Related
How is VirtualHere able to virtualize USB devices on macOS without requiring the user to install kernel extensions?
As far as I am aware, there's no documented way to virtualize USB devices on macOS.
The USB/IP project, for example, only supports clients on Windows and Linux.
I understand this is proprietary software but it must be using some technique available to userspace?
Thanks
Really interesting.
Seems they are using the IOUSBHost.framework, which is at most undocumented.
Using it requires getting custom entitlement from Apple:
com.apple.usb.hostcontrollerinterface, which could possibly take a lot of time.
There are some traces that it could be used to create virtual devices, but no details about it.
You could try to use tools like classdump to get some information directly from the framework, or read some headers on github.
It would be great if someone could share any information about it with community, as Apple seems to be very lazy about doing this.
This might be obvious for some but not to me so I'll ask =)
I'm having an issue that I have build an embedded Linux stack for some piece of hardware (NVidia TX2 + ConnectTech Astro carrier). I use a PCIe card from EPIX
If I use Ubuntu's official distribution for tegra, the PCIe card is properly detected.
With identical kernel and device tree blob, and the same HW unit, the detection fails with embedded Linux.
I thought that detecting PCIe devices would be kernel's job and not be influence by the distro, unless the drivers are built as kernel modules and inserted at different times. But in my case they are build in kernel.
Could someone elaborate why the detection would work with one distro but not the order?
Here is a link to what I tried to do to fix the detection
tx2-pcie-does-not-detect-endpoint-on-connecttech-carrier-board
Thanks!
A Linux distribution contains a kernel that usually differs from the vanilla kernel of the same release. Most of the time a distribution kernel contains lots of back ports of bug fixes that were discovered and fixed later in micro releases. There may be other features that a specific vendor includes and the vanilla kernel does not, like more recent version of certain drivers, etc. What makes this even more confusing is that sets of these back ports are often different in distributions from different vendors. As a side effect, this makes it difficult to depend on something like KERNEL_VERSION() macro in custom kernel code or in custom device drivers.
I can't say about the specific issue that you're having. The topic is pretty generic, and I hope that this explanation helps.
I'm creating an application that needs to use some kernel level modules, for which I've divided the app into 2: one user-level program and one kernel level program.
After reading about device drivers and walking through some tutorials, I'm a little confused.
Can there be a device driver without any specific device associated with it? Is there anything other than the device driver (kernel code or something) which works in kernel mode?
How do anti-virus programs and other such applications work in kernel mode? Is device driver the correct way or am I missing something?
Yes, device drivers can work without an actual piece of hardware (i.e. the device) attached to the machine. Just think of the different programs that emulate a connected SCSI drive (CD-ROM, whatever) for mounting ISO images. Or think about TrueCrypt, which emulates (removable) drives using containers, which are nothing more than encrypted files on your hard drive.
A word of warning, though: Driver development requires much more thought and has to be done more carefully, no shortcuts, good testing and in general expects you to know quite a good deal about the Windows driver model. Remember that faulty and poor drivers put the whole system's stability in jeopardy.
Honestly, I don't think reading a tutorial is sufficient here. You might want to at least invest in a decent book on that subject. Just my 2 cents, though.
Sorry, but the Windows Internals book is more of a general reading for the curious. I cannot recommend it if you want to engage in driver development - or at most as prerequisite reading to understand the architecture. There are plenty of other books around, although most of them are a bit older.
Depending on your goal, you may get away with one of the simpler driver models. That is not to say that driver development is trivial - in fact I second all aspects of the warning above and would even go further - but it means that you can save some of the more tedious work, if instead of writing a legacy file system filter you'd write one based on the filter manager. However, Windows XP before SP2 did not have it installed by default and Windows 2000 would require SP4+SRP+patch if I remember correctly. WDF (Windows Driver Foundation) makes writing drivers even easier, but it is not suitable for all needs.
The term device is somewhat of bad choice here. Device has a meaning in drivers as well, and it does not necessarily refer to the hardware device (as pointed out). Roughly there is a distinction between PDOs (physical device objects) and CDOs (control device objects). The latter are usually what you get to see in user mode and what can be accessed by means of CreateFile, ReadFile, WriteFile, DeviceIoControl and friends. CDOs are usually made visible to the Win32 realm by means of symbolic links (not to be confused with the file system entities of the same name). Drive letter assignments like C: are actually symbolic links to an underlying device. It depends on the driver whether that'd be a CDO or PDO. The distinction is more of a conceptual one taught as such in classes.
And that's what I would actually recommend. Take a class about Windows driver development. Having attended two seminars from OSR myself, I can highly recommend it. Those folks know what they're talking about. Oh, and sign up to their mailing lists over at OSR Online.
Use Sysinternals' WinObj to find out more about the device and driver objects and symlinks.
As for the question about AVs, yes they use file system filter drivers (briefly mentioned above). The only alternative to a full-fledged legacy FSFD is a mini-filter.
It is possible to load a special kind of DLL in kernel mode, too. But in general a driver is the way into the kernel mode and well documented as such.
Books you may want to consider (by ISBN): Most importantly "Programming the Windows Driver Model" (0735618038), "Windows NT Device Driver Development" (1578700582), "Windows NT File System Internals" (0976717514 (OSR's new edition)), "Undocumented Windows NT" (0764545698) and "Undocumented Windows 2000 Secrets" (0201721872) - and of course "Windows NT/2000 Native API Reference" (9781578701995) (classic). Although the last three more or less give you a better insight and are not strictly needed as reading for driver developers.
Anti-virus (and system recovery) software generally make use of file-system filter drivers. A device can have multiple filter drivers arranged like a stack, and any event/operation on this device has to pass through all the stacked up drivers. For example, anti-viruses install a filter driver for disk device so that they can intercept and scan all file system (read/write) operation.
As mentioned in above post, going through a good book would be a nice way to start. Also, install DDK/WDK and refer the bundled examples.
How long, approximately, would it take to develop a kernel patch or driver for the windows NT kernel/series of kernels, that would introduce new functionality, or replace existing functionality?
For example, to add in a different encryption algorithm, or to implement some sort of new security model.
What are the advantages/disadvantages between actually writing a kernel patch, and a driver?
Can a driver be theoretically bypassed, in a way a kernel patch cannot?
I understand the windows kernel is proprietary and it is hard to write a kernel patch for it, but this is exactly what several companies, notably AV companies do, without cooperation from Microsoft, so it is possible...
A different encryption algorithm
This is done by extending the encryption provider. There is a framework where you can do that.
new security model
What new security model?
If you want more specific control over one application, you build a sandbox.
If you want more specific control over an OS, you put the OS into a virtual machine.
If you have something completely new, you have to write a new kernel. Right management is really a broad topic, where you have to touch every entry point to get your solution to work.
Can a driver be theoretically bypassed, in a way a kernel patch cannot?
No and yes ... How do you think a driver changes a security model?
but this is exactly what several companies, notably AV companies do.
No, they don't. They have a kernel driver, which hooks into the right functions. Most AV software hooks the ReadFile/WriteFile/CreateFile APIs, in which they check for 'malicious code-sequences'. This is not a security model. Its just a binary 'May access/may not access' check.
the proper way to modify how the kernel works is to write a filter driver that modifies or snoops at information transferred between drivers.
that is the closest thing to a legitimate patch
with regard to patching the kernel function tables...you should not do that because: it will not work in x64 edtions. since it will not work in x64 edtion, you cannot WLK certify your driver even for 32-bits. and if you cannot certify your driver, you will end up having an undecertified driver which is highly discourgaed (for example, you cannot preinstall on a computer and then wlk certify the machine).
I'm looking at options to access DVB data on OS X. Initially I want to support the EyeTV DTT USB device, but in the long-run I'd like to support a number of popular devices. The problem I have is that there is no standard way of controlling such devices.
All the applications I know of that use them either hide the driver code within the application (for example EyeTV itself, all it's drivers are implemented totally in userspace and are not accessible to external apps), or they use the seemingly defunkt MMInputFamily driver (no source code availible any more, author gone walkabouts).
I've done some research and found that a number of the devices I want to support are supported within the Linux DVB project. Further research indicates that some years ago there was an attempt to abstract the linux implementation so that it could potentially be recompiled on other platforms. The idea being that efforts to support devices should be pooled and the best way to do that would be to make the current open source implementation work on multiple platforms: it seems in the end to have amounted to little however.
The idea of compiling linux drivers against other *nix type platforms has also been taken up elsewhere with some success. The approach the author took is detailed on the page I linked, it seems potentially viable on OS X as well.
At any rate, there seem to be a number of options, but no clear winner:
Find the source code for the MMInputFamily driver, try to get it working on OS X 10.6 and add support for the devices I require, referrencing the linux source code for pointers. Problem: the source code is nowhere to be found, nor is the author. Additionally it seems the author might perhaps have gone down another route had he fully appreciated the previous efforts to port the linux drivers to OS X.
Attempt to port the linux drivers to OS X in a manner similar to the FreeBSD project I linked. Problem: this is very low-level work and work in this layer is not recommended by Apple if it can be avoided.
Write a driver with OS X's IOKit: this is the preferred method for implementing drivers but I would have to do everything from scratch, clearly not a small job.
If I could I would really like to use the Linux source code, but I'm unsure if such a thing is really viable. Does anyone have any advice or ideas on the best way to proceed with this task?