Arch Linux Image for VisionFive 2 cwt21.2 Release

This release introduces the cwt21.2 image, which includes significant updates and components to enhance functionality and compatibility. The major changes are as follows:

Major Components:

The cwt21.2 image includes the following major components:

• Arch RISC-V rootfs-2024-03-30 from https://riscv.mirror.pkgbuild.com/
• Kernel based on StarFive’s JH7110_VF2_515_v5.11.3 with patches and configuration from GitHub - cwt-vf2/linux-cwt-starfive-vf2: PKGBUILD for Linux kernel (-cwt) Image on StarFive VisionFive 2
• GPU driver from GitHub - cwt-vf2/img-gpu-vf2: IMG_GPU driver for VisionFive2
• Mesa for PowerVR GPU from GitHub - cwt-vf2/mesa-pvr-vf2: Used to be a clone of https://aur.archlinux.org/mesa-pvr-vf2.git to host the binary package
• Inclusion of all WiFi and Bluetooth firmwares from StarFive

Major changes:

• The linux-firmware package is installed.
• A missing Wave5 firmware has been added.
• The AppArmor service is installed and enabled.
• The image compression has been changed from xz to zstd.

Here the links to download:

• GitHub Release: Releases · cwt-vf2/archlinux-image-vf2 · GitHub
• The previous images are kept in my Google Drive and Naver MyBox for now.
  • Google Drive: VisionFive2 - Google 云端硬盘
  • Naver MyBox: 네이버 MYBOX

Login and password:

root password is archriscv
user password is user
user is sudoer, and it can run sudo without password.

Maximize the partition:

After flashing the image to an SD card of at least 4 GB, please edit partition 4 and expand it to the rest of the available space. Then use the following command to maximize the partition.

btrfs filesystem resize max /

Packages and sources:

• The kernel and GPU driver packages are included in the /root/pkgs/ directory.
• Sources are on GitHub:
  • Build script: GitHub - cwt-vf2/archlinux-image-vf2: Build script to create Arch Linux image for VisionFive 2
  • Kernel, headers, and StarFive’s soft_3rdpart: GitHub - cwt-vf2/linux-cwt-starfive-vf2: PKGBUILD for Linux kernel (-cwt) Image on StarFive VisionFive 2
  • GPU driver: GitHub - cwt-vf2/img-gpu-vf2: IMG_GPU driver for VisionFive2
  • Mesa for PowerVR GPU: GitHub - cwt-vf2/mesa-pvr-vf2: Used to be a clone of https://aur.archlinux.org/mesa-pvr-vf2.git to host the binary package

How to boot directly from NVMe SSD:

Warning: Following these steps will destroy any data on your NVMe SSD.

In theory, you could just dd your micro SD to the NVMe SSD, but I would not recommend doing so while the mounted storage is in use.

1. Ensure that SPL and U-Boot on your board are up to date.
2. Copy or download the cwt21.2 image to /tmp or any directory of your choice.
3. Discard all data on your NVMe SSD (whole disk trimming):
   blkdiscard /dev/nvme0n1
4. Use dd to copy the image to the NVMe SSD:
   zstd -c -T0 -d ArchLinux-VF2_5.15.2_v5.11.3-cwt21.2.img.zst | dd of=/dev/nvme0n1 bs=32M status=progress
5. Shutdown your device, set the DIP switch to flash mode (0-0), remove the SD card, and then power it on.
6. Maximize the partition.

How to update the previous image without rewrite the SD card:

You should upgrade the onboard firmware (SPL and U-boot) to the latest version first.
Make sure you are going to write the firmware to the right MTD partition.

dev:    size   erasesize  name
mtd0: 00040000 00001000 "spl"
mtd1: 00010000 00001000 "uboot-env"
mtd2: 00300000 00001000 "uboot"
mtd3: 00100000 00001000 "data"

In this case, spl is mtd0, and uboot is mtd2.

Please note that in the latest StarFive kernel, the MTD partitions have been rearranged, and now uboot is located on mtd2. Therefore, it is important to always check with cat /proc/mtd before performing the firmware upgrade.

$ mkdir fw && cd fw
$ wget https://github.com/starfive-tech/VisionFive2/releases/download/JH7110_VF2_515_v5.11.3/u-boot-spl.bin.normal.out
$ wget https://github.com/starfive-tech/VisionFive2/releases/download/JH7110_VF2_515_v5.11.3/visionfive2_fw_payload.img
$ sudo flashcp -v u-boot-spl.bin.normal.out /dev/mtd0
$ sudo flashcp -v visionfive2_fw_payload.img /dev/mtd2

You can download the Kernel and GPU packages and then update the previous cwt image efortlessly.

$ wget https://raw.githubusercontent.com/cwt-vf2/linux-cwt-starfive-vf2/5.15/kernel-update.sh
$ chmod 755 kernel-update.sh
$ ./kernel-update.sh

The img-gpu binary hasn’t changed since the last build, so just use the old one. If you are running on an image older than cwt19, please execute the following commands.

$ wget https://github.com/cwt-vf2/img-gpu-vf2/releases/download/cwt19-1.19.6345021-6/img-gpu-vf2-1.19.6345021-6-riscv64.pkg.tar.zst
$ sudo pacman -U *.tar.zst
$ sudo reboot

You’re a ROCK STAR!!!

That’s what I was waiting for ! Thanks. I will test it soon !

One comment:

It’s the sum for ArchLinux-VF2_515_v2.6.0-cwt4.img.bz2 and not for ArchLinux-VF2_515_v2.6.0-cwt4.img !

I was able to boot on it and log in via SSH but the output is blank (maybe because my device is a 2K one).
I ran some bench with crypsetup and openssl (thanks for 3.0.7 version) and I can say that it’s roughly half the figures I can find on my rpi4:

• openssl

# openssl speed --multi $(nproc) rsa4096 2>&1 | tail -n 2 |  awk 'BEGIN {"openssl version"|  getline opensslversion; close("openssl version"); print opensslversion} { printf ("%s\t%s\n",$(NF-1),$NF) }'
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
sign/s  verify/s
40.6    3004.4

• cryptsetup

# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       133068 iterations per second for 256-bit key
PBKDF2-sha256     172010 iterations per second for 256-bit key
PBKDF2-sha512     146449 iterations per second for 256-bit key
PBKDF2-ripemd160  114774 iterations per second for 256-bit key
PBKDF2-whirlpool   44582 iterations per second for 256-bit key
argon2i       4 iterations, 235741 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id      4 iterations, 237449 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b        32.2 MiB/s        32.1 MiB/s
    serpent-cbc        128b        18.9 MiB/s        20.1 MiB/s
    twofish-cbc        128b        30.1 MiB/s        32.1 MiB/s
        aes-cbc        256b        32.1 MiB/s        32.1 MiB/s
    serpent-cbc        256b        19.7 MiB/s        20.1 MiB/s
    twofish-cbc        256b        30.4 MiB/s        32.1 MiB/s
        aes-xts        256b        28.2 MiB/s        29.0 MiB/s
    serpent-xts        256b        19.5 MiB/s        20.1 MiB/s
    twofish-xts        256b        31.0 MiB/s        32.0 MiB/s
        aes-xts        512b        29.0 MiB/s        29.0 MiB/s
    serpent-xts        512b        20.1 MiB/s        20.1 MiB/s
    twofish-xts        512b        31.9 MiB/s        32.1 MiB/s

• And finally, the entropy is quite good:

#  cat /proc/sys/kernel/random/entropy_avail
3781

One error:

# sudo pacman -Syyu
:: Synchronizing package databases...
 core.db failed to download
error: failed retrieving file 'core.db' from riscv.mirror.pkgbuild.com : SSL certificate problem: certificate is not yet valid
error: failed to synchronize all databases (download library error)

SSL certificate problem: certificate is not yet valid

The mirrorlist file was unchanged:

# grep -B 1 ^Server /etc/pacman.d/mirrorlist | head -n 2
## Worldwide
Server = https://riscv.mirror.pkgbuild.com/repo/$repo

Edit: solved by setting time

Its because time is not in sync. You need to set the right system time.

Yes, thanks !

Cool! Could you share your kernel config ?

To be fair none of those tests are using hardware acceleration from the Encrypt Engines, because openssl does not (yet).
And even once support is added, and patches pushed up stream, the Encrypt Engines will probably not help at all with ripemd160, whirlpool, serpent, twofish.

The kernel config is already in /boot/boot

Yes probably but I have a CPU comparaison now and I think that starfive RISC-V can really improve.

And also, I have an OS where I can install almost everything that I want and which is almost up-to-date (besides the kernel for now).

Are not the ones, that I need/wanted. I would be more focused on AES,chacha and blake2.
I know that when NEON instructions were included in the kernel crypto layer, we saw improvements on ARMv8. I hope it will be the same for RISC-V with hardware acceleration integration.

Ah… the output is blank because I didn’t start the X or any DM. I didn’t do anything about it, from what I see on Debian image 69, they patched and build a lot of things in /usr/local my image is roughly an Arch origin.

I don’t even see any console/login prompt.

Because the GPU driver doesn’t support framebuffer yet.

yet

2 changed files with 9 additions and 0 deletions .

small changes to see “things”…

I’m sure that there was lots of time spent gaining all the knowledge to know exactly what needed to be added and where. And head scratching and going “Why is this not working, this should be working”.

May be I will try patching the kernel and rebuild it once I get back to office after my long weekend.

Indeed !
Sometimes, small changes make some great things: HUGE Improvements made to Linux Kernel Functions!! 8450% Increase - Open Source is Great. - YouTube

It would be great ! But don’t worry we all can wait after your long week-end I think.
Do you plan to cross-compiling it ? (I think that manjaro-arm guys use cross compilation to save time)
If not it should take a looooooooooot of time, shouldn’t it ?