Utilite computer 3.10.17 Linux kernel upgrade

Utilitie-introThis is the manual about how to (properly) compile Utilite-developed Linux kernel for the Utilite computer (Utilite Pro) running “Ubuntu 12.04 LTS (Precise Pangolin)”. It’s mostly written for my own reference in case of possible future upgrades, but some might find it useful, as otherwise the information seems to be scattered around the Internet. We will do the start in user-mode and finish it in superuser (root) mode. The commands in bold are those which you need to type on the command line. However, I am not responsible for any damage that you might experience trying out this manual on your Utilite Pro. These are unofficial instructions, if you want official instructions read information on the Utilite Forum and Wiki. So here we go …

1. First we are going to pull the kernel sources with git ( there is an online manual on how to use git ). This is a one-string command, so write all in one line.

$ git clone -b 'utilite/devel'
https://github.com/utilite-computer/linux-kernel --depth 1

2. Lets move inside the kernel tree.

$ cd linux-kernel

3. Let’s make default kernel .config

$ make cm_fx6_defconfig

4. Let’s define other settings with menuconfig. Beside of concatenating kernel image and DTB you need to make sure that the following kernel options are present in your .config :

CONFIG_ARM_APPENDED_DTB=y
CONFIG_ARM_ATAG_DTB_COMPAT=y
CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEND=y
CONFIG_CMDLINE_FROM_BOOTLOADER=y

$ make menuconfig

5. Clean before compiling.

$ make clean

6. Let’s compile. Option “-j8” means that we’ll be using 8 jobs on all 4 cores ( x 2 for SMP) on Utilite Pro for compiling ( it’s faster ). Approx. build time is 24 minutes.

$ make -j8 zImage

7. If you enabled DTB settings in the kernel .config, DTB should be made successfully. Approx. build time is 1 minute.

$ make -j8 imx6q-sbc-fx6m.dtb

8. Let’s make the modules. Approx. build time is 4 minutes.

$ make -j8 modules

9. Until this step everything can be done in user-mode. From here on you will need to perform all the additional steps as root or with “sudo” command. Let’s install the modules.

# make modules_install

10. Let’s install the firmware.

# make firmware_install

11. Let’s install the kernel headers.

# make headers_install

12. Now with all things in place and no errors, we are going to mount the boot partition on Utilite Pro ( this is a one-string command, so copy the whole string ).

# boot_partition=`cat /proc/cmdline | awk ‘{ for (i=1;i<=NF;i++) { if($i~/root=/) { print substr($i,6,length($i)-6)”1″ } } }’`

# mount $boot_partition /boot

13. DO NOT FORGET to backup your existing working kernel !

# cp /boot/uImage-cm-fx6 /boot/uImage-cm-fx6.bak

14. Move the newly built Linux kernel image into /boot .

# cat arch/arm/boot/zImage arch/arm/boot/dts/imx6q-sbc-fx6m.dtb > /boot/zImage-cm-fx6

15. Perform the last step to fit everything in place ( this is one-string long command, write everything together ).

# cd /boot; mkimage -A arm -O linux -T kernel -C none -a 0x10008000 -e 0x10008000 -n 3.10.17-cm-fx6-1-beta2-aufs -d zImage-cm-fx6 uImage-cm-fx6; rm -f zImage-cm-fx6

16. The result should be similar to this if all went well …

Image Name: 3.10.17-cm-fx6-1-beta2-aufs
Created: Tue Feb 17 13:53:34 2015
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 5460160 Bytes = 5332.19 kB = 5.21 MB
Load Address: 10008000
Entry Point: 10008000

17. un-mount the /boot partition.

# umount /boot

18. Reboot and pray !

# reboot

 

If all went well, you should have a new workable 3.10.17 kernel on Utilite Pro.

If you are unable to boot to the new kernel or if something was faulty, there are several things you can try for the rescue. Most information can be asked or found on the Utilite support forum. This is the best place to ask questions. You should enable serial console ( I won’t describe how you do this, you can find the information on the forum or wiki ). So after being connected with the serial console, the first thing you see starting is U-boot. There will be a similar output, compared to this one :

U-Boot 2009.08-cm-fx6-0.98+tools (Mar 10 2014 – 16:17:49)

CPU: Freescale i.MX6 family TO6.4 at 792 MHz
Temperature: 34 C, calibration data 0x59d4f769
mx6q pll1: 792MHz
mx6q pll2: 528MHz
mx6q pll3: 480MHz
mx6q pll8: 50MHz
ipg clock : 66000000Hz
ipg per clock : 66000000Hz
uart clock : 80000000Hz
cspi clock : 60000000Hz
ahb clock : 132000000Hz
axi clock : 264000000Hz
emi_slow clock: 29333333Hz
ddr clock : 528000000Hz
usdhc1 clock : 198000000Hz
usdhc2 clock : 198000000Hz
usdhc3 clock : 198000000Hz
usdhc4 clock : 198000000Hz
nfc clock : 11000000Hz
Board: CM-FX6:[ POR ]
Boot Device: SD
I2C: ready
RAM Configuration:
Bank #0: 10000000 1 GB
Bank #1: 80000000 1 GB
NAND: No NAND device found!!!
0 MiB
MMC: FSL_USDHC: 0,FSL_USDHC: 1,FSL_USDHC: 2
JEDEC ID: 0xbf:0x25:0x41
Reading SPI NOR flash 0xc0000 [0x2000 bytes] -> ram 0x17e030c0
SUCCESS

In: serial
Out: serial
Err: serial
Net: got MAC address from IIM: 00:00:00:00:00:00
FEC0
Hit any key to stop autoboot:

Here you have 3 seconds of time to hit any key and enter into the U-boot interface, where you can perform additional steps.

1. First step would be to boot the previous kernel. Define the previous kernel with “setenv”.

$ setenv kernel uImage-cm-fx6.bak

$ run bootcmd

This should at least bring you back to the previous kernel.

2. If you forgot what your previous kernel name was ( if you selected a different name ), you can try these commands :

$ sata init
$ fatls sata 0:1

This should list all available kernels in the /boot partition, so just select another name with “setenv”.

Good luck !

P. S. If you have tried this procedure and found any errors or know about the improvements, you are welcome to comment on the post and I will be glad to fix the article !

Encrypting external USB drive in GNU/Linux

I recently bought an external USB drive and while setting it up with an encrypted filesystem I thought I could blog about it. The procedure that I will use involves Logical Volume Manager (LVM) and luks0pen encryption. The procedure is being done with Trisquel GNU/Linux, but it will also work for Ubuntu Linux and other GNU/Linux systems.

  1. First you will need to open a terminal (xterm) and log in as a root user, use “su” and enter your root password.
  2. You can open another terminal and watch the system log with “tail -f /var/log/messages
  3. Then you will need some programs to make it work with encryption, you will need to install Logical Volume Manager tools (LVM) with “aptitude install lvm2 e2fsprogs cryptsetup“.
  4. Attach the USB drive into the computer’s USB slot, you can check “/var/log/messages” or type “dmesg” to see how the drive appears up in your computer. Mine shows up as “/dev/sdb“. Keep in mind that your drive might show up differently as “/dev/sdc” or “/dev/sdd” depending on your setup, so I will continue with the manual as the drive being set up for “/dev/sdX“, please consider changing X to another letter which matches your drive.
  5. Check the drive for bad blocks (takes a couple of hours): “badblocks -c 10240 -s -w -t random -v /dev/sdX“. For a 3 Terabyte drive it took a bit over 5 hours to finish.
  6. Write random data to the entire drive. This step took less than 12 hours to finish, but it ensures that never-written drive space can’t be differentiated from encrypted data if someone ever tries to crack the drive. (If you’re going to do this, you might as well do it right). Use “shred -v -n 1 /dev/sdX
  7. Create one big LVM partition on the drive using fdisk. Set up one big primary partition /dev/sdX1, set the tag to system id “8e” LVM, and write the changes to disk:
    fdisk /dev/sdX
    Note: sector size is 4096 (not 512)
    Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
    Building a new DOS disklabel with disk identifier 0x4a8d1c8d.
    Changes will remain in memory only, until you decide to write them.
    After that, of course, the previous content won't be recoverable.
    
    Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
    
    Command (m for help): p
    
    Disk /dev/sdb: 3000.6 GB, 3000592982016 bytes
    255 heads, 63 sectors/track, 45600 cylinders, total 732566646 sectors
    Units = sectors of 1 * 4096 = 4096 bytes
    Sector size (logical/physical): 4096 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disk identifier: 0x4a8d1c8d
    
       Device Boot      Start         End      Blocks   Id  System
    
    Command (m for help): n
    Partition type:
       p   primary (0 primary, 0 extended, 4 free)
       e   extended
    Select (default p): p
    Partition number (1-4, default 1): 1
    First sector (256-732566645, default 256): [ENTER]
    Using default value 256
    Last sector, +sectors or +size{K,M,G} (256-732566645, default 732566645): [ENTER]
    Using default value 732566645
    
    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 8e
    Changed system type of partition 1 to 8e (Linux LVM)
    
    Command (m for help): p
    
    Disk /dev/sdb: 3000.6 GB, 3000592982016 bytes
    255 heads, 63 sectors/track, 45600 cylinders, total 732566646 sectors
    Units = sectors of 1 * 4096 = 4096 bytes
    Sector size (logical/physical): 4096 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disk identifier: 0x4a8d1c8d
    
       Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1             256   732566645  2930265560   8e  Linux LVM
    
    Command (m for help): w
    The partition table has been altered!
    
    Calling ioctl() to re-read partition table.
    Syncing disks.
  8. Use cryptsetup to encrypt the drive: 
    "cryptsetup --verbose --verify-passphrase luksFormat /dev/sdX1"
  9. WARNING!
    ========
    This will overwrite data on /dev/sdX1 irrevocably.Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase: <Your password here>
    Verify passphrase: <Repeat your password>
    Command successful.
  10. Unlock the drive: (We will call this drive backupexternal, but you can choose a different name)
  11. “cryptsetup luksOpen /dev/sdX1 backupexternal” . Enter passphrase for /dev/sdX1: <Enter your password here>
  12. Create the LVM physical volume: “pvcreate /dev/mapper/backupexternal” , Physical volume “/dev/mapper/backupexternal” successfully created
  13. Create the LVM volume group: (We will call it usbbackup, but you can choose a different name) “vgcreate usbbackup /dev/mapper/backupexternal” , Volume group “usbbackup” successfully created.
  14. Create a logical volume within the volume group: “lvcreate -L 900G -n backupvol /dev/usbbackup“, Logical volume “backupvol” created.
  15. At this point you have a device named /dev/usbbackup/backupvol, so create a filesystem on the logical volume: “mkfs.ext4 /dev/usbbackup/backupvol”
  16. mke2fs 1.42 (29-Nov-2011)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    58982400 inodes, 235929600 blocks
    11796480 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=4294967296
    7200 block groups
    32768 blocks per group, 32768 fragments per group
    8192 inodes per group
    Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
    102400000, 214990848Allocating group tables: done
    Writing inode tables: done
    Creating journal (32768 blocks): done
    Writing superblocks and filesystem accounting information: done
  17. Create a mount directory on computer drive “mkdir /mnt/backup
  18. Mount the volume: “mount /dev/usbbackup/backupvol /mnt/backup
  19. To get the volume to mount automatically at boot time add this line to your /etc/fstab file:
    "/dev/usbbackup/backupvol      /mnt/backup     ext4    defaults        0 5"
  20. To be prompted for the decryption key / passphrase at boot time first get the drive’s UUID: “ls -l /dev/disk/by-uuid” (In my example I use the UUID for /dev/sdb1)
  21. Then add this line to the /etc/cryptab file: “ext_drive /dev/disk/by-uuid/[the UUID of the drive] none luks

That’s it. You now have an external, encrypted hard drive with LVM installed. You’ve created one 900GB volume that uses half the disk, leaving 2100GB free for other volumes, or for expanding the first volume.

Hope you find this useful.

P. S. If you have tried this procedure and found any errors or know about the improvements, you are welcome to comment on the post and I will be glad to fix the article !