At one of the Intel Technology Days conferences a while ago, Intel gave us a gift of a Galileo board, which is based on the Quark SoC, just before the general announcement. The promise of the Quark SoC was that it would be a fully open (down to the firmware) embedded system based on UEFI. When the board first came out, though, the UEFI code was missing (promised for later), so I put it on a shelf and forgot about it. Recently, the UEFI Security Subteam has been considering issues that impinge on embedded architectures (mostly arm) so having an actual working embedded development board could prove useful. This is the first part of the story of trying to turn the Galileo into an embedded reference platform for UEFI.
The first problem with getting the Galileo working is that if you want to talk to the UEFI part it’s done over a serial interface, with a 3.5″ jack connection. However, a quick trip to amazon solved that one. Equipped with the serial interface, it’s now possible to start running UEFI binaries. Just using the default firmware (with no secure boot) I began testing the efitools binaries. Unfortunately, they were building the size of the secure variables (my startup.nsh script does an append write to db) and eventually the thing hit an assert failure on entering the UEFI handoff. This led to the discovery that the recovery straps on the board didn’t work, there’s no way to clear the variable NVRAM and the only way to get control back was to use an external firmware flash tool. So it’s off for an unexpected trip to uncharted territory unless I want the board to stay bricked.
The flash tool Intel recommends is the Dediprog SF 100. These are a bit expensive (around US$350) and there’s no US supplier, meaning you have to order from abroad, wait ages for it to be delivered and deal with US customs on import, something I’ve done before and have no wish to repeat. So, casting about for a better solution, I came up with the Bus Pirate. It’s a fully open hardware component (including a google code repository for the firmware and the schematics) plus it’s only US$35 (that’s 10x cheaper than the dediprog), available from Amazon and works well with Linux (for full disclosure, Amazon was actually sold out when I bought mine, so I got it here instead).
The Bus Pirate comes as a bare circuit board (no case or cables), so you have to buy everything you might need to use it extra. I knew I’d need a ribbon cable with SPI plugs (the Galileo has an SPI connector for the dediprog), so I ordered one with the card. The first surprise when the card arrived was that the USB connector is actually Mini B not the now standard Micro connector. I’ve not seen one of those since I had an Android G1, but, after looking in vain for my old android one, Staples still has the cables. The next problem is that, being open hardware, there are multiple manufacturers. They all supply a nice multi coloured ribbon cable, but there are two possible orientations and both are produced. Turns out I have a sparkfun cable which is the opposite way around from the colour values in the firmware (which is why the first attempt to talk to the chip didn’t work). The Galileo has diode isolators so the SPI flash chip can be powered up and operated independently by the Bus Pirate; accounting for cable orientation, and disconnecting the Galileo from all other external power, this now works. Finally, there’s a nice Linux project, flashrom, which allows you to flash all manner of chips and it has a programmer mode for the Bus Pirate. Great, except that the default USB serial speed is 115200 and at that baud rate, it takes about ten minutes just to read an 8MB SPI flash (flashrom will read, program and then verify, giving you about 25 mins each time you redo the firmware). Speeding this up is easy: there’s an unapplied patch to increase the baud rate to 2Mbit and I wrote some code to flash only designated areas of the chip (note to self: send this upstream). The result is available on the OpenSUSE build service. The outcome is that I’m now able to build and reprogram the firmware in around a minute.
By now this is two weeks, a couple of hacks to a tool I didn’t know I’d need and around US$60 after I began the project, but at least I’m now an embedded programmer and have the scars to prove it. Next up is getting Secure Boot actually working ….