[defcon russia #29] Борис Савков - bare-metal programming на примере raspberry...

Bare-metal programming на примере Raspberry Pi

10/03/2017DCG #7812

г. Санкт-Петербург

Defcon Russia (DCG #7812) 2

Who am iРанее: • DC4919; • Bushwhackers; • BalalaikaCr3w.Сейчас: • Evil Dwarfs; • Безопасность АСУ ТП; • OWASP Russia; • jbfc;• It sec pro course;• ASP Labs.

ONE MORE SECURITY RESEARCHER


Bare-metal

• Обучениеhttp://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/ http://wiki.osdev.org/Raspberry_Pi_Bare_Bones

• Производительность• For fun!

http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/

http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/

http://wiki.osdev.org/Raspberry_Pi_Bare_Bones

http://wiki.osdev.org/Raspberry_Pi_Bare_Bones


Raspberry pi


Why raspberry pi • дёшево• много материалов (-RP 3)


CPU

RPi:• ARM1176GTZFRPi 2:• Cortex A7RPi 3:• Cortex A53(Aarch-64)


CPURPi:• arm-none-eabi-gcc -O2 -mfpu=vfp -mfloat-abi=hard

-march=armv6zk -mtune=arm1176jzf-s arm-test.cRPi 2:• arm-none-eabi-gcc -O2 -mfpu=vfp -mfloat-abi=hard

-march=armv7-a -mtune=cortex-a7 arm-test.cRPi 3:• aarch64-elf-gcc (linaro cross gcc)

(https://releases.linaro.org/components/toolchain/binaries/6.1-2016.08/aarch64-elf/ )

*arm-none-eabi-objcopy kernel.elf -O binary kernel.img

http://toolchain/

http://6.1-2016.08/aarch64-elf/

http://toolchain/

http://6.1-2016.08/aarch64-elf/

http://toolchain/

http://6.1-2016.08/aarch64-elf/


Cortex A53


How it worksRAM 0

X00000000-------------------

IO0x3f0000000

or0x20000000

-------------------GPIO

0x3f0200000 or

0x20200000-------------------

...

GPU

CPU


Steps

1. Start GPU– Read SD

2. CPU – bootload.bin, start.elf, config

3. Start CPU cores– Run Kernel.img


Files

1. bootloader.binзагружает start.elf

2. start.elfпрошивка GPU которая стартует CPU

3. config.txtконфигурация

4. kernel.img OS или ваша программа


config.txtExamples:

arm_control=0x200 (запуск в x64)kernel_old=1 (загрузка с 0)disable_commandline_tags=1

kernel_old=1disable_commandline_tags=1

kernel_address=0x06000000


Other files

https://github.com/raspberrypi/firmware

https://github.com/raspberrypi/firmware


GPIOhttps://rawgit.com/msperl/rpi-registers/master/rpi-registers.html

https://rawgit.com/msperl/rpi-registers/master/rpi-registers.html


UART

Examples:https://github.com/gingold-adacore/rpi3-fosdem17

https://github.com/gingold-adacore/rpi3-fosdem17

https://github.com/gingold-adacore/rpi3-fosdem17


Blink

Examples:http://www.valvers.com/open-software/raspberry-pi/step01-bare-metal-programming-in-cpt1/ (RPI, RPI 2)

https://github.com/dwelch67/raspberrypi

http://www.valvers.com/open-software/raspberry-pi/step01-bare-metal-programming-in-cpt1/

http://www.valvers.com/open-software/raspberry-pi/step01-bare-metal-programming-in-cpt1/

https://github.com/dwelch67/raspberrypi


Wanna more

Examples:https://github.com/PeterLemon/RaspberryPi

https://www.raspberrypi.org/forums/viewtopic.php?t=72260

https://github.com/PeterLemon/RaspberryPihttps:/www.raspberrypi.org/forums/viewtopic.php?t=72260




USB

Examples:https://github.com/rsta2/uspi

https://github.com/rsta2/uspi


Free SCADA


Q?

[defcon russia #29] Борис Савков - bare-metal programming на примере raspberry...

Internet