VisionFive 2 Debian Image Released

Thanks all, my board arrived today and I was able to piece together the steps to get it going. I found the description a bit too terse, so here’s my longer version … argh, can’t post that because it references the same link that Michael Zhu used.

For the next release, please add IPv6 to the kernel. It is needed.

BTW, I’m trying to rebuild my kernel with IPv6.

Hello @dtometzki . May I ask how to do this?

Hello everyone,

I already saw solutions to upgrade firmware by using buildroot sdcardimage, but I did not noticed that so I will provide how I have solved this problem. It still may be usefull for others even it is quite builky I would say (but does not require to reflash SD card atleast :D)

Note: I have done everything mentione bellow by accesing u-boot from serial console , as well as using Linux machine, not Windows.

First stage (temporary boot debian 69 with old firmware):

1. Mount sd card boot partition (partition 2) to your PC:
   sdc 8:32 1 29,8G 0 disk
   ├─sdc1 8:33 1 16M 0 part
   ├─sdc2 8:34 1 100M 0 part
   └─sdc3 8:35 1 29,6G 0 part

2. Copy device tree for correct naming:
   cp {mount_point}/boot/dtbs/starfive/jh7110-visionfive-v2.dtb {mount_point}/boot/dtbs/starfive/starfive_visionfive2.dtb
   This should help with Failed to load /boot/dtbs/starfive/starfive_visionfive2.dtb error

3. put SD to device and boot, wait till it fails to boot, because of: kernel_comp_addr_r or kernel_comp_size is not provided! (or stop boot manually)

4. Now set kernel address and size:
   setenv kernel_comp_addr_r 0x50000000
setenv kernel_comp_size 0x1000000

5. Boot again (now it should boot to login prompt):
   run bootcmd

Second stage (firmware updating):
It is same as described in: Updating SPL and U-Boot, but instead of compiling binaries, you can download u-boot-spl.bin.normal.out and visionfive2_fw_payload.img from Releases · starfive-tech/VisionFive2 · GitHub

1. Install mtd-utils
   apt install mtd-utils

2. download u-boot-spl.bin.normal.out and visionfive2_fw_payload.img

3. flash firmware to corresponding locations:
   flashcp -v u-boot-spl.bin.normal.out /dev/mtd0
flashcp -v visionfive2_fw_payload.img /dev/mtd1

Hope it helps! Have a nice day!

This looks super promising, thank you for sharing! At step 3 currently. Not sure whether or not the green activity LED should be blinking, as I’m still not seeing anything but the red. Been waiting for about 5 minutes now- is the “wait til it fails to boot” supposed to take this long? Should there still be no HDMI output? Thank you again!!

edit: Never saw anything, so went to try this on img-55 for the hell of it but dev/mtd0 and dev/mtd1 don’t exist on there. Ah well, worth a shot!

@Maztitos, I am not sure about HDMI, I have used serial console only.
And in this step it will not boot, because you still need to set kernel_comp_addr_r and kernel_comp_size, this is why only RED light is present.
If you are not able to use serial console probably it is not possible to enter u-boot commands.

Anyway, I have tried to flash old firmware to reproduce issue and try to fix with buildroot image.
There is advantage that you do not need to use serial console but instead ssh to client instead so maybe it is easier!

So the steps are:

1. Go to VisionFive2 SDK releases:
   Releases · starfive-tech/VisionFive2 · GitHub
2. From newest SDK (atm 2.6.0) assets download:
   sdcard.img
u-boot-spl.bin.normal.out
visionfive2_fw_payload.img
3. Flash sdcard.img to your SD CARD with balena etcher or so
4. copy u-boot-spl.bin.normal.out and visionfive2_fw_payload.img. (wget in buildroot is built without TLS support, so you can not download files directly):

OPTION 1: Mount this SD CARD to your computer and copy to root homepath location
sudo cp u-boot-spl.bin.normal.out visionfive2_fw_payload.img /media/{user}/rootfs/root/
OPTION 2: use SCP to copy files after device boots and connects to network

5. Now Board should boot successfully (and green light should blink as well)
6. ssh to board after some time:
   ssh root@{boad_local_ip_address}
   Password: starfive
7. now you can flash new firmware from this build:
   flashcp -v u-boot-spl.bin.normal.out /dev/mtd0
flashcp -v visionfive2_fw_payload.img /dev/mtd1
8. Flash Debian image to your SD card again and it will boot successfully this time.
9. Do not forget ro resize FS: Extend Partition

My apologies if first explanaition is not clear enough. Probably buildroot image is the best option.

Hello together,

i tested the image with the newest u-boot release VF2_v2.8.0 and Linux kernel release VF2_v2.8.0

Boot was successfully and other test in progress.

Best regards
Damian

Thanks Damian. Did you use the steps from GitHub - starfive-tech/linux to update the kernel or some other way?

Hello @tommythorn,

for the u-boot and opensbi update the following guide:

for the kernel upgrade:
I use a separate debian maschine to CROSS build the custom linux-*.deb packages.
You can use the prepare steps from this guide and for the build is the following command:

make ARCH=riscv CROSS_COMPILE=riscv64-linux- -j4 bindeb-pkg

My output for the kernel is:

grafik926×88 4.84 KB

Best regards
Damian

I just got my board and decided to create a build environment in docker to build for this. The main advantage is the possibility to select base os for the cross compiler without dedicating a computer or vm for it.
Here’s the repo: GitHub - kng/visionfive2-docker: Docker build environment for VisionFive 2 SBC

Knegge is a rockstar!!!

Using his docker shell and build scripts:

In less than 10 minutes, you’ll have built everything you need:
building u-boot: 1min
building opensbi: 10s
building spl: 1s
kernel: 7.5 minutes !!! I’m not used to short kernel builds so this was a pleasant surprise.

Enormous time savings if you use this.

I’ts pretty straight forward, clone the repo, build the image, run the scripts one by one. I’ve updated the readme to include the clone/build.
Have a look inside the script to see what they’re doing, basically slightly modified commands from the technical reference manual.
The order is the same as in the readme, and the manual.

Regarding docker installation I’m afraid I have to point you to your distro’s instructions or official install guide. I have a short description in another project but ymmv.

The actual image that the dockerfile pulls in is ubuntu:bionic, the same as in the manual. This is completely separate from the host OS. It should also allow for other arches as well, not only x86.

If you just run the shell you can play around in the container:

$ ./shell.sh
root@0e896ca78870:/mnt# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

Hello,

I have updated de firmware and the 69-image boots fine.

When I run update && upgrade I get an error:

ubuntu@rvsvrwsv02:~$ sudo apt update
Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
ubuntu@rvsvrwsv02:~$

is there a possibility to fix this?

Help appreciated!

You can solve this once and for all. Import the missing(invalid) public key into your public key ring, then update/upgrade again.

sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
###or gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
sudo apt-get update
sudo apt-get upgrade

Or you can temporarily circumvent all package gpg checking while doing the update/upgrade

sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

I prefer the first approach, but sometimes if you feel overwhelmed with all these missing keys, the second approach is definitely more convenient at the risk of introducing malware, but if your repo is simply debian I would place a high-level of confidence there is no malware. The other convenience is that iirc there would be an updated developer keys package that updates the public keyring with the newer developer public keys on your behalf. Similar stuff like this occurs on Fedora as well.

Thanks but curiously it doesn’t work for me:

$ sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.g6Ywj5Fxke/gpg.1.sh --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

hm, for me neither. GPG says:

gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Or install the package debian-ports-archive-keyring

Nice, that --allow-unauthenticated is a good way to temporary allow this if your system (or container) doesn’t have a recent package list.

Unfortunately, this does not work for me.

user@vfive2-8:~$ sudo apt-key list | grep -A 1 expired
[sudo] password for user: 
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
pub   rsa4096 2021-01-10 [SC] [expired: 2023-01-31]
      CBC7 0A60 B9ED 6F23 7A5F  5B0B E852 514F 5DF3 12F6
uid           [ expired] Debian Ports Archive Automatic Signing Key (2022) <ftpmaster@ports-master.debian.org>

--
pub   rsa4096 2021-12-30 [SC] [expired: 2023-01-31]
      D0C9 87D7 BEC3 EDDF 8948  6CC2 B523 E5F3 FC4E 5F2C
uid           [ expired] Debian Ports Archive Automatic Signing Key (2023) <ftpmaster@ports-master.debian.org>

user@vfive2-8:~$ sudo apt install debian-ports-archive-keyring
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
debian-ports-archive-keyring is already the newest version (2022.02.15).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

The exact same behavior here.

also:
sudo apt-get --allow-unauthenticated update
ends in :>

Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.

In your /etc/apt/sources.list try temporarily adding [allow-insecure=yes]

deb [allow-insecure=yes] http...

or [trusted=yes]

deb [trusted=yes] http...

sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

Please remember to take that stuff out once it’s all settled. BIG SECURITY HOLE.
The package signature expired end of January. If you contact the package maintainer ftpmaster@ports-master.debian.org for the entire snapshot repo in question perhaps they could renew their key and re-submit the packages with the newer key and provide you with that new key to import.