Project

General

Profile

Bug #1704

test/port card emulation firmware for SAM3S based SIMtrace2

Added by laforge about 5 years ago. Updated 12 days ago.

Status:
Feedback
Priority:
High
Assignee:
Category:
firmware
Target version:
-
Start date:
05/09/2016
Due date:
% Done:

90%

Spec Reference:

Description

We have card emulation working on a different board already, but the changes need to be re-tested against a real SIMtrace board with SAM3S


Related issues

Related to SIMtrace 2 - Bug #1705: re-integrate tracing + card reader modes into SIMtrace2 firmware (SAM3S)Stalled05/09/2016

Associated revisions

Revision 6b7f8d14 (diff)
Added by Kévin Redon 2 months ago

make sim switch board specific

the simtrace board uses a bus switch not used on qmod and owhw to
switch the SIM between physical and virtual

Change-Id: Ieaf2ed4761fc3e04f33f9aac5c04a768c9a6f71e
Related: OS#1704

Revision 752bc7f4 (diff)
Added by laforge 2 months ago

card_emu: Use USART timeout for waiting time

Instead of using the timer/counter peripheral to handle the waiting time
and corresponding timeout, the USART peripheral internal timeout
mechanism is used.

This is particularly important for the SIMtrace board since there
(contrary to other boards) the I/O signal is not wired to a TIO pin
of the timer/counter block, and hence Rx/Tx data cannot reset that
timer/counter.

As a result of this migration, cardem is now supported not only on
owhw + qmod, but also on the simtrace board.

The guts of this change have been lifted out of Change-Id
Ibcb2c8cace9137695adf5fb3de43566f7cfb93b5 by Kevin Redon, which was
unfortunately touching various different topics at the same time and
hence was split up. Some improvements are the introduction of the
ENABLE_TX_TIMER_ONLY mode, which avoids the USART interrupt handler
getting hammered with TXRDY between release of RST and start of the ATR.

Change-Id: Ibcb2c8cace9137695adf5fb3de43566f7cfb93b5
Related: OS#1704

Revision e410842d (diff)
Added by laforge 2 months ago

card_emu: Fix USART timer, particularly in re-start situations

The existing code started the timer once (and expired once) but didn't
properly handle re-starting of the timer. Neither did it handle
the 'half time expiration' case. If we want to call a function after
half the WT expiring, we must of course program the hardware for half
the timeout, and not the full timeout...

Change-Id: Ia999d97f835c27597fcd1cf7ac78bac0ab9c98c1
Related: OS#1704

Revision 7b681981 (diff)
Added by laforge 2 months ago

card_emu: Fix computation of waiting time

As we store the waiting time (WT) in 'etu', we must adjust the formula
from ISO 7816-3. The 'Fi' component in the formula only exists to
compute clock cycles from the etu, which we don't need here.

Without this patch, the waiting time would be way too large (by a factor
of 372 in the default case).

Change-Id: Ia21bc7303f9b38834b5b1753983ed2a99bfc7d95
Related: OS#1704

History

#1 Updated by laforge about 3 years ago

  • Assignee changed from laforge to tsaitgaist

#2 Updated by laforge about 3 years ago

  • Project changed from SIMtrace to SIMtrace 2
  • Category deleted (SIMtrace firmware)
  • Status changed from New to In Progress

#3 Updated by tsaitgaist almost 3 years ago

current state of cardem firmware on SIMtrace board, as reported by a user on the mailing list:
I've built (make BOARD=simtrace APP=cardem) the cardemulation-firmware of
the current master-branch (0.4.131-8f70) and flashed the resulting
simtrace-cardem-dfu.bin using dfu-util.

Furthermore I compiled the host binaries, triggered a reset on my simtrace2
device to make sure it's in runtime mode and then executed the remote-sim
program (sudo ./simtrace2-remsim -V 1d50 -P 60e3 -C 1 -I 0 -A `sudo
./simtrace2-list | cut -d = -f 2 | cut -d , -f 1 | tail -1`). The simtrace2
device, as well as an USB-CCID compliant omnikey cardreader are attached to
my linux computer as described in the QMOD manual. During runtime mode the
red LED on the simtrace2 is blinking, while the green LED is off.

I noticed that when the simtrace2-remsim program tries to send an ATR to
the simtrace2 device via usb (cardem_request_set_atr), the
libusb_bulk_transfer function is blocking, before returning
LIBUSB_ERROR_TIMEOUT. The serial debugging-output I got on the simtrace2
doesn't show any futher information (last state is "-I- USB is now
configured").

When I reset the usb-modem that is connected to the simtrace2 device I get
the following messages on the debug-serial:
I Changed to ISO 7816-3 state 1
reset de-asserted
I WT updated to 9600
I Changed to ISO 7816-3 state 0
reset asserted
I Changed to ISO 7816-3 state 1
reset de-asserted
[...]

while the simtrace2-remsim program is also receiving some garbage:
URB:
-> 03 00 00 00 00 00 0c 00 04 00 00 00
unknown simtrace msg type 0x00
URB:
-> 03 00 00 00 00 00 0c 00 08 00 00 00
unknown simtrace msg type 0x00
URB:
-> 03 00 00 00 00 00 0c 00 04 00 00 00
unknown simtrace msg type 0x00
[...]

I've also tried several older versions/commits - however I didn't get any
of them working properly.
When using version 0.4.13-ba2a (from this commit:
https://git.osmocom.org/simtrace2/commit/?id=ba2ad563cc0e389213a3f6f6ebe79dc21dfb26a3)
I was able to send the ATR to the simtrace and directly entered the main
loop on the host program.
The serial debugging-output (after a manual modem-reset) also looked
somehow more promising, but didn't work either:
I 0: VCC activated
I 0: CLK activated
I 0: RST released
I 0: computed Fi(1) Di(1) ratio: 372
I 0: send_tpdu_header: 00 a4 00 04 02
I 0: VCC deactivated
I 0: CLK deactivated
I 0: VCC activated
I 0: CLK activated
I 0: VCC deactivated
I 0: CLK deactivated
[...]

#4 Updated by laforge almost 3 years ago

  • Category set to firmware

#5 Updated by tsaitgaist almost 3 years ago

  • Related to Bug #1705: re-integrate tracing + card reader modes into SIMtrace2 firmware (SAM3S) added

#6 Updated by tsaitgaist almost 3 years ago

  • Status changed from In Progress to Stalled

will do once cardem is tested automatically on sysmoQMOD.

#7 Updated by tsaitgaist over 2 years ago

  • Status changed from Stalled to In Progress

resumed to continue osmo-remsim work

#8 Updated by laforge 4 months ago

  • Status changed from In Progress to Stalled
  • Assignee deleted (tsaitgaist)

#9 Updated by laforge 4 months ago

  • Priority changed from Normal to High

#10 Updated by laforge 3 months ago

  • Assignee set to Hoernchen
Hoernchen and I discussed the following process:
  1. rebase the hoernchen/simtrace_cardem branch once more
  2. Hoernchen re-tests on simtrace2 and qmod hardware
  3. I re-test on owhw hardware
  4. we collaborate to merge the branch

#11 Updated by laforge 3 months ago

  • Status changed from Stalled to In Progress
  • Assignee changed from Hoernchen to laforge
  • % Done changed from 0 to 90

I've started with a rebase of the said branch followed by a thorough review of the code in detail. Unfortuantely there were many problems with the existing branch, starting from functional bugs in the code, coding style issues as well as mixing too many different tasks in the same patch[es].

So I basically re-wrote large parts of Kevin's code, as it seemed easier to split it up that way, and create individual changes that only change one thing at a time

for the record:

  • I have severe doubts that the pull-up/pull-down of SIM_IO has ever worked. It's a great idea and I understand the problem, but I think this needs a proper and verified mplementation that really switches between alternate function and GPIO mode as needed
  • the transition from tc_etu to UART tmer has been done (split out in one as small as possible patch)
    • PTS has been tested, works finr with sysmoISIM-SJA2 and their F/D ratio of 16
    • has been tested on qmod + simtrace boards, so no new board-specific #ifdefs in the card_emu code
    • the UART timer of the original patch had two issues which are resolved now
      • half-time callback function was not called for any WT < 65535 etu (virtually any etu), as the hardware timeer was not set to half of the WT
      • timer didn't restart after the first expiration (no "NNNNNNNNNNNNNNN..." on the debug UART if the remote SIM stalls for some time
  • the field renames went not just from "fi to "f" but actually to "F", as 'f' is the frequency in ISO7816-3
  • field renames of user-visible simtrace_proto.h has been done with backwards compatibility
TODO
  • revisit I/O pull-up/pull-down topic
  • incorporate "Fi/Fn * Dn/Di" factor in WT computation for correctness in PTS cases
  • implement function to become unresponsive (needed in various situations as per spec)
  • test second UART on QMOD ST12
  • test on OWHW
  • make proper use of LEDs

#12 Updated by roh 24 days ago

i just updated a board and retested it and got a 'no sim' from a s4mini (worked before already)

serial trace:

=============================================================================
SIMtrace2 firmware 0.7.0.103-c690, BOARD=simtrace, APP=cardem
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x28900960 (Ext 0x00000000)
-I- Serial Nr. 51203220-574a4a52-30303620-30323037
-I- Reset Cause: general reset (first power-up reset)
-I- USB init...
USBD_Init
SetAddr(42) -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ SetCfg(1) cfgChanged1 -I- calling configure of all configurations...
-I- Sniffer config
-I- calling init of config 1...
-I- Sniffer Init
-I- entering main loop...
-I- USB is now configured
'nknown command '0] -W- _ 
'nknown command ' <power on phone here>
'nknown command '
'nknown command '
-I- Changed to ISO 7816-3 state 1
reset de-asserted
-I- WT updated to 9600 ETU
-I- Changed to ISO 7816-3 state 0
reset asserted
-I- Changed to ISO 7816-3 state 1
reset de-asserted
-I- WT updated to 9600 ETU
-I- Changed to ISO 7816-3 state 0
reset asserted
'nknown command '
'nknown command ' <power off phone here>
'nknown command '

$ ./simtrace2-cardem-pcsc -n 0 -V 1d50 -P 60e3 -H 2-1.2 -C 1 -I 0 -k
simtrace2-cardem-pcsc - Using PC/SC reader as SIM
(C) 2010-2020, Harald Welte <laforge@gnumonks.org>
(C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>

<= osmo_st2_cardem_request_config(00000001)
SIMtrace <- 01 08 00 00 00 00 0c 00 01 00 00 00 
SIMtrace <- 01 05 00 00 00 00 09 00 01 
SIMtrace <- 02 02 00 00 00 00 09 00 01 
<= osmo_st2_cardem_request_set_atr(3b 9f 96 80 1f c7 80 31 a0 73 be 21 13 67 43 20 07 18 00 00 01 a5 )
SIMtrace <- 01 02 00 00 00 00 1f 00 16 3b 9f 96 80 1f c7 80 31 a0 73 be 21 13 67 43 20 07 18 00 00 01 a5 
SIMtrace <- 02 01 00 00 00 00 0b 00 02 2c 01 
Entering main loop
-> 03 00 00 00 00 00 0c 00 04 00 00 00 
unknown simtrace msg type 0x00
-> 03 00 00 00 00 00 0c 00 04 00 00 00 
unknown simtrace msg type 0x00
-> 03 00 00 00 00 00 0c 00 04 00 00 00 
unknown simtrace msg type 0x00

<power on phone here>

-> 03 00 00 00 00 00 0c 00 08 00 00 00 
unknown simtrace msg type 0x00
-> 03 00 00 00 00 00 0c 00 04 00 00 00 
unknown simtrace msg type 0x00
-> 03 00 00 00 00 00 0c 00 08 00 00 00 
unknown simtrace msg type 0x00
-> 03 00 00 00 00 00 0c 00 04 00 00 00 
unknown simtrace msg type 0x00

<power off phone here>

build just moments ago from master

#13 Updated by roh 22 days ago

just because i was confused why it worked for me before i retestet - as a comparison with an older version of the cardem firmware, and it worked with 4d2f. and it does not with c690.

both testruns with the following setup:
S4mini, red sysmoUSIM-SJS1 in thinkpad ccid reader, host utils built from git c690a1f13042c5a1a464cf094b6d304dfb8b6288
i also tried a sysmoISIM-SJA2

the difference is only simtrace firmware:
working run:
SIMtrace2 firmware 0.7.0.100-4d2f-dirty, BOARD=simtrace, APP=cardem

failing run:
SIMtrace2 firmware 0.7.0.103-c690, BOARD=simtrace, APP=cardem
-> no sim

serial log of working version

=============================================================================
SIMtrace2 firmware 0.7.0.100-4d2f-dirty, BOARD=simtrace, APP=cardem
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x299b0a60 (Ext 0x00000000)
-I- Serial Nr. 44203020-48574336-30303132-32313035
-I- Reset Cause: user reset (NRST pin detected low)
-I- USB init...
USBD_Init
SetAddr(57) -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ SetCfg(1) cfgChanged1 -I- calling configure of all configurations...
-I- calling init of config 1...
-I- Modem 0: physical SIM
-I- 0: Use local/physical SIM
-I- entering main loop...
-I- USB is now configured
-W- Sta 0x88828 [0] -W- _ -I- 0: skipping unsupported card_insert to INSERTED
-I- Modem 0: virtual SIM
-I- 0: Use remote/emulated SIM
-I- 0: ATR set: 3b 9f 96 80 1f c7 80 31 a0 73 be 21 13 67 43 20 07 18 00 00 01 a5 
-I- 0: VCC activated
-I- 0: CLK activated
-I- 0: RST released
-I- 0: computed F(1)/D(1) ratio: 372
-I- 0: computed F(9)/D(6) ratio: 16
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 c0 00 00 60
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 c0 00 00 56
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 08 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 c0 00 00 60
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 c0 00 00 20
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b0 00 00 0a
-I- 0: flush_rx_buffer (5)
N-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 c0 00 00 60
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 c0 00 00 20
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 08 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 c0 00 00 60
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 c0 00 00 23
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b2 04 04 6e
-I- 0: flush_rx_buffer (5)
NN-I- 0: send_tpdu_header: 00 b2 04 04 6e
-I- 0: flush_rx_buffer (5)
N-I- 0: send_tpdu_header: 00 a4 08 0c 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 a4 00 0c 02
....
I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: a0 d6 00 00 14
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (20)
-I- 0: send_tpdu_header: a0 f2 00 00 16
-I- 0: flush_rx_buffer (5)
N-I- 0: RST asserted
-I- 0: VCC deactivated
-I- 0: CLK deactivated
-I- 0: skipping unsupported card_insert to REMOVED

serial log of failing version

=============================================================================
SIMtrace2 firmware 0.7.0.103-c690, BOARD=simtrace, APP=cardem
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x299b0a60 (Ext 0x00000000)
-I- Serial Nr. 44203020-48574336-30303132-32313035
-I- Reset Cause: user reset (NRST pin detected low)
-I- USB init...
USBD_Init
SetAddr(69) -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ SetCfg(1) cfgChanged1 -I- calling configure of all configurations...
-I- Sniffer config
-I- calling init of config 1...
-I- Sniffer Init
-I- entering main loop...
-I- USB is now configured
'Unknown command '
-W- Sta 0x88828 [0] -W- _ -I- Changed to ISO 7816-3 state 1
reset de-asserted
-I- WT updated to 9600 ETU
-I- Changed to ISO 7816-3 state 0
reset asserted
-I- Changed to ISO 7816-3 state 1
reset de-asserted
-I- WT updated to 9600 ETU
-I- Changed to ISO 7816-3 state 0
reset asserted

#14 Updated by laforge 22 days ago

Hi roh,

can you please try with the laforge/cardem2 branch (141ba6f887773913b2c005c66362b488774423f2)
which I just pushed?

That should be 4d2f rebased on top of current master. If it works, I'll merge it.

Thanks!

#15 Updated by laforge 12 days ago

  • Status changed from In Progress to Feedback
  • Assignee changed from laforge to roh

laforge wrote:

can you please try with the laforge/cardem2 branch (141ba6f887773913b2c005c66362b488774423f2)
which I just pushed?

That should be 4d2f rebased on top of current master. If it works, I'll merge it.

Any news on this? It's also worth re-testing master now, before goign for that branch.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)