Get SMTP credentials from IAM access keys for Amaon Simple Email Service.

Here's some code to get you Amazon SES SMTP credentials from your access key id and secret.

def get_smtp_creds(access_key_id, secret_access_key):
    message = 'SendRawEmail'
    version = 0x02

    sig = hmac.new(
        secret_access_key,
        msg=message,
        digestmod=hashlib.sha256)
    sig_bytes = sig.digest()
    sig_and_version_bytes = (struct.pack('B', version) + sig_bytes)
    smtp_password = base64.b64encode(sig_and_version_bytes)

    return access_key_id, smtp_password

Upgrading to BIOS version A08 on Dell Sputnik

Upgrading the BIOS on a Dell XPS13 (Sputnik) is a huge pain in Linux. I work on Ubuntu 13.04 on my sputnik, so some of this may be specific to that version of Ubuntu. To summarize the procedure, I built a FreeDOS hard disk image and use that image to upgrade the BIOS. I had to use a hard disk image because the bios upgrade binary is bigger than a floppy. Here are the steps:

1. wget http://www.freedos.org/download/download/fdbasecd.iso
2. qemu-img create -f raw upgrade_bios.img 100M (you can use dd to do this also)
3. qemu-system-x86_64 -hda upgrade_bios.img -cdrom fdbasecd.iso -boot d
4. Install FreeDOS onto the disk image.
5. Shutdown the VM.
6. wget http://downloads.dell.com/FOLDER01438023M/1/L322XA08.exe
7. Become root (su or sudo -s)
8. kpartx -sav upgrade_bios.img (will create /dev/loop[0-9]\+ and /dev/mapper/loop[0-9]\+p1)
9. mount /dev/mapper/loop0p1 /mnt
10. mkdir /mnt/bios
11. cp L322XA08.exe /mnt/bios
12. umount /mnt
13. kpartx -sd upgrade_bios.img
14. cp upgrade_bios.img /boot
15. apt-get install syslinux
16. Add following a script in /etc/grub.d to add entries to grub to boot to the image using memdisk from syslinux. The entries should look something like the following:
    

    menuentry "Upgrade BIOS" {
       insmod part_msdos

       insmod ext2

       linux16 /usr/lib/syslinux/memdisk
       initrd16 /boot/upgrade_bios.img
    }

    For example, here's my /etc/grub.d/25_memdisk_for_bios_upgrade:
    #!/bin/sh set -e if [ -f /usr/lib/grub/grub-mkconfig_lib ]; then . /usr/lib/grub/grub-mkconfig_lib LX=linux16 else # no grub file, so we notify and exit gracefully echo "Cannot find grub config file, exiting." >&2 exit 0 fi # We need 16-bit boot, which isn't available on EFI. if [ -d /sys/firmware/efi ]; then exit 0 fi # We can't cope with loop-mounted devices here. case ${GRUB_DEVICE_BOOT} in /dev/loop/*|/dev/loop[0-9]) exit 0 ;; esac prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | sed -e "s/^/\t/")" if test -e /boot/upgrade_bios.img ; then FREEDOSPATH=$( make_system_path_relative_to_its_root "/boot/upgrade_bios.img" ) echo "Found BIOS upgrade image: $FREEDOSPATH" >&2 cat << EOF menuentry "Upgrade BIOS" { EOF printf '%s\n' "${prepare_boot_cache}" cat << EOF $LX /usr/lib/syslinux/memdisk initrd16 $FREEDOSPATH } EOF fi
17. chmod 755 /etc/grub.d/25_memdisk_for_bios_upgrade
18. update-grub
19. Reboot computer and get into grub boot menu (in Ubuntu, you can hold Shift during the boot to for showing the grub menu)
20. Select "Upgrade BIOS"
21. Select 1st boot option from FreeDOS boot menu
22. Wait for C:\> prompt
23. cd BIOS
24. Make sure your power is plugged in.
25. run L322XA08.exe
26. Wait for it to complete
27. Reboot and celebrate if it works.

UPDATE (2013/10/19): Added script contents for /etc/grub.d/25_memdisk_for_bios_upgrade.

UPDATE (2013/11/09): Fixed the 25_memdisk_for_bios_upgrade script. Added some previously missing steps.

UPDATE (2013/12/21): Dell, if you ever read this, providing the baked freedos .img file with the BIOS upgrader inside as a download from your website would be super useful. Bonus points if you make the BIOS utility start with autoexec.bat and then restart the machine when it's done. That's exactly what I did to enable a similar image to be used to upgrade BIOSes on some Dell servers. It even worked over PXE.

Turn an Ubuntu Linux box a WAP (Wifi Access Point)

I recently helped a friend of mine James Miller setup an Ubuntu Linux box as a wireless access point. I had never done this before, but I found it to be pretty straightforward. Here is the very abbreviated version of the things that need to be done assuming that your wireless driver is supported by the nl80211 interface in the Linux kernel:

1. Install hostapd
2. Add a configuration file for hostapd
3. Modify /etc/network/interfaces to bring up the hostapd config

James and I used an ath5k card to pull this off.

Installing hostapd:

At a root prompt, type: "apt-get install hostapd". Doing so will install all the machinery needed to bring up a WAP, but it will have no configuration.

Creating the config file for hostapd:

In /etc/hostapd/{essid}.conf, use the following contents for an unencrypted WAP:

interface=wlan0
driver=nl80211
ssid={essid} channel=1 # may want to replace with another channel

Of course, you should replace "{essid}" with your actual essid.

Modifying the /etc/network/interfaces file:

You'll need something similar to the following:

auto wlan0
iface wlan0 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  hostapd /etc/hostapd/{essid}.conf

Conclusion:
That should get you a simple unencrypted WAP setup. If you want encryption, you can use hostapd to implement simple WPA2 personal or more interesting WPA2 enterprise style security (among other options). I would strongly recommend at least WPA2 personal (a.k.a. pre-shared key or PSK) encryption unless you have reasons to make it less secure.

Note also that this setup will leave you with your wireless network and other networks on separate layer 2 domains, which means that packets will need to be routed between them. You'll probably also want to get dhcp running so that you don't have to manually configure clients on the wireless network. I am going to leave getting these additional bits working as a exercise for the reader. As a hint, checkout the isc-dhcp-server package and the net.ipv4.forward (for IPv4). You might also want to check out the shorewall package as a nice firewall. :)

Good luck!

Samsung SCX-4623FW Supported by Fully Open Drivers

I was searching for a new smaller printer/scanner recently. I don't print out much, so I wanted a black-and-white laser printer. I also wanted a scanner so that I can get rid of my old printer/scanner since it's so big.

Finding a new printer that is supported by open drivers is really difficult, and configuring SANE backends is not my definition sanity. However, I looked on the SANE database and found that Samsung's SCX-4623 is supported. I couldn't find any support in the Linux Foundation's OpenPrinting database for the SCX-4623. So...I took a leap of faith and bought the printer for about $150.

To be clear, many vendors, including Samsung, offer binary drivers for their printers. However, I really wanted to use the open drivers so that I could contribute to the systems involved instead of being locked out.

The first step was to get the scanner working. At first, I tried to get the xerox_mfp backend working. I just added the following line into the /etc/sane.d/xerox_mfp.conf config file: "usb 0x04e8 0x3440". This did not work as the SANE backend did not seeing the scanner. After a significant troubleshooting effort, I found that the SANE backend had a bug that prevented USB scanners from being used with the xerox_mfp backend. I have reported the bug and presented a patch to the SANE community. See it here. After applying this patch, I was able to successfully scan at 1200dpi in color. That's full capacity for this machine. Success is mine!

This machine also supports ethernet and wireless. Both worked for scanning after configuring the xerox_mfp backend with the machine's network address and port. The same bug didn't affect the networked support for the xerox_mfp backend, so everything just worked.

Great, so the scanner works, now what?

So, now I had to get the printer working. The printer supports the ipp protocol. I was hoping that I could just use some generic CUPS filter to work with it. The printer claimed support for PCL5e in the web interface for the printer, so I just used the generic PCL5e driver and the ipp address of the printer. Everything just worked!

My next step is to write a PPD to properly describe this printer fully. I am also trying to figure out out to get this info integrated into the OpenPrinting database.

Having said all this, my printer/scanner is running totally on free and open source software, and I can recommend this to others looking for a printer that's fully supported by free and open source software.

I would also like to reach out to Samsung and encourage them to let their users know this information so that their users don't have to go through the hassle of installing binary only drivers that only work on x86_64 or i386 architectures.

This information probably also applies to the SCX-4623F, which doesn't have wireless support.

Coreboot Config Cleanups

I have submitted a few patches to the coreboot team that cleanup some configuration items. Mostly, they remove duplicated and misplaced configuration items.

For instance, for some of the boards I looked at, they have a hard reset because their southbridge provides that functionality. However, the hard reset was configured in the mainboard config instead. I moved the configs to the southbridge and removed the config from the mainboard. There are a lot of config options similar to this one. I am going to try to get some more patched out tomorrow.

BIOS hacking

Previously, I had soldered an soic8 socket onto my motherboard in place of the soic8 surface mount chip so that I could replace the soic8 chip easily. Here's a picture:

BTW, does anyone know where I can buy more of the soic8 sockets pictured above? I was given one by a friend and I don't know where to get them.

I have finally soldered up a more permanent version of my soic8 serial flash programmer. The basic circuit design was by Uwe Hermann. I added a 3M test clip to make it easier to flash my chips. Here's a picture:

Update: The soic socket adapter is located at http://www.dediprog.com/SPI-flash-accessories/SPI-Flash-Socket-8pin. Whoa, that's expensive shipping.

Inteltool from Coreboot

I am doing some work trying to add Core i7 support to the inteltool utility from the Coreboot project.

Core i7 is very different from the previous intel chipsets, and figuring out how to represent some of the stuff in inteltool's view of the world is a challenge. The main problem I am facing right now is that inteltool thinks the northbridge chip contains the memory controller. However, in i7, that functionality has been moved into a PCI device on the processor itself. I am still trying to figure out a solution.