If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since september. Please use hippie2000@webnmail.de instead.

0
U

Property:untrustedd (avmcmd)

From BoxMatrix


BoxMatrix >> Shell-Commands >> untrustedd (avmcmd) @ BoxMatrix   -   IRC-Chat   -   Translate: de es fr it nl pl
News Selectors Models Accessories Components Environment Config Commands System Webif Software Develop Lexicon Community Project Gallery

Startup-Scr Hotplug-Scr BusyBox-Cmds Bash-Cmds AVM-Cmds Chipset-Cmds Linux-Cmds Shared-Libs Kernel-Mods Research

Info
  
Name-Collision - multiple objects in this wiki use the name untrustedd!
untrustedd (avmcmd) ASEC database server daemon.
untrustedd (process) ASEC database server daemon.
untrustedd (watchdog) ASEC database server daemon.

AVM-Command

Goto:   Startup  -  Logging  -  Database  -  Messaging  -  Config  -  Source  -  Dependencies   -   Model-Matrix   -   Symbols   -   SMW-Browser

Details

untrustedd is the ASEC database server daemon, running on the untrusted Linux, which typically runs entire FRITZ!OS.
The optional companion is trustedd, which runs on the trusted Linux instance if one exists.

untrustedd is present in every recent firmware and removing or killing it does not affect any functionality of a box (so far).
It uses libasecutils.so, which is only used by its logdumper asec_dump_logs and by its companion daemon trustedd.

untrustedd does not provide any help function or options. It is a daemon which runs in foreground, so it needs to be detached.
It is a notify type supervisor enhanced daemon, so it expects to be started from untrustedd.service (fw 7.19+)
kill or killall terminate untrustedd gracefully, without any watchdog problems. But the proper way ist to use svctl:

root@fritz:/var/mod/root# svctl start untrustedd

[svctl] untrustedd.service, result: success
root@fritz:/var/mod/root# svctl stop untrustedd

[svctl] untrustedd.service, result: success

Startup

untrustedd uses libasecutils.so for most operations, so we have function names:

  • notify_initsystem - sends a startup notification to supervisor using libsvctl.so
  • install_crashhandler - installs a crashhandler using libubacktrace.so
  • watchdog_start - registers a watchdog using libwdt.so
  • create_log_dir - creates the logging dir /tmp/aseclogs
  • untrusted_endpoint - gets the URI ipc:///var/run/untrusted.ipc
  • alloc_handle_list - create the list for requesting clients

Unlike other daemons untrustedd does not create and serve untrusted.ipc permanently but on demand.

untrustedd communicates with trustedd if it is reachable at tcp6://[fd62:c5d3:4303:c662::1]:51000.
Here some related error messages:

$ strings usr/bin/untrustedd | grep -i 'trusted '

Trusted not responding. Probably dead. Panic!
Connecting to trusted failed
Initialization of trusted failed: %s

This is done via the cpunet0 interface so it is retargetable to another CPU. Excerpt from rc.cpunet:

ip address add fd62:c5d3:4303:c662::2/64 dev cpunet0 

Logging

untrustedd writes its logs to /tmp/aseclogs in 32 KB ringbuffers named untrustedd-<pid>.

  • log_line_with_file - log a line to the current ringbuffer, possibly creating it
root@fritz:/var/mod/root# ls -lh /tmp/aseclogs

--w-------    1 root     root       32.0K Jan  1 01:00 untrustedd-277
--w-------    1 root     root       32.0K Jan  3 12:28 untrustedd-2910
--w-------    1 root     root       32.0K Jan  3 12:29 untrustedd-2930
root@fritz:/var/mod/root# uhexdump /tmp/aseclogs/untrustedd-277 | head -n 5

0000  30303030 30303038 2E333733 33313820 30312E30  00000008.373318 01.0
0014  312E3730 2F30303A 30303A30 3820756E 74727573  1.70/00:00:08 untrus
0028  7465645F 6170692E 633A3138 33204461 74616261  ted_api.c:183 Databa
003c  73652069 7320656D 7074792E 0A000000 00000000  se is empty.........
0050  00000000 00000000 00000000 00000000 00000000  ....................

All per <pid> logfiles can be dumped at once using asec_dump_logs.

Database

untrustedd maintains its database in /var/flash/asec which normally is empty.
Here some related error messages:

$ strings /usr/bin/untrustedd | grep -i database

Cannot open database file: %s
Database write failed: %s
Flushing database failed.
Database file %s does not exist
Error reading database: %s
Database is empty.
Database broken -> Use empty database.

untrustedd uses efficient non blocking Read-Copy-Update (RCU) technology to maintain the database cache in realtime,
provided by liburcu.so and liburcu-common.so. Multiple processes, threads or even CPUs can write at once without problems.
The caching also prevents the flash from fast aging, flushing the database and flashing it can be performed independently.

Messaging

data conversion:

  • conv_bytes_to_hex
  • conv_utf8_to_utf16le

group filtering:

  • group_match
  • group_parse_group
  • group_parse_matcher

requester socket:

  • requester_socket_init
  • msg_receive_request
  • msg_receive_request_async
  • msg_send_request_async (???)

reply socket:

  • replier_socket_init
  • msg_encode_reply
  • replier_reply

Config

Daily updated index of Configuration files accessed by this command. Last update: 2023-01-28 06:37 GMT.
A - in the Mod column marks manual research, the Firmware then shows where the item occurs, not the Relation.

Relation Typ Object Mod Firmware Info Origin
Config from tffs asec (tffs) - 7.19 - 7.51 TODO AVM
1 config relation for this command

Source

The names of source files compiled into an executable often help to understand function blocks (and show gaps in the docs).
fw 7.29 source files:

$ strings /usr/bin/untrustedd | grep -e '\.c$' -e '\.cpp$'

/GU/ASEC_cortexa9_build/src/main/untrusted/src/untrustedd.c
/GU/ASEC_cortexa9_build/src/main/untrusted/src/untrusted_api.c
/GU/ASEC_cortexa9_build/src/main/untrusted/src/blob.c

/GU/ASEC_cortexa9_build/src/main/trusted/src/trusted_api.c
/GU/ASEC_cortexa9_build/src/main/trusted/src/database.c
/GU/ASEC_cortexa9_build/src/main/trusted/src/ntlm.c
/GU/ASEC_cortexa9_build/src/main/trusted/src/otp_compat.c

Early untrustedd nearly contained the complete trustedd source (except logserver.c), but this was changed:

fw 7.39 source files:

$ strings /usr/bin/untrustedd | grep -e '\.c$' -e '\.cpp$'

/GU/ASEC_grx5_build/src/main/untrusted/src/untrustedd.c
/GU/ASEC_grx5_build/src/main/untrusted/src/untrusted_api.c
/GU/ASEC_grx5_build/src/main/untrusted/src/blob.c  

Dependencies

Daily updated index of all dependencies of this command. Last update: 2023-01-28 07:15 GMT.
A * in the Mod column marks info from Supportdata-Probes, which will always stay incomplete.

Relation Typ Object Mod Firmware Info Origin
Started by serv untrustedd.service 39 7.19 - 7.51 supervisor service for untrustedd. AVM
Runs as proc untrustedd (process) 26* 7.08 - 7.51 ASEC database server daemon. AVM
Registers wdog untrustedd (watchdog) 25* 7.08 - 7.51 ASEC database server daemon. AVM
Serving sock untrusted.ipc 26* 7.08 - 7.51 TODO AVM
Depends on lib ld.so 29 7.08 - 7.51 Dynamic linker / loader Linux
Depends on lib libasecutils.so 38 7.19 - 7.51 ASEC databasee server API AVM
Depends on lib libatomic.so 41 7.08 - 7.51 GNU atomic library Linux
Depends on lib libavmcsock.so 5 7.08 Networking, I/O and helper functions AVM
Depends on lib libbacktrace.so 38 7.08 - 7.51 Crash handler and logger AVM
Depends on lib libc.so 41 7.08 - 7.51 Standard C library Linux
Depends on lib libcrypto.so 33 7.08 - 7.51 OpenSSL general crypto and X.509 library Linux
Depends on lib libdl.so 5 7.19 - 7.50 Dynamic linking library Linux
Depends on lib libminneapolis.so 38 7.19 - 7.51 Minneapolis datastore encoder / decoder AVM
Depends on lib libpthread.so 19 7.08 - 7.50 POSIX threading library Linux
Depends on lib libsvctl.so 38 7.19 - 7.51 supervisor control library AVM
Depends on lib libubacktrace.so 14 7.08 Standalone library for backtrace Linux
Depends on lib liburcu-common.so 28 7.19 - 7.51 Userspace Read-Copy-Update (RCU). Linux
Depends on lib liburcu.so 28 7.19 - 7.51 Userspace Read-Copy-Update (RCU). Linux
Depends on lib libwdt.so 41 7.08 - 7.51 AVM-Watchdogs management API AVM
Depends on lib libz.so 32 7.08 - 7.51 Zlib compressor / decompressor Linux
20 dependencies for this command

Model-Matrix

Daily updated index of the presence, path and size of this command for each model. Last update: 2023-01-28 05:56 GMT.
Showing all models using this command. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom) label in the Model column shows which CPU is meant for models with multiple Linux instances.
Note that this list is merged from Firmware-Probes of all known AVM firmware for a model, including Recovery.exe and Labor-Files.

Model Firmware Path Size
FRITZ!Box 3490 (main) 7.27 - 7.30 /usr/bin 54.3k
FRITZ!Box 4040 7.08 - 7.39 /usr/bin 57.5k - 765k
FRITZ!Box 4060 7.26 - 7.39 /usr/bin 57.5k - 61.6k
FRITZ!Box 5490 (main) 7.27 - 7.29 /usr/bin 54.3k
FRITZ!Box 5491 (main) 7.27 - 7.29 /usr/bin 54.3k
FRITZ!Box 5530 Fiber (main) 7.21 - 7.30 /usr/bin 9.6k
FRITZ!Box 5590 Fiber (arm) 7.27 - 7.39 /usr/bin 57.4k - 61.6k
FRITZ!Box 6430 Cable (arm) 7.29 /usr/bin 65.3k
FRITZ!Box 6430 Cable (atom) 7.29 /usr/bin 65.3k
FRITZ!Box 6490 Cable (arm) 7.19 - 7.39 /usr/bin 65.3k - 73.8k
FRITZ!Box 6490 Cable (atom) 7.19 - 7.39 /usr/bin 65.3k - 73.8k
FRITZ!Box 6590 Cable (arm) 7.19 - 7.39 /usr/bin 65.3k - 73.8k
FRITZ!Box 6590 Cable (atom) 7.19 - 7.39 /usr/bin 65.3k - 73.8k
FRITZ!Box 6591 Cable (arm) 7.19 - 7.39 /usr/bin 61.3k - 73.5k
FRITZ!Box 6591 Cable (atom) 7.19 - 7.39 /usr/bin 61.3k - 73.5k
FRITZ!Box 6690 Cable (arm) 7.28 - 7.50 /usr/bin 61.3k - 73.5k
FRITZ!Box 6690 Cable (atom) 7.28 - 7.50 /usr/bin 61.3k - 73.5k
FRITZ!Box 6820 LTE v1 7.08 - 7.29 /usr/bin 54.3k - 211k
FRITZ!Box 6820 LTE v2 7.08 - 7.29 /usr/bin 54.3k - 211k
FRITZ!Box 6820 LTE v3 7.19 - 7.29 /usr/bin 54.3k
FRITZ!Box 6850 LTE 7.21 - 7.39 /usr/bin 9.6k - 61.6k
FRITZ!Box 6850 5G 7.24 - 7.39 /usr/bin 57.5k - 61.6k
FRITZ!Box 6890 LTE 7.08 - 7.39 /usr/bin 9.6k - 978k
FRITZ!Box 6890 LTE v1 7.08 - 7.39 /usr/bin 9.6k - 978k
FRITZ!Box 6890 LTE v2 7.08 - 7.39 /usr/bin 9.6k - 978k
FRITZ!Box 7430 7.21 - 7.29 /usr/bin 54.3k
FRITZ!Box 7490 (main) 7.08 - 7.51 /usr/bin 54.3k - 790k
FRITZ!Box 7510 7.30 - 7.39 /usr/bin 57.5k - 61.6k
FRITZ!Box 7520 7.08 - 7.50 /usr/bin 57.5k - 175k
FRITZ!Box 7520 v2 (arm) 7.30 - 7.50 /usr/bin 57.5k - 61.6k
FRITZ!Box 7530 7.08 - 7.51 /usr/bin 57.5k - 765k
FRITZ!Box 7530 AX 7.20 - 7.39 /usr/bin 57.5k - 57.6k
FRITZ!Box 7560 7.24 - 7.29 /usr/bin 9.6k
FRITZ!Box 7580 7.08 - 7.29 /usr/bin 9.6k - 270k
FRITZ!Box 7583 7.21 - 7.31 /usr/bin 9.6k
FRITZ!Box 7583 VDSL 7.19 - 7.31 /usr/bin 9.6k
FRITZ!Box 7590 7.08 - 7.51 /usr/bin 9.5k - 978k
FRITZ!Box 7590 AX 7.19 - 7.39 /usr/bin 9.6k - 9.7k
FRITZ!WLAN Repeater 1750E /usr/bin 790k
FRITZ!Repeater 3000 7.08 /usr/bin 765k
FRITZ!Powerline 1260E 7.08 /usr/bin 765k
41 models use this command

Symbols

Daily updated index of all symbols of this command. Last update: 2023-01-28 07:15 GMT.

Firmware Symbol
7.08 - 7.51 main
1 symbol for this command

SMW-Browser

Information is currently being retrieved from the backend.