Host Tools
This page discusses the tools/ directory containing miscellaneous scripts
and host C programs that are important parts of the NuttX build system:
Tool documentation pages
abi_check.pybdf-convert.ccheckkconfig.pycheckpatch.shcmpconfig.cconfigure.sh,configure.bat,configure.c,cfgparser.c,cfgparser.hconvert-comments.cdefine.sh,define.batdetab.cdiscover.pyflash_writer.pygencromfs.cide_exporter.pyincdir.sh,incdir.bat,incdir.cindent.shinitialconfig.ckconfig.batkconfig2html.cLibraries.mk,FlatLibs.mk,ProtectedLibs.mk,KernelLib.mklink.[sh|bat],copydir.[sh|bat],unlink.[sh|bat]lowhex.cMakefile.hostMakefile.[unix|win]mkconfig.c,cfgdefine.c,cfgdefine.hmkconfigvars.shmkctags.shmkdeps.c,cnvwindeps.c,mkwindeps.sh,mknulldeps.shmkexport.sh,Export.mkmkfsdata.plmkromfsimg.shmksymtab.c,cvsparser.c,cvsparser.hmksyscall.c,cvsparser.c,cvsparser.hmkversion.c,cfgdefine.c,cfgdefine.hnetusb.shnxstyle.cnxtagspkgsfetch.shparsetrace.py- pic32mx
refresh.shrmcr.csethost.shshowsize.shsimbridge.shsimhostroute.shtestbuild.shuncrustify.cfg- zds
zipme.sh
mkpasswd — Build-time /etc/passwd Generation
tools/mkpasswd is a host tool (tools/mkpasswd.c) that generates a
single /etc/passwd entry at build time. It runs automatically when
CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE=y.
The plaintext password is hashed with TEA and is not stored in the firmware. The build fails if the password is empty or uses known insecure defaults.
Setup
Run
make menuconfigand configure:Board Selection → Auto-generate /etc/passwd at build time * Set the admin password (required, minimum 8 characters) * Enable random TEA key generation, or set keys manually (see below)
Application Configuration → NSH Library → Console Login * Set verification method to Encrypted password file
Application Configuration → File System Utilities → Password file support * Enable password file support
Run
make.
TEA encryption keys
Keys must match between the build (mkpasswd) and the firmware
(CONFIG_FSUTILS_PASSWD_KEY1..4). Choose one option:
Random generation (
CONFIG_BOARD_ETC_ROMFS_PASSWD_RANDOMIZE_KEYS=y): On the first build, four keys are generated from/dev/urandomand written to.config. Key values are not printed in the build log. Search.configforCONFIG_FSUTILS_PASSWD_KEYto view them.Manual: Set
CONFIG_FSUTILS_PASSWD_KEY1..4under Password file support to unique non-zero values.
Kconfig options
CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE=y
CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD="<secret>"
CONFIG_BOARD_ETC_ROMFS_PASSWD_RANDOMIZE_KEYS=y
CONFIG_NSH_CONSOLE_LOGIN=y
CONFIG_NSH_LOGIN_PASSWD=y
CONFIG_FSUTILS_PASSWD=y
How it works
tools/passwd_keys.mkchecks the password and TEA keys beforeconfig.his generated.If random generation is enabled and keys are not set,
gen_passwd_keys.shwrites new keys to.config.mkpasswdhashes the password with the configured TEA keys.The entry is embedded in the ROMFS image as
/etc/passwd.
/etc/passwd file format
user:encrypted_hash:uid:gid:home
Notes on savedefconfig
make savedefconfig does not save these options:
CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORDCONFIG_FSUTILS_PASSWD_KEY1throughCONFIG_FSUTILS_PASSWD_KEY4
Do not copy them into a defconfig or commit them to version control.