This is the firmware of the hardware probe we ship to our supporters. It was tested only on our specific ARM-v6 probes and we don't guarantee it will work correctly on other similar devices. As a user it is not necessary to update your firmware unless something breaks or you need to replace the SD card.
How to get a Globalping hardware probe
Check the Releases
The gz file is ready to get flashed to your SD Card, no preparation required.
The compiled firmware can be flashed to an SD card using Raspberry PI Imager, balenaEtcher, Rufus or other similar software.
After the SD Card is correctly flashed and verified it can be inserted into the Globalping hardware probe and the probe powered up.
- After power-up the red LED will be on for the first 17 seconds
- After this, the red LED will turn off and the green LED will start blinking
- When the probe software has been started the green LED will go solid.
- If during the startup process the green LED never turn's on, it could be a flash sdcard issue or the sdcard is not correctly installed on the slot.
- Probe Software has failed, and the software restart is being done (should jump to solid Green when finishes).
The actual probe code that runs inside a docker container on the device is automatically updated. Learn more about the probe code
For security reasons there is no way to get shell access of a running probe. But for debugging purposes you can connect to it via SSH to get the container logs of the software probe. To connect:
- Login into your router's web UI and check the list of connected devices. You should be able to spot the globalping hardware probe in the list.
- Get the IP address of the probe
- Login via ssh
ssh logs@IP_ADDRESS
e.g.ssh logs@192.168.1.145
- You can now see the log output of the docker container running the software probe on your device.
To access firmware logs (only really useful to firmware devs/firmware debug), repeat the above steps but with "devlogs" instead of "logs" as the user
In addition to the security features of the software probe these are the extra safe guards we used to make the hardware device as secure as possible:
- The rootfs of the probe OS is read-only
- The kernel configuration was tunned to reduce the size and exploitable area
- The probe container runs completely from RAM
- The OS will automatically reboot every 3 days + random amount of hours between 1 and 48.
- The only user that is eligible to use SSH is the "logs" user, without shell access
- The OS was trimmed to have minimum attack surface
The script was tested on Ubuntu 22.04 LTS. First install the required software:
apt update -y && apt install gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev xterm python3-subunit mesa-common-dev zstd liblz4-tool file
Next create a user for the compilation process and clone this repo locally.
useradd -m compiler
su compiler
bash
cd /home/compiler
git clone https://github.com/jsdelivr/globalping-hwprobe
NOTE for maintainers: Before building a new version update the version inside the firmware itself.
- Update https://github.com/jsdelivr/globalping-hwprobe/blob/master/meta-jsdelivr/recipes-jsdelivr/jsdelivr-scripts/files/jsdelivr-startWorld.sh#L6
- Clone and build
- Tag with the same version
- Upload
You can now run the bash script that will download all the necessary dependencies and build the firmware. NOTE: This process can take a couple of hours
cd globalping-hwprobe
bash build_firmware.sh
After the build is done a firmware file with the extension ".sunxi-sdimg" will appear in the current directory.
The probe firmware can upgrade the container itself using a USB flash drive as the initiator for the process but not as a method of offline upgrade. This is done as a security measure to avoid "Evil maid " type of attacks.
To create the USB update key is just a matter of using a USB flash drive formatted as fat with a file named "JSDELIVR.UPD" in its root. The file can be empty as its presence is checked, not the file content.
After the USB drive preparation is done, plug the USB Flash drive in the probe and power cycle it The probe will detect the USB flash and check for the presence of the update key file. If it's present, the upgrade process will start, with a rapid flashing of the GREEN led. At the end of the process, the initiator file "JSDELIVR.UPD" will be erased, and the probe automatically reboots.
If by any chance there is a need to go back to the container version bundled with the probe firmware, this can be quickly done by doing the same process as the USB Update, but instead with a file named "JSDELIVR.RESET"