# 華邦 Security flash 於 raspberry pi 安裝文件 ###### tags: `華邦 IOTtalk` ## 華邦 security 介紹文件: https://pcsnas.iottalk.tw:5001/sharing/mM1s0F65j #### :memo: 若非使用外掛的 security flash，則可省略 Step 1. 以及 Step 2. #### :memo: 若 linux kernel version 非 5.x 版本，則須自行編譯 kernel 成 5.x 版本 (承德科技的工業用樹梅派已內建 5.x 版本) 機器: 工業用樹梅派 (自行外掛 security flash): user:pi password:artt25815695 機器: 工業用樹梅派 (內建security flash): user:artt password:artt ## Step 0. 安裝 IoTtalk > 將 IoTtalk 安裝於 /home/pi 底下 1. 參考安裝指南: https://pcsnas.iottalk.tw:5001/sharing/SLx5n0j7x ## Step 1. 連接樹梅派與華邦 security flash 將工業用樹梅派與華邦 security flash 如下圖連接：  ## Step 2. 建立華邦 output 文件 1. 下載文件，並解壓縮放至樹梅派 ```/boot/output/``` 底下 https://pcsnas.iottalk.tw:5001/sharing/c2JkH91k9 放置的檔案及路徑應如下：  ## Step 3. 放入 IoTtalk 機密文件至華邦 security flash 1. 開啟 security flash ```bash= cd /boot/output/ sudo ./load.sh sudo insmod qlib_kernel_module.ko section_key_input=0x55555555,0x55555555,0x55555555,0x55555555 ls /dev/mt* sudo ./mount_ubifs.sh ``` 於 ```ls /dev/mt*```，應找出如下裝置:  2. 此時，已開啟華邦 security flash，路徑為 ```/secert``` 將以下 IoTtalk 檔案機密檔案至 ```/secert/``` 底下，並在原本的檔案位置，使用 soft link 指向 ```/secret/``` 底下對應的檔案 ```bash /lib/ec_config.py /lib/csm.py /lib/ccm/main.py /lib/ecsim/ecsim.py /lib/esm/create_data_paths.py /lib/esm/data_paths.py /lib/esm/esm_main.py /lib/esm/esm_project.py /lib/esm/exec_data_path.py ``` Linux soft linx 用法: ```bash= ln -s {source-filename} {symbolic-filename} ``` 移動 IoTtalk 機密檔案後，```/secret/```底下檔案應如下:  3. 關閉華邦 security flash ```bash= cd /boot/output sudo ./umount_ubifs.sh sudo rmmod qlib_kernel_module ``` ## Step 4. 建立自動執行的加密 bash 檔案 透過 ```test.py``` 讀取該樹梅派 MAC 位置，並生成加密的 ```test.sh``` ```test.sh``` 於樹梅派開機後自動執行以下步驟: 1. 確認本地 MAC 位置是否與當初建立的 MAC 相同 2. 開啟華邦 security flash，載入 IoTtalk 機密程式碼至記憶體，再關閉華邦 security flash ### 1. 安裝加密 bash 檔案所需套件 ```bash= sudo apt-get install shc ``` ### 2. 建立 test.py 檔案 ```c= import uuid import os, stat macaddr = uuid.UUID(int = uuid.getnode()).hex[-12:] macaddr_list = [] dir_name = "/home/pi/iottalk_server_1.0/setup/" file_name = "test.sh" startup_wsgi = '''\ #!/bin/sh sudo pkill screen sudo pkill -f uwsgi -9 set -x python3="python3" cd /boot/output/ sudo ./load.sh sudo insmod qlib_kernel_module.ko section_key_input=0x55555555,0x55555555,0x55555555,0x55555555 ls /dev/mt* sudo ./mount_ubifs.sh sleep 1 cd /home/pi/iottalk_server_1.0/setup/ cd $(dirname $0) cd ../ ProjectPath=$(pwd) ProjectName=$(echo $ProjectPath | tr "/" "\n" | tail -n 1) echo "ProjectPath: $ProjectPath" echo "ProjectName: $ProjectName" cd $ProjectPath export PYTHONPATH="$PYTHONPATH:$ProjectPath/lib" LOG=$ProjectPath/log/startup.log if [ ! -d $ProjectPath/log ]; then mkdir $ProjectPath/log fi if [ ! -d $ProjectPath/sqlite ]; then mkdir $ProjectPath/sqlite fi if [ ! -f $ProjectPath/sqlite/ec_db.db ]; then /home/pi/iottalk_server_1.0/setup/reset_db.sh fi echo --------------------------------------- >> $LOG date >> $LOG echo --------------------------------------- >> $LOG myIP=$(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*'| grep -v '127.0.0.1') screen -dmS $ProjectName >> $LOG 2>&1 add_to_screen() { TITLE=$1 CMD=$2 screen -S $ProjectName -X screen -t "$TITLE" bash -c \\ "\\ while [ 1 ]; do \\ $CMD; echo ========== restart ==========; sleep 1; \\ done" } # wait for screen. while [ 1 ]; do ps aux | grep -v grep | grep SCREEN | grep $ProjectName > /dev/null 2>&1 if [ $? -eq 0 ]; then break fi sleep 1 done #add_to_screen CSM "./bin/csm $python3" add_to_screen CSM "sudo uwsgi ./lib/wsgi_csm.ini" #echo "Sleep 20 seconds for waitting CSM bootup." #sleep 20 add_to_screen SIM "./bin/ecsim $python3" #add_to_screen CCM "./bin/ccm $python3" add_to_screen CCM "sudo uwsgi ./lib/ccm/wsgi_ccm.ini" add_to_screen ESM "./bin/esm $python3" #add_to_screen WEB "sudo $python3 ./da/web.py" #add_to_screen Msg "$python3 ./da/Message/message.py" #add_to_screen Timer "$python3 ./da/Timer/timer.py" #add_to_screen MusicBox "cd ./da/MusicBox;npm install;nodejs Server.js $myIP:9999" #add_to_screen MorSocket "cd ./da/MorSocket-Server;npm install;nodejs MorSocketServer.js $myIP:9999" #add_to_screen Broadcast "$python3 ./bin/broadcast.py" #add_to_screen SmartMeter "$python3 ./da/SmartMeter/DAI.py" #add_to_screen Weather "$python3 ./da/weatherSTA/DAI.py" #add_to_screen Map "$python3 ./da/Map/start.py" #add_to_screen Airbox "$python3 ./da/Map/FetchData/FetchData_Airbox/DAI.py" #add_to_screen BaoFarm "$python3 ./da/Map/FetchData/FetchData_BaoFarm/DAI.py" #add_to_screen MIRC311 "$python3 ./da/Map/FetchData/FetchData_MIRC311/DAI.py" #add_to_screen GradDorm3 "$python3 ./da/Map/FetchData/FetchData_GradDorm3/DAI.py" #add_to_screen NCTUBus "$python3 ./da/Map/FetchData/FetchData_NCTUBus/DAI.py" #add_to_screen MIRC610 "$python3 ./da/Map/FetchData/FetchData_MIRC610/DAI.py" #add_to_screen ParkingLot "$python3 ./da/Map/FetchData/FetchData_ParkingLot/DAI.py" #add_to_screen OrchidHouse "$python3 ./da/Map/FetchData/OrchidHouse/DAI.py" #add_to_screen SP_kAir "$python3 ./da/Map/FetchData_ScienceParkAir/DAI.py" #add_to_screen SP_Water "$python3 ./da/Map/FetchData_ScienceParkWater/DAI.py" #add_to_screen Weather "$python3 ./da/Map/FetchData_Weather/DAI.py" #$python3 ./da/Remote_control/startup_panel.py #$python3 "./da/Dandelion_control(mobile)/startup.py" #$python3 ./da/agri_startup/DAI.py #echo "Waiting for CHT Pirius booting. (2 mintues.)" #sleep 120 #add_to_screen CHT "nodejs ./da/IoTtalk-CHT-master/index.js" >> $LOG 2>&1 echo "Sleep 5 seconds for waitting library loading." sleep 5 cd /boot/output sudo ./umount_ubifs.sh sudo rmmod qlib_kernel_module ''' for i in range(0, 11, 2): macaddr_list.append(macaddr[i:i+2]) print(macaddr_list) with open (dir_name + file_name, 'w') as rsh: rsh.write('''\ #! /bin/bash check_mac=false IFACE=wlan0 read MAC </sys/class/net/$IFACE/address echo $IFACE $MAC IFS=':' read -ra ADDR <<< "$MAC" if [ ${ADDR[0]} = "''' + macaddr_list[0] + '''" ] && [ ${ADDR[1]} = "''' + macaddr_list[1] + '''" ] && [ ${ADDR[2]} = "''' + macaddr_list[2] + '''" ] ;then if [ ${ADDR[3]} = "''' + macaddr_list[3] + '''" ] && [ ${ADDR[4]} = "''' + macaddr_list[4] + '''" ] && [ ${ADDR[5]} = "''' + macaddr_list[5] + '''" ]; then check_mac=true echo "$check_mac" ''' + startup_wsgi + ''' fi fi ''') import subprocess subprocess.call('cd '+dir_name, shell=True) subprocess.run(["shc", "-f", dir_name+file_name]) subprocess.run(["rm",dir_name+file_name]) subprocess.run(["rm",dir_name+file_name+".x.c"]) os.chmod(dir_name+file_name+".x", stat.S_IRWXU) ``` ### 3. 執行 test.sh 執行上述 python 檔案後，將產生加密的 ```test.sh``` :memo: 請刪除該 ```test.py ``` 於 /etc/rc.local 下，註解原本 IoTtalk 的自動開機指令，並加入 ```test.sh```，如下: