user-doc: update write-protect ranges and size

user-doc/user-doc.tex

@@ -126,10 +126,26 @@ After the configuration options have been set up, rebuild the u-boot binary agai
 
 \subsection{Linux kernel}
 
-{\tt CONFIG\_KEXEC}
+Make sure that the following options are enabled:
+
+\begin{itemize}[noitemsep]
+\item {\tt CONFIG\_BLK\_DEV\_INITRD}
+\item {\tt CONFIG\_RD\_GZIP}
+\item {\tt CONFIG\_RD\_BZIP2}
+\item {\tt CONFIG\_RD\_LZMA}
+\item {\tt CONFIG\_RD\_XZ}
+\item {\tt CONFIG\_RD\_LZO}
+\item {\tt CONFIG\_RD\_LZ4}
+\item {\tt CONFIG\_KEXEC}
+\end{itemize}
+
+As the ROTS image will be read-only once it has been flashed to the SPI NOR flash, it is encouraged to build a minimal kernel images to reduce the amount of possible bugs and vulnerabilities.
+More specifically, it is recommended to build a kernel without any support for networking, graphics and audio.
 
 \subsection{initramfs}
 
+For the initramfs, we will need static binaries of \emph{busybox}, \emph{kexec-tools}, \emph{cpio} and \emph{gzip}.
+
 \section{Flashing ROTS}
 
 \subsection{Using an External Programmer}
@@ -211,7 +227,7 @@ flashrom v0.9.4  : bc6cab1 : Oct 30 2014 07:32:01 UTC on Linux 4.9.4-gentoo (x86
 vendor="Macronix" name="MX25L6406E"
 ./flashrom --programmer=buspirate_spi:dev=/dev/buspirate --get-size
 flashrom v0.9.4  : bc6cab1 : Oct 30 2014 07:32:01 UTC on Linux 4.9.4-gentoo (x86_64), built with libpci 3.1.10, GCC 4.8.x-google 20140307 (prerelease), little endian
-8388608
+16777216
 \end{minted}
 
 Further, Google's fork of flashrom allows us to tag regions on the SPI NOR flash chip with a custom name.
@@ -238,28 +254,36 @@ Now that the images have been written to their respective regions, we can look a
 flashrom v0.9.4  : bc6cab1 : Oct 30 2014 07:32:01 UTC on Linux 4.9.4-gentoo (x86_64), built with libpci 3.1.10, GCC 4.8.x-google 20140307 (prerelease), little endian
 Valid write protection ranges:
 start: 0x000000, length: 0x000000
-start: 0x7e0000, length: 0x020000
-start: 0x7c0000, length: 0x040000
-start: 0x7a0000, length: 0x080000
-start: 0x700000, length: 0x100000
-start: 0x600000, length: 0x200000
-start: 0x400000, length: 0x400000
-start: 0x000000, length: 0x800000
-start: 0x000000, length: 0x800000
+start: 0xfc0000, length: 0x040000
+start: 0xf80000, length: 0x080000
+start: 0xf00000, length: 0x100000
+start: 0xe00000, length: 0x200000
+start: 0xc00000, length: 0x400000
+start: 0x800000, length: 0x800000
+start: 0x000000, length: 0x040000
+start: 0x000000, length: 0x080000
+start: 0x000000, length: 0x100000
+start: 0x000000, length: 0x200000
 start: 0x000000, length: 0x400000
-start: 0x000000, length: 0x600000
-start: 0x000000, length: 0x700000
-start: 0x000000, length: 0x780000
-start: 0x000000, length: 0x7c0000
-start: 0x000000, length: 0x7e0000
 start: 0x000000, length: 0x800000
+start: 0x000000, length: 0x1000000
+start: 0xfff000, length: 0x001000
+start: 0xffe000, length: 0x002000
+start: 0xffc000, length: 0x004000
+start: 0xff8000, length: 0x008000
+start: 0xff8000, length: 0x008000
+start: 0x000000, length: 0x001000
+start: 0x000000, length: 0x002000
+start: 0x000000, length: 0x004000
+start: 0x000000, length: 0x008000
+start: 0x000000, length: 0x008000
 \end{minted}
 
 Since we don't want our images to be tampered with, we want to enable write-protection for the full range.
 We can configure the write-protected range as follows:
 
 \begin{minted}[breaklines]{text}
-./flashrom --programmer=buspirate_spi:spispeed=2M,dev=/dev/buspirate --wp-range 0x000000 0x800000
+./flashrom --programmer=buspirate_spi:spispeed=2M,dev=/dev/buspirate --wp-range 0x000000 0x1000000
 \end{minted}
 
 After setting the range, we are still able to modify the contents of the entire SPI NOR flash chip.