[Mac] Code sign for gdb

• 在 Mac上以 MacPort 安裝 gdb 後, 會顯示

•  gdb has the following notes:
      You will need to codesign /opt/local/bin/ggdb
      
      See
      https://sourceware.org/gdb/wiki/BuildingOnDarwin#Giving_gdb_permission_to_control_other_processes
      for more information. 

• 請按照網頁所列方法為 gdb 做 code sign. 否則在 gdb run的時候會顯示以下 error message:

• Unable to find Mach task port for process-id 72241: (os/kern) failure (0x5).
   (please check gdb is codesigned - see taskgated(8))
  

[Security] DRM - Digital Right Management System

• 契機
• 最近在看 ATSC3.0 的 standard, 其中一部分 A/360 Security 問到關於 content protection 的部分, 整個被問倒, 只好好好筆記一下如何做到 content protection. 先來看看 ATSC3.0 定義的 content protection 在哪一層. 有此圖可知, 這是 based on ISO-BMFF 的 format
• 
• Content Protection
• standards
• W3C Encrpyted Media Extension (EME)
• What: a Javascript API to enable 
• Who:
• W3C defined
• a web application exchanges decryption keys
• MPEG Common Encrypted (CENC)
• What: ISO-BMFF format (e.g. mp4 container) 若要使用 DRM, 則需要 CENC, 可想成此規範定義了 ISO-BMFF 支援 DRM時, 需要在那些 box 定義 DRM 相關的 parameters, namely, Protection System Specific Header Box (pssh)
• Who: 
• scrambling system
• ISO-BMFF file
• Where:
• When:
• Why: for DRM system
• How:
• only encrypts media samples, and keep metadata un-encrypted
• DRM comparison

[Networking] kernel networking flow

• https://wiki.linuxfoundation.org/networking/kernel_flow

[Notes] Linux Devices Drivers 3Ed.

• Books: Linux Device Drivers
• Ch1. Introduction
• 說明驅動程式的角色
• 設計原則: 提供機制 (mechanism)-要提供什麼能力, 而非法則 (policy)-如何使用這些能力
• Kernel 概論
• Module
• Device分類: character device, block device, network interface
• Ch2. Module
• Kernel preparation
• Download Linux Kernel source codes

apt-get source linux-image-unsigned-$(uname -r)

• Install build tools

sudo apt-get install libncurses-dev flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf

• Modify config file (backup first)

cp /boot/config-4.15.0-91-generic .

make menuconfig

• Build (add -fno-pie @Makefile KBUILD_FLAGS if build error)

make -j 16 clean

make -j 16

• Reference:
  • 在 Ubuntu16.04 上編譯 Kernel
  • 编译内核出现：cc1: error: code model kernel does not support PIC mode
• 展示 Hello World Module
• build - 
• include kernel headers (/usr/src/linux-headers)
• make file - obj-m
• sample module file

#include 
#include 

MODULE_DESCRIPTION("Hello_world");
MODULE_LICENSE("GPL");

static int hello_init(void)
{
 printk(KERN_INFO "Hello world !\n");
 return 0;
}

static void hello_exit(void)
{
 printk(KERN_INFO "Bye !\n");
}

module_init(hello_init);
module_exit(hello_exit);

• sample Makefile

PWD := $(shell pwd) 
KVERSION := $(shell uname -r)
KERNEL_DIR = /usr/src/linux-headers-$(KVERSION)/

MODULE_NAME = hello
obj-m := $(MODULE_NAME).o

all:
 make -C $(KERNEL_DIR) M=$(PWD) modules
clean:
 make -C $(KERNEL_DIR) M=$(PWD) clean

• 測試

insmod hello.ko
dmseg

• 程式架構
• header: 重要 headers: linux/init.h, linux/module.h 含有後面要用到的 marcos
• license
• module_init()
• module_exit
• Kernel module v.s. user space application
• insmod/modprobe/rmmod/lsmod
• module lifecycle - facility
• module parameter
• module_param(parameterName, type, permission)