Linux Systems and AWS Cloud Technology
NO SECURITY THROUGH OBSCURITY BY: CROWDSEC.NET
Firmware updates are not a mandatory step in system administration. They however might contain improved or fixed broken functionality, even added new functionality or the so beloved security patches etc. In the case of Raspberry Pi the firmware is made of not yet fully upstreamed linux kernel and closed source binary files (referred to as blobs) from Broadcom. Raspberry Pi kernel has almost made its way to the upstream linux source but those closed source parts will never go this way. This firmware is free of charge and it’s available for download from their git page Raspberry Pi in its most simple booting setup is build on 1 microSD card , 1st small fat32 partition (around 100-150mb) and 2nd bigger ext4 (linux type filesystem) partition for the actual linux distro. On the smaller partition you will find config files, kernel image and device tree files + bootcode + camera firmware.
On the bigger partition you will find in the “/opt/vc” folder many other interesting closed source parts of the firmware – raspistill, raspivid and the most famous tool – vcgencmd. In “/lib/modules” there will be the kernel modules (while the kernel image is located in the fat32 partition). There are various linux distributions for this board and among the many of them there is only one official called Raspbian and the others can be considered unofficial. In Raspbian the fat32 partition is mounted on the “/boot” folder while in the unofficial rpi linux distros it’s usually found in “/boot/firmware” folder. Having that in mind let’s see how to update the firmware. From what I know there are two obvious ways – manually which involves more time and technical expertise and automatically which involves a bit of know how + set it and forget it. Let’s say a few words on each of these two methods then:
Bonus information:
Permissions on Raspberry specific kernel devices are in udev config. Mine is like this, feel free to adapt to your scenario:
cat /etc/udev/rules.d/10-vchiq-permissions.rules
SUBSYSTEM==”vchiq”,GROUP=”video”,MODE=”0660″
SUBSYSTEM==”vc-sm”, GROUP=”video”, MODE=”0660″
SUBSYSTEM==”bcm2708_vcio”, GROUP=”video”, MODE=”0660″
Famous vcgencmd examples:
vcgencmd version, vcgencmd measure_temp, vcgencmd get_throttled, vcgencmd otp_dump – if you need more of these you can visit the full reference here.
If you happen to own raspberry camera then raspivid and raspistill (from the firmware package) will be very valuable tools especially when coupled with something like that – RPi-Cam-Web-Interface
It is in fact possible to boot Raspberry Pi 3 with usb only without having to use sdcard for initialization. Modifying chip otp with “program_usb_boot_mode=1” in config.txt and rebooting the board does the job done – usb mode is active. More details here.
Some better understanding of the board boot flow combined with a wire with a resistor connected to 2 gpio pins of the board will set you up with even faster usb boot.