For a long time, it was speculated that writing zeroes into some
/dev/mmcblk0 areas can erase idme variables, because these areas are somewhat specially handled (maybe, write-only) and directly mapped to storage area of these variables. I think, it's not quite right.
At first, some trivial fact:
idme tool (i.e.
/usr/sbin/idme) initially reads current idme varables' values from various
/proc files, which are created by kernel from values passed by U-Boot in memory. Here is a list of these files:
Code:
[root@kindle root]# grep /proc\/ /usr/sbin/idme
/proc/usid
/proc/mac_addr
/proc/mac_sec
/proc/board_id
/proc/bootmode
/proc/postmode
Second trivial fact:
idme provides a way to change idme variables' values through writing these values to
/dev/mmcblk0.
But real values
aren't changed immediately after writing to
/dev/mmcblk0. They are changed only on (re)boot by U-Boot. Check function
idme_check_update in U-Boot sources (located at file
common/cmd_idme.c). This function peeks at fixed offset of
/dev/mmcblk0, checks for presence of predefined magic byte sequence (represented by characters "abcdefghhgfedcba") and then (only after acknowlegement of presence of magic sequence!) copies idme variables block from
/dev/mmcblk0 to separate boot partition (where U-Boot is stored by itself) and rewrite idme variables block at
/dev/mmcblk0 with zeroes.
eMMC offset and size of variables block are defined at
include/configs/imx50_yoshi.h:
Code:
#define CONFIG_MMC_USERDATA_ADDR 0x3F000
#define CONFIG_MMC_USERDATA_SIZE (5*1024)
Code:
#define CONFIG_IDME_UPDATE 1
#define CONFIG_IDME_UPDATE_ADDR 0x3f000
#define CONFIG_IDME_UPDATE_MAGIC "abcdefghhgfedcba"
Let's look at data at that offset right after reboot:
Code:
[root@kindle root]# hexdump -C -s 0x3f000 -n 5120 /dev/mmcblk0
0003f000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00040400
All zeros.
Let's set idme variable value and then read data at that offset again (I've changed suffixes of private data values with
X):
Code:
[root@kindle root]# idme -d --bootmode main
Devmode enabled
Reading vars from temp storage...
...None found, Copying vars from /proc
Setting bootmode to main
Writing new vars to temp area
You must reboot before new values will take effect
[root@kindle root]# hexdump -C -s 0x3f000 -n 5120 /dev/mmcblk0
0003f000 42 30 30 46 XX XX XX XX XX XX XX XX XX XX XX XX |B00FXXXXXXXXXXXX|
0003f010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0003f030 46 30 XX XX XX XX XX XX XX XX XX XX 00 00 00 00 |F0XXXXXXXXXX....|
0003f040 45 53 XX XX XX XX XX XX XX XX XX XX XX XX XX XX |ESXXXXXXXXXXXXXX|
0003f050 XX XX XX XX 00 00 00 00 00 00 00 00 00 00 00 00 |XXXX............|
0003f060 30 30 35 XX XX XX XX XX XX XX XX XX XX XX XX XX |005XXXXXXXXXXXXX|
0003f070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0003f1f0 61 62 63 64 65 66 67 68 68 67 66 65 64 63 62 61 |abcdefghhgfedcba|
0003f200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00040000 6d 61 69 6e 00 00 00 00 00 00 00 00 00 00 00 00 |main............|
00040010 6e 6f 72 6d 61 6c 00 00 00 00 00 00 00 00 00 00 |normal..........|
00040020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00040400
It looks like area, where
idme tool write values,
isn't write-only.