You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mynewt.apache.org by Niall Begley <nb...@gmail.com> on 2018/04/19 14:14:15 UTC
Debugging the mynewt bootloader
Hi everyone, I'm new to mynewt (and RTOS's in general) and I'm looking to
do something that I think is a little outside the scope of a lot of the
documentation on the mynewt site (as far as I can tell) and I was hoping to
get some guidance.
Basically, I'm interested in modifying the existing digital signature
systems in place for secure boot loading, but I'm running into a problem
actually debugging the changes I'm making. When I run "newt run" on my
bootloader, GDB appears to only load when the digital signature is already
halfway through validation. For example, here is what the stack looks like
immediately after breaking into GDB when the bootloader is set to perform
RSA signature validation:
#0 memset (dst=0x80002d28, c=c@entry=0, n=<optimized out>) at
repos/apache-mynewt-core/libc/baselibc/src/memset.c:24
#1 0x200025ca in mbedtls_mpi_lset (X=X@entry=0x80002fd0, z=z@entry=0) at
repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:295
#2 0x20002f0c in mbedtls_mpi_mul_mpi (X=X@entry=0x80002fd0, A=0x80002f54,
A@entry=0x80002fd0, B=B@entry=0x80002f84)
at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1193
#3 0x20002f5a in mbedtls_mpi_mul_int (X=X@entry=0x80002fd0,
A=A@entry=0x80002fd0,
b=<optimized out>)
at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1220
#4 0x200031e4 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry=0x80003694,
A=A@entry=0x80003694, B=B@entry=0x80003cec)
at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1388
#5 0x20003320 in mbedtls_mpi_mod_mpi (R=R@entry=0x80003694,
A=A@entry=0x80003694,
B=B@entry=0x80003cec)
at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1460
#6 0x20003648 in mbedtls_mpi_exp_mod (X=X@entry=0x800036e4,
A=A@entry=0x800036e4,
E=E@entry=0x80003cf8, N=N@entry=0x80003cec,
_RR=_RR@entry=0x80003d4c) at
repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1662
#7 0x20003a00 in mbedtls_rsa_public (ctx=ctx@entry=0x80003ce4,
input=input@entry=0x80003e2c
"\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
\305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
output=output@entry=0x80003714 "\n\001") at
repos/apache-mynewt-core/crypto/mbedtls/src/rsa.c:312
#8 0x20001946 in bootutil_cmp_rsasig (
sig=0x80003e2c
"\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
\305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
hlen=32,
hash=0x80003e0c
"u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
\305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
ctx=0x80003ce4) at repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:91
#9 bootutil_verify_sig (
hash=hash@entry=0x80003e0c
"u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
\305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
hlen=hlen@entry=32,
sig=sig@entry=0x80003e2c
"\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
\305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
slen=slen@entry=256, key_id=<optimized out>) at
repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:145
#10 0x20001842 in bootutil_img_validate (hdr=hdr@entry=0x800007c4
<boot_data>, fap=fap@entry=0x20005e84 <sysflash_map_dflt+12>,
tmp_buf=<optimized out>, tmp_buf_sz=tmp_buf_sz@entry=256,
seed=seed@entry=0x0, seed_len=seed_len@entry=0,
out_hash=out_hash@entry=0x0) at
repos/apache-mynewt-core/boot/bootutil/src/image_validate.c:215
#11 0x20000e2e in boot_image_check (fap=0x20005e84 <sysflash_map_dflt+12>,
hdr=0x800007c4 <boot_data>)
at repos/apache-mynewt-core/boot/bootutil/src/loader.c:518
#12 boot_validate_slot (slot=slot@entry=0) at
repos/apache-mynewt-core/boot/bootutil/src/loader.c:576
#13 0x200011b4 in boot_go (rsp=rsp@entry=0x80003fd4) at
repos/apache-mynewt-core/boot/bootutil/src/loader.c:1054
#14 0x20000bf2 in main () at
repos/apache-mynewt-core/apps/boot/src/boot.c:54
Is there a better way to do this with GDB? Is it possible to use one of
the logging or console packages to perform prints? Any tips in general?
Thanks everyone
Re: Debugging the mynewt bootloader
Posted by Christopher Collins <ch...@runtime.io>.
Hi Niall,
On Fri, Apr 20, 2018 at 10:18:24AM -0400, Niall Begley wrote:
> Thanks, Chris, but that didn't work either.
>
> I wound up just putting an infinite while loop early on in the boot process
> and changing the conditional for the loop when GDB boots up. However,
> stepping through the code is extremely slow on this board - stepping over
> large-ish methods takes up to 5-10 minutes to complete - so this all may
> have been for naught!
I have found the same: flash operations are extremely slow when stepping
in gdb. It seems to be the case whenever one is running from flash, so
I don't think it is specific to that hardware.
Chris
Re: Debugging the mynewt bootloader
Posted by Niall Begley <nb...@gmail.com>.
Thanks, Chris, but that didn't work either.
I wound up just putting an infinite while loop early on in the boot process
and changing the conditional for the loop when GDB boots up. However,
stepping through the code is extremely slow on this board - stepping over
large-ish methods takes up to 5-10 minutes to complete - so this all may
have been for naught!
On Thu, Apr 19, 2018 at 4:11 PM, Christopher Collins <ch...@runtime.io>
wrote:
> You might want to try:
>
> mon reset halt
>
> Some hardware seems to require the "halt" at the end. I am about the
> furthest one can get from being an OpenOCD expert, so I couldn't tell
> you what the difference is.
>
> Chris
>
> On Thu, Apr 19, 2018 at 03:52:39PM -0400, Niall Begley wrote:
> > Hi Marko,
> >
> > That's extremely useful information, thank you. "Mon reset" is exactly
> the
> > command I was looking for, although I seem to be out of luck as my board
> > (HiFive1) doesn't appear to like that command:
> >
> > (gdb) break main
> > Breakpoint 1 at 0x20000be2: file
> > repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
> > (gdb) mon reset
> > JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
> > Inc.), part: 0x0e31, ver: 0x1)
> > halted at 0x20000418 due to debug interrupt
> > Timed out waiting for state 1. Increase timeout with riscv
> > set_command_timeout_sec.
> > in procedure 'reset'
> > in procedure 'ocd_bouncer'
> >
> > Even increasing the command timeout to 2 minutes doesn't help, as it just
> > hangs instead:
> >
> > (gdb) b main
> > Breakpoint 1 at 0x20000be2: file
> > repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
> > (gdb) mon reset
> > JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
> > Inc.), part: 0x0e31, ver: 0x1)
> > halted at 0x2000041e due to debug interrupt
> >
> > I guess resorting to using the console with some print statements isn't
> the
> > end of the world. I did previously try and get some printing out to a
> > serial window but it wasn't working and I wasn't sure if it was just
> > because the bootloader couldn't support that functionality or if I had
> set
> > it up incorrectly. It's good to know it should work in theory so that I
> > can go back and focus on implementing it correctly.
> >
> >
> >
> > On Thu, Apr 19, 2018 at 2:27 PM, marko kiiskila <ma...@runtime.io>
> wrote:
> >
> > >
> > > Just reset the target; it’ll restart from the beginning.
> > > Presumably the bootloader will do the same work every time it runs?
> > > ‘mon reset’ is what you’d issue from gdb prompt.
> > >
> > > You can enable console within bootloader, if absolutely necessary.
> > > Replace the console/stub package with console/full, and call sysinit()
> > > from your main.
> > > Note that bootloader size might increase it’s size such that you’ll
> need
> > > to shift any subsequent data in the flash further away.
> > >
> > > Hope that helps,
> > > M
> > >
> > > > On Apr 19, 2018, at 5:14 PM, Niall Begley <nb...@gmail.com> wrote:
> > > >
> > > > Hi everyone, I'm new to mynewt (and RTOS's in general) and I'm
> looking to
> > > > do something that I think is a little outside the scope of a lot of
> the
> > > > documentation on the mynewt site (as far as I can tell) and I was
> hoping
> > > to
> > > > get some guidance.
> > > >
> > > > Basically, I'm interested in modifying the existing digital signature
> > > > systems in place for secure boot loading, but I'm running into a
> problem
> > > > actually debugging the changes I'm making. When I run "newt run" on
> my
> > > > bootloader, GDB appears to only load when the digital signature is
> > > already
> > > > halfway through validation. For example, here is what the stack
> looks
> > > like
> > > > immediately after breaking into GDB when the bootloader is set to
> perform
> > > > RSA signature validation:
> > > >
> > > > #0 memset (dst=0x80002d28, c=c@entry=0, n=<optimized out>) at
> > > > repos/apache-mynewt-core/libc/baselibc/src/memset.c:24
> > > > #1 0x200025ca in mbedtls_mpi_lset (X=X@entry=0x80002fd0, z=z@entry
> =0)
> > > at
> > > > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:295
> > > > #2 0x20002f0c in mbedtls_mpi_mul_mpi (X=X@entry=0x80002fd0,
> > > A=0x80002f54,
> > > > A@entry=0x80002fd0, B=B@entry=0x80002f84)
> > > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1193
> > > > #3 0x20002f5a in mbedtls_mpi_mul_int (X=X@entry=0x80002fd0,
> > > > A=A@entry=0x80002fd0,
> > > > b=<optimized out>)
> > > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1220
> > > > #4 0x200031e4 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry
> > > =0x80003694,
> > > > A=A@entry=0x80003694, B=B@entry=0x80003cec)
> > > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1388
> > > > #5 0x20003320 in mbedtls_mpi_mod_mpi (R=R@entry=0x80003694,
> > > > A=A@entry=0x80003694,
> > > > B=B@entry=0x80003cec)
> > > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1460
> > > > #6 0x20003648 in mbedtls_mpi_exp_mod (X=X@entry=0x800036e4,
> > > > A=A@entry=0x800036e4,
> > > > E=E@entry=0x80003cf8, N=N@entry=0x80003cec,
> > > > _RR=_RR@entry=0x80003d4c) at
> > > > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1662
> > > > #7 0x20003a00 in mbedtls_rsa_public (ctx=ctx@entry=0x80003ce4,
> > > > input=input@entry=0x80003e2c
> > > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > > 200d2V\327\265h9F\005
> > > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > > 203\230\327\301H1\004",
> > > > output=output@entry=0x80003714 "\n\001") at
> > > > repos/apache-mynewt-core/crypto/mbedtls/src/rsa.c:312
> > > > #8 0x20001946 in bootutil_cmp_rsasig (
> > > > sig=0x80003e2c
> > > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > > 200d2V\327\265h9F\005
> > > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > > 203\230\327\301H1\004",
> > > > hlen=32,
> > > > hash=0x80003e0c
> > > > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> > > 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> > > 246>\016j\222t\200d2V\327\265h9F\005
> > > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > > 203\230\327\301H1\004",
> > > > ctx=0x80003ce4) at repos/apache-mynewt-core/boot/
> > > bootutil/src/image_rsa.c:91
> > > > #9 bootutil_verify_sig (
> > > > hash=hash@entry=0x80003e0c
> > > > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> > > 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> > > 246>\016j\222t\200d2V\327\265h9F\005
> > > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > > 203\230\327\301H1\004",
> > > > hlen=hlen@entry=32,
> > > > sig=sig@entry=0x80003e2c
> > > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > > 200d2V\327\265h9F\005
> > > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > > 203\230\327\301H1\004",
> > > > slen=slen@entry=256, key_id=<optimized out>) at
> > > > repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:145
> > > > #10 0x20001842 in bootutil_img_validate (hdr=hdr@entry=0x800007c4
> > > > <boot_data>, fap=fap@entry=0x20005e84 <sysflash_map_dflt+12>,
> > > > tmp_buf=<optimized out>, tmp_buf_sz=tmp_buf_sz@entry=256,
> > > > seed=seed@entry=0x0, seed_len=seed_len@entry=0,
> > > > out_hash=out_hash@entry=0x0) at
> > > > repos/apache-mynewt-core/boot/bootutil/src/image_validate.c:215
> > > > #11 0x20000e2e in boot_image_check (fap=0x20005e84
> > > <sysflash_map_dflt+12>,
> > > > hdr=0x800007c4 <boot_data>)
> > > > at repos/apache-mynewt-core/boot/bootutil/src/loader.c:518
> > > > #12 boot_validate_slot (slot=slot@entry=0) at
> > > > repos/apache-mynewt-core/boot/bootutil/src/loader.c:576
> > > > #13 0x200011b4 in boot_go (rsp=rsp@entry=0x80003fd4) at
> > > > repos/apache-mynewt-core/boot/bootutil/src/loader.c:1054
> > > > #14 0x20000bf2 in main () at
> > > > repos/apache-mynewt-core/apps/boot/src/boot.c:54
> > > >
> > > > Is there a better way to do this with GDB? Is it possible to use
> one of
> > > > the logging or console packages to perform prints? Any tips in
> general?
> > > >
> > > > Thanks everyone
> > >
> > >
>
Re: Debugging the mynewt bootloader
Posted by Christopher Collins <ch...@runtime.io>.
You might want to try:
mon reset halt
Some hardware seems to require the "halt" at the end. I am about the
furthest one can get from being an OpenOCD expert, so I couldn't tell
you what the difference is.
Chris
On Thu, Apr 19, 2018 at 03:52:39PM -0400, Niall Begley wrote:
> Hi Marko,
>
> That's extremely useful information, thank you. "Mon reset" is exactly the
> command I was looking for, although I seem to be out of luck as my board
> (HiFive1) doesn't appear to like that command:
>
> (gdb) break main
> Breakpoint 1 at 0x20000be2: file
> repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
> (gdb) mon reset
> JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
> Inc.), part: 0x0e31, ver: 0x1)
> halted at 0x20000418 due to debug interrupt
> Timed out waiting for state 1. Increase timeout with riscv
> set_command_timeout_sec.
> in procedure 'reset'
> in procedure 'ocd_bouncer'
>
> Even increasing the command timeout to 2 minutes doesn't help, as it just
> hangs instead:
>
> (gdb) b main
> Breakpoint 1 at 0x20000be2: file
> repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
> (gdb) mon reset
> JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
> Inc.), part: 0x0e31, ver: 0x1)
> halted at 0x2000041e due to debug interrupt
>
> I guess resorting to using the console with some print statements isn't the
> end of the world. I did previously try and get some printing out to a
> serial window but it wasn't working and I wasn't sure if it was just
> because the bootloader couldn't support that functionality or if I had set
> it up incorrectly. It's good to know it should work in theory so that I
> can go back and focus on implementing it correctly.
>
>
>
> On Thu, Apr 19, 2018 at 2:27 PM, marko kiiskila <ma...@runtime.io> wrote:
>
> >
> > Just reset the target; it’ll restart from the beginning.
> > Presumably the bootloader will do the same work every time it runs?
> > ‘mon reset’ is what you’d issue from gdb prompt.
> >
> > You can enable console within bootloader, if absolutely necessary.
> > Replace the console/stub package with console/full, and call sysinit()
> > from your main.
> > Note that bootloader size might increase it’s size such that you’ll need
> > to shift any subsequent data in the flash further away.
> >
> > Hope that helps,
> > M
> >
> > > On Apr 19, 2018, at 5:14 PM, Niall Begley <nb...@gmail.com> wrote:
> > >
> > > Hi everyone, I'm new to mynewt (and RTOS's in general) and I'm looking to
> > > do something that I think is a little outside the scope of a lot of the
> > > documentation on the mynewt site (as far as I can tell) and I was hoping
> > to
> > > get some guidance.
> > >
> > > Basically, I'm interested in modifying the existing digital signature
> > > systems in place for secure boot loading, but I'm running into a problem
> > > actually debugging the changes I'm making. When I run "newt run" on my
> > > bootloader, GDB appears to only load when the digital signature is
> > already
> > > halfway through validation. For example, here is what the stack looks
> > like
> > > immediately after breaking into GDB when the bootloader is set to perform
> > > RSA signature validation:
> > >
> > > #0 memset (dst=0x80002d28, c=c@entry=0, n=<optimized out>) at
> > > repos/apache-mynewt-core/libc/baselibc/src/memset.c:24
> > > #1 0x200025ca in mbedtls_mpi_lset (X=X@entry=0x80002fd0, z=z@entry=0)
> > at
> > > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:295
> > > #2 0x20002f0c in mbedtls_mpi_mul_mpi (X=X@entry=0x80002fd0,
> > A=0x80002f54,
> > > A@entry=0x80002fd0, B=B@entry=0x80002f84)
> > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1193
> > > #3 0x20002f5a in mbedtls_mpi_mul_int (X=X@entry=0x80002fd0,
> > > A=A@entry=0x80002fd0,
> > > b=<optimized out>)
> > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1220
> > > #4 0x200031e4 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry
> > =0x80003694,
> > > A=A@entry=0x80003694, B=B@entry=0x80003cec)
> > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1388
> > > #5 0x20003320 in mbedtls_mpi_mod_mpi (R=R@entry=0x80003694,
> > > A=A@entry=0x80003694,
> > > B=B@entry=0x80003cec)
> > > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1460
> > > #6 0x20003648 in mbedtls_mpi_exp_mod (X=X@entry=0x800036e4,
> > > A=A@entry=0x800036e4,
> > > E=E@entry=0x80003cf8, N=N@entry=0x80003cec,
> > > _RR=_RR@entry=0x80003d4c) at
> > > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1662
> > > #7 0x20003a00 in mbedtls_rsa_public (ctx=ctx@entry=0x80003ce4,
> > > input=input@entry=0x80003e2c
> > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > 200d2V\327\265h9F\005
> > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > 203\230\327\301H1\004",
> > > output=output@entry=0x80003714 "\n\001") at
> > > repos/apache-mynewt-core/crypto/mbedtls/src/rsa.c:312
> > > #8 0x20001946 in bootutil_cmp_rsasig (
> > > sig=0x80003e2c
> > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > 200d2V\327\265h9F\005
> > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > 203\230\327\301H1\004",
> > > hlen=32,
> > > hash=0x80003e0c
> > > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> > 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> > 246>\016j\222t\200d2V\327\265h9F\005
> > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > 203\230\327\301H1\004",
> > > ctx=0x80003ce4) at repos/apache-mynewt-core/boot/
> > bootutil/src/image_rsa.c:91
> > > #9 bootutil_verify_sig (
> > > hash=hash@entry=0x80003e0c
> > > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> > 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> > 246>\016j\222t\200d2V\327\265h9F\005
> > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > 203\230\327\301H1\004",
> > > hlen=hlen@entry=32,
> > > sig=sig@entry=0x80003e2c
> > > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> > 200d2V\327\265h9F\005
> > > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> > b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> > 203\230\327\301H1\004",
> > > slen=slen@entry=256, key_id=<optimized out>) at
> > > repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:145
> > > #10 0x20001842 in bootutil_img_validate (hdr=hdr@entry=0x800007c4
> > > <boot_data>, fap=fap@entry=0x20005e84 <sysflash_map_dflt+12>,
> > > tmp_buf=<optimized out>, tmp_buf_sz=tmp_buf_sz@entry=256,
> > > seed=seed@entry=0x0, seed_len=seed_len@entry=0,
> > > out_hash=out_hash@entry=0x0) at
> > > repos/apache-mynewt-core/boot/bootutil/src/image_validate.c:215
> > > #11 0x20000e2e in boot_image_check (fap=0x20005e84
> > <sysflash_map_dflt+12>,
> > > hdr=0x800007c4 <boot_data>)
> > > at repos/apache-mynewt-core/boot/bootutil/src/loader.c:518
> > > #12 boot_validate_slot (slot=slot@entry=0) at
> > > repos/apache-mynewt-core/boot/bootutil/src/loader.c:576
> > > #13 0x200011b4 in boot_go (rsp=rsp@entry=0x80003fd4) at
> > > repos/apache-mynewt-core/boot/bootutil/src/loader.c:1054
> > > #14 0x20000bf2 in main () at
> > > repos/apache-mynewt-core/apps/boot/src/boot.c:54
> > >
> > > Is there a better way to do this with GDB? Is it possible to use one of
> > > the logging or console packages to perform prints? Any tips in general?
> > >
> > > Thanks everyone
> >
> >
Re: Debugging the mynewt bootloader
Posted by Niall Begley <nb...@gmail.com>.
Hi Marko,
That's extremely useful information, thank you. "Mon reset" is exactly the
command I was looking for, although I seem to be out of luck as my board
(HiFive1) doesn't appear to like that command:
(gdb) break main
Breakpoint 1 at 0x20000be2: file
repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
(gdb) mon reset
JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
Inc.), part: 0x0e31, ver: 0x1)
halted at 0x20000418 due to debug interrupt
Timed out waiting for state 1. Increase timeout with riscv
set_command_timeout_sec.
in procedure 'reset'
in procedure 'ocd_bouncer'
Even increasing the command timeout to 2 minutes doesn't help, as it just
hangs instead:
(gdb) b main
Breakpoint 1 at 0x20000be2: file
repos/apache-mynewt-core/apps/boot/src/boot.c, line 42.
(gdb) mon reset
JTAG tap: riscv.cpu tap/device found: 0x10e31913 (mfg: 0x489 (SiFive,
Inc.), part: 0x0e31, ver: 0x1)
halted at 0x2000041e due to debug interrupt
I guess resorting to using the console with some print statements isn't the
end of the world. I did previously try and get some printing out to a
serial window but it wasn't working and I wasn't sure if it was just
because the bootloader couldn't support that functionality or if I had set
it up incorrectly. It's good to know it should work in theory so that I
can go back and focus on implementing it correctly.
On Thu, Apr 19, 2018 at 2:27 PM, marko kiiskila <ma...@runtime.io> wrote:
>
> Just reset the target; it’ll restart from the beginning.
> Presumably the bootloader will do the same work every time it runs?
> ‘mon reset’ is what you’d issue from gdb prompt.
>
> You can enable console within bootloader, if absolutely necessary.
> Replace the console/stub package with console/full, and call sysinit()
> from your main.
> Note that bootloader size might increase it’s size such that you’ll need
> to shift any subsequent data in the flash further away.
>
> Hope that helps,
> M
>
> > On Apr 19, 2018, at 5:14 PM, Niall Begley <nb...@gmail.com> wrote:
> >
> > Hi everyone, I'm new to mynewt (and RTOS's in general) and I'm looking to
> > do something that I think is a little outside the scope of a lot of the
> > documentation on the mynewt site (as far as I can tell) and I was hoping
> to
> > get some guidance.
> >
> > Basically, I'm interested in modifying the existing digital signature
> > systems in place for secure boot loading, but I'm running into a problem
> > actually debugging the changes I'm making. When I run "newt run" on my
> > bootloader, GDB appears to only load when the digital signature is
> already
> > halfway through validation. For example, here is what the stack looks
> like
> > immediately after breaking into GDB when the bootloader is set to perform
> > RSA signature validation:
> >
> > #0 memset (dst=0x80002d28, c=c@entry=0, n=<optimized out>) at
> > repos/apache-mynewt-core/libc/baselibc/src/memset.c:24
> > #1 0x200025ca in mbedtls_mpi_lset (X=X@entry=0x80002fd0, z=z@entry=0)
> at
> > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:295
> > #2 0x20002f0c in mbedtls_mpi_mul_mpi (X=X@entry=0x80002fd0,
> A=0x80002f54,
> > A@entry=0x80002fd0, B=B@entry=0x80002f84)
> > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1193
> > #3 0x20002f5a in mbedtls_mpi_mul_int (X=X@entry=0x80002fd0,
> > A=A@entry=0x80002fd0,
> > b=<optimized out>)
> > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1220
> > #4 0x200031e4 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry
> =0x80003694,
> > A=A@entry=0x80003694, B=B@entry=0x80003cec)
> > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1388
> > #5 0x20003320 in mbedtls_mpi_mod_mpi (R=R@entry=0x80003694,
> > A=A@entry=0x80003694,
> > B=B@entry=0x80003cec)
> > at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1460
> > #6 0x20003648 in mbedtls_mpi_exp_mod (X=X@entry=0x800036e4,
> > A=A@entry=0x800036e4,
> > E=E@entry=0x80003cf8, N=N@entry=0x80003cec,
> > _RR=_RR@entry=0x80003d4c) at
> > repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1662
> > #7 0x20003a00 in mbedtls_rsa_public (ctx=ctx@entry=0x80003ce4,
> > input=input@entry=0x80003e2c
> > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> 200d2V\327\265h9F\005
> > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> 203\230\327\301H1\004",
> > output=output@entry=0x80003714 "\n\001") at
> > repos/apache-mynewt-core/crypto/mbedtls/src/rsa.c:312
> > #8 0x20001946 in bootutil_cmp_rsasig (
> > sig=0x80003e2c
> > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> 200d2V\327\265h9F\005
> > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> 203\230\327\301H1\004",
> > hlen=32,
> > hash=0x80003e0c
> > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> 246>\016j\222t\200d2V\327\265h9F\005
> > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> 203\230\327\301H1\004",
> > ctx=0x80003ce4) at repos/apache-mynewt-core/boot/
> bootutil/src/image_rsa.c:91
> > #9 bootutil_verify_sig (
> > hash=hash@entry=0x80003e0c
> > "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\
> 216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\
> 246>\016j\222t\200d2V\327\265h9F\005
> > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> 203\230\327\301H1\004",
> > hlen=hlen@entry=32,
> > sig=sig@entry=0x80003e2c
> > "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\
> 200d2V\327\265h9F\005
> > \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*
> b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\
> 203\230\327\301H1\004",
> > slen=slen@entry=256, key_id=<optimized out>) at
> > repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:145
> > #10 0x20001842 in bootutil_img_validate (hdr=hdr@entry=0x800007c4
> > <boot_data>, fap=fap@entry=0x20005e84 <sysflash_map_dflt+12>,
> > tmp_buf=<optimized out>, tmp_buf_sz=tmp_buf_sz@entry=256,
> > seed=seed@entry=0x0, seed_len=seed_len@entry=0,
> > out_hash=out_hash@entry=0x0) at
> > repos/apache-mynewt-core/boot/bootutil/src/image_validate.c:215
> > #11 0x20000e2e in boot_image_check (fap=0x20005e84
> <sysflash_map_dflt+12>,
> > hdr=0x800007c4 <boot_data>)
> > at repos/apache-mynewt-core/boot/bootutil/src/loader.c:518
> > #12 boot_validate_slot (slot=slot@entry=0) at
> > repos/apache-mynewt-core/boot/bootutil/src/loader.c:576
> > #13 0x200011b4 in boot_go (rsp=rsp@entry=0x80003fd4) at
> > repos/apache-mynewt-core/boot/bootutil/src/loader.c:1054
> > #14 0x20000bf2 in main () at
> > repos/apache-mynewt-core/apps/boot/src/boot.c:54
> >
> > Is there a better way to do this with GDB? Is it possible to use one of
> > the logging or console packages to perform prints? Any tips in general?
> >
> > Thanks everyone
>
>
Re: Debugging the mynewt bootloader
Posted by marko kiiskila <ma...@runtime.io>.
Just reset the target; it’ll restart from the beginning.
Presumably the bootloader will do the same work every time it runs?
‘mon reset’ is what you’d issue from gdb prompt.
You can enable console within bootloader, if absolutely necessary.
Replace the console/stub package with console/full, and call sysinit()
from your main.
Note that bootloader size might increase it’s size such that you’ll need
to shift any subsequent data in the flash further away.
Hope that helps,
M
> On Apr 19, 2018, at 5:14 PM, Niall Begley <nb...@gmail.com> wrote:
>
> Hi everyone, I'm new to mynewt (and RTOS's in general) and I'm looking to
> do something that I think is a little outside the scope of a lot of the
> documentation on the mynewt site (as far as I can tell) and I was hoping to
> get some guidance.
>
> Basically, I'm interested in modifying the existing digital signature
> systems in place for secure boot loading, but I'm running into a problem
> actually debugging the changes I'm making. When I run "newt run" on my
> bootloader, GDB appears to only load when the digital signature is already
> halfway through validation. For example, here is what the stack looks like
> immediately after breaking into GDB when the bootloader is set to perform
> RSA signature validation:
>
> #0 memset (dst=0x80002d28, c=c@entry=0, n=<optimized out>) at
> repos/apache-mynewt-core/libc/baselibc/src/memset.c:24
> #1 0x200025ca in mbedtls_mpi_lset (X=X@entry=0x80002fd0, z=z@entry=0) at
> repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:295
> #2 0x20002f0c in mbedtls_mpi_mul_mpi (X=X@entry=0x80002fd0, A=0x80002f54,
> A@entry=0x80002fd0, B=B@entry=0x80002f84)
> at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1193
> #3 0x20002f5a in mbedtls_mpi_mul_int (X=X@entry=0x80002fd0,
> A=A@entry=0x80002fd0,
> b=<optimized out>)
> at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1220
> #4 0x200031e4 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry=0x80003694,
> A=A@entry=0x80003694, B=B@entry=0x80003cec)
> at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1388
> #5 0x20003320 in mbedtls_mpi_mod_mpi (R=R@entry=0x80003694,
> A=A@entry=0x80003694,
> B=B@entry=0x80003cec)
> at repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1460
> #6 0x20003648 in mbedtls_mpi_exp_mod (X=X@entry=0x800036e4,
> A=A@entry=0x800036e4,
> E=E@entry=0x80003cf8, N=N@entry=0x80003cec,
> _RR=_RR@entry=0x80003d4c) at
> repos/apache-mynewt-core/crypto/mbedtls/src/bignum.c:1662
> #7 0x20003a00 in mbedtls_rsa_public (ctx=ctx@entry=0x80003ce4,
> input=input@entry=0x80003e2c
> "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
> \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
> output=output@entry=0x80003714 "\n\001") at
> repos/apache-mynewt-core/crypto/mbedtls/src/rsa.c:312
> #8 0x20001946 in bootutil_cmp_rsasig (
> sig=0x80003e2c
> "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
> \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
> hlen=32,
> hash=0x80003e0c
> "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
> \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
> ctx=0x80003ce4) at repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:91
> #9 bootutil_verify_sig (
> hash=hash@entry=0x80003e0c
> "u\362~\202\361\245\"\206\204\370aD\241JC\304#\352\202Ҫ\247\216yA)\002\341\071wNN\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
> \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
> hlen=hlen@entry=32,
> sig=sig@entry=0x80003e2c
> "\002\005\256\024\350R\fV\214\207(\222\246>\016j\222t\200d2V\327\265h9F\005
> \305\030\312t\255\357\b\024\203\020C)Ң\f!\031\024\203\035*b\220b\f!\031N\225\265\356\061F2\232\016|\024\203\035*\203\230\327\301H1\004",
> slen=slen@entry=256, key_id=<optimized out>) at
> repos/apache-mynewt-core/boot/bootutil/src/image_rsa.c:145
> #10 0x20001842 in bootutil_img_validate (hdr=hdr@entry=0x800007c4
> <boot_data>, fap=fap@entry=0x20005e84 <sysflash_map_dflt+12>,
> tmp_buf=<optimized out>, tmp_buf_sz=tmp_buf_sz@entry=256,
> seed=seed@entry=0x0, seed_len=seed_len@entry=0,
> out_hash=out_hash@entry=0x0) at
> repos/apache-mynewt-core/boot/bootutil/src/image_validate.c:215
> #11 0x20000e2e in boot_image_check (fap=0x20005e84 <sysflash_map_dflt+12>,
> hdr=0x800007c4 <boot_data>)
> at repos/apache-mynewt-core/boot/bootutil/src/loader.c:518
> #12 boot_validate_slot (slot=slot@entry=0) at
> repos/apache-mynewt-core/boot/bootutil/src/loader.c:576
> #13 0x200011b4 in boot_go (rsp=rsp@entry=0x80003fd4) at
> repos/apache-mynewt-core/boot/bootutil/src/loader.c:1054
> #14 0x20000bf2 in main () at
> repos/apache-mynewt-core/apps/boot/src/boot.c:54
>
> Is there a better way to do this with GDB? Is it possible to use one of
> the logging or console packages to perform prints? Any tips in general?
>
> Thanks everyone