11
黑威联通QTS Model硬件定义笔记(不完整版)
source link: https://www.itpwd.com/462.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
黑威联通QTS Model硬件定义笔记(不完整版)_网络工程_IT密码
如果说黑群晖的难度是1,黑苹果的难度是5,黑威联通大概是3这样吧。
威联通使用的是QTS系统,黑威联通关键的地方,除了需要了解嵌入式linux逆向工程之外,还需要针对不同的硬件设备或者不同的虚拟化平台做出Model文件里面的硬件定义内容。
由于Model的资料比较少,把自行记录的笔记整理一下,本文为黑威联通QTS Model硬件定义笔记(不完整版)。
本文案例设备:PVE宿主机、创建Q35虚拟机用作黑威联通系统,直通两个sata控制器(每控制器分别接入2个物理硬盘共4个硬盘)和一个物理网卡,引导盘使用虚拟硬盘
进入tc系统,使用lspci -vtnn查询PCI设备,提取硬盘控制器、引导、网卡等设备IO号
tc@box:~$ lspci -vtnn
-[0000:00]-+-00.0 Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller [8086:29c0]
+-01.0 Device [1234:1111]
+-1a.0 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 [8086:2937]
+-1a.1 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 [8086:2938]
+-1a.2 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 [8086:2939]
+-1a.7 Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 [8086:293c]
+-1b.0 Intel Corporation 82801I (ICH9 Family) HD Audio Controller [8086:293e]
+-1c.0-[01]----00.0 Intel Corporation Device [8086:31e3]
+-1c.1-[02]----00.0 ASMedia Technology Inc. ASM1062 Serial ATA Controller [1b21:0612]
+-1c.2-[03]----00.0 Realtek Semiconductor Co., Ltd. Device [10ec:8125]
+-1c.3-[04]--
+-1d.0 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 [8086:2934]
+-1d.1 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 [8086:2935]
+-1d.2 Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 [8086:2936]
+-1d.7 Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 [8086:293a]
+-1e.0-[05-09]--+-01.0-[06]--+-03.0 Red Hat, Inc Virtio memory balloon [1af4:1002]
| | +-07.0 Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
| | \-12.0 Red Hat, Inc Virtio network device [1af4:1000]
| +-02.0-[07]--
| +-03.0-[08]--
| \-04.0-[09]--
+-1f.0 Intel Corporation 82801IB (ICH9) LPC Interface Controller [8086:2918]
+-1f.2 Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
\-1f.3 Intel Corporation 82801I (ICH9 Family) SMBus Controller [8086:2930]
tc@box:~$经过上述信息可得出以下信息:
#以上信息均补全硬件定义的开头
-[0000:00]-
#硬盘控制器有三个,01是主板板载sata控制器,02是ASM1062 sata控制器(个别主板可能是板载,也可能是扩展卡),第三个是虚拟sata控制器(注意最后的设备ID,lspci内出现了两次)
#前两个是物理控制器、第三个是虚拟控制器
-[0000:00]-+-1c.0-[01]----00.0 Intel Corporation Device [8086:31e3]
-[0000:00]-+-1c.1-[02]----00.0 ASMedia Technology Inc. ASM1062 Serial ATA Controller [1b21:0612]
-[0000:00]-+-1f.2 Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
#网卡有两个,第一个是物理网卡,第二个是Virtio虚拟网卡(类似的虚拟网卡还有常见的E1000、E1000e、RTL8139、vmxnet3等等)
-[0000:00]-+-1c.2-[03]----00.0 Realtek Semiconductor Co., Ltd. Device [10ec:8125]
-[0000:00]-+-1e.0-[05-09]--+-01.0-[06]--\-12.0 Red Hat, Inc Virtio network device [1af4:1000]
#启动盘,这里要根据实际的情况来提取,启动盘有USB、SATA硬盘等,本文的案例是虚拟硬盘作为引导,所以这里提取的虚拟硬盘控制器地址
-[0000:00]-+-1f.2 Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]重点来了,把提取出来的硬盘控制器、网卡、启动盘的IO地址转换为QTS可识别的地址
#硬盘控制器,每控制器最大可接入6个硬盘,本文的案例是每个物理控制器只接入2个硬盘共4个硬盘
#第一个控制器-板载sata控制器的硬盘定义,根据上述提取的“-[0000:00]-+-1c.0-[01]----00.0”转换而来,这里面要拆成两个信息
总线地址:[0000:00]-+-1c.0
子地址:[01]----00.0
#进制转换(16进制 -> 10进制),定义QTS能识别的地址
00.1c.0 -> B00:D28:F0
01.00.0 -> B01:D00:F0
#最终,注意个别序号从0/1开始,别搞混
[System Disk 1] #该sata控制器接入两个硬盘,这里是物理机的第一个硬盘
DEV_BUS=B00:D28:F0 #总线地址
DEV_PORT = 0 #每sata有0-5号,0是该控制器的第一个硬盘,最大支持6个硬盘
DEV_BRIDGE_BUS = B01:D00:F0 #子地址
[System Disk 2] #该sata控制器的第二个硬盘,这里是物理机的第二个硬盘
DEV_BUS=B00:D28:F0 #总线地址,由于同一个sata控制器故和上述一致
DEV_PORT = 1 #注意这里是1,因为从0开始计算
DEV_BRIDGE_BUS = B01:D00:F0 #子地址,由于同一个sata控制器故和上述一致
#后续的控制器、网卡、启动盘等定义方法,均参考上述第一个控制器的硬盘定义即可,不再啰嗦
#第二个控制器-ASM1062 sata控制器的硬盘定义,根据上述提取的“-[0000:00]-+-1c.1-[02]----00.0”转换而来
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0
#网卡定义,,根据上述提取的“-[0000:00]-+-1c.2-[03]----00.0”转换而来
[System Network 1]
DEV_BUS=B00:D28:F2
DEV_PORT = 0
DEV_BRIDGE_BUS = B03:D00:F0
#启动盘定义,根据上述提取的“-[0000:00]-+-1f.2”转换而来
#进制转换(16进制 -> 10进制)
00.1f.2 -> B00:D31:F2
[Boot Disk 1] 第一个启动盘
DISK_DRV_TYPE = ATA #定义启动盘为sata引导的类型
DEV_BUS = B00:D31:F2
DEV_PORT = 0题外话,新手可忽略这段:总线地址、子地址只有两层,还有子子地址这种三层的PCI设备
-[0000:00]-+-1f.2 Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
-[0000:00]-+-1c.2-[03]----00.0 Realtek Semiconductor Co., Ltd. Device [10ec:8125]
-[0000:00]-+-1e.0-[05-09]--+-01.0-[06]--\-12.0 Red Hat, Inc Virtio network device [1af4:1000]
#第一行:总线地址
#第二行:总线地址-子地址
#第三行:总线地址-子地址-子子地址(为了便于理解……你也可以理解为:爷爷-父亲-孙子……)
#前两个,在上一段已经给出定义方法,但是带有孙子……额……口误,带有子子地址这种的定义方法还未知如何定义
#第三行这种情况,出现在amd个别设备或者pve分配pci设备时不含“pcie=1”时会出现,pve可通过给pcie设备增加“pcie=1”参数解决,其余平台自行研究完整版model.conf - 已移除LED、FAN等参数
[System Enclosure]
VENDOR = QNAP
MODEL = TS-653B
CAP=0x161cdb9c
MAX_DISK_NUM = 6
MAX_TEMP_NUM = 2
MAX_NET_PORT_NUM = 10
INTERNAL_NET_PORT_NUM = 3
MAX_PCIE_SLOT = 1
CPU_TEMP_UNIT = DTS:1
SYSTEM_TEMP_UNIT=EC
SIO_DEVICE = IT8528
PWR_RECOVERY_UNIT = EC
PWR_RECOVERY_CMOS_STORE = 0x70,0x61
BUZZER_CMOS_STORE = 0x70,0x63
BOARD_SN_DEVICE = VPD:BP
ETH_MAC_DEVICE = NET
DISK_DRV_TYPE = ATA
DISK_DEFAULT_MAX_LINK_SPEED = PD_SATA_SAS_6G
SYSTEM_DISK_CACHEABLE_BITMAP = 0x7E
SS_MAX_CHANNELS = 40
SS_FREE_CHANNELS = 4
EUP_STATUS = EC
QA_PORT_SUPPORT = 1
LCM_BAUDRATE = 115200
HEAT_SOURCE = SYS, CPU, DISK
[System I2C]
DEV_BUS = B00:D31:F1
DEV_PORT = 0
[System EDID 1]
DEV_BUS = B00:D02:F0
DEV_PORT = 1
[System EDID 2]
DEV_BUS = B00:D02:F0
DEV_PORT = 0
[System IO]
RESET_BUTTON = EC
USB_COPY_BUTTON = EC
VPD_MB = EC
VPD_BP = EC
EDID_COUNT=2
VOICE_ALERT_SUPPORT = 1
[System Disk 1]
DEV_BUS=B00:D28:F0
DEV_PORT = 0
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 2]
DEV_BUS=B00:D28:F0
DEV_PORT = 1
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0
[System Network 1]
DEV_BUS = B00:D19:F2
PCI_SWITCH_PORT = 7
DEV_PORT = 0
[System Network 2]
DEV_BUS = B00:D19:F2
PCI_SWITCH_PORT = 3
DEV_PORT = 0
[System Network 3]
DEV_BUS = B00:D19:F3
DEV_PORT = 0
QA_PORT = YES
[System PCIE SLOT 1]
DEV_BUS = B00:D20:F0
MAX_PCIE_LINK_WIDTH = 2
[Usb Enclosure]
VENDOR = QNAP
MODEL = USB
MAX_PORT_NUM = 7
USB3_PORT_BITMAP = 0xFE
EXT_PORT_NUM = 2
[Usb Port 1]
DEV_BUS = B00:D21:F0
DEV_PORT = 1
[Usb Port 2]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 4
HUB_PORT = 2
[Usb Port 3]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 3
HUB_PORT = 2
[Usb Port 4]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 2
HUB_PORT = 2
[Usb Port 5]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 1
HUB_PORT = 2
[Usb Port 6]
DEV_BUS = B00:D20:F0
DEV_PORT_SS = 2
[Usb Port 7]
DEV_BUS = B00:D20:F0
DEV_PORT_SS = 1
[MMC Port 1]
DEV_BUS = B00:D27:F0
[Boot Enclosure]
VENDOR = QNAP
MODEL = BOOT
MAX_DISK_NUM = 1
[Boot Disk 1]
DISK_DRV_TYPE = MMC
DEV_BUS = B00:D28:F0
[System Memory]
MAX_CHANNEL_NUM = 2
MAX_SLOT_NUM = 2
SLOT1_ADDR = 1, 0x50
SLOT2_ADDR = 2, 0x52精简版model.conf - 只提取我们需要的部分和修正部分关键硬件IO号:系统定义、磁盘定义、网络定义、启动盘定义
[System Enclosure]
VENDOR = QNAP
MODEL = TS-653B
CAP=0x161cdb9c
MAX_DISK_NUM = 6
MAX_TEMP_NUM = 2
DISK_DRV_TYPE = ATA
[System Disk 1]
DEV_BUS=B00:D28:F0
DEV_PORT = 0
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 2]
DEV_BUS=B00:D28:F0
DEV_PORT = 1
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0
[System Network 1]
DEV_BUS=B00:D28:F2
DEV_PORT = 0
DEV_BRIDGE_BUS = B03:D00:F0
[Boot Enclosure]
VENDOR = QNAP
MODEL = BOOT
MAX_DISK_NUM = 1
[Boot Disk 1]
DISK_DRV_TYPE = ATA
DEV_BUS = B00:D31:F2
DEV_PORT = 0把制作好的model.conf文件上传至tc内的mymodel目录覆盖后,执行命令重新编译后重启进入查看即可
sudo cp -f ./mymodel/* ./initrd/etc/ && sudo ./re_packing && sudo reboot本文只解决QTS的Model硬件定义部分,其余可参考老骥伏枥的黑威联通帖子
【老骥伏枥-狗年大礼包】嵌入式linux逆向工程,手把手教你作黑Q:http://www.nasyun.com/thread-39736-1-1.html
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK