NixWRT: purely functional firmware images for IoT

Video thumbnail (Frame 0) Video thumbnail (Frame 8559) Video thumbnail (Frame 17118) Video thumbnail (Frame 18467) Video thumbnail (Frame 19892) Video thumbnail (Frame 20997) Video thumbnail (Frame 21805) Video thumbnail (Frame 24622) Video thumbnail (Frame 25817) Video thumbnail (Frame 27323)
Video in TIB AV-Portal: NixWRT: purely functional firmware images for IoT

Formal Metadata

Title
NixWRT: purely functional firmware images for IoT
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Abstract
Reflashing your broadband router with Linux (e.g. DD-WRT, OpenWRT, Tomato or variants) gives you unparalleled flexibility to do things that the manufacturer probably hadn't thought of. Remembering what you did, six months later, is often trickier. NixWRT is a (currently experimental) collection of derivations using the Nix package system and bits of NixOS to build router and IoT device firmware images using the principles of declarativity and composability that are why we love Nix. This talk will give you an overview of how it works, some war stories about the challenges faced, and hopefully the data you need to to decide whether to try it yourself on your own hardware. --- Bio: Daniel Barlow has been using Linux since kernel 0.99 (Slackware and MCC-Interim), and has never really adjusted as computing has moved on. Playing with resource-limited systems like routers and IoT devices helps him pretend it's still 1995. Since then he's programmed professionally in Perl, Common Lisp and Ruby, and played with Clojure and Nix. Most likely to say: ""try looking at it with ?"" Least likely to say: ""just buy a closed-source solution from an enterprise vendor""
Building Range (statistics) Open set Formal language Medical imaging Derivation (linguistics) Mathematics Roundness (object) Spherical cap Different (Kate Ryan album) Square number Office suite Extension (kinesiology) Software developer Data storage device Bit Flow separation Data management In-System-Programmierung Quicksort Backup Server (computing) GUI widget Divisor Observational study Ripping Flash memory Computer Computer icon Goodness of fit Hacker (term) Term (mathematics) Linear programming Divergence Computer hardware Software testing Router (computing) Booting Firmware Compilation album Scaling (geometry) Radon transform Cellular automaton Configuration management Professional network service Graphical user interface Word Kernel (computing) Software Rootkit
Point (geometry) Polar coordinate system Serial port Computer file GUI widget Variety (linguistics) Code Real number 1 (number) Virtual machine Drop (liquid) Discrete element method Graph coloring Computer Emulator Derivation (linguistics) Term (mathematics) Computer hardware Linear programming Energy level System programming Software testing Booting Compilation album Physical system Computer architecture Overlay-Netz Personal identification number Email Arm Information Radon transform Binary code Moment (mathematics) Counting Bit Connected space Degree (graph theory) Kernel (computing) Software Personal digital assistant Logic Network topology Mixed reality Whiteboard Video game console Writing Library (computing)
Metropolitan area network Multiplication sign MIDI Menu (computing) Login Type theory Graphical user interface Telnet Hill differential equation Right angle Gastropod shell Modul <Datentyp> God Physical system Window
Server (computing) Building Computer file Key (cryptography) Directory service Parameter (computer programming) Binary file Limit (category theory) Mach's principle Derivation (linguistics) Explosion String (computer science) Password Gastropod shell Arc (geometry) Window
Service (economics) Scripting language Inheritance (object-oriented programming) Computer file Group action Derivation (linguistics) Fluid statics Computer configuration Function (mathematics) Kernel (computing) Interface (computing) Pattern language Gastropod shell Modul <Datentyp> Physical system Window Firmware Booting Data buffer
Scripting language Serial port Sheaf (mathematics) Volume (thermodynamics) Group action Normed vector space Computer hardware System programming Energy level Gastropod shell Configuration space Booting Physical system Booting Window Firmware
Asynchronous Transfer Mode Computer file Structural load Computer-generated imagery Flash memory Virtual machine Letterpress printing Maxima and minima Data storage device Parameter (computer programming) Theory Variable (mathematics) Revision control Read-only memory Befehlsprozessor Hash function Integrated development environment Configuration space Communications protocol Booting Software development kit Window Scripting language Serial port Beer stein Link (knot theory) Flash memory Aliasing Debugger Computer network Bit Group action Variable (mathematics) File Transfer Protocol Type theory Integrated development environment Normed vector space Universe (mathematics) Revision control Gastropod shell Electronic visual display Physical system Speicheradresse Address space Booting
Keyboard shortcut Random number Module (mathematics) Structural load Computer-generated imagery File system Cartesian coordinate system Read-only memory Semiconductor memory Kernel (computing) Integrated development environment Configuration space Process (computing) Communications protocol Booting Address space Window Data type Family Routing Game controller Service (economics) Link (knot theory) Server (computing) Computer file Ripping Group action File Transfer Protocol Bridging (networking) Revision control Gastropod shell Computer architecture Address space
Structural load Computer-generated imagery Data model Kernel (computing) Linear programming Set (mathematics) Gastropod shell Configuration space Process (computing) Interrupt <Informatik> Endliche Modelltheorie Information security Data type Window Covering space Service (economics) Link (knot theory) Touchscreen Point (geometry) Core dump Group action Control flow Coprocessor Kernel (computing) Computer hardware Revision control Acoustic shadow Gastropod shell Video game console Physical system Firmware Address space
Building Greatest element Multiplication sign Parameter (computer programming) Client (computing) Function (mathematics) Generating function Disk read-and-write head Medical imaging Derivation (linguistics) Array data structure Semiconductor memory File system Cuboid Extension (kinesiology) Descriptive statistics Overlay-Netz Scripting language Electric generator File format Software developer Moment (mathematics) Binary code Ext functor Bit Sequence Type theory Process (computing) Computer configuration Hash function Interface (computing) MiniDisc Configuration space Right angle Pattern language Figurate number Quicksort Middleware Navigation Writing Spacetime Asynchronous Transfer Mode Firmware Point (geometry) Three-dimensional space Backup Functional (mathematics) Server (computing) Mobile app Implementation Inheritance (object-oriented programming) Service (economics) Computer file Link (knot theory) Patch (Unix) Flash memory Virtual machine Password Modulare Programmierung Mass Power (physics) Attribute grammar Goodness of fit Internetworking Hacker (term) String (computer science) Computer hardware Gastropod shell Configuration space Data structure Router (computing) Firmware Module (mathematics) Information Inheritance (object-oriented programming) Radon transform Projective plane Content (media) Planning Compiler Kernel (computing) Software Algebraic closure Rootkit Password Network topology Codec Object (grammar) Wireless LAN Family Library (computing)
twelve O'Clock let's continue with the next talk which is going to be given by Daniel Barlow and it's going to be about Nick's wrt which is a collection of derivation to basically build to build to build flash images from West yes professional network driver and hopefully not break it so yeah give you a round of applause and enjoy the talk [Applause] thank you very much yeah my name is Daniel Barlow I'm here to talk about using the NYX packaging collection to build images for embedded Reuters IOT devices things like this little widget here which you can't see but don't worry there's pictures I'd like to start by saying welcome to London this is a nice iconic image here of Piccadilly square with one of our London black caps in it if you're not local you might not know they have to take a knowledge test to memorize every road name within six miles of Charing Cross before they're allowed to drive one of these cars unfortunately yeah it's contrasts quite so well there this is my iconic black x1 ThinkPad carbine after a black cap driver ran over it the other way so it doesn't boot anymore surprisingly enough yeah so many many problems with the the quality or the polish in this talk that's what I'm blaming it on so yeah Nick's wrt or Nick's worked I came up with the name like six months ago and only just today we realize I don't know how to pronounce it I'm gonna go with Nick's words but I'm not going to be standard about it so when I started out with it it's an experiment to see if I could use the Nick's package collection to build images for Wi-Fi routers of the kind you end open words or dd-wrt or tomato that kind of thing on a show of hands someone who's got one of these things at home who's tried slashing their roots or at home very few people yeah okay so this isn't sauce on your router the image you get out of it is just an image it's immutable you can't log into it and and you know um compiled packages or anything like that it's got no compilers yeah so why last November I built a new computer for my home office I see it there it's not actually on fire it's got LEDs inside it and I wanted to be able to back it up didn't want to build another computers back up host because that feels a bit sort of recursive so I've got a USB disk drive I've got a spare root with a USB ports a little what if you know I know there's some kind of embedded Linux thing inside that router maybe I can repurpose that and get some use out of it instead of throwing it to be waste why not use open wrt and the first thing I have to say here is oh that is great and there's so much work going into it so many people working on different random problems which you would never even hoped able to replicate as a small developer you know I didn't realize how great I tried bringing the mainstream Unix Linux kernel up on a mips device and found out how no Ethernet divider and a rooster with no Ethernet driver is a little bit it doesn't root much yeah however I'm not going to be telling anyone anything you don't already know but when you're talking about divergent convergent and Krong your change management open wrt is on the left-hand end of the scale to a big exchange you know you have sixty billion different packages in open wrt you install them imperatively by typing commands on other thing itself then you configure it using a GUI six months later you know you hope great the firmware or the Rooter blows up in your new hardware or your ISP cells triumphs actually resetting it I can you remember every you did maybe some people are diligent enough to back these things up properly but I am certainly not so I got to thinking you know maybe there is a more general problem to be solved here than just somewhere safe to store my rip CDs so yeah did some hacking did some blogging got distracted got distracted again oh god my dad took trash and and you know Spanish to trash my own home network in several different fun ways here we are a year on it done there's a little bit of scope creep I did the backup server the backup server is working fine that's great you know I did what I came for I repurposed the the wireless range extender in my study upstairs to run accessibility as well the roots are downstairs which is the one that she connected to broadband I'm still working on that take over the world it's kind of a stretch goal and the other question I said it was an experiment so you know what what were the findings I guess isn't it's good for this stuff and emphatically yes it is okay I'm kind of preaching to the converted but the next language I mean is you're a compared to anything else I've used in terms of you know configuration management or or building is is superb the everyone knows that the cross-compilation stuff you might not know unless you've been involved it but has all sort of beginning of 2018 a lot
of work being done last year and cross-compilation mix and it's a it's really made it easy to build knit MIPS binaries from an x86 system and the support for for muzzle which is or alternative see like we said the DC degree it's smaller and faster and more compliant and works better on embedded systems and I mean I think that's pretty new as well it's certainly the case that I have hardly ever had problems trying to use C library there's not too many library so on those three counts MIPS sorry on those three counts Nix is pretty awesome overlays again you know you could do various ways of customizing derivations before overlays came in but having a consistent way of doing that as reasonably principled is is really useful and really helpful for making actually smaller I know we're talking about a lot more in a minute so yeah there are things I've learned along the way that if you wanted to get into it you would also end up learning sooner or later you know how to read and write Nick starvation's stuff about Linux stuff about how the kernel is put together things about networks which is TCP Ethernet what's a Mac what's a PHY over these fixed points six points are awesome I I know enough to hand rave about them I don't know enough to explain them so I'm gonna do some hand waiting in a minute if you have enough coffee the rest of it is easy so so what do you actually need obviously you need some kind of thing to run it on this is the GL inot mt 300 n which is like ng L own at mt 300 a but it's a different color slightly cheaper and the hardware inside it's slightly different so you know these things these are not your typical pcs they're smaller slower no graphics hardware so you establish a console connection to it by attaching three wires to it which is more or less complicated depending on whether there are pin headers hair to attachment or you to go and do some bad silvering obviously the architecture is different it runs some variety of MIPS the ones I've tried say if I do anyway I guess some people using arm for this stuff you don't boot from the BIOS or from you a fee you didn't use a grub users and called do boots which I'll be showing you in a minute and the way the the particular board knows about all the bits that are in it like you know where the GPIO pins are where the LEDs are how to make the the B's net how to initialize the little network switch inside it on a grown-up computer like a PC you've got things like a CPI where it can sort of go and enumerate the bus and find out where all the things are because all the things I say look I'm over here on these older smaller systems either that knowledge of compilers of the kernel that the particular board you're using or on some varieties as a device tree which is basically a data file with the same information in it so we extracted that code it's data the device tree is a better way of doing it but not all ports have been updated to use it yet yeah so in terms of mix wrt of users play with it's the best supported boards are the ones based on the AI 9330 or the the ones based on the mediatek sox NSA the the blue one and the yellow one are both cheap and both easy to get hold off and also no soldering required you just pop the top off is there an emulator qemu works but it the hardware emulates not very much like the real hardware testing on the real hair is actually not that bad so you need to connect it together to something this is my test set up is a little bit more baroque than it needs to be that you'll see is the the device itself with three cables coming out of it for the serial console serial console is TTL level logic it runs into something which understands that in my case at the moment has a Raspberry Pi because I blew up my serial cable and then that that is though that the most overkill use ever even on you know young which basically exists toggle us p.m. how often off so when a widget solid I can turn it off and on again without having to go upstairs and pull the USB cable out so I'm going to do a little demonstration of what it looks like to build on or what the actual hardware looks like I'm not gonna demo it on this this thing here because it would take too long to plug everything together I'm gonna attempt a cessation base system at home and show you it there you ask what could go wrong well this guy here actually my son has drops of the age where he really likes to turning the power on or off in the front of the machine so hopefully it's still there when we get
there we're just about to go find out
right
nope
that's the way there is it ah it was that one okay so let's have a Z columns as a good Lord intended my handler most on my system is talent which I chose a long time ago because I couldn't type telnet correctly without typing it so that the host name theme is is all typos as well so here we are I'm
going to start by making it and it does
nothing of course because I made it last night to check that everything worked and therefore nothing to be done so there's a little make file just because there's an awful lot of parameters to give to Nik builds so the particular derivation we're using I'll show you that limit it's called back up host we're building Watauga called from where various parameters we're passing it for things like SSH keys and an arcing password and and other stuff and you'll see it has eventually built a file in that directory there and then it's passing it into my TFTP server directory and I'm just going to show you that
yeah Larry says so that is my film Wi-Fi
which is about four and a half megabytes in size which is okay for that particular target device put that back in the stand good so I'm going to introduce some insignificant whitespace into one of these derivations oh that's nice or I'll come back to that bitch
here we are so this is is that volume level okay for everyone yeah so this is the device itself I'm connected to it over an SSH section over an SSH section over a mini comma serial session over the three wires you saw at the picture into the actual the hardware device I'm just gonna reset it just to show you it's there and I'm gonna stop auto boot
so this is this single you boot it's the universal bootloader it's called the universal bootloader what actually happens is that hydro manufacturers take it for kit hack it up burn it on to their machines getting a new version of you boot onto your device is a bit like trying to put coreboot onto your um you know laptop it's it can be done but if it goes wrong you need JTAG debuggers and stuff like that so generally speaking the one you've got is you know the one you're gonna live with unless you want to get more complicated than I've got so anyway you've got our collection of commands and nubu here which do things like print the environment variable boots change memory addresses let you do things with flash and so on so that is to print n they are more or less defective depending on the manufacturer so you know in theory if you've done a proper good install of you boot then this environment will be writable and you can change the parameters here often you'll find that the hardener actually just hard-coded the environment and you cannot actually save anything which is annoying but not insuperable so I'm gonna boot this device and I'm gonna do it with slightly cheesy way by inserting a file empty boot dot script because there's at five or six layers I have to type to get it to boot from RAM
whoo okay off he goes
okay and that is doing exciting stuff just going back through the scroll back here into UNIX quite a lot of it so what did it do these are all u-boot commands that's typing in oh it's booting the TFTP it's boots there there's the TFTP command is copying into a particular start address which is carefully chosen not to clashing anything else and then the boot M command is a boot from memory so there
you see the CFG happening there it's loading the thing down that's where it's sorry I'm pointing at my screen instead of your three that's that's the actual where Linux actually starts happening and starting kernel and the rest of it is all Linux and there it is and just to
show you that we're not in x86 anymore yes it is running guru shell on console this could be considered a security problem if your threat model includes people praying the covers off and attaching three wires to the that can't be configured of course so there we are it's a mediatek mt6752 jail 300 200 a is running on a mips it's true no boga mips if they care for anything anymore and and various other stuff there
that concludes the demonstration I think probably so how does it work I don't know if any of that writing is readable from where anyone is sitting it's surprisingly take longer to draw that and I thought it was going to so what I'd like you to focus on here is this is a description of the build process this is our output at the bottom which is the firmware binary that we just saw being TFTP booted in that image you've got a kernel image which is this you image thing here you've got a filesystem image for the root filesystem and the two of them basically just splice it together a DD filesystem image is generated from a configuration which is a nix value I'll show you in a moment which has got it's an actual set with various different things you want to go into your image and the image builder that makes the image out of it some of the things I'm gonna talk about modules in a minute and a lot of people talk about modules these aren't Nick sauce modules these are something else I named them badly so you start with an empty configuration you're applying modules to it until you've got the config you want and then you send it into the Builder and it builds your image some of the things in your some things your figuration of package references so we also certainly expect answers there we've got an overlay to make them smaller and kinder and so on the other half of the picture is the kernel build which comes from the kernel doggy upstream also comes from open wrt they get merged together it gets built we get the vm linux file out of it we stick the device tree into it which is the data file I was telling you about earlier that gets you do bootable image and so that's the the other half of the output that so I think three things in that picture which you would have to touch if you are hacking on this are the package overlay for including packages and making sure your packages are gonna build on it the module system which is barely named and potentially the kernel build if you want to get detailed about it and we're going to have a look at each of those so there's good news there's lots of good news lots of packages already just works which is awesome we quite often have to patch our packages because you're not using this out of C library or something - don't cross compile so we need so disabled across be the do check clauses where they're in if they're unconditional sometimes you get very big closures and moko was talking about big closures yesterday and I really feel it on this thing because you're you know we have a limited very limited space it can be as little as four megabytes you don't want the getting one haqiqa mass of firefox in there so there are various hacks we've done to remove library dependencies structural features where the original derivation included them get rid of shell scripts that depend on bash because mash the huge yeah if all those fails just run strings and grep for and extort a sub that's a good way of finding leaky bits and your closures make sure we've stripped everything and we also slightly hacked up the squash FS generation to remove static libraries from the generated output because who is ever going to use those when you don't have compiler so here's an example this is one of the entries in our package overlay for the host app daemon a you see it's based on the upstream one in six packages we've over rated the SQLite attribute because we don't need it and we've sorry the SQLite Paramus who we've overridden then which one is override the attributes as well and we said we don't want extra config and we're gonna use this configure file which we generated here instead of using what they didn't expect is one does and that so that's a huge saving on her stamp D and that's how I've got a way Linux and running in four makes of flash modules not the Nexus module system we've had a lot this week this couple of days about the module system are the chief reason for writing it differently was it seemed like fun middleware might be a better name a module is a function which applies to configuration and generates a new configuration and we apply them repeatedly in the same kind of pattern as overlays do except we're applying them to the configuration rather than applying them to the next package derivation so your configuration object that's really bad I don't have a picture of the configuration object oh wow let's get forward a little bit there what's it doing Hey right okay there's reveal though Jas is three-dimensional tonight navigations funky so the essence of it is that in your own derivation you'll start with the base configuration which has almost nothing in it it has empty arrays of files packages some other stuff you will then apply each module in sequence to it so that's the harder module for the device that's in going to include narsing server that's going this is H server that's going to do busybox which is pretty fundamental this particular device is my backup host so it's got a USB disk module in it with some parameters there's some stuff of the kernel there's some stuff for configuring the network switch which is integrated into device and you know we're running syslog d-u we're running ntpd we running a DHCP client and to build the firm we merge all the modules together and pass it to the firmware generation function and there's our firmware up in the modules themselves actually you look like this you see their whole fixed point pattern up here was itself in the super lalalalala so that's our parent module we're adding a service called host app D we are adding the host up D package and we're adding a write down at the bottom I don't know if anyone can see over over his head right down at the bottom we're adding a file called etc dot who stuck do dot PSK wishes it's also got some content and a mode in it and those styles are written into flash the same with everything else oh I'm running out of time talk about adding new hardware devices which is great because of the complicated bit and I'm going to skim through it new hardware diet is I've I think I've had it running on four different devices so far we're all sort of one or two of the various MIPS families it is much much much easier if it already works in it in fact I wouldn't even bother trying it unless you want a project to try and build something isn't you already there's kind of things you'll expect to have to do is find out what sock family it runs on is a arthrosis an are a link is it immediate tech is it something else because that's gonna impact whether it uses device tree or something else find out how to have to have serial cable to its I've burnt one rooster by doing some really bad soldering on it already I say does he use device tree and then you finally find out things like where is wearing memory is the flash how do I configure the network switch such that the Ethernet in the kernel actually gets out to the box all of this information for all the support of devices and the devices Nicks and there's a lot of commentary in there as well if you are minded to do your own device you would do that and yeah if you can cobble together something to turn its power and offering motely you'll find a remote development a lot easier for the early stages to bring up I can I can show you my odd do you know it's not pretty but it was stuff I had around so future plans obviously the first thing to do is finish the PPP over Internet supports because then I can actually run it's on my primary roof at home which the family will love I'm sure when it starts crashing better story for upgrades I've got a plan for upgrading without having to flashing it every time better story for the first time supports which doesn't involve attaching cables as a device that's going to depend on the device because you know your vendor firmware may allow you to upgrade freely or may have restrictions on the format so that's gonna be a bit of fun working out and a better story for for secrets so at the moment we we don't put secrets in the next door on the build machine I've been quite careful about that because I checked that into github but they do end up burned into the image and if you want to change your password you end up having to reflash the image which doesn't feel quite right so design something which will get them for a writable file system or over a network or something else I can quite see the appeal of network based secrets if you're managing a decent-sized fleet of devices and perhaps even guessing users just me so that's it two minutes of questions ask me anything I may not know the answer I'm pretty handmade Araki thank you for your so who has got questions yes we've got a question I have a pile of wrt54gl routers up in my attic is the four megabytes of RAM is that it looked like your image was a little bit bigger is there a little bit more that could be cut to get this running on him that image is is bigger than the surrounding it has four major types of flash a nasa wireless extender upstairs I had to work quite hard to get it into 4 4 Meg's but things can be done with the whole Meg image here in the basement sorry hello thanks for the talk I'm wondering about whether we can implement DM Verity onto this DM Verity like the Merkel hash trees just to check the mm hashes of the filesystem it's not something I thought about it would be good right there yeah another question nope then tell me thank you very much again for you wonderful talk thank you [Applause] next
Feedback