Talos II - "Testing firmware images without flashing" instructions are not working

[tlaurion]

At https://docs.dasharo.com/variants/talos_2/installation-manual/#testing-firmware-images-without-flashing

3. Mount the file as flash device:
    1. mboxctl --backend file:/tmp/flash.pnor
        1. root@talos:~# mboxctl --backend file:/tmp/flash.pnor
            1. Failed to resolve path: No such file or directory
            2. root@talos:~# mboxctl --version
            3. Mailbox Control V2.1.1
    2. Those instructions are not working.
        1. As documented from https://wiki.raptorcs.com/wiki/Compiling_Firmware#Running_the_firmware_temporarily
                1. systemctl stop mboxd
            2. Point mboxd to prepared talos.pnor image
                1. mboxd -f 64M -w 1M -b file:/tmp/talos.pnor -v
            3. Open another ssh to BMC
                1. mboxctl --lpc-state
                    1. should show “LPC Bus Maps: BMC Memory”
                2. obmcutil poweron
                3. When done testing
                    1. obmcutil poweroff
                    2. systemctl start mboxd
                    3. mboxctl --lpc-state
                        1. Should show: “LPC Bus Maps: Flash Device”

[krystian-hebel]

@tlaurion did you read the original image with pflash -r /tmp/talos.pnor?

[tlaurion]

@krystian-hebel yes

This is just erratum on step 3 of original instructions.

Prior steps until failing step 3:

Following https://docs.dasharo.com/variants/talos_2/installation-manual/#testing-firmware-images-without-flashing
    1. Taking backup of whole flash
        1. pflash -r /tmp/talos.pnor
root@talos:~# pflash -r /tmp/talos.pnor
Reading to "/tmp/talos.pnor" from 0x00000000..0x04000000 !
[==================================================] 100% ETA:0s     
        2. Getting local backup of whole pnor
user@captive-portal:~$ scp root@talos:/tmp/talos.pnor ~/Documents/talos.pnor
root@talos's password: 
talos.pnor                                                                                                          100%   64MB   3.2MB/s   00:20    
    2. “Flashing” modified partitions
        1. We copy instructions from “Copy the binaries to the BMC”
               user@captive-portal:~$ scp *.ecc root@talos:/tmp/
               root@talos's password: 
               raptor-cs_talos-2_bootblock_v0.5.0.signed.ecc 100%   28KB   1.3MB/s   00:00    
               raptor-cs_talos-2_coreboot_v0.5.0.rom.signed.ecc 100% 2309KB   3.1MB/s   00:00    
        2. We manipulate instructions from “Flash the binaries by replacing HBB partition”
            1. HBB partition is bootblock per instructions
            2. HBI partition is coreboot per instructions
            3. BOOTKERNEL partition is either Petitboot or Heads per instructions
        3. We modify partitions in pnor backup to include verified bootblock and coreboot from instructions
            1. pflash -P HBB -p /tmp/raptor-cs_talos-2_bootblock_v0.5.0.signed.ecc -F /tmp/talos.pnor
                1. confirm when asked: “yes”
            2. pflash -P HBI -p /tmp/raptor-cs_talos-2_coreboot_v0.5.0.rom.signed.ecc -F /tmp/talos.pnor
                1. confirm when asked: “yes”
    3. Mount the file as flash device:
        1. mboxctl --backend file:/tmp/flash.pnor
root@talos:~# mboxctl --backend file:/tmp/flash.pnor
Failed to resolve path: No such file or directory
root@talos:~# mboxctl --version
Mailbox Control V2.1.1

[tlaurion]

Which resulted in bug report #80 for release 0.5.0

[krystian-hebel]

Strange, it works perfectly fine for me, with the exact same mboxctl version. One last thing that comes to mind, have you typed those commands manually or copied and pasted them? I have seen cases where web browser changed normal ASCII to similarly looking but different characters.

[SergiiDmytruk]

@krystian-hebel This is an issue about documentation being inconsistent:

1. Flash is read to /tmp/talos.pnor.
2. Mount is done for /tmp/flash.pnor.

These are two different paths.

[krystian-hebel]

Oh, I see it now. Indeed, instruction needs to be fixed.

[tlaurion]

user@captive-portal:~$ ssh -l root talos
root@talos's password: 
root@talos:~# mboxctl --lpc-state
LPC Bus Maps: BMC Memory
root@talos:~# ps faux|grep mbox
root      7341  0.0  0.5  68728  2180 ?        S    Apr26   0:05 mboxd -f 64M -w 1M -b file:/tmp/talos.pnor -v
root      8982  0.0  0.2   2944  1284 pts/1    S+   13:07   0:00      \_ grep mbox
root@talos:~# kill 7341
root@talos:~# systemctl start mboxd
root@talos:~# mboxctl --lpc-state
LPC Bus Maps: Flash Device
root@talos:~# mboxctl --backend file:/tmp/talos.pnor
Failed to post message: No route to host
root@talos:~# systemctl start mboxd
root@talos:~# mboxctl --backend file:/tmp/talos.pnor
SetBackend: Success
root@talos:~# mboxctl --lpc-state
LPC Bus Maps: BMC Memory
root@talos:~# obmcutil poweron

Boots Talos II on Hostboot from BMC memory right.

@krystian-hebel This is an issue about documentation being inconsistent:

1. Flash is read to `/tmp/talos.pnor`.

2. Mount is done for `/tmp/flash.pnor`.

These are two different paths.

@SergiiDmytruk was right, sorry about that.

Documentation is confusing though:
It is possible to test new firmware images without flashing the physical flash device. This makes testing and switching between two versions (e.g. Hostboot and coreboot) much faster and safer. There are two ways of doing so, one is described on Raptor's wiki and requires starting mboxd manually, the second one is described below. v2.00+ BMC firmware requirement still applies.

Made me thought a step was missing, and I had to systemctl stop mboxd manually and then feed mboxd with mboxd -f 64M -w 1M -b file:/tmp/talos.pnor -v and use a dual ssh setup to load crafted firmware on one, and then boot platform with obmcutil poweron

[tlaurion]

Another part that should be duplicated, for clarity, is something in the lines of:

        2. We need manipulate instructions from “Flash the binaries by replacing HBB partition” above:
            1. HBB partition is bootblock per instructions
            2. HBI partition is coreboot per instructions
            3. BOOTKERNEL partition is either Petitboot or Heads per instructions
        3. We modify partitions in pnor backup to include verified bootblock and coreboot from instructions
            1. pflash -P HBB -p /tmp/raptor-cs_talos-2_bootblock_v0.5.0.signed.ecc -F /tmp/talos.pnor
                1. confirm when asked: “yes”
            2. pflash -P HBI -p /tmp/raptor-cs_talos-2_coreboot_v0.5.0.rom.signed.ecc -F /tmp/talos.pnor
                1. confirm when asked: “yes”

While instructions to get out of emulated flash, back to stored ROM image:

root@talos:~# mboxctl --lpc-state
LPC Bus Maps: BMC Memory
root@talos:~# systemctl stop mboxd
root@talos:~# systemctl start mboxd
root@talos:~# mboxctl --lpc-state
LPC Bus Maps: Flash Device

[miczyg1]

Let's address those issues with documentation. The suggestion is also to clarify the regions (names what they are used for). Also the referenced Raptor's wiki is contradicting with what we have.

[SergiiDmytruk]

While instructions to get out of emulated flash, back to stored ROM image:

@tlaurion You don't need to restart the service for that, running mboxctl --backend vpnor should do it.

[tlaurion]

Agreed. Issue was typo between flash.pnor and talos.pnor, while clarifying HBB: bootblock, HBI: coreboot and BOOTKERNEL: heads/petitboot should suffice to clarify ambiguity on current doc

[macpijan]

This was supposed to be fixed in: Dasharo/docs#175

@tlaurion We will wait for your confirmation here.

[tlaurion]

Could be optimized for easier testing and bug report, as reported under #272 (comment)