--author stef --title egy noob naiv fanboikodasa az ephyr osrol --date today stef par har hete belecsuszott ebbe a covid19 contact tracing vilagba, vett 2 nrf51dk devboardot, is oruleteben kitalalta, hogy kiprobalja a regota toplay listajan veszteglo zephyr os-szel. uj hw es uj os, what could possibly go wrong? valojaban semmi, ez olyan mint egy arduino, csak felnotteknek. "hihetetlen, valoszinuleg meg fogom banni ezt az egesz fanboikodast 2-3 ev mulva es szegyenkezni fogok emiatt, de most nagyon lelkes vagyok." - concludes stef --newpage ? ___________________________________________________ / \ | | | █ | | █ ▒███▒ | | █ █░ ▒█ | | █████ ███ █▓██ █▒██▒ █░ █ █▒██▒ ▒█ | | ▒▓ ▓▓ ▒█ █▓ ▓█ █▓ ▒█ ▓▒ ▒▓ ██ █ ▓█▒ | | ░█ █ █ █ █ █ █ ▒█ █▒ █ █▓ | | █ █████ █ █ █ █ █ █ █ █ | | █░ █ █ █ █ █ █▓▓ █ | | █▒ ▓▓ █ █▓ ▓█ █ █ ▓█▒ █ █ | | █████ ███▒ █▓██ █ █ ▒█ █ █ | | █ ▒█ | | █ █▒ | \ █ ██ / --------------------------------------------------- \ \ __ UooU\.'@@@@@@`. \__/(@@@@@@@@@@) (@@@@@@@@) `YY~~~~YY' || || --newpage nsa --heading ghost 2018-ban * 2018 linux security summit: https://www.youtube.com/watch?v=Jov4dTnjm2o * stef felirta toplay listajara... majd teltek az evek... --newpage whiskey - tango - foxtrott ______________________________ / \ | | | | | █ ████████ ██████ ▒███▒ | | █░ █ ░█ █ █ █░ ▒█ | | █░▒█▒░█ █ █ ▒█ | | ▓▒███▒█ █ █ ▓█▒ | | ▒▒█▒█▒▓ █ ██████ █▓ | | ▒██ ██▓ █ █ █ | | ▒█▓ ▓█▒ █ █ | | ░█▒ ▒█▒ █ █ █ | | █ █▒ █ █ █ | | | | | \ / ------------------------------ \ \ __ UooU\.'@@@@@@`. \__/(@@@@@@@@@@) (@@@@@@@@) `YY~~~~YY' || || --newpage WTF! --heading WTF! * RTOS * Linux Foundation * Arches: x86, arm, arc, nios II, xtensa, riscv, posix/native, qemu! * 200+ boards * Vendors (intel, ti, nordic, nxp, adafruit, sifive, ...) --newpage features --heading features * host and controller bluetooth 5.0 stacks (e.g. hci-usb) * minimal libc (newlib) * tinycrypt * shell * ... --newpage deps git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file make gcc gcc-multilib g++-multilib libsdl2-dev pip3 install --user -U west optional: https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v0.11.3/zephyr-sdk-0.11.3-setup.run --newpage westf __________________________________________________________ / \ | | | ▓█ █▒ | | █ █ █ █ ███████ ██████ ▒███▒ | | █░ █ ░█ ▒▓ ▓▒ █ █ █░ ▒█ | | █░▒█▒░█ █▒ ███ ▒███▒ ▒█ █ █ ▒█ | | ▓▒███▒█ █ ▓▓ ▒█ █▒ ░█ █ █ █ ▓█▒ | | ▒▒█▒█▒▓ █ █ █ █▒░ █ █ ██████ █▓ | | ▒██ ██▓ █ █████ ░███▒ █ █ █ █ | | ▒█▓ ▓█▒ █▒ █ ▒█ ▒█ █ █ | | ░█▒ ▒█▒ ▒▓ ▓▓ █ █░ ▒█ ▓▒ █ █ █ | | █ █▒ █ ███▒ ▒███▒ █ █ █ █ | | ▒█ █▒ | | | \ / ---------------------------------------------------------- \ \ __ UooU\.'@@@@@@`. \__/(@@@@@@@@@@) (@@@@@@@@) `YY~~~~YY' || || --newpage west --heading wtf west? West was added to the Zephyr project to fulfill two fundamental requirements: * The ability to work with multiple Git repositories * The ability to provide an extensible and user-friendly command-line interface for basic Zephyr workflows see more: https://docs.zephyrproject.org/latest/guides/west/why.html --newpage --heading fs structure of a typical project --beginoutput /app ├── CMakeLists.txt ├── prj.conf └── src └── main.c --endoutput more info at https://docs.zephyrproject.org/latest/application/index.html#source-tree-structure --newpage Konfig --heading prj.cfg each project has a kernel style config --beginoutput CONFIG_BT=y CONFIG_BT_BROADCASTER=y CONFIG_BT_OBSERVER=y CONFIG_BT_DEBUG_LOG=y CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y CONFIG_HARDWARE_DEVICE_CS_GENERATOR=y CONFIG_TINYCRYPT=y CONFIG_TINYCRYPT_SHA256_HMAC=y CONFIG_TINYCRYPT_SHA256=y CONFIG_SPI=y CONFIG_SPI_1=y CONFIG_DISK_ACCESS=y CONFIG_DISK_ACCESS_SDHC=y CONFIG_DISK_ACCESS_SPI_SDHC=y CONFIG_LOG=y CONFIG_FILE_SYSTEM=y CONFIG_FAT_FILESYSTEM_ELM=y CONFIG_GPIO=y --endoutput --newpage --heading make menuconfig --beginshelloutput % west build -t menuconfig --endshelloutput ---: demo --newpage device tree GPIOs --heading device tree GPIOs --beginoutput buttons { compatible = "gpio-keys"; button0: button_0 { gpios = <&gpio0 17 (GPIO_PULL_UP | GPIO_ACTIVE_LOW)>; label = "Push button switch 0"; }; button1: button_1 { gpios = <&gpio0 18 (GPIO_PULL_UP | GPIO_ACTIVE_LOW)>; label = "Push button switch 1"; }; button2: button_2 { gpios = <&gpio0 19 (GPIO_PULL_UP | GPIO_ACTIVE_LOW)>; label = "Push button switch 2"; }; button3: button_3 { gpios = <&gpio0 20 (GPIO_PULL_UP | GPIO_ACTIVE_LOW)>; label = "Push button switch 3"; }; --endoutput --newpage device tree SPI --heading SPI device tree fragment --beginoutput &spi0 { /* Cannot be used together with i2c0. */ /* status = "okay"; */ sck-pin = <7>; mosi-pin = <29>; miso-pin = <30>; }; --endoutput --newpage device tree SDHC --heading SD card over SPI --beginoutput &spi0 { status = "okay"; cs-gpios = <&gpio0 0 GPIO_ACTIVE_HIGH>; sdhc0: sdhc@0 { compatible = "zephyr,mmc-spi-slot"; reg = <0>; status = "okay"; label = "SDHC0"; spi-max-frequency = <16000000>; }; }; --endoutput --newpage getting started --heading getting started --beginoutput # for debian % export CROSS_COMPILE=/usr/bin/arm-none-eabi- % export ZEPHYR_TOOLCHAIN_VARIANT=cross-compile # how own toolchain % export GNUARMEMB_TOOLCHAIN_PATH=/home/s/tasks/tcn/nrf51/toolchain/arm % export ZEPHYR_TOOLCHAIN_VARIANT=gnuarmemb # for convenience % export PATH=/home/s/tasks/tcn/nrf51/toolchain/arm/bin:$PATH % source env/bin/activate % west build -b nrf51dk_nrf51422 ctrace --endoutput --newpage demo --heading demo ---: * show zbuild.log ---: * show some sources --newpage last week --heading dnet last week ___________________________________________________ / \ | | | | | █ ▒███▒ | | █ █░ ▒█ | | ██▓█▓ ███ ███ █████ █ █ █▓██ ▒█ | | █▒█▒█ ▓▓ ▒█ ▓▓ ▒█ █ █ █ █▓ ▓█ ▓█▒ | | █ █ █ █ █ █ █ █ █ █ █ █ █▓ | | █ █ █ █████ █████ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ | | █ █ █ ▓▓ █ ▓▓ █ █░ █▒ ▓█ █▓ ▓█ █ | | █ █ █ ███▒ ███▒ ▒██ ▒██▒█ █▓██ █ | | █ | | █ | \ █ / --------------------------------------------------- \ . _ . \ |\_|/__/| / / \/ \ \ /__|O||O|__ \ |/_ \_/\_/ _\ | | | (____) | || \/\___/\__/ // (_/ || | || | ||\ \ //_/ \______// __ || __|| (____(____) --newpage last week II --heading stef ___________________________________________________ / \ | | | █ | | █ █ | | █ █ | | █████ ███ █▓██ █▒██▒ █░ █ █▒██▒ █ | | ▒▓ ▓▓ ▒█ █▓ ▓█ █▓ ▒█ ▓▒ ▒▓ ██ █ █ | | ░█ █ █ █ █ █ █ ▒█ █▒ █ █ | | █ █████ █ █ █ █ █ █ █ █ | | █░ █ █ █ █ █ █▓▓ █ | | █▒ ▓▓ █ █▓ ▓█ █ █ ▓█▒ █ █ | | █████ ███▒ █▓██ █ █ ▒█ █ █ | | █ ▒█ | | █ █▒ | \ █ ██ / --------------------------------------------------- \ \ ____ /# /_\_ | |/o\o\ | \\_/_/ / |_ | | ||\_ ~| | ||| \/ | |||_ \// | || | ||_ \ \_| o| /\___/ / ||||__ (___)_) --newpage last week III --heading NCC Group ______________________________ / \ | | | | | ▓██▓ | | ▒█ █▒ | | █▓██ █░ ▒██░ █ █▒██▒ | | █▓ ▓█ █ █▓▒ ▒█ █▓ ▒█ | | █ █ █ █ █░█ █ █▒ █ █ | | █ █ █ █ █▒█▒█ █ █ | | █ █ █░ ▒█ █████ █ █ | | █▓ ▓█ ▒█ █▒ ▒█▒█▒ █ █ | | █▓██ ▓██▓ █ █ █ █ | | █ | | █ | \ █ / ------------------------------ \ \ ^__^ / (oo)\_______/ _________ (__)\ )=( ____|_ \_____ ||----w | \ \ \_____ | || || || || --newpage last week IV --heading stef ____________________________________________ / \ | | | █ ▒██ | | █ █░ █ | | █ █ █ | | █▒██▒ █▒██▒ ██▓█▓ █▓██ █████ █ | | █▓ ▒█ ██ █ █▒█▒█ █▓ ▓█ █ █ | | █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █▓ ▓█ █ █ | | █ █ █ █ █ █ █▓██ █ █ | | █ | | █ | \ █ / -------------------------------------------- \ \ ____ /# /_\_ | |/o\o\ | \\_/_/ / |_ | | ||\_ ~| | ||| \/ | |||_ \// | || | ||_ \ \_| o| /\___/ / ||||__ (___)_) --newpage :/ --heading bad news https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment/ * 24 vulns * limited resources -> limited mitigations --newpage hardening --heading hardening --beginoutput % ninja hardenconfig % make hardenconfig --endoutput --beginoutput CONFIG_BOOT_BANNER=n CONFIG_STACK_CANARIES=y CONFIG_STACK_POINTER_RANDOM=100 CONFIG_PRINTK=n CONFIG_EARLY_CONSOLE=n CONFIG_OVERRIDE_FRAME_POINTER_DEFAULT=y CONFIG_LOG=n CONFIG_BUILD_OUTPUT_STRIPPED=y CONFIG_FAULT_DUMP=0 CONFIG_STACK_SENTINEL=y --endoutput --newpage conclusion --heading conclusion a zephyr os olyan mint az arduino sdk-ja, csak felnotteknek. elmeny vele dolgozni, de nem eroszakolja rad magat a butacska IDEjevel. hobbyprojektre mindenkeppen melegen tudom ajanlani. profitermek fejlesztesre max ha nem szekurity szenzitiv egyelore, de ugy erzem ez a jovoben a megvaltozott figyelemmel lehet valtozni fog.