News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Article: Building a secure kiosk with Embedded Linux

Apr 25, 2002 — by LinuxDevices Staff — from the LinuxDevices Archive — 2 views

In this informative and entertaining technical article, embedded developer Patrick Glennon relates his experiences in creating a small Linux-based system for a client that required robust, easy-to-use, low-cost kiosks for conducting surveys at hotels. Glennon makes use of Intrinsyc's CerfPod as the kiosk's base platform, and equips it with open source software such as the Familiar project's Linux… distribution for the iPAQ and the Dillo browser.



Building a secure kiosk with Embedded Linux

by Patrick Glennon

A client of mine, Unifocus, provides software and services to the hotel and medical industries. In the course of some other work there, we got into a discussion on embedded systems. Unifocus, as one of it's offerings, provides survey data gathering and statistical analysis, and was interested in creating a kiosk platform for hotel surveys with a very small footprint for countertops. It would need to be very user friendly, virtually tamper proof, and require no local support whatsoever — not to mention low cost and easy to deploy.

They had researched several Windows CE based devices, but had not found anything that came close to meeting all their requirements. Some of the Handheld PC products that had a large enough screen were not even supported any more. I suggested a couple of possibilities off the top of my head, and was surprised on my next visit to find a shiny Intrinsyc CerfPod sitting in my client's office!

The next few discussions were along the CE vs. Linux line of thought, since Intrinsyc offers OS images for both for their CerfPod. So, we sat down and hammered out the following list of requirements:

  • The platform needs to be browser-based and Internet-connected. This allows for the maximum control of the survey mechanism without touching the devices themselves once they are deployed.
  • The platform needs to be tamper-proof and distraction-free. We don't want adventurous (or bored) hotel guests trying to change the wallpaper or activate X-rated screensavers.
  • To minimize costs, we would like to do as little coding as possible to achieve our goals.
  • For deployment ease, we would prefer to create images containing all of the target system software that make it easy to flash and send out.
These set of requirements weighted things heavily in favor of Linux. An additional “nail in the CE coffin” was that PocketPC is not available to lower volume players, so we were stuck with the far-from-pleasant standard CE browser and fonts, or would have to license another browser at an increase in per-unit cost, or would have to do a lot of coding and testing ourselves which would also increase costs.

Embedding Linux on the CerfPod

In looking at Linux for the CerfPod, the first thing we discovered was that Intrinsyc's Linux implementation is far from adequate for our needs. In addition to the glaring lack of a web browser, not many libraries were included. This would mean a fair amount of cross-compiling, testing, etc.

I was already somewhat familiar with the Familiar project, which supports the StrongARM processor used on the CerfPod's internal CerfBoard SBC, so I decided to see if it could be made to work on the CerfPod. Obviously, Familiar is primarily geared towards the the hardware architecture of the iPAQ (especially in areas like ioctl, X server, touch screen, etc.). Luckily, the folks at Intrinsyc were also fans of Familiar, and provided me with an “unsupported” kernel + jffs2 image of Familiar v.5 — and despite the fact that it was “unsupported”, we received phenomenal support from Intrinsyc when we had questions or problems with it (thanks, Chester!).

This proved to be a much better starting point than their standard CerfPod Linux support, especially in terms of the library support already included. Familiar introduced me to the wonderful and burgeoning “Dillo” browser, which, while still in it's infancy, provided an excellent and very lightweight answer to our problem.

Getting familiar with Dillo

The version of Dillo currently going out with Familiar is v.0.6.1, which, while it was nice to not have to compile, did not yet support some of the features I like about Dillo for this project. Upon compiling v.0.6.4 on the Skifflusters at handhelds.org (thanks, guys — cross-compiling is bad for my social life!), we were able to use the configuration file of Dillo (dillorc) to shut off the title bar, the url window, progress box, and many other “distractions”.

To further reduce distraction, we decided to not use a window manager! That's right: X loads up, launches Dillo directly, and removes any opportunity to close out of the window or launch another URL. There, in an incredibly short time, was a basic kiosk platform. Not too shabby!

Since Dillo is themeable via gtk, we were able to make very simple theme elements to support the small screen size and font scaling. This allowed us to get a reasonable amount of information into the package, while keeping the look and feel clean for the hotel guests. This was a simple matter of pulling together various theme elements from thinice, thingreeber, and some other gtk themes.

Wrestling with the X cursor

Only a few more problems left to tackle!

One of the things that remains in most handheld distributions that is not altogether useful (actually, completely useless and distracting in our case) is the X cursor. In most normal X Windows situations, it is simply a matter of creating a new cursor font file and pointing X at this instead. Presto! New cursors, or no cursors, as your preference dictates. But for some reason, Familiar did not appear to have a cursor file and steadfastly refused to honor the one I installed. After banging my head into the same bloody spot on the wall for awhile, I took a new tack. As Dillo is an open source project, and one that relies on gtk, we solved the magic cursor problem by wandering through the Dillo code, identifying where the gdk cursor call was, and replacing it with an inline blank cursor and mask (see listing).

Voila — no more cursor! Happy client, happy consultant. This is a neat trick for kiosks, and for handheld apps in general, where cursors are rarely very useful. Straight out of the gtk/gdk docs.

The “Welcome” and “Tour” screens

The “Survey” screen

Final touches

At this point, we had 99% of what we wanted with only a few days worth of work. We had an Intrinsyc CerfPod that booted Familiar, grabbed an ip address, booted X, launched Dillo, and connected to our webserver / hotel survey demo. The lack of a window manager and browser controls meant that the consumer can only view the web page content, and navigation is restricted to that allowed within the web page itself. No distractions, and no way to close the browser or access the operating system. The only undesirable thing the user can do with the CerfPod is reboot it, whereupon it quickly returns to its intended function. Complete control over the user experience is managed at the server level, and there is nothing for the users to break, or for the hotel staff to fix! Hardware issues are resolved with the ease of replacing a pod. Plug it in; turn it on.

We did end up applying another patch to Dillo, as Dillo was caching form posts in a bad way, and not necessarily limiting the size of that cache. On the Dillo developers list, however, we located a patch that enabled limiting the cache size or, better yet, turning it off altogether. We hope this patch, as well as the meta-refresh tag support patch, make it into the main source tree, as they were both crucial to the success of our project. But that is one of the many bounties of this model: someone else saw a problem and created a solution for it before I even started on this project, and it made a world of difference!

Now to create a jffs2 image. This even makes the work so far look easy. It's just a copying the directory structure off the CerfPod and onto a directory somewhere to create the image from. I used nfs, and then ran mkjffs2:

On the CerfPod:

mount 192.168.1.1:/tmp /mnt/hda
mkdir /mnt/hda/cerfroot
cd /
cp -Rxd / /mnt/hda/cerfroot
umount /mnt/hda

On the host:

    mkfs.jffs2.x86 -r /tmp/cerfroot -o imagename.jffs2 -e 0x20000 -p
The “-e” flag is important to sizing; it tells it the size of the flash to erase to the end of the image. This is crucial later on a CerfPod, to make sure that the blocks show up correctly on the new image. This varies system to system, and should be checked against your device. There are numbers already out there for various RAM sizes on iPAQs and, definitely, on the CerfPod as well. Again, we received great support from Intrinsyc here.

Flashing the CerfPod is very easy, and the iboot bootloader was simple to use:

    eraseflash 3
    set ip 192.168.1.2
    download tftp:192.168.1.1 zImage 0xc0000000
    flash 0x60000 0xc0000000 0x100000
    download tftp:192.168.1.2 rootnew.jffs2 0xc0000000
    flash 0x160000 0xc0000000 0x900000
    boot
One other funny thing to note, is that I was not sure of the correct size of my new image in hex (being both lazy and mathematically challenged), but I suspected it did not matter a great deal. I made a couple of guesses, and got an answer close enough on the third try. Later on, someone at Intrinsyc confessed that they have, on occasion, done the same thing (no names).

Now, the process for distributing this platform is simple:

  1. Obtain CerfPod from Intrinsyc
  2. flash the intrinsyc modified familiar kernel
  3. flash the new jffs2 image
  4. power on at the hotel

Troubleshooting? No problem! Turn it off; turn it back on. All the proper routing and web requests are server-side.

“I could do that!”

Right about now you might be thinking: “So what? That sounds really easy! I could do that!”

I couldn't agree more. In fact, I encourage you to! Linux (and especially Familiar and Dillo) made this project fast, easy, scalable in deployment, and very inexpensive. The folks at Intrinsyc understand this, and we received excellent support from their staff in this endeavor, especially given that we chose the “unsupported” route to make things go faster (I would encourage Intrinsyc to follow the handhelds.org guys and jump on the Familiar train).

The folks at Unifocus understand this also, and now they have an easy, inexpensive, and very supportable platform for their online hotel surveys!



About the author: Patrick Glennon is a partner at Metro-Techs, an IT Consulting firm focused on small to medium sized businesses. Metro-Techs is a core believer in the open source and free software arenas, and has and will continue to use these models as a way to increase value to the customer! Patrick began his Linux experiences in 1993 swearing at 20+ slackware floppies and consulting a Ouija Board to guess at monitor timings in X11. He now uses the Ouija Board to guess at eraseblock sizes on his iPAQ while the slackware floppies hang around his neck to confound the devil.





 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.