1 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
2 |
<html lang="en-US"> |
3 |
<head> |
4 |
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> |
5 |
<meta http-equiv="Content-Style-Type" content="text/css"> |
6 |
<title>TOMOYO Linux Install manual</title> |
7 |
<link rel="stylesheet" href="http://tomoyo.sourceforge.jp/tomoyo.css" media="all" type="text/css"> |
8 |
</head> |
9 |
<body> |
10 |
<p style="text-align:right;"><a href="cat760-sh.html.ja">Japanese Page</a></p> |
11 |
<p style="text-align:right;">Last modified: $Date$</p> |
12 |
|
13 |
<h1>TOMOYO Linux on CAT760</h1> |
14 |
|
15 |
<p>This page describes how to run TOMOYO Linux on <a href="http://www.si-linux.co.jp/index.php?CAT/CAT760">CAT760</a>. This page assumes Debian Sarge for x86 architecture as the host environment.</p> |
16 |
|
17 |
<hr> |
18 |
|
19 |
<table border="0" summary="index"> |
20 |
<tr><td> |
21 |
<a href="#basic">Basic course: Using kernel and rootfs stored on compact flash memory</a> |
22 |
<ul> |
23 |
<li><a href="#basic_1">Step 1: Building host environment</a></li> |
24 |
<li><a href="#basic_2">Step 2: Installing packaged needed for compiling</a></li> |
25 |
<li><a href="#basic_3">Step 3: Compiling kernel</a></li> |
26 |
<li><a href="#basic_4">Step 4: Compiling tools</a></li> |
27 |
<li><a href="#basic_5">Step 5: Formatting compact flash memory</a></li> |
28 |
<li><a href="#basic_6">Step 6: Copying to compact flash memory</a></li> |
29 |
<li><a href="#basic_7">Step 7: Initializing policy configuration</a></li> |
30 |
<li><a href="#basic_8">Step 8: Adjusting policy configuration</a></li> |
31 |
<li><a href="#basic_9">Step 9: Creating policy configuration</a></li> |
32 |
<li><a href="#basic_appendix">Appendix: Restoring factory defaults</a></li> |
33 |
</ul> |
34 |
</td></tr><tr><td> |
35 |
<a href="#advanced">Advanced course: Using kernel and rootfs stored on flash ROM</a> |
36 |
<ul> |
37 |
<li><a href="#advanced_1">Step 1: Building host environment</a></li> |
38 |
<li><a href="#advanced_2">Step 2: Installing packaged needed for compiling</a></li> |
39 |
<li><a href="#advanced_3">Step 3: Compiling kernel</a></li> |
40 |
<li><a href="#advanced_4">Step 4: Compiling tools</a></li> |
41 |
<li><a href="#advanced_5">Step 5: Formatting compact flash memory</a></li> |
42 |
<li><a href="#advanced_6">Step 6: Making a backup</a></li> |
43 |
<li><a href="#advanced_7">Step 7: Editing rootfs</a></li> |
44 |
<li><a href="#advanced_8">Step 8: Updating flash ROM</a></li> |
45 |
<li><a href="#advanced_appendix">Appendix: Restoring factory defaults</a></li> |
46 |
</ul> |
47 |
</td></tr> |
48 |
</table> |
49 |
|
50 |
|
51 |
|
52 |
<h1><a name="basic">Basic course: Using kernel and rootfs stored on compact flash memory</a></h1> |
53 |
|
54 |
<h2><a name="basic_1">Step 1: Building host environment</a></h2> |
55 |
|
56 |
<p>Since Debian Sarge is already End Of Life reached, you need to change download server for packages. Login as root user and rewrite /etc/apt/sources.list as follows.</p> |
57 |
|
58 |
<pre> |
59 |
deb http://archive.debian.org/debian-archive/debian/ sarge main contrib non-free |
60 |
deb http://archive.debian.org/debian-archive/debian-security/ sarge/updates main contrib non-free |
61 |
</pre> |
62 |
|
63 |
<p>Next, install Linux 2.6 kernels so that fdisk command's "-l" option can show list of device files.</p> |
64 |
|
65 |
<pre> |
66 |
# apt-get update |
67 |
# apt-get -y install kernel-image-2.6.8-4-686-smp |
68 |
</pre> |
69 |
|
70 |
<p>Reboot with 2.6.8-4-686-smp kernel.</p> |
71 |
|
72 |
<pre> |
73 |
# reboot |
74 |
</pre> |
75 |
|
76 |
<h2><a name="basic_2">Step 2: Installing packaged needed for compiling</a></h2> |
77 |
|
78 |
<p>Create /mnt/cdrom as the mount point for development CDROM and mount the CDROM there.</p> |
79 |
|
80 |
<pre> |
81 |
# mkdir -p /mnt/cdrom |
82 |
# mount -t iso9660 -o ro /dev/cdrom /mnt/cdrom/ |
83 |
</pre> |
84 |
|
85 |
<p>Install packages needed by cross compilers in CDROM.</p> |
86 |
|
87 |
<pre> |
88 |
# apt-get -y install gcc-3.4-base |
89 |
</pre> |
90 |
|
91 |
<p>Install cross compilers in CDROM. But uninstall gdb-sh4-linux package because it contains files which conflicts with binutils package.</p> |
92 |
|
93 |
<pre> |
94 |
# dpkg -i /mnt/cdrom/cross-tools/debian-sarge/sh4/*.deb |
95 |
# dpkg --purge gdb-sh4-linux |
96 |
</pre> |
97 |
|
98 |
<p>Install packages needed for compiling kernel and tools.</p> |
99 |
|
100 |
<pre> |
101 |
# apt-get -y install patch make gcc libc6-dev libncurses5-dev |
102 |
</pre> |
103 |
|
104 |
<h2><a name="basic_3">Step 3: Compiling kernel</a></h2> |
105 |
|
106 |
<p>Extract kernel source.</p> |
107 |
|
108 |
<pre> |
109 |
# cd |
110 |
# tar -zxf /mnt/cdrom/kernel/linux-2.6.15-cat_20080502.tgz |
111 |
# cd linux-2.6.15-cat |
112 |
</pre> |
113 |
|
114 |
<p>Download and apply TOMOYO Linux patch.</p> |
115 |
|
116 |
<pre> |
117 |
# wget -O ccs-patch-1.8.3-20140915.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/49684/ccs-patch-1.8.3-20140915.tar.gz' |
118 |
# wget -O ccs-patch-1.8.3-20140915.tar.gz.asc 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/49684/ccs-patch-1.8.3-20140915.tar.gz.asc' |
119 |
# gpg ccs-patch-1.8.3-20140915.tar.gz.asc |
120 |
# tar -zxf ccs-patch-1.8.3-20140915.tar.gz |
121 |
# patch -p1 < patches/ccs-patch-2.6.15-cat-760.diff |
122 |
</pre> |
123 |
|
124 |
<p>Create kernel config.</p> |
125 |
|
126 |
<pre> |
127 |
# make cat760_defconfig |
128 |
</pre> |
129 |
|
130 |
<p>Compile the kernel.</p> |
131 |
|
132 |
<pre> |
133 |
# make |
134 |
# make modules_install |
135 |
</pre> |
136 |
|
137 |
<p>Loadable kernel modules are installed under /home/ebihara/tmp/lib/modules/2.6.15-sh/ directory by "make modules_install". Thus, copy the kernel to under /home/ebihara/tmp/ directory.</p> |
138 |
|
139 |
<pre> |
140 |
# mkdir -p /home/ebihara/tmp/ |
141 |
# cp -p arch/sh/boot/zImage /home/ebihara/tmp/ |
142 |
</pre> |
143 |
|
144 |
<h2><a name="basic_4">Step 4: Compiling tools</a></h2> |
145 |
|
146 |
<p>Download TOMOYO Linux's tools source code.</p> |
147 |
|
148 |
<pre> |
149 |
# cd |
150 |
# wget -O ccs-tools-1.8.3-20140601.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/49693/ccs-tools-1.8.3-20140601.tar.gz' |
151 |
# wget -O ccs-tools-1.8.3-20140601.tar.gz.asc 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/49693/ccs-tools-1.8.3-20140601.tar.gz.asc' |
152 |
# gpg ccs-tools-1.8.3-20140601.tar.gz.asc |
153 |
# tar -zxf ccs-tools-1.8.3-20140601.tar.gz |
154 |
</pre> |
155 |
|
156 |
<p>Do cross compilation for CAT760. Cross compiled programs are installed under /home/ebihara/tmp/sbin/ directory and /home/ebihara/tmp/usr/ directory.</p> |
157 |
|
158 |
<pre> |
159 |
# make -C ccstools/ CC=sh4-linux-gcc INSTALLDIR=/home/ebihara/tmp/ install clean |
160 |
</pre> |
161 |
|
162 |
<p>Delete man pages as we don't need them.</p> |
163 |
|
164 |
<pre> |
165 |
# rm -fR /home/ebihara/tmp/usr/share/ |
166 |
</pre> |
167 |
|
168 |
<p>To operate from host environment, compile tools for host environment as well. Compiled programs are installed under /sbin/ directory and /usr/ directory.</p> |
169 |
|
170 |
<pre> |
171 |
# make -sC ccstools/ install clean |
172 |
</pre> |
173 |
|
174 |
<h2><a name="basic_5">Step 5: Formatting compact flash memory</a></h2> |
175 |
|
176 |
<p>Insert a compact flash memory which will be used as / partition on CAT760 to host environment's card slot.</p> |
177 |
|
178 |
<p>Check device file's name for the compact flash memory using fdisk command.</p> |
179 |
|
180 |
<pre> |
181 |
# fdisk -l |
182 |
|
183 |
Disk /dev/sda: 4294 MB, 4294967296 bytes |
184 |
255 heads, 63 sectors/track, 522 cylinders |
185 |
Units = cylinders of 16065 * 512 = 8225280 bytes |
186 |
|
187 |
Device Boot Start End Blocks Id System |
188 |
/dev/sda1 1 522 4192933+ 83 Linux |
189 |
|
190 |
Disk /dev/sdb: 251 MB, 251658240 bytes |
191 |
8 heads, 60 sectors/track, 1024 cylinders |
192 |
Units = cylinders of 480 * 512 = 245760 bytes |
193 |
|
194 |
Disk /dev/sdb doesn't contain a valid partition table |
195 |
</pre> |
196 |
|
197 |
<p>This page, hereafter, assumes device file's name for the compact flash memory in the host environment is /dev/sdb .</p> |
198 |
|
199 |
<p>Create partitions on the compact flash memory using fdisk command.</p> |
200 |
|
201 |
<pre> |
202 |
# fdisk /dev/sdb |
203 |
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel |
204 |
Building a new DOS disklabel. Changes will remain in memory only, |
205 |
until you decide to write them. After that, of course, the previous |
206 |
content won't be recoverable. |
207 |
|
208 |
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) |
209 |
|
210 |
Command (m for help): n |
211 |
Command action |
212 |
e extended |
213 |
p primary partition (1-4) |
214 |
p |
215 |
Partition number (1-4): 1 |
216 |
First cylinder (1-1024, default 1): |
217 |
Using default value 1 |
218 |
Last cylinder or +size or +sizeM or +sizeK (1-1024, default 1024): |
219 |
Using default value 1024 |
220 |
|
221 |
Command (m for help): w |
222 |
The partition table has been altered! |
223 |
|
224 |
Calling ioctl() to re-read partition table. |
225 |
Syncing disks. |
226 |
</pre> |
227 |
|
228 |
<p>Format the compact flash memory as ext2 filesystem so that the compact flash memory can be mounted as / partition.</p> |
229 |
|
230 |
<pre> |
231 |
# mke2fs /dev/sdb1 |
232 |
mke2fs 1.37 (21-Mar-2005) |
233 |
Filesystem label= |
234 |
OS type: Linux |
235 |
Block size=1024 (log=0) |
236 |
Fragment size=1024 (log=0) |
237 |
61440 inodes, 245728 blocks |
238 |
12286 blocks (5.00%) reserved for the super user |
239 |
First data block=1 |
240 |
30 block groups |
241 |
8192 blocks per group, 8192 fragments per group |
242 |
2048 inodes per group |
243 |
Superblock backups stored on blocks: |
244 |
8193, 24577, 40961, 57345, 73729, 204801, 221185 |
245 |
|
246 |
Writing inode tables: done |
247 |
Writing superblocks and filesystem accounting information: done |
248 |
|
249 |
This filesystem will be automatically checked every 38 mounts or |
250 |
180 days, whichever comes first. Use tune2fs -c or -i to override. |
251 |
</pre> |
252 |
|
253 |
<h2><a name="basic_6">Step 6: Copying to compact flash memory</a></h2> |
254 |
|
255 |
<p>Create /mnt/cfcard as the mount point and mount the compact flash memory there.</p> |
256 |
|
257 |
<pre> |
258 |
# mkdir -p /mnt/cfcard |
259 |
# mount /dev/sdb1 /mnt/cfcard/ |
260 |
</pre> |
261 |
|
262 |
<p>Extract the image file in CDROM into the compact flash memory.</p> |
263 |
|
264 |
<pre> |
265 |
# cd /mnt/cfcard/ |
266 |
# tar -zxf /mnt/cdrom/rootfs/files/target_cat760_20060722.tgz --strip 2 |
267 |
</pre> |
268 |
|
269 |
<p>Copy cross compiled kernel and tools to compact flash memory.</p> |
270 |
|
271 |
<pre> |
272 |
# cp -a /home/ebihara/tmp/* /mnt/cfcard/ |
273 |
</pre> |
274 |
|
275 |
<p>Unmount the compact flash memory and insert it into CAT760.</p> |
276 |
|
277 |
<pre> |
278 |
# cd |
279 |
# umount /mnt/cfcard/ |
280 |
</pre> |
281 |
|
282 |
<h2><a name="basic_7">Step 7: Initializing policy configuration</a></h2> |
283 |
|
284 |
<p>Make sure that all switches on SW1 on the SH4-760 board are set to OFF, and power CAT760 on. Then, you will see prompt shown below.</p> |
285 |
|
286 |
<pre> |
287 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
288 |
RTC clock :2010/05/04 16:44:36 |
289 |
command line = console=ttySC0,115200 root=/dev/mtdblock2 ro rootfstype=jffs2 |
290 |
Mac address = 00:03:82:03:03:C8 |
291 |
Boot size = 0x10000 |
292 |
Kernel size = 0x130000 |
293 |
>> |
294 |
</pre> |
295 |
|
296 |
<p>Enter the administrator mode. Password is silinux .</p> |
297 |
|
298 |
<pre> |
299 |
admin |
300 |
</pre> |
301 |
|
302 |
<p>Set default commandline. In CAT760 environment, the compact flash memory is accessible via /dev/hda .</p> |
303 |
|
304 |
<pre> |
305 |
setparam zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
306 |
</pre> |
307 |
|
308 |
<p>Boot with TOMOYO Linux disabled because policy is not yet initialized.</p> |
309 |
|
310 |
<pre> |
311 |
boot zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 ccsecurity=off |
312 |
</pre> |
313 |
|
314 |
<p>Login as user root , with password root .</p> |
315 |
|
316 |
<pre> |
317 |
SiliconLinux for CAT709/760 supercat ttySC0 |
318 |
|
319 |
supercat login: root |
320 |
Password: |
321 |
Unable to change tty /dev/ttySC0: Read-only file system |
322 |
supercat:~# |
323 |
</pre> |
324 |
|
325 |
<p>Make / read-write mode.</p> |
326 |
|
327 |
<pre> |
328 |
supercat:~# mount -o remount,rw / |
329 |
</pre> |
330 |
|
331 |
<p>Initialize policy configuration. (If the host environment and the target environment are using same architecture, you can do "chroot /mnt/cfcard/ /usr/lib/ccs/init_policy" from the host environment. But since this page uses x86 as a host architecture and sh as a target architecture, you need to do /usr/lib/ccs/init_policy from the target environment in order to obtain correct result.)</p> |
332 |
|
333 |
<pre> |
334 |
supercat:~# /usr/lib/ccs/init_policy |
335 |
Creating policy directory... OK |
336 |
Creating exception policy... OK |
337 |
Creating domain policy... OK |
338 |
Creating manager policy... OK |
339 |
Creating default profile... OK |
340 |
Creating memory quota policy... OK |
341 |
Creating module loader... OK |
342 |
</pre> |
343 |
|
344 |
<p>Make / read-only mode.</p> |
345 |
|
346 |
<pre> |
347 |
supercat:~# mount -o remount,ro / |
348 |
</pre> |
349 |
|
350 |
<p>Shutdown and eject the compact flash memory.</p> |
351 |
|
352 |
<pre> |
353 |
supercat:~# halt |
354 |
</pre> |
355 |
|
356 |
<h2><a name="basic_8">Step 8: Adjusting policy configuration</a></h2> |
357 |
|
358 |
<p>Mount the compact flash memory. (If the host environment and the target environment are using same architecture, you can do "chroot /mnt/cfcard/" from the host environment. But since this page uses x86 as a host architecture and sh as a target architecture, you need to do cd . Note that the directory is not /etc/ but etc/ in below steps.)</p> |
359 |
|
360 |
<pre> |
361 |
# mount /dev/sdb1 /mnt/cfcard/ |
362 |
# cd /mnt/cfcard/ |
363 |
</pre> |
364 |
|
365 |
<p>To make policy automatically saved upon shutdown, add below lines to just before "halt -d -f -i $poweroff $hddown" in etc/init.d/halt .</p> |
366 |
|
367 |
<pre> |
368 |
halt --help > /dev/null 2>&1 |
369 |
mount -o remount,ro / |
370 |
mount -o remount,rw / |
371 |
/usr/sbin/ccs-savepolicy |
372 |
mount -o remount,ro / |
373 |
</pre> |
374 |
|
375 |
<p>Similarly, add below lines to just before "reboot -d -f -i" in etc/init.d/reboot .</p> |
376 |
|
377 |
<pre> |
378 |
reboot --help > /dev/null 2>&1 |
379 |
mount -o remount,ro / |
380 |
mount -o remount,rw / |
381 |
/usr/sbin/ccs-savepolicy |
382 |
mount -o remount,ro / |
383 |
</pre> |
384 |
|
385 |
<p>To be able to edit policy remotely, create etc/init.d/ccs-editpolicy-agent .</p> |
386 |
|
387 |
<pre> |
388 |
# echo '#! /bin/sh' > etc/init.d/ccs-editpolicy-agent |
389 |
# echo 'exec /usr/lib/ccs/ccs-editpolicy-agent 0.0.0.0:10000 &' >> etc/init.d/ccs-editpolicy-agent |
390 |
# chmod 700 etc/init.d/ccs-editpolicy-agent |
391 |
</pre> |
392 |
|
393 |
<p>Make etc/init.d/ccs-editpolicy-agent automatically executed upon boot. (If the host environment and the target environment are using same architecture, you can do "chroot /mnt/cfcard/ update-rc.d ccs-editpolicy-agent defaults" from the host environment. But since this page uses x86 as a host architecture and sh as a target architecture, you need to do the equivalent manually.)</p> |
394 |
|
395 |
<pre> |
396 |
# ln -s ../init.d/ccs-editpolicy-agent etc/rcS.d/S60ccs-editpolicy-agent |
397 |
</pre> |
398 |
|
399 |
<p>Add /usr/lib/ccs/ccs-editpolicy-agent to etc/ccs/manager.conf (this file contains list of programs which are permitted to modify policy).</p> |
400 |
|
401 |
<pre> |
402 |
# echo /usr/lib/ccs/ccs-editpolicy-agent >> etc/ccs/manager.conf |
403 |
</pre> |
404 |
|
405 |
<p>Update etc/ccs/domain_policy.conf so that learning mode starts upon boot.</p> |
406 |
|
407 |
<pre> |
408 |
# cat > etc/ccs/domain_policy.conf << EOF |
409 |
<kernel> |
410 |
use_profile 1 |
411 |
EOF |
412 |
</pre> |
413 |
|
414 |
<p>Set memory quota using etc/ccs/meminfo.conf . Since CAT760 has 64MB of RAM, this page sets 5MB for policy and 1MB for access logs and 1MB for interactive enforcing mode.</p> |
415 |
|
416 |
<pre> |
417 |
# cat > etc/ccs/meminfo.conf << EOF |
418 |
Policy: 5242880 |
419 |
Audit logs: 1048576 |
420 |
Query lists: 1048576 |
421 |
EOF |
422 |
</pre> |
423 |
|
424 |
<p>Unmount the compact flash memory.</p> |
425 |
|
426 |
<pre> |
427 |
# cd |
428 |
# umount /mnt/cfcard/ |
429 |
</pre> |
430 |
|
431 |
<h2><a name="basic_9">Step 9: Creating policy configuration</a></h2> |
432 |
|
433 |
<p>Power on and proceed to the boot loader.</p> |
434 |
|
435 |
<pre> |
436 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
437 |
RTC clock :2010/05/04 17:14:20 |
438 |
command line = zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
439 |
Mac address = 00:03:82:03:03:C8 |
440 |
Boot size = 0x10000 |
441 |
Kernel size = 0x130000 |
442 |
>> |
443 |
</pre> |
444 |
|
445 |
<p>Boot.</p> |
446 |
|
447 |
<pre> |
448 |
boot |
449 |
</pre> |
450 |
|
451 |
<p>Login and operate as you like.</p> |
452 |
|
453 |
<p>If CAT760's IPv4 address is xxx.xxx.xxx.xxx , you can run</p> |
454 |
|
455 |
<pre> |
456 |
# ccs-editpolicy xxx.xxx.xxx.xxx:10000 |
457 |
</pre> |
458 |
|
459 |
<p>from the host environment in order to edit policy from the host environment. Similarly, you can run</p> |
460 |
|
461 |
<pre> |
462 |
# ccs-auditd xxx.xxx.xxx.xxx:10000 |
463 |
</pre> |
464 |
|
465 |
<p>from the host environment in order to save access logs generated on CAT760 in the host environment. Also, you can run</p> |
466 |
|
467 |
<pre> |
468 |
# ccs-savepolicy xxx.xxx.xxx.xxx:10000 -d > /tmp/domain_policy.conf |
469 |
</pre> |
470 |
|
471 |
<p>from the host environment in order to save the content of /proc/ccs/domain_policy on CAT760 into /tmp/domain_policy.conf on the host environment, you can run</p> |
472 |
|
473 |
<pre> |
474 |
# ccs-loadpolicy xxx.xxx.xxx.xxx:10000 -d < /tmp/domain_policy.conf |
475 |
</pre> |
476 |
|
477 |
<p>from the host environment in order to append the content of /tmp/domain_policy.conf on the host environment to /proc/ccs/domain_policy on the CAT760 .</p> |
478 |
|
479 |
<p>If you cannot boot CAT760 by operation errors, you can boot with TOMOYO Linux disabled by specifying "boot zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 ccsecurity=off" at the boot prompt.</p> |
480 |
|
481 |
<h2><a name="basic_appendix">Appendix: Restoring factory defaults</a></h2> |
482 |
|
483 |
<p>To restore boot parameters modified at <a href="#basic_7">Step 7</a>, do the below steps.</p> |
484 |
|
485 |
<p>Power on and proceed to the boot loader.</p> |
486 |
|
487 |
<pre> |
488 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
489 |
RTC clock :2010/05/04 17:44:10 |
490 |
command line = zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
491 |
Mac address = 00:03:82:03:03:C8 |
492 |
Boot size = 0x10000 |
493 |
Kernel size = 0x130000 |
494 |
>> |
495 |
</pre> |
496 |
|
497 |
<p>Enter the administrator mode. Password is silinux .</p> |
498 |
|
499 |
<pre> |
500 |
admin |
501 |
</pre> |
502 |
|
503 |
<p>Set commandline.</p> |
504 |
|
505 |
<pre> |
506 |
setparam console=ttySC0,115200 root=/dev/mtdblock2 ro rootfstype=jffs2 |
507 |
</pre> |
508 |
|
509 |
<h1><a name="advanced">Advanced course: Using kernel and rootfs stored on flash ROM</a></h1> |
510 |
|
511 |
<h2><a name="advanced_1">Step 1: Building host environment</a></h2> |
512 |
|
513 |
<p>Same with <a href="#basic_1">Step 1 in Basic course</a>.</p> |
514 |
|
515 |
<h2><a name="advanced_2">Step 2: Installing packaged needed for compiling</a></h2> |
516 |
|
517 |
<p>Same with <a href="#basic_2">Step 2 in Basic course</a>.</p> |
518 |
|
519 |
<h2><a name="advanced_3">Step 3: Compiling kernel</a></h2> |
520 |
|
521 |
<p>You don't need to care about the size of kernel if you boot using the kernel stored in compact flash memory. But you need to care about the size of kernel if you boot using the kernel stored in flash ROM. In CAT760's default partition setting, the size of partition for kernel is 1245184 (0x130000) bytes. The size of kernel built with default kernel config is 1212416 (0x128000) bytes. Thus, there is only 32KB of free spaces for kernel partition. (Regarding CAT760A, which is newer product of CAT760, the size of partition for kernel is shrunk to 1179648 (0x120000) bytes since the sector size of flash ROM has changed from 64KB to 128KB. Thus, note that by default insufficient free space for default kernel config.)</p> |
522 |
|
523 |
<p>If you built TOMOYO Linux's functionality into kernel, the size of kernel increases by about 48KB. Thus, you need to either expand kernel partition by shrinking rootfs partition size or make some modules as loadable kernel modules using kernel config.</p> |
524 |
|
525 |
<p>You can make most part of TOMOYO Linux's functionality as a loadable kernel module. If you build TOMOYO Linux as a loadable kernel module, the size of kernel increases only about 4KB.</p> |
526 |
|
527 |
<p>Steps are same with <a href="#basic_3">Step 3 in Basic course</a> except that you need to do below operations between "Create kernel config." ( make cat760_defconfig ) and "Compile the kernel." ( make ) if you want to make TOMOYO Linux as a loadable kernel module.</p> |
528 |
|
529 |
<pre> |
530 |
# make menuconfig |
531 |
</pre> |
532 |
|
533 |
<p>Goto "Security options" section and select "Compile as loadable kernel module" in the "CCSecurity support" group.</p> |
534 |
|
535 |
<pre> |
536 |
[ ] Enable access key retention support |
537 |
[ ] Enable different security models |
538 |
[*] CCSecurity support |
539 |
[*] Compile as loadable kernel module |
540 |
[ ] Disable by default |
541 |
[ ] Do not modify 'struct task_struct' in order to keep KABI |
542 |
(2048) Default maximal count for learning mode |
543 |
(/sbin/ccs-init) Default policy loader |
544 |
(/sbin/ccs-start) Alternative activation trigger |
545 |
(/sbin/modprobe /sbin/hotplug) Built-in domain initializer programs |
546 |
(1024) Default maximal count for grant log |
547 |
(1024) Default maximal count for reject log |
548 |
</pre> |
549 |
|
550 |
<p>Select "Exit" twice, and answer "Yes" to the question whether to save kernel config or not.</p> |
551 |
|
552 |
<h2><a name="advanced_4">Step 4: Compiling tools</a></h2> |
553 |
|
554 |
<p>Same with <a href="#basic_4">Step 4 in Basic course</a>.</p> |
555 |
|
556 |
<h2><a name="advanced_5">Step 5: Formatting compact flash memory</a></h2> |
557 |
|
558 |
<p>Same with <a href="#basic_5">Step 5 in Basic course</a>. But since the CAT760's boot loader does not support writing to ext2 partitions, you need to format as fat partition rather than ext2 partition. Thus, use mkfs.vfat command rather than mke2fs command.</p> |
559 |
|
560 |
<pre> |
561 |
# mkfs.vfat /dev/sdb1 |
562 |
</pre> |
563 |
|
564 |
<h2><a name="advanced_6">Step 6: Making a backup</a></h2> |
565 |
|
566 |
<p>Insert the compact flash memory into CAT760 and power CAT760 on and proceed to the boot loader.</p> |
567 |
|
568 |
<pre> |
569 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
570 |
RTC clock :2010/05/04 17:14:20 |
571 |
command line = zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
572 |
Mac address = 00:03:82:03:03:C8 |
573 |
Boot size = 0x10000 |
574 |
Kernel size = 0x130000 |
575 |
>> |
576 |
</pre> |
577 |
|
578 |
<p>Get the backup of kernel and rootfs currently stored in flash ROM.</p> |
579 |
|
580 |
<pre> |
581 |
cp rom:zImage cf0:zImage-orig |
582 |
cp rom:rootfs cf0:rootfs-orig |
583 |
</pre> |
584 |
|
585 |
<p>Shutdown and eject the compact flash memory.</p> |
586 |
|
587 |
<h2><a name="advanced_7">Step 7: Editing rootfs</a></h2> |
588 |
|
589 |
<p>Insert the compact flash memory into the host environment and mount.</p> |
590 |
|
591 |
<pre> |
592 |
# mount /dev/sdb1 /mnt/cfcard/ |
593 |
</pre> |
594 |
|
595 |
<p>Install package for mkfs.jffs2 program.</p> |
596 |
|
597 |
<pre> |
598 |
# apt-get install mtd-tools |
599 |
</pre> |
600 |
|
601 |
<p>Load mtdblock kernel module.</p> |
602 |
|
603 |
<pre> |
604 |
# modprobe mtdblock |
605 |
</pre> |
606 |
|
607 |
<p>Load mtdram kernel module.</p> |
608 |
|
609 |
<pre> |
610 |
# modprobe mtdram total_size=16384 |
611 |
</pre> |
612 |
|
613 |
<p>Create device file which is used as rootfs .</p> |
614 |
|
615 |
<pre> |
616 |
# mknod /dev/mtdblock2 b 31 2 |
617 |
</pre> |
618 |
|
619 |
<p>Copy the rootfs to the device which is used as rootfs .</p> |
620 |
|
621 |
<pre> |
622 |
# cat /mnt/cfcard/rootfs-orig > /dev/mtdblock2 |
623 |
</pre> |
624 |
|
625 |
<p>Mount the rootfs .</p> |
626 |
|
627 |
<pre> |
628 |
# mkdir -p /mnt/rootfs |
629 |
# mount -t jffs2 /dev/mtdblock2 /mnt/rootfs/ |
630 |
# cd /mnt/rootfs/ |
631 |
</pre> |
632 |
|
633 |
<p>Edit as needed. (This step corresponds with Basic course's <a href="#basic_7">step 7</a> till <a href="#basic_9">step 9</a>.) |
634 |
Be sure to copy /sbin/ccs-init and /etc/ccs/ccs-load-module and files under /lib/modules/2.6.15-sh/ . If you forgot to copy, TOMOYO Linux will not be activated. Also, you need to prepare policy under /etc/ccs/ directory.</p> |
635 |
|
636 |
<p>Solidify the content of rootfs .</p> |
637 |
|
638 |
<pre> |
639 |
# cd |
640 |
# mkfs.jffs2 -p -o /mnt/cfcard/rootfs -r /mnt/rootfs/ |
641 |
</pre> |
642 |
|
643 |
<p>Unmount the rootfs .</p> |
644 |
|
645 |
<pre> |
646 |
# umount /mnt/rootfs/ |
647 |
</pre> |
648 |
|
649 |
<p>Eject the compact flash memory and insert it into CAT760.</p> |
650 |
|
651 |
<pre> |
652 |
# umount /mnt/cfcard/ |
653 |
</pre> |
654 |
|
655 |
<h2><a name="advanced_8">Step 8: Updating flash ROM</a></h2> |
656 |
|
657 |
<p>Power on and proceed to the boot loader.</p> |
658 |
|
659 |
<pre> |
660 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
661 |
RTC clock :2010/05/04 17:44:10 |
662 |
command line = zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
663 |
Mac address = 00:03:82:03:03:C8 |
664 |
Boot size = 0x10000 |
665 |
Kernel size = 0x130000 |
666 |
>> |
667 |
</pre> |
668 |
|
669 |
<p>Enter the administrator mode. Password is silinux .</p> |
670 |
|
671 |
<pre> |
672 |
admin |
673 |
</pre> |
674 |
|
675 |
<p>Copy the kernel and rootfs .</p> |
676 |
|
677 |
<pre> |
678 |
cp cf0:zImage rom:zImage |
679 |
cp cf0:rootfs rom:rootfs |
680 |
</pre> |
681 |
|
682 |
<p>Set default commandline.</p> |
683 |
|
684 |
<pre> |
685 |
setparam console=ttySC0,115200 root=/dev/mtdblock2 ro rootfstype=jffs2 |
686 |
</pre> |
687 |
|
688 |
<p>Boot.</p> |
689 |
|
690 |
<pre> |
691 |
boot |
692 |
</pre> |
693 |
|
694 |
<p>That's all.</p> |
695 |
|
696 |
<p>If you cannot boot, you can boot with TOMOYO Linux disabled by specifying "boot console=ttySC0,115200 root=/dev/mtdblock2 ro rootfstype=jffs2 ccsecurity=off" at the boot prompt.</p> |
697 |
|
698 |
<h2><a name="advanced_appendix">Appendix: Restoring factory defaults</a></h2> |
699 |
|
700 |
<p>To restore the backup created at <a href="#advanced_6">Step 6</a>, do the below steps.</p> |
701 |
|
702 |
<p>Power on and proceed to the boot loader.</p> |
703 |
|
704 |
<pre> |
705 |
CAT BOOT for CAT760 Version: 1.07 Feb 27 2007 17:45:59 |
706 |
RTC clock :2010/05/04 17:44:10 |
707 |
command line = zimage=cf0:zImage console=ttySC0,115200 root=/dev/hda1 ro rootfstype=ext2 |
708 |
Mac address = 00:03:82:03:03:C8 |
709 |
Boot size = 0x10000 |
710 |
Kernel size = 0x130000 |
711 |
>> |
712 |
</pre> |
713 |
|
714 |
<p>Enter the administrator mode. Password is silinux .</p> |
715 |
|
716 |
<pre> |
717 |
admin |
718 |
</pre> |
719 |
|
720 |
<p>Copy kernel and rootfs .</p> |
721 |
|
722 |
<pre> |
723 |
cp cf0:zImage-orig rom:zImage |
724 |
cp cf0:rootfs-orig rom:rootfs |
725 |
</pre> |
726 |
|
727 |
<p>Set command line.</p> |
728 |
|
729 |
<pre> |
730 |
setparam console=ttySC0,115200 root=/dev/mtdblock2 ro rootfstype=jffs2 |
731 |
</pre> |
732 |
|
733 |
<hr> |
734 |
|
735 |
<p><a href="index.html.en">Return to index page.</a></p> |
736 |
<p><a href="http://sourceforge.jp/"><img src="http://sourceforge.jp/sflogo.php?group_id=1973" width="96" height="31" alt="sflogo.php" title="SourceForge.jp"></a></p> |
737 |
</body> |
738 |
</html> |