diff --git a/PPL-1.0 b/COPYING similarity index 100% rename from PPL-1.0 rename to COPYING diff --git a/phytium-ota/fitImage/5.10/fitImage.hash b/phytium-ota/fitImage/5.10/fitImage.hash new file mode 100644 index 0000000000000000000000000000000000000000..4c7c7f03ef34ffa50e93fa22e5b70f5bd59a6c92 --- /dev/null +++ b/phytium-ota/fitImage/5.10/fitImage.hash @@ -0,0 +1 @@ +sha256 26a9c047d93bc7b30582bca8a226c3cc41c864b2d5a21d07064b4634b654e9cf fitImage diff --git a/phytium-ota/fitImage/latest/5.10/fitImage.tar b/phytium-ota/fitImage/5.10/fitImage.tar similarity index 100% rename from phytium-ota/fitImage/latest/5.10/fitImage.tar rename to phytium-ota/fitImage/5.10/fitImage.tar diff --git a/phytium-ota/fitImage/5.10/linux-headers-5.10.deb.hash b/phytium-ota/fitImage/5.10/linux-headers-5.10.deb.hash new file mode 100644 index 0000000000000000000000000000000000000000..166688046af29f5305bb7609957991d98dd43a95 --- /dev/null +++ b/phytium-ota/fitImage/5.10/linux-headers-5.10.deb.hash @@ -0,0 +1 @@ +sha256 a7bd6c50d40e4c827654033496757200c5f3dbfda630c5ae7c0ac43e15e64f9f linux-headers-5.10.deb diff --git a/phytium-ota/fitImage/5.10/linux-image-5.10.deb.hash b/phytium-ota/fitImage/5.10/linux-image-5.10.deb.hash new file mode 100644 index 0000000000000000000000000000000000000000..4a640f56153ae6532373be58f5b348ac3c52c14b --- /dev/null +++ b/phytium-ota/fitImage/5.10/linux-image-5.10.deb.hash @@ -0,0 +1 @@ +sha256 ab0b82ebf36925a7bb389d1f26db2c04f675ddcf9e4276850dde51e05c5e5fd3 linux-image-5.10.deb diff --git a/phytium-ota/fitImage/latest/6.6/fitImage b/phytium-ota/fitImage/6.6/fitImage similarity index 100% rename from phytium-ota/fitImage/latest/6.6/fitImage rename to phytium-ota/fitImage/6.6/fitImage diff --git a/phytium-ota/fitImage/latest/6.6/linux-headers-6.6.deb b/phytium-ota/fitImage/6.6/linux-headers-6.6.deb similarity index 100% rename from phytium-ota/fitImage/latest/6.6/linux-headers-6.6.deb rename to phytium-ota/fitImage/6.6/linux-headers-6.6.deb diff --git a/phytium-ota/fitImage/latest/6.6/linux-image-6.6.deb b/phytium-ota/fitImage/6.6/linux-image-6.6.deb similarity index 100% rename from phytium-ota/fitImage/latest/6.6/linux-image-6.6.deb rename to phytium-ota/fitImage/6.6/linux-image-6.6.deb diff --git a/phytium-ota/rootfs/latest/phytium-ota.deb b/phytium-ota/rootfs/latest/phytium-ota.deb deleted file mode 100644 index 8abda2a9beca1da727c7f23f07c00e1218c18788..0000000000000000000000000000000000000000 Binary files a/phytium-ota/rootfs/latest/phytium-ota.deb and /dev/null differ diff --git a/phytium-ota/rootfs/latest/rootfs.tar b/phytium-ota/rootfs/rootfs.tar similarity index 99% rename from phytium-ota/rootfs/latest/rootfs.tar rename to phytium-ota/rootfs/rootfs.tar index 1681c8f654f7d2868d4b4e55bbaf120cab35b7a2..88ab93d5b372c3b7a110de76aebcc164d472af56 100644 Binary files a/phytium-ota/rootfs/latest/rootfs.tar and b/phytium-ota/rootfs/rootfs.tar differ diff --git a/phytium-ota/scripts/check-hash b/phytium-ota/scripts/check-hash new file mode 100755 index 0000000000000000000000000000000000000000..5a47f49bc302846ff3fdba3d17d0b35143c5052b --- /dev/null +++ b/phytium-ota/scripts/check-hash @@ -0,0 +1,107 @@ +#!/usr/bin/env bash +set -e + +# Helper to check a file matches its known hash +# Call it with: +# $1: the path of the file containing all the expected hashes +# $2: the full path to the temporary file that was downloaded, and +# that is to be checked +# $3: the final basename of the file, to which it will be ultimately +# saved as, to be able to match it to the corresponding hashes +# in the .hash file +# +# Exit codes: +# 0: the hash file exists and the file to check matches all its hashes, +# or the hash file does not exist +# 1: unknown command-line option +# 2: the hash file exists and the file to check does not match at least +# one of its hashes +# 3: the hash file exists and there was no hash to check the file against +# 4: the hash file exists and at least one hash type is unknown + +while getopts :q OPT; do + case "${OPT}" in + q) exec >/dev/null;; + \?) exit 1;; + esac +done +shift $((OPTIND-1)) + +h_file="${1}" +file="${2}" +base="${3}" + +# Bail early if no hash to check +if [ -z "${h_file}" ]; then + exit 0 +fi +# Does the hash-file exist? +if [ ! -f "${h_file}" ]; then + printf "WARNING: no hash file for %s\n" "${base}" >&2 + exit 0 +fi + +# Check one hash for a file +# $1: algo hash +# $2: known hash +# $3: file (full path) +check_one_hash() { + _h="${1}" + _known="${2}" + _file="${3}" + + # Note: md5 is supported, but undocumented on purpose. + # Note: sha3 is not supported, since there is currently no implementation + # (the NIST has yet to publish the parameters). + case "${_h}" in + md5|sha1) ;; + sha224|sha256|sha384|sha512) ;; + *) # Unknown hash, exit with error + printf "ERROR: unknown hash '%s' for '%s'\n" \ + "${_h}" "${base}" >&2 + exit 4 + ;; + esac + + # Do the hashes match? + _hash=$( ${_h}sum "${_file}" |cut -d ' ' -f 1 ) + if [ "${_hash}" = "${_known}" ]; then + printf "%s: OK (%s: %s)\n" "${base}" "${_h}" "${_hash}" + return 0 + fi + + printf "ERROR: %s has wrong %s hash:\n" "${base}" "${_h}" >&2 + printf "ERROR: expected: %s\n" "${_known}" >&2 + printf "ERROR: got : %s\n" "${_hash}" >&2 + printf "ERROR: Incomplete download, or man-in-the-middle (MITM) attack\n" >&2 + + exit 2 +} + +# Do we know one or more hashes for that file? +nb_checks=0 +while read t h f; do + case "${t}" in + ''|'#'*) + # Skip comments and empty lines + continue + ;; + *) + if [ "${f}" = "${base}" ]; then + check_one_hash "${t}" "${h}" "${file}" + : $((nb_checks++)) + fi + ;; + esac +done <"${h_file}" + +if [ ${nb_checks} -eq 0 ]; then + case " ${BR_NO_CHECK_HASH_FOR} " in + *" ${base} "*) + # File explicitly has no hash + exit 0 + ;; + esac + printf "ERROR: No hash found for %s\n" "${base}" >&2 + exit 3 +fi diff --git a/phytium-ota/scripts/check-latest b/phytium-ota/scripts/check-latest new file mode 100755 index 0000000000000000000000000000000000000000..9709bab7039290c1117ad85381130374afeb344f --- /dev/null +++ b/phytium-ota/scripts/check-latest @@ -0,0 +1,38 @@ +#!/bin/bash +set -e + +latest_dir="/usr/lib/phytium/phytium-ota-latest" + +if [ $2 = "uboot" ]; then + _hash=$( sha256sum "$1/$2/fip-all-optee-4GB.bin" |cut -d ' ' -f 1 ) +elif [ $2 = "fitImage" ]; then + _hash=$( sha256sum "$1/$2/5.10/$2.tar" |cut -d ' ' -f 1 ) +elif [ $2 = "rootfs" ]; then + _hash=$( sha256sum "$1/$2/$2.tar" |cut -d ' ' -f 1 ) +fi + +if [ ! -e "$latest_dir/$2/$2_latest.hash" ]; then + mkdir -p $latest_dir/$2 + if [ $2 = "uboot" ]; then + echo "sha256 ${_hash} fip-all-optee-4GB.bin" > $latest_dir/$2/$2_latest.hash + else + echo "sha256 ${_hash} $2.tar" > $latest_dir/$2/$2_latest.hash + fi + echo "no_latest" + exit +else + _known=$(cat $latest_dir/$2/$2_latest.hash | cut -d ' ' -f 3) +fi + +# Do the hashes match? +if [ "${_hash}" = "${_known}" ]; then + echo "latest" +else + mkdir -p $latest_dir/$2 + if [ $2 = "uboot" ]; then + echo "sha256 ${_hash} fip-all-optee-4GB.bin" > $latest_dir/$2/$2_latest.hash + else + echo "sha256 ${_hash} $2.tar" > $latest_dir/$2/$2_latest.hash + fi + echo "no_latest" +fi diff --git a/phytium-ota/scripts/rootfs_ota b/phytium-ota/scripts/rootfs_ota new file mode 100755 index 0000000000000000000000000000000000000000..20067aa747a3bc657efc0d8741baec241800b107 --- /dev/null +++ b/phytium-ota/scripts/rootfs_ota @@ -0,0 +1,97 @@ +#!/bin/bash + +# Phytium phytiumpi rootfs_ota script +# +# Copyright (c) 2024 Phytium Technology Co., Ltd. +# +# rootfs_ota - To update rootfs to the latest for phytiumpi development board. +# + + +install_and_remove_packages() { + apt install -y locales audacity jq network-manager + apt remove -y dhcpcd5 +} # install_and_remove_package + +rootfs_configure() { + # rootfs-chown + systemctl enable systemd-rootfs-chown.service + # phytium-zram + systemctl enable phytium-zram-config.service + # phytium-vpu + systemctl enable phytium-vpu.service + + # disable default sink + sed -i 's/^default-sink = alsa_output.platform-sound.stereo-fallback/#&/' "/etc/pulse/client.conf" + # set kernel loglevel + sed -i 's/#kernel.printk = 3 4 1 3/kernel.printk = 4 4 1 7/' "/etc/sysctl.d/99-sysctl.conf" + # set the name of the sound output devices + sed -i 's/^update-sink-proplist 1 device.description=Headphone/#&/' "/etc/pulse/default.pa" + sed -i 's/^set-default-sink 1/#&/' "/etc/pulse/default.pa" + if ! grep -q '^update-sink-proplist 0 device.description=HDMI' "/etc/pulse/default.pa"; then + echo 'update-sink-proplist 0 device.description=HDMI' >> "/etc/pulse/default.pa" + fi + if ! grep -q '^load-module module-switch-on-connect' "/etc/pulse/default.pa"; then + echo 'load-module module-switch-on-connect' >> "/etc/pulse/default.pa" + fi + # enable ping for user + if [ ! -e "/etc/sysctl.d/10-custom-ping-group.conf" ]; then + echo 'net.ipv4.ping_group_range=1000 1000' >> "/etc/sysctl.d/10-custom-ping-group.conf" + fi + # set release message + echo DISTRIB_ID=Phytium > /etc/lsb-release + echo DISTRIB_RELEASE=1.0 >> /etc/lsb-release + echo DISTRIB_CODENAME=1.0 >> /etc/lsb-release + echo 'DISTRIB_DESCRIPTION="Phytium Pi OS V1.6"' >> /etc/lsb-release + sed -i 's/ID=Phytium/ID=debian/' "/usr/lib/os-release" + echo '#!/bin/sh' > /etc/update-motd.d/10-help-text + echo 'printf "\n"' >> /etc/update-motd.d/10-help-text + echo 'printf " * Support: https://gitee.com/phytium_embedded/phytium-pi-os\n"' >> /etc/update-motd.d/10-help-text + chmod +x /etc/update-motd.d/00-header + chmod +x /etc/update-motd.d/10-help-text + chmod -x /etc/update-motd.d/10-uname + echo -n > $RFSDIR/etc/motd + # cups disable TLSv1.0 and TLSv1.1 + if [ -f /etc/cups/cupsd.conf ]; then + if ! grep -q '^SSLOptions MinTLS1.2' "/etc/cups/cupsd.conf"; then + echo "SSLOptions MinTLS1.2" >> "/etc/cups/cupsd.conf" + fi + fi + + if dpkg -s openssh-server &> /dev/null; then + sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config + #ssh: disable weak MAC algorithm + if ! grep -q '^MACs hmac-sha2-256,hmac-sha2-512' "/etc/ssh/sshd_config"; then + echo "MACs hmac-sha2-256,hmac-sha2-512" >> "/etc/ssh/sshd_config" + fi + fi + # pwm-fan.service + sudo systemctl enable pwm-fan.service + # set default greeter to lightdm-gtk-greeter + if grep -q '^greeter-session=ukui-greeter' "/etc/lightdm/lightdm.conf"; then + sed -i"s/^greeter-session=ukui-greeter/#&/" /etc/lightdm/lightdm.conf + fi + # set the configuration of vim for root + if [ -f /root/.vimrc ]; then + if ! grep -q '^set mouse-=a' "/root/.vimrc"; then + echo 'set mouse-=a' >> /root/.vimrc + echo 'syntax on' >> /root/.vimrc + fi + else + echo 'set mouse-=a' >> /root/.vimrc + echo 'syntax on' >> /root/.vimrc + fi + # rm display-manager for phytium-firstlogin + rm -f /etc/systemd/system/display-manager.service + # touch .desktop_firstrun for phytium-firstlogin + if [ ! -e "/root/.desktop_firstlogin" ]; then + touch /root/.desktop_firstlogin + fi + # touch for phytium-firstlogin + if [ ! -e "/root/.not_logged_in_yet" ]; then + touch /root/.not_logged_in_yet + fi +} # rootfs_configure + +install_and_remove_packages +rootfs_configure diff --git a/phytium-ota/scripts/run_phytium_ota b/phytium-ota/scripts/run_phytium_ota new file mode 100755 index 0000000000000000000000000000000000000000..10667559ccaec34f645e4368bc3c4788655df784 --- /dev/null +++ b/phytium-ota/scripts/run_phytium_ota @@ -0,0 +1,130 @@ +#!/bin/bash + +# Phytium phytiumpi ota script +# +# Copyright (c) 2024-2025 Phytium Technology Co., Ltd. +# +# run_phytium_ota - update to the latest version for uboot\fitImage\rootfs through the +# network on the phytiumpi development board. +# + +dest_dir="/usr/local/phytium-ota" + +# uboot +uboot_bin="fip-all-optee-4GB.bin" +uboot_hash="$uboot_bin.hash" + +# get kernel version +kernel_version=$(uname -r) +# unsupport rt kernel and 4.19 +if [[ $kernel_version =~ ^((5\.10\.[0-9]+))-phytium.* ]]; then + kernel_version="5.10" +elif [[ $kernel_version =~ ^((6\.6\.[0-9]+))-phytium.* ]]; then + kernel_version="6.6" +else + echo -e "\033[31munsupport kernel version: $kernel_version\033[0m" + exit 1 +fi + +update_rootfs() { + rootfs_latest=$($dest_dir/scripts/check-latest $dest_dir rootfs) + if [ "${rootfs_latest}" = "latest" ]; then + echo -e "\033[1;32mrootfs is already latest, nothing to do...\033[0m" + else + tar -xvf $dest_dir/rootfs/rootfs.tar -C $dest_dir/rootfs/ + echo -e "\033[1;32mcheck hash...\033[0m" + check-hash $dest_dir/rootfs/phytium-desktop-tools.deb.hash $dest_dir/rootfs/phytium-desktop-tools.deb phytium-desktop-tools.deb + check-hash $dest_dir/rootfs/phytium-firstlogin.deb.hash $dest_dir/rootfs/phytium-firstlogin.deb phytium-firstlogin.deb + check-hash $dest_dir/rootfs/phytium-vpu.deb.hash $dest_dir/rootfs/phytium-vpu.deb phytium-vpu.deb + check-hash $dest_dir/rootfs/phytium-zram.deb.hash $dest_dir/rootfs/phytium-zram.deb phytium-zram.deb + check-hash $dest_dir/rootfs/rootfs-chown.deb.hash $dest_dir/rootfs/rootfs-chown.deb rootfs-chown.deb + check-hash $dest_dir/rootfs/phytium-tools.deb.hash $dest_dir/rootfs/phytium-tools.deb phytium-tools.deb + check-hash $dest_dir/rootfs/lscpu.hash $dest_dir/rootfs/lscpu lscpu + echo -e "\033[1;32mupdate rootfs...\033[0m" + cp -f $dest_dir/rootfs/lscpu /usr/bin/ + dpkg -i $dest_dir/rootfs/phytium-desktop-tools.deb + dpkg -i $dest_dir/rootfs/phytium-firstlogin.deb + dpkg -i $dest_dir/rootfs/phytium-vpu.deb + dpkg -i $dest_dir/rootfs/phytium-zram.deb + dpkg -i $dest_dir/rootfs/rootfs-chown.deb + dpkg -i $dest_dir/rootfs/phytium-tools.deb + $dest_dir/scripts/rootfs_ota + fi +} + +update_kernel() { + fitImage_latest=$($dest_dir/scripts/check-latest $dest_dir fitImage) + if [ "${fitImage_latest}" = "latest" ]; then + echo -e "\033[1;32mkernel is already latest, nothing to do...\033[0m" + else + tar -xvf $dest_dir/fitImage/$kernel_version/fitImage.tar -C $dest_dir/fitImage/$kernel_version/ + echo -e "\033[1;32mcheck hash...\033[0m" + check-hash $dest_dir/fitImage/$kernel_version/fitImage.hash $dest_dir/fitImage/$kernel_version/fitImage fitImage + check-hash $dest_dir/fitImage/$kernel_version/linux-headers-$kernel_version.deb.hash $dest_dir/fitImage/$kernel_version/linux-headers-$kernel_version.deb linux-headers-$kernel_version.deb + check-hash $dest_dir/fitImage/$kernel_version/linux-image-$kernel_version.deb.hash $dest_dir/fitImage/$kernel_version/linux-image-$kernel_version.deb linux-image-$kernel_version.deb + echo -e "\033[1;32mupdate fitImage...\033[0m" + dd if=$dest_dir/fitImage/$kernel_version/fitImage of=/dev/mmcblk0 bs=1M seek=4 count=60 >> $dest_dir/fitImage/$kernel_version/replace.log 2>&1 + dpkg -i $dest_dir/fitImage/$kernel_version/linux-headers-$kernel_version.deb + dpkg -i $dest_dir/fitImage/$kernel_version/linux-image-$kernel_version.deb + fi +} + +update_uboot() { + uboot_latest=$($dest_dir/scripts/check-latest $dest_dir uboot) + if [ "${uboot_latest}" = "latest" ]; then + echo -e "\033[1;32muboot is already latest, nothing to do...\033[0m" + else + echo -e "\033[1;32mcheck hash...\033[0m" + check-hash $dest_dir/uboot/$uboot_hash $dest_dir/uboot/$uboot_bin $uboot_bin + echo -e "\033[1;32mupdate uboot...\033[0m" + # to preserve the partition table. + dd if=/dev/mmcblk0 of=start.img bs=512 count=1 >> $dest_dir/uboot/replace.log 2>&1 + dd if=$dest_dir/uboot/$uboot_bin of=/dev/mmcblk0 bs=1M count=4 >> $dest_dir/uboot/replace.log 2>&1 + dd if=start.img of=/dev/mmcblk0 bs=512 count=1 >> $dest_dir/uboot/replace.log 2>&1 + rm -f start.img + fi +} + +# update_system +# $1: can be all\uboot\fitImage\rootfs +update_system() { + + cp -f $dest_dir/scripts/check-hash /usr/bin + + if [ "$1" == "all" ]; then + update_rootfs + update_kernel + update_uboot + elif [ "$1" == "uboot" ]; then + update_uboot + #the default uboot is hw v3, mem 4g and pcie usb3, so it is necessary to config firmware if the hardware is not the default. + unset response + while [[ ! "${response}" =~ ^(Y|y|N|n)$ ]]; do + read -r -p "Is the phytiumpi hardware version v2? [Y/n] " response + echo "$response" + done + if [[ "${response}" =~ ^(Y|y)$ ]]; then + ft-config hw v2 + fi + unset response + while [[ ! "${response}" =~ ^(Y|y|N|n)$ ]]; do + read -r -p "Is the memory size 8GB? [Y/n] " response + echo "$response" + done + if [[ "${response}" =~ ^(Y|y)$ ]]; then + ft-config mem 8g + fi + + elif [ "$1" == "fitImage" ]; then + update_kernel + fi + sync + echo -e "\033[1;32mupdate success, please reboot now\033[0m" +} # update_system + + +main() { + update_system $1 +} + +main $@ diff --git a/phytium-ota/uboot/5g/fip-all-5g-4GB.bin b/phytium-ota/uboot/5g/fip-all-5g-4GB.bin deleted file mode 100644 index 0d165b407f468c3ed1ed2afe8237c7ce7aec58b7..0000000000000000000000000000000000000000 Binary files a/phytium-ota/uboot/5g/fip-all-5g-4GB.bin and /dev/null differ diff --git a/phytium-ota/uboot/v1.5/fip-all-optee-4GB.bin b/phytium-ota/uboot/fip-all-optee-4GB.bin similarity index 99% rename from phytium-ota/uboot/v1.5/fip-all-optee-4GB.bin rename to phytium-ota/uboot/fip-all-optee-4GB.bin index 12f62778a55cdffa8f77744bd37b1e574fff69e7..ecbe8c3503c1d054b3bb9724123154664fd3bd02 100644 Binary files a/phytium-ota/uboot/v1.5/fip-all-optee-4GB.bin and b/phytium-ota/uboot/fip-all-optee-4GB.bin differ diff --git a/phytium-ota/uboot/fip-all-optee-4GB.bin.hash b/phytium-ota/uboot/fip-all-optee-4GB.bin.hash new file mode 100644 index 0000000000000000000000000000000000000000..f82a130fcc81e5ae3fe48c99f5e3514241d9a94c --- /dev/null +++ b/phytium-ota/uboot/fip-all-optee-4GB.bin.hash @@ -0,0 +1 @@ +sha256 07e42417ca8ab699223f321a9dd24ff5b3dbcf5bba8a344ef63bbb2ff0d59e93 fip-all-optee-4GB.bin diff --git a/phytium-ota/uboot/latest/fip-all-optee-2GB.bin b/phytium-ota/uboot/latest/fip-all-optee-2GB.bin deleted file mode 100644 index fd0e4b09ecec027cb0a5d4daad01755892a0fdc7..0000000000000000000000000000000000000000 Binary files a/phytium-ota/uboot/latest/fip-all-optee-2GB.bin and /dev/null differ diff --git a/phytium-ota/uboot/latest/fip-all-optee-4GB.bin b/phytium-ota/uboot/latest/fip-all-optee-4GB.bin deleted file mode 100644 index 12f62778a55cdffa8f77744bd37b1e574fff69e7..0000000000000000000000000000000000000000 Binary files a/phytium-ota/uboot/latest/fip-all-optee-4GB.bin and /dev/null differ diff --git a/phytium-ota/uboot/msata/fip-all-msata-4GB.bin b/phytium-ota/uboot/msata/fip-all-msata-4GB.bin deleted file mode 100644 index 0edb0036e988cd6bde16f6b39b4687815597250a..0000000000000000000000000000000000000000 Binary files a/phytium-ota/uboot/msata/fip-all-msata-4GB.bin and /dev/null differ diff --git a/phytium-ota/uboot/v1.5/fip-all-optee-2GB.bin b/phytium-ota/uboot/v1.5/fip-all-optee-2GB.bin deleted file mode 100644 index fd0e4b09ecec027cb0a5d4daad01755892a0fdc7..0000000000000000000000000000000000000000 Binary files a/phytium-ota/uboot/v1.5/fip-all-optee-2GB.bin and /dev/null differ diff --git a/phyuboot/fip-all-optee-4GB.bin b/phyuboot/fip-all-optee-4GB.bin index 12f62778a55cdffa8f77744bd37b1e574fff69e7..ecbe8c3503c1d054b3bb9724123154664fd3bd02 100644 Binary files a/phyuboot/fip-all-optee-4GB.bin and b/phyuboot/fip-all-optee-4GB.bin differ