setup.sh: Check that serial port is not enabled for console login

[rzbrk]

setup.sh could check this at the beginning and exit with error message in case the serial port is not properly configured.

Check, that the /boot/cmdline.txt does not contained console=serial0 string.

[Amerlander]

could also be added as a testcase or in the system test

[rzbrk]

Interesting! On my freshly installed AstroPi-IR OS the login over serial port is enabled!!!!

pi@astropiir:~/src/CalliopEO_AstroPi $ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=aeee2bfb-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait ipv6.disable=1

[rzbrk]

Can be closed if PR #95 is merged.

[Amerlander]

Interesting! On my freshly installed AstroPi-IR OS the login over serial port is enabled!!!!

pi@astropiir:~/src/CalliopEO_AstroPi $ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=aeee2bfb-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait ipv6.disable=1

I only did the check, if the program still runs when it is disabled - so I did not checked the inital state. I think this is a recomended hardening step and I wonder if we should really rely on this for the setup and test or just drop a alert and continue when it is enabled. Since for the calliopEO.py it does not matter if its enabled or not. The hardening might be done on the astro pi, but not on every test system - if so we would have to write the steps in the documentation or add it to the setup.

You can follow official guide (Disable Linux serial console) to reconfigure Raspberry Pi OS here*: https://www.raspberrypi.org/documentation/configuration/uart.md

*Step (2) should be changed as below.

Otherwise, you can directly use the following steps:

1. Login as root user or ssh login as pi user and then execute: sudo su root
2. Start raspi-config (as root user): raspi-config
3. Select option 5 - Interfacing Options
4. Select option P6 - Serial
5. At the prompt Would you like a login shell to be accessible over serial? answer 'No'
6. At the prompt Would you like the serial port hardware to be enabled? answer 'Yes'
7. Exit raspi-config and reboot the Pi for changes to take effect
8. Verify that file /boot/cmdline.txt does not contain ‘console=serial0’ string

[rzbrk]

From George's mail (2021-08-19):

Some remarks regarding the serial login shell:

• You can check whether or not the serial login shell or the serial port hardware are activated or not by using (as root):

raspi-config nonint get_serial raspi-config nonint get_serial_hw

A value of 0 means the corresponding setting is activated.

• You can have the serial login shell disabled but the serial port hardware enabled by using (as root):

raspi-config nonint do_serial 2

If this works as intended then:

raspi-config nonint get_serial # should return 1, i.e. disabled raspi-config nonint get_serial_hw # should return 0, i.e. enabled

Using a value of 0 for do_serial enables both, while a value of 1 disables both.

I have already had a discussion about this with Domenico and I checked if anything obvious might be affected in Astro Pi functionality. I believe you can proceed with the setting without any issues. Besides, it is easy to set and reverse the setting using raspi-config.

[rzbrk]

The Raspberry Pi has multiple serial ports. On my test system (Raspberry Pi 3 running Astro Pi IR OS with disabled Bluetooth) with connected Calliope Mini on USB the serial ports are:

root@astropiir:~# ls -al /dev/ttyS* /dev/ttyA* /dev/serial?
lrwxrwxrwx 1 root root          7 Feb 14  2019 /dev/serial0 -> ttyAMA0
lrwxrwxrwx 1 root root          5 Feb 14  2019 /dev/serial1 -> ttyS0
crw-rw---- 1 root dialout 166,  0 Aug 22 12:14 /dev/ttyACM0
crw--w---- 1 root tty     204, 64 Feb 24 09:29 /dev/ttyAMA0
crw-rw---- 1 root dialout   4, 64 Feb 14  2019 /dev/ttyS0

• /dev/serial? are only symbolic links.
• /dev/ttyAMA0 is the standard serial port (PL011-UART) which is accessible via the GPIO header:
• /dev/ttyS0 is usually only accessible on the Raspberry Pi Compute Modules
• /dev/ttyACM* (or /dev/ttyUSB*) are serial ports which are generated when a USB-Serial transceiver is attached to the Astro Pi like the FTDI, CH340 or PL2303 chips. The Calliope Mini will always create a /dev/ttyACM*.

From what I understand, the raspi-config commands given by George affect /dev/serial0, the primary serial port of the Astro Pi system. They will not affect the serial port the Calliope Mini is attached to.

My tests show, that the CalliopEO.py scripts successfully operates regardless if the Linux console is configured on any of the serial ports /dev/serial?.

[rzbrk]

I tried to "hack" into the Astro Pi via a serial adapter attached to USB - unsuccessfully. I used a PL2303 based USB-Serial adapter that will be listed as /dev/ttyUSB0 in Linux.

What I did:

1. Attached the PL2303 USB-serial adapter to a USB port of Astro Pi
2. in /boot/cmdline.txt I set console=/dev/ttyUSB0,115200
3. Connected another Linux machine on the "far end" of the PL2303 USB-serial adapter
4. Rebooted the Astro Pi with connected USB-serial adapter

I got no output from the boot process, no Linux console over the serial port and was not able to login.

I verified the serial connection using screen /dev/ttyUSB0 115200 on the Astro Pi and a serial terminal program on the other end of the USB-serial adapter and could establish a connection. Hence, the serial connection works.

I assume, it is not possible to activate Linux console on a serial adapter connected via USB like tested above. Google returned other necessary configuration, e.g.: https://www.tal.org/tutorials/raspberry-pi-zero-usb-serial-console

[rzbrk]

As a result, I would remove the serial port checks/settings from our setup.sh completely. Preventing someone to gain console access over a serial port should be solely handled by the OS.

[rzbrk]

Can be closed if #97 is merged.