How to use the RPMB partition of the eMMC

custom_board

#1

Hello!

I’m working with a yocto / OE image for the DB410c. The board came with Windows IoT programmed on it.

While searching for a suitable location to store commissioning data I stumbled over that eMMC RPMB partition. Trying out mmc-utils to access that partition, did not led to success. E.g. reading the counter using mmc rpmb read-counter /dev/mmcblk0rpmb returns RPMB operation failed, retcode 0xffff.

Do you have any hints on the RPMB? Is it usable on DB410c at all?

Regards


#2

The rpmb partition is used in the early boot phases. It contains the boot image for the resource and power management processor. If you overwrite the rpmb your system won’t boot. Fortunately the partition is protected and that is why you were unable to access it.

Lawrence


#3

Hi Lawrence!
Thank you for your quick response! I got a little bit confused of all these partitions on eMMC.

There is one partition called rpm (defined in that gpt_both0.bin) which gets programmed with the rpm.mbn image. But as of my understanding, that partition is distinct from the eMMC RPMB (Replay Protected Memory Block) partition. Are they not distinct?

If the RPMB cannot be used, is there any other on-chip storage that can be used for write-once commissioning-data (such as a serialnumber)?

Regards,
Jan


#4

I do not have a DB410c nor do I have any experience in this area but the following gives an overview of the kernel support for RPMB:
https://lwn.net/Articles/700483/


#5

Rpmb was added to some Linux kernel in 2017, and works through the trust zone image. I am pretty sure that the trustzone image in the tz partition (tz.mbn) is older than rpmb.

As to a secure place to hold things, I have been asking Linaro for a place to store the MAC address for years. I’ll admit that I am not keeping up with the changes, so maybe it is now available.

Lawrence


#6

I did a little more research and it appears Tomas Winkler has given up after version 7.
https://lkml.org/lkml/2016/11/7/674
So I guess you just have to apply the patches yourself.


#7

IIRC those discussion were somewhat circular since IMHO such standardisation needed to come from the board vendor. Needs to be be same partition, at the same disk block address and not overwritten during provisioning. If the same approach is not taken for all DB410C operating systems (Debian, RPB/OE, Android, Win10 IoT) then installing different OS would clobber all the unique ids anyway making it rather pointless.

However the OP could perhaps adopt this approach by creating a custom partition table and fishing out MAC addresses from this partition in fastboot (replacing the current eMMC ID code).