Bonum Certa Men Certa

How To Deal With Your Raspberry Spy -- Part IV: Doing The Task

By Gavin L. Rebeiro

Contents



Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge 2.2 Apparatus

3 Fundamentals

3.1 Communication 3.2 Kernel Ring Buffer 3.3 Drivers 3.4 Operating Systems 3.5 Special Files

4 YOU ARE HERE ☞ Doing The Task

4.1 Preparing The Boot Media 4.2 Connecting Physical Components 4.3 Using Picocom 4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: We now spell out the steps taken to actually replace the Raspberry Pi OS with something more trustworthy (for background see Part I, Part II, and Part III)

We’ve now covered enough ground to make the installation of NetBSD on our Raspberry Spy (over our UTUB) a relatively painless matter.



Let’s go through the process in little steps.

4.1 Preparing The Boot Media

I’m going to grab the appropriate NetBSD image by taking hints from the following:

NetBSD/evbarm on Raspberry Pi tells us everything we need to know to pick the right image. All the sections here related to booting are worth reading at least once. Also read sections about consoles and serial consoles at least once.

Raspberry Pi boot modes is useful if you want to dig deeper into the booting mechanisms of the Raspberry Spy. USB mass storage boot is particularly useful for booting off USB. Trust me, you don’t want to muck around with SD cards; they’re a nightmare.

NetBSD/evbarm can be referenced for general information about NetBSD on ARM boards.

The above links should give you a good idea of what’s going on and what needs to be done with regards to putting a NetBSD on a boot media that goes into a Raspberry Spy.

Let’s go through a concrete example.

My Raspberry Spy is of the model “3 B+” variety so I’m dealing with an ARM64 CPU architecture. We’ll follow along the instructions outlined in Installation procedure for NetBSD/evbarm; pay close attention to the section “NetBSD/evbarm subdirectory structure”; I follow these instructions as I explore Index of pub/NetBSD/NetBSD-9.1/evbarm-aarch64/.

I grab the appropriate image like so:

$ mkdir ~/Downloads/netbsd
$ cd ~/Downloads/minted
$ wget https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.1/evb c
 → arm-aarch64/binary/gzimg/arm64.img.gz


Now that we’ve got the image, we can write it to our boot media. I’m going to assume you have an appropriate reader already plugged into your GNU/Linux box. I’ve got my USB thumb drive as “/dev/sdg” on my system. Use the right block device file on your system1. We base our procedure along the lines of “Installation for ARMv7 and AArch64 devices with U-Boot” section from Installation procedure for NetBSD/evbarm:

$ gzip --decompress --keep arm64.img.gz
# dd if=arm64.img of=/dev/sdg bs=1M conv=sync
 → status=progress
$ lsblk -f | grep sdg


We’re going to ignore the minutiae of writing to block devices, bootloaders, and other adjacent topics related to the utilities we just used; that’s left for another time. We care about learning how to use a serial console in this project so we must stay focused on our primary target.

We’re going to have a look at how to make a serial install possible via some editing of the “cmdline.txt” file that now resides in the boot media (on the boot partition which is of type “vfat”):

# mkdir /media/netbsd_image
# mount /dev/sdg1 /media/netbsd_image
# grep "console" < cmdline.txt
# root=ld0a console=fb
# grep "enable_uart" < config.txt
# enable_uart=1


The “console=fb” part is to get out OS image to use the HDMI output. We will get rid of that string from the file “cmdline.txt”. Who needs that anyway? One way to do it2:

# ed cmdline.txt
21
,p
root=ld0a console=fb
1
root=ld0a console=fb
s/console=fb//
,p
root=ld0a
wq
11
# echo ",p" | ed cmdline.txt
11
root=ld0a





Remember to check your edits!

We also ensure that “enable_uart=1” is set in the file “config.txt":

# echo ",p" | ed config.txt
82
arm_64bit=1


kernel=netbsd.img
kernel_address=0x200000
enable_uart=1
force_turbo=0


Everything looks good! Additional useful information on the Raspberry Spy UART can be found in UART configuration. Pretty self-explanatory. That wasn’t so hard. Was it? Note that the following links document the files we’ve been messing around with:

The Kernel Command Lineconfig.txt

It’s a good idea to back up the state of your image, at this point3. We can now safely unmount our boot media and get on with the project:

# cd ~
# umount /media/netbsd_image


We change directory, before we unmount, so that we don’t get any “device busy” errors.

We’ve now got our boot media ready. Onwards!

4.2 Connecting Physical Components

Before you power up your UTUB, you should really check that the pins are working properly. The very basic test you should do is to check that the right voltage is being supplied. Check out Appendix C.

The pins on our UTUB and Raspberry Spy that we’re interested are the following:

● Raspberry Spy: Pin6 (Ground), Pin8 (GPIO14, TXD), Pin10 (GPIO15, RXD). You can find the layout in the official GPIO page.

● UTUB: I’ve got a CP2104 UTUB so I’ve got to only worry about the pins marked TX, RX, and GND. I have other pins on the module but they’re not relevant for this task.

We won’t be using any of the voltage pins on the boards because it’s more prone to errors. Just use the USB power supply that comes with your Raspberry Spy.

Don’t plug anything into power for the following sequence. Connect the jump-wires like so:

● Ground on UTUB to Ground (Pin6) on Raspberry Spy.

● TX on UTUB to RX (Pin10) on Raspbery Spy.

● RX on UTUB to TX on (Pin8) Raspberry Spy.

"We won’t be using any of the voltage pins on the boards because it’s more prone to errors."Don’t make the rookie mistake of matching TX with TX and RX with RX; TX always goes to RX and RX always goes to TX. Keep this in mind, always, when working with UARTs. Colour-coding your jump-wires helps.

We’ll just go over the order of attaching the stuff to do with power on our devices:

● Attach the USB power adapter to the Raspberry Pi without plugging the adapter into the power outlet.

● Attach the UTUB to your GNU/Linux box.

● Attach your USB power adapter to your power outlet.

The logic for the above procedure is that you can ensure that your serial interface is up and running before you start getting input from your Raspberry Spy.

4.3 Using Picocom

Using picocom(1) is simple. All we need to do is select the correct baud rate and give the right device file as a parameter to picocom(1).

I’ll give you an extract from the manual page to enlighten you:

In effect, picocom is not an "emulator" per-se. It is a
simple program that opens, configures, manages a serial
port (tty device) and its settings, and connects to it
the terminal emulator you are, most likely, already
→ using
(the terminal window application, xterm, rxvt, system
console, etc).
When picocom starts it opens the tty (serial port)
given as its non-option argument. Unless the
--noinit option is given, it configures the port to
the settings specified by the option-arguments (or
to some default settings), and sets it to "raw"
mode. If --noinit is given, the initialization and
configuration is skipped; the port is just opened.
Following this, if standard input is a tty, picocom
sets the tty to raw mode. Then it goes in a loop
where it listens for input from stdin, or from the
serial port. Input from the serial port is copied
to the standard output while input from the standard
input is copied to the serial port. Picocom also
scans its input stream for a user-specified control
character, called the escape character (being by
default C-a). If the escape character is seen, then
instead of sending it to the serial-device, the
program enters "command mode" and waits for the next
character (which is called the "function
character"). Depending on the value of the function
character, picocom performs one of the operations
described in the COMMANDS section below.


We use “C-a C-x” (Ctrl+a followed by Ctrl+x)4 to tell picocom(1) to exit; for more, RTFM; in particular, pay close attention to the “COMMANDS” section.

Make sure you’ve set up all the physical connections, as advised. It’s time to attach our UTUB to our GNU/Linux box and then make sure we invoke picocom(1) correctly:

# picocom --baud 115200 /dev/ttyUSB0
picocom v3.1



port is : /dev/ttyUSB0 flowcontrol : none baudrate is : 115200 parity is : none databits are : 8 stopbits are : 1 escape is : C-a local echo is : no noinit is : no noreset is : no hangup is : no nolock is : no send_cmd is : sz -vv receive_cmd is : rz -vv -E imap is : omap is : emap is : crcrlf,delbs logfile is : none initstring : none exit_after is : not set exit is : no

Type [C-a] [C-h] to see available commands Terminal ready


It really is that simple. You’ve now got a serial terminal ready and listening.

4.4 OS Installation

Now that you’ve got a serial terminal operational, all we have to do to install NetBSD on the Raspberry Spy is to plug the USB power adapter into the power outlet. Keep a close eye on what goes on in the output of your serial terminal:

...
[   7.4246937] root device:
[  11.6252523] use one of: mue0 sd0[a-p] ddb halt reboot
[  11.6252523] root device: sd0
[  13.9755661] dump device (default sd0b):
[  15.7257992] file system (default generic):
...


You should be promoted to pick a root device. I pick “sd0” as it’s the first ’disk’ offered by NetBSD (which can only be my boot media)5. I go for the suggested defaults, for everything else. No need to overcomplicate things, at this point.

You will probably see your Raspberry Spy reboot once or twice during the OS install process. Just pass the same parameters for the boot device, and you should be good to go.

Eventually, you should be met with the following:

...
NetBSD/evbarm (arm64) (constty)
...



login:


If you login as “root”, you should have a nice login shell presented to you.

And we are done! You’ve successfully done some tinkering over a serial terminal. That wasn’t so hard. Was it? You can shutdown your device (halt the OS) like so:

# shutdown -p now
...
[   910.5814809] The operating system has halted.
[   910.5814809] Please press any key to reboot.


You can now disconnect the power supply from your Raspberry Spy. Then just send “C-a C-x” to picocom(1); after which, you should see:

...
Terminating...
Thanks for using picocom
#


Welcome to the world of serial terminals; hack your heart out! ____ 1 The command lsblk -f should help you out here. Don’t wipe the wrong device by accident. 2 If you use another text editor, that’s fine. You really should learn ed(1) at some point though, especially if you want to get into embedded systems. 3 At least keep track of the files that you tweaked. If you use some sort of version-control-system, you get bonus points. 4 I don’t know why the manual doesn’t bother to explicitly mention that these are GNU-Emacs-style key sequences. 5 See the NetBSD sd(4) manpage for details.

Recent Techrights' Posts

Coming Soon: Microsoft Fake Results, Mass Layoffs, and Silence About All the People Microsoft Pressured to "Quit" (So That They Don't Get Counted as Layoffs)
there will be more mass layoffs
Speed of GNU/Linux
The media seldom speaks of the dangers of "proprietary software"
Proprietary Windows Versus "Linux" News (Trying to Keep People on Windows, Never Exploring GNU/Linux)
Good editors know better how to recognise threats and not give them lip service
Ensuring That Every Computer User Anywhere in the World Can Take Control of All His or Her Computers
We must fight the people who attack general-purpose computing, in particular those who push this agenda very aggressively inside Linux
Gemini Links 28/04/2025: Autism and Structural Navigation
Links for the day
What Happened to the Open Source Initiative (OSI) Elections: The Purge, the Cover-up, and the Witch-hunts
OSI has gone "full Microsoft"
 
China is Already Culling GAFAM (Not Just Microsoft Windows)
OS monoculture or "OS hegemony" may be coming to an end
The "Telephone Operating System in the Vatican" is 95 Years Old, Vatican Moved to GNU/Linux
Maybe Microsoft is down to zero already
If Tesla Shares (and Alleged Value) Fell 55% (From $489 to $222) in a Few Months Maybe It's Not Worth Anything At All (It's Just Gambling)
Tesla swasticars have turned from a "status symbol" into a "public embarrassment" and cause for casual humiliation
Chromebooks' Adoption in Sweden No Longer Depends on Schools
School breaks are when classrooms are shut
No, IBM is Not Investing $150 Billion in the US and It Doesn't Even Have That Kind of Money
Here we go again... media as a vehicle of lobbying and misinformation
Leak: The EPO's General Consultative Committee (GCC) Does Not Consult Staff on Crucial Matters and Bypasses the Administrative Council (AC) to Do Illegal Things
violations against the EPO's very staff
New Leaks Coming Soon, We Maintain 100% Record of Successful Resistance to Censorship
We won't be told what we can and cannot say (especially when it's true)
Central African Republic (CAR): Vista 11 is Only ~0.2% Market Share
99.8% to go!
BSD and GNU/Linux Replaced Microsoft in Secure Servers, All Microsoft Has Left is LLM Slop for Fear, Uncertainty, and Doubt (FUD)
the FUD machine never rests
Gemini Links 28/04/2025: A Simple Task Tracking and Auto-Prioritization Tool and Other Programs
Links for the day
Links 28/04/2025: Canada's Election, Pakistan-India Conflict
Links for the day
Glue Inside Your Pizza (or Why People Will Get Fed Up With Slop)
People are given "answers" from non-intelligence word dumpsters
Links 28/04/2025: Cyberattacks Happening, Chatbots Disappointing, and "Free Speech Under Fire"
Links for the day
Phone Adoption Very Low in Vatican, Windows Usage Fell Nonetheless
Even in places where people still use desktops/laptops most of the time (and have access to these) Windows is gradually losing ground
GNU/Linux 9% in Cuba, Vista 11 Waning, Android Dominant
Microsoft has pretty much lost Cuba
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 27, 2025
IRC logs for Sunday, April 27, 2025
In 24 Countries Observed by statCounter Vista 11 is Still Less Than a Quarter of Windows Users Despite All Other Versions Being 'Expired'
They ought to move to GNU/Linux
Links 27/04/2025: Pope Goodbyes, "Politics of Fear", Slop Redux and More Google Shutdowns (Google Debt Had Grown This Year)
Links for the day
Links 27/04/2025: Serenity Dialectics, Hockey Jersey Ethics, and More
Links for the day
Links 27/04/2025: Death of Nest Thermostats, Death of Metaverse
Links for the day
Links 27/04/2025: Projects Workflow and Discovering Technology
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 26, 2025
IRC logs for Saturday, April 26, 2025
Microsoft Isn't on the Map in USSR
To them, it's either Google or Yandex
In Central America Windows Became a Small Force
These are countries where Windows used to have well over 95% of the "market"
What's Very Vexing to GAFAM, EPO and Others Is That It's Incredibly Hard to Censor Us (and Nobody Ever Successfully Did That Before)
resist, do not capitulate
Site May be Even Faster Now
It basically takes less than a tenth of a second to serve the page
Receiving SLAPPs and Collecting Them Like Trophies (the SLAPPs Always Fail)
People who file lawsuits bring even more attention to themselves (or to embarrassing statements about them)
Year of GNU/Linux on the Laptop?
It's not happening only in Lenovo
What People Must Understand About the Open Source Initiative (OSI)
some facts about the Open Source Initiative (OSI)
Many of the Scandals Are Interconnected (Overlapping People and Corporations)
We're only getting started
More Copyright Lawsuits Against LLM Slop Providers and Suppliers of LLM Slopfarms Would Benefit Society
It's not just bad for the Web and for society; it's also legally dangerous
Links 26/04/2025: General Assassinated in the Town of Balashikha, US Promoting Seafloor Mining
Links for the day
Links 26/04/2025: Facebook Layoffs Again, Remembering What's Real, and Say No to Mass Surveillance
Links for the day
Links 26/04/2025: NOAA Budget Cuts and "Dog Days Ahead"
Links for the day
In defence of JD Vance, death of Pope Francis
Reprinted with permission from Daniel Pocock
Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 25, 2025
IRC logs for Friday, April 25, 2025