Intel Atom C2000 Скачать руководство пользователя страница 59

Страница: 59 / 86

System Security Considerations

Getting Started Guide

System Security Considerations

This section contains a high-level list of system security topics. Specific OS/filesystem topics
are outside of the scope of this document. For more information, see the Rangeley Software

Programmer’s Guide, specifically the Secure Architecture Considerations section.

Securing your operating system is critical. You should consider the following items:

Note:

This is not an exhaustive list.

•

Employing effective security policies and tools; for instance, SELinux* is configured correctly
and is active

•

Running and configuring the firewall(s)

•

Preventing privilege escalation at boot (including recovery mode)

•

Removing unnecessary software packages

•

Patching software in a timely manner

•

Monitoring the system and the network

•

Configuring and disabling (as appropriate) remote access

•

Disabling network boot

•

Requiring secure passwords

•

Encrypting files, up to full-disk encryption

•

Ensuring physical security of the system and the network

•

Using mlock to prevent swapping sensitive variables from RAM to disk

•

Zeroing out sensitive variables in RAM

Содержание Atom C2000

Страница 1: ...Document Number 333035 003 Intel Atom Processor C2000 Product Family for Communications Infrastructure Software for Linux Getting Started Guide Revision 003 December 2021...

Страница 2: ...design defects or errors known as errata which may cause the product to deviate from published specifications Current characterized errata are available on request Intel technologies features and ben...

Страница 3: ...Compatibility 16 2 1 3 Wind River Intelligent Network Platform 17 3 System Setup and Installation 20 3 1 Power OnKitPartInventory 20 3 1 1 Customer Reference Board CRB 20 3 1 2 ATX PowerConnector 20...

Страница 4: ...gy 49 6 6 Intel Data Plane Development Kit 49 6 7 libcrypto OpenSSL SamplePatchforIntel QuickAssist Technology 49 6 8 Linux KernelCryptographicFrameworkSampleDriverforIntel QuickAssist Technology 49 7...

Страница 5: ...OfLifeTests 70 10 1 2 2 WirelessTests 71 10 1 3 Test Results 72 10 1 4 Unloading the Sample Code 73 10 2 Acceleration Functional Sample Code 73 10 2 1 Compiling the Acceleration Functional Sample Code...

Страница 6: ...ection Diagram Upper Left Corner 39 Figure 26 Mohon Peak Jumper Selection Diagram Lower Left Corner 39 Figure 27 MohonPeak JumperSelectionDiagram LowerRightCorner 40 Figure 28 MohonPeak JumperSelectio...

Страница 7: ...Getting Started Guide 7 Table 12 DXEPhase 76 Table 13 MRC Post Codes 77 Table 14 MRC Error Codes 79...

Страница 8: ...ion 9 2 Installation Script on page 59 UpdatedSection9 2 2 CommandLineArguments on page 60 andSection9 3 1 Installingthe Acceleration Software on page 61 Added Section 9 7 MinimizingAcceleration Softw...

Страница 9: ...6 0 Installing Building and Running Yocto plus added Section 6 4 Running the SDK Image on page 48 November2013 333035 1 0 Updatesinclude Updated Section 6 0 Installing Building and Running Yocto on p...

Страница 10: ...nfrastructure Software for Linux Software package Acceleration drivers is used as a generic term for the software that allows the QuickAssist Software Library APIs to access the Intel QuickAssist acce...

Страница 11: ...odownloadigb driver Table 1 showstheitemsmadeavailablevia 01 org Table 1 Software and Collateral Available via 01 org Document Title Document Number Intel QuickAssistTechnologySoftwareReleaseNotes 330...

Страница 12: ...ollaterallistcontainstheproductdocumentationlistedinTable 4 Table 2 Softwareand CollateralAvailablevia the Intel BusinessPortal Document Title Document Number Yocto BSP meta inteltarball 526174 Intel...

Страница 13: ...al user interface entries and buttons 1 5 Software Overview 1 5 1 Features Implemented Thesoftwareprovidesthefollowing features AccesstothecryptographicservicesintheIntel QuickAssistTechnologyhardware...

Страница 14: ...esent if both drivers are built InstallerLog txt Log of installer script output Inone or bothof the QAT1 x directories Files Directory Comments QAT1 x QAT1 x L a b c n tar gz QAT1 x driver package QAT...

Страница 15: ...rs for your project as well High performance flexible Wind River Linux 5 delivers the power of the industry standard Yocto Project infrastructure with better interoperability across many popular platf...

Страница 16: ...ms Table 5 Yocto Project Compatibility Matrix FEATURES YOCTO PROJECT WIND RIVER LINUX Kernel toolchain core user space packages build system Hardened Commercial quality assurance QA across entire feat...

Страница 17: ...ance capabilitiescanonlybeunlockedbyoptimizingintelligentsoftwareforthelatesthardware platforms WindRiverIntelligentNetworkPlatformtakesfulladvantageofIntelmulti core communicationplatforms Performanc...

Страница 18: ...ccelerationfunctionalitypre integratedwithIntel communications platform Consolidationofmultiplenetwork applications intoone system PrebuiltWind River Intelligent NetworkPlatform binaries use cases and...

Страница 19: ...Setup and Installation Customer Reference Board CRB Features Board Jumper Selection The following appendixes from the Mohon Peak CRB User s Guide are also included in this document Appendix A Intel At...

Страница 20: ...tallation 20 Getting Started Guide 3 System Setup and Installation 3 1 Power On Kit Part Inventory 3 1 1 Customer Reference Board CRB Figure 2 CustomerReferenceBoard 3 1 2 ATX Power Connector Figure 3...

Страница 21: ...up and Installation Getting Started Guide 21 3 1 3 Chassis Theprovided MohonPeakchassis Figure 4 Chassis 3 1 4 Memory Two 2 GB UDIMMs will be included with every Mohon Peak Power On Kit Figure 5 2 x 2...

Страница 22: ...3 2 Initial Board Setup 3 2 1 Building of MPI Socket Proper installation of the MPI socket and SoC processor are very important for the successful setup or upgrade of the Mohon Peak CRB See step by st...

Страница 23: ...Align the pin on indicator on the bolster plate with pin one on the PCB Torque screws to 10 in lbs or tighten 1 8 to turn past screw seating on PCB Ensure that eachscrewhas plastic washeroneach sideof...

Страница 24: ...h the alignment pins in the alignment holes Figure 10 PCB Diagram Figure 11 Pin 1Alignment Diagrams ProcessorPackagePlacement a Place the C2xx0 or C2xx8 package into the socket b Gentlypress on the to...

Страница 25: ...the Barrel nuts until each Barrel nut has engaged with the plungers Figure 13 Top Plateand CPU FanPlacementDiagrams Seating theSpringAssemblies a Tighten the Barrel nuts in an X pattern as shown belo...

Страница 26: ...ard is important for the BIOS and OS recognition of populated UDIMMs and proper functioning of the memory on the system The first two UDIMMs to be installed on the CRB must properly terminate each mem...

Страница 27: ...be unusable in the future Figure 17 Connection of Power PinstoATX PowerConnector 3 3 BIOS Flash Update Process Updating the BIOS firmware on the Mohon Peak CRB requires reprogramming the Flash memory...

Страница 28: ...ided EEPROM data file to the USB Flash drive Power the Mohon Peak system on and stop in the EFI Shell Plug the USB Flash drive into an available USB port At the Shell prompt type the following series...

Страница 29: ...he variables saved in the RTC registers To clear the CMOS on a Mohon Peak CRB the board must be powered off completely Once the machine is off move the JP12 jumper see Figure 27 from the 1 2 position...

Страница 30: ...Peak CRB is intended for customer reference and validation of the Intel Atom Processor C2000 Product Family for Microserver or the Intel Atom Processor C2000 Product Family for Communications Infrastr...

Страница 31: ...elConnectors 4 2 1 CPU The SoC is based on the Silvermont two way superscalar out of order IA core The Silvermont is a 22 nm core used for ultra low power applications The SoC can contain up to 8 Silv...

Страница 32: ...hon Peak board provides four DDR3 DIMM sockets for a dual channel memory system two UDIMMs per channel The characteristics of the supported memory include DDR3 1 5V or DDR3L 1 35V UDIMMs ECC is suppor...

Страница 33: ...operation and the BIOS1 Flash device must be removed from its socket Return the Flash device to its socket once finished using the emulator Make sure to align pin one of the Flash device with pin one...

Страница 34: ...HCI 1 0 Specification and supports up to four USB 2 0 root ports USB 2 0 allows data transfers up to 480 Mbps The controller integrates a Rate Matching Hub RMH to support USB 1 1 devices Figure 22 F_U...

Страница 35: ...power to the Mohon Peak CRB DO NOT connect the daughter card to the Management connector on the left side of the board and power it on This will permanently disable the board 4 2 9 Management Connecto...

Страница 36: ...n Peak CRB Diagram Trusted Platform Module Supported on LPC Bus 4 2 11 Front Panel Connector The Front Panel header allows for connection of chassis LEDs and buttons This header is labeled F_PANEL and...

Страница 37: ...USB end of the cable tothe mini USB connection on the front of the Mohon Peak CRB Connect the otherend of the cable to the Windows client machine On the Windows client machine open the Device Manager...

Страница 38: ...eration 2 3 BIOSProgramming 1 2 NormalOperation JP20 PCIe configure between Slot1 and 2 1 2 No PCIe card at Slot 2 2 3 With a PCIe card atSlot 2 1 2 No PCIe card at Slot 2 JP21 PCIe configurebetweenSl...

Страница 39: ...Board Jumper Selection Getting Started Guide 39 Figure 25 Mohon Peak JumperSelection Diagram Upper Left Corner Figure 26 Mohon Peak Jumper Selection Diagram Lower Left Corner...

Страница 40: ...Board Jumper Selection 40 Getting Started Guide Figure 27 MohonPeak JumperSelectionDiagram LowerRightCorner Figure 28 MohonPeak JumperSelectionDiagram Upper RightCorner...

Страница 41: ...Document Number 333035 003 Part 2 Yocto This section contains the following chapter Installing Building and Running Yocto...

Страница 42: ...the BSP If you would like the pre built image please contact your Intel representative Note The pre built image has a Time Limited Kernel TLK which means that the image is restricted to a 10 day upti...

Страница 43: ...onment changes totake effect Updateapt get sudo apt get y update Installtherequiredsoftwarecomponents sudo apt get y install gawk wget git core diffstat unzip texinfo build essential chrpath libsdl1 2...

Страница 44: ...it change the line to MACHINE mohonpeak64 Note To add extra packages to the generated image edit EXTRA_IMAGE_FEATURES variable and add the following package names separated by a space EXTRA_IMAGE_FEAT...

Страница 45: ...onal To build the disk image with a newer version of the GbE driver when available modifythe poky meta intel meta mohonpeak recipes igb igb igb bb file to match the newer PV string SRC_URI md5sum and...

Страница 46: ...erify that the file size is on the order of hundreds of MB 6 2 Creating the Linux Boot Disk 6 2 1 Locating the hddimg If you have created your own hddimg via the process in Section 6 1 your hddimg is...

Страница 47: ...disk The output will include the information on the number of heads sectors per tracks and number of cylinders Save this information for the next step Enter q to exit the fdisk prompt Createthe corre...

Страница 48: ...t Disk fails then use the method described in Section 6 2 2 2 Creating a SATA Boot Disk to create bootable USB Dependingonyourparticularvideocard youmayseeagraphicaldesktoporatextprompt to login If yo...

Страница 49: ...ssist Technology software Intel DPDK Gigabit Ethernet driver libcrypto netkey and Yocto BSP packages 6 5 Intel QuickAssist Technology See Section 1 2 Where to Find Current Software and Documentation f...

Страница 50: ...Document Number 333035 003 Part 3 Running on Fedora This section contains the following chapters Installing and Setting Up Fedora Building and Installing the Software...

Страница 51: ...the BIOS on the Development Kit Note Ensure that you have an updated BIOS image see document 518736 and that you have read and are familiar with Chapter 3 0 System Setup and Installation and Chapter 4...

Страница 52: ...following warning may be displayed when installing on a blank disk REINITIALIZING WILL CAUSE ALL DATA TO BE LOST If you definitely know the hard drive in use is blank proceed Otherwise power down and...

Страница 53: ...to move to the line starting withlinux Add the option 3 to the end of the line separated by a space from any otheroptions Press F10 to resume booting Depending on your use case and install details se...

Страница 54: ...ownloads section browse to the latest version of the ASPEED Graphics Family BIOS Driver Package and download it Extract this file to the tmp directory cd tmp unzip path_to v version _whql zip Extract...

Страница 55: ...1024x768_75 00 may not work on all monitors Rebootthesystem shutdown r now 7 4 ConfiguringLinux Once the operating system is installed there are a few configuration items that may need to be complete...

Страница 56: ...icktheAutomaticproxy configuration URL buttontoenterproxy information 7 4 2 3 Proxy Settings for Shell Prompt The Linux environment variable http_proxy allows you to connect text based applications vi...

Страница 57: ...M file You are asked if you would liketo keep the existing MAC address Select YESand press Enter Note If you encounter errors at this step ensure that you have selected the correct hex file Press ESC...

Страница 58: ...network stack service NetworkManager restart Verifythatthe4x1GbEnetworkportsarevisibleusingifconfig Verifythatthesenetwork ports can obtain an IP address and pass traffic If the 4x 1GbE network ports...

Страница 59: ...te This is not an exhaustive list Employing effectivesecurity policiesand tools forinstance SELinux isconfiguredcorrectly and is active Running and configuringthefirewall s Preventing privilegeescalat...

Страница 60: ...xof tarball name Restricting accessto the filesisrecommended chmod R 770 QAT The installation script and driver files are created under the QAT directory 9 2 InstallationScript An installation script...

Страница 61: ...s you toselect which softwarecomponents are built installed 0 Exit Exit the installation script 9 2 1 InstallerLog The InstallerLog txt file is appended after each installation with the time date and...

Страница 62: ...ssword In the QAT directory start the installation script cd QAT installer sh Select the Install Acceleration installation option This installs the Acceleration software You will be prompted for a dir...

Страница 63: ...e the Rangeley Software Programmer s Guide for build object details then the acceleration software is not installed and is not ready for use Refer to the Installer log file in the QAT directory for ad...

Страница 64: ...tel 80386 version 1 SYSV dynamically linked uses shared libs for GNU Linux 2 6 32 not stripped c2xxx_qa_dev0 conf ASCII English text dh89xxcc_qa_dev0 conf ASCII English text dh89xxcc_qa_dev0_single_ac...

Страница 65: ...service start If the service qat_service start command fails verify the following Softwareis installed Accelerationsoftwareisalreadyrunning Verify the SoC is enumerated properly using the lspci comman...

Страница 66: ...uide for additional information on the configuration files 9 7 Minimizing Acceleration Software Compilation Time When compiling installing the Acceleration Software a make clean operation is performed...

Страница 67: ...Document Number 333035 003 Part 4 Running Sample Applications This section contains the following chapter Running Sample Applications...

Страница 68: ...used and all code built successfully it may be possible to proceed directly to Section 10 1 2 Note These instructions assume the software package was untarred in the QAT directory and the kernel sour...

Страница 69: ...rt ICP_BUILD_OUTPUT ICP_ROOT build export ICP_TOOLS_TARGET accelcomp Thesample codeis compiled with the default assumption that the kernel sourceheader files are located in one of the following direct...

Страница 70: ...ubmitted for each iteration default 20 cySymLoops x Number of iterations of all symmetric code tests default 5000 cyAsymLoops y Number of iterations of all asymmetric code tests default 5000 runTests...

Страница 71: ...be required for older Linux distributions User Space After building the sample code with the installation script the kernel space kernel driver the user space application and the memory mapping drive...

Страница 72: ...esmain 636 Error calling setupCipherTest Note The wireless firmware must be used if the wirelessFirmware 1 parameter is specified The following error messages are displayed if you specify the paramete...

Страница 73: ...and the following sections contain instructions for both Note The memory driver included with the sample application is a sample memory driver and is not intended for actual deployment 10 2 1 Compili...

Страница 74: ...n error message similar to the following when submitting the insmod command insmod error inserting algchaining_sample ko 1 Resource temporarilyunavailable This error can be safely ignored When the tes...

Страница 75: ...Running Sample Applications Getting Started Guide 75 Note nrbg_sample is one of the functional user space applications You can launch the other user space applications in a similar fashion...

Страница 76: ...se Post Code Description 0x01 BSP Protected Mode Start 0x02 Status_Code 0x03 PlatformInitialization Microcode Loaded 0x04 WA toenable BIOS_REST_DONE 0x09 Initialize NEM 0x0A EstablishStack 0x0B PeiCor...

Страница 77: ...le Ddrio Phy Init 0xA0 MMRC SFR Vol Sel 0xA1 MMRC PLL Init 0xA2 MMRC DDR Static Init 2 0xA3 MMRC DDR Static Init Perf 0xA4 MMRC DDR Static Pwr Clk Gating 0xA7 MMRC DLL Init 0xA8 MMRC Comp Init 1 0xAA...

Страница 78: ...ry 0xB4 Coarse Write Leveling Entry Hooks 0xB6 Read Vref Entry Hooks 0xB7 Read Training Entry Hooks 0xB9 Write Vref Entry Hooks Max Vref Center 0xBA Set Common Vref 0xBB Write Training Exit Hooks 0xBC...

Страница 79: ...ixed 0xEA DDR3 training did not complete successfully 0xEB Memory test failure 0xEC SMBUSread write failure 0xED UDIMMs and RDIMMs are both present DIMM vendor specific errors 0xEF Indicates aCLTT tab...

Страница 80: ...m the Flash memory The following specific example is presented in order to describe the programming process B 1 ToolsRequired Windows PCwith an available USB port DediProg SF600 SPI Flash Programmer h...

Страница 81: ...e connector Plug theadapterwithcableintotheSF600programmer aligningthebump outonthe adapter connector with the slot in the SF600 programmer ICP connector WithpowerdisconnectedfromtheMohonPeakCRB plugt...

Страница 82: ...B 3 plug the system ATX power supply in and turn the power supply on Do not push the power button on the CRB or the front panel of the chassis SPI Flash must be programmed with standby power from the...

Страница 83: ...in the Memory Type pop up window and then clickOK Figure 32 DediProg Memory Type Selection In the main DediProg Software window that appears click the File icon in the toolbaratthe top andselecttheBIO...

Страница 84: ...r to reset the contents ofFlash memory forprogramming Figure 34 DediProgErase Flash Click the Prog icon in the tool bar to actually put the BIOS into Flash Figure 35 DediProgProgram Flash ClicktheVeri...

Страница 85: ...tarted Guide 85 Turn the power to the Mohon Peak CRB off Exit the DediProg software on the PC disconnect the SF600 programmer from the Mohon Peak CRB and change jumper JP22 to connect pins 1 2 Power t...

Страница 86: ...Table 7 Move JP4 to select the desired Flash part to program Leave JP22 set to connect pins 1 2 The following steps describe how to perform a BIOS update using the currently installed BIOS See Table 7...

Результаты поиска

Содержание Atom C2000

Отзывы:

Похожие инструкции для Atom C2000

Бренды по названию

Популярные бренды

Intel Atom C2000, Руководство по началу работы

Результаты поиска

Содержание Atom C2000

Отзывы:

Похожие инструкции для Atom C2000

Бренды по названию

Популярные бренды