Sphere Factor Mac OS
A valuable addition to any home lab setup is a hypervisor environment where you can spin up virtual hosts, servers, and applications to suit your needs. First, you need to decide if you want to use dedicated hardware or run virtual machines (VMs) on top of your existing operating system. If you are are only planning on a couple virtual machines (VMs) then a type-2 hypervisor that runs on top of an operating system such as VMware's workstation or Oracle's virtual box will be right up your alley. If you plan on spinning up a lot of VMs, running dedicated servers, or just want to gain more experience with technologies used in an enterprise environment than a type-1 hypervisor is what you want. I went with a type-1 hypervisor namely VMware's vSphere / ESXi. I chose vSphere since it was free and I'm the most familiar with VMare's products.
How to Factory Reset Mac OS X to Original Default Factory Settings. If you want to completely erase the Mac and get a factory reset Mac OS X version that is blank and back to default settings as if the computer was brand new, this is the process to achieve that. This will reset Mac to the factory default version of Mac OS X on the computer. This standalone visualizer software for PC and Mac gives users access to many handy features, like video recording, picture-in-picture and annotation, as well as a number of unique, advanced features, like automatic image correction, side-by-side comparison, a personalized media library and one-click upload to social media & file sharing sites. The Azure Sphere OS uses the region code setting in the e-fuses to look up the region in the Linux wireless regulatory database and then selects the channels allowed for that region. If no region code is programmed into the e-fuses, in which case the e-fuses remain set to 0x00 0x00, or if the characters '00' are programmed, the OS defaults to a conservative set of channels that are generally allowed in all. Mosyle Auth is an add-on which costs $0.34 per device per month. It's not full-on AD join; it only performs an authentication that, when successful, takes you to your Mac desktop. It then has a mechanism that sync's your Mac's local password to Azure. Performs SSO as well though I haven't tried that yet. So far it's working OK for us.
Since I chose to run on a dedicated box I now had to choose what hardware I was actually going to use. *Please make sure you check any hardware against the compatibility list for whatever solution you use. There are numerous different ways you can go from low end Intel i3 boxes to high end servers with 48+ cores. It helped me during this scoping phase to ask the following questions.
- What type of VMs will I be creating?
- How many VMs will I be creating?
- How many resources will said VMs utilize?
- Do I want to do any clustering?
I wanted to be able to spin up hosts, servers, and really anything that I wanted to. This ended up being a major factor in my hardware decision as I wanted to virtualize macOS. Virtualizing macOS is only legitimately allowed on Apple hardware so that limited me greatly on what hardware I could use. I wanted to be able to create a lot of resource intensive VMs as well which further limited my choices. I wasn't interested in clustering and preferred to have some ability to upgrade my hardware so I settled on a 2010 Mac Pro with dual hexa-core 3.06Ghz Xeon processors, 64GB of RAM, 512GB SSD, and a 4TB drive. *
Given that the older Mac Pro's can actually be upgraded the first thing I did upon receiving it was add additional hard drives and two additional network interface cards (NICs). I added one 4TB and one 2TB drive giving me a total of 10TB of spinning disk, 512GB of SSD capacity, and I still have the ability to add more drives in the unused 5.25' bay.
Once I had all of the hardware installed I went ahead and burned a copy of vSphere 6 to a DVD, popped it into the optical drive on the Mac pro, restarted it and followed the prompts to install ESXi. I ended up installing ESXi on the SSD versus a separate flash drive which I believe goes against best practices but hasn't been a issue for me so far. Installation was pretty painless and once it was complete I got a screen similar to the one below.
I accessed the URL from my desktop and was greeted with the page below.
Then I accessed the web interface by clicking on the link for 'Open the VMware Host Client'.
This screen shot was taken a little later so you can see I've already created some VMs. In addition to the web GUI you can control the server with the Windows Fat client or in my case I use VMWare Fusion to control certain functions, act as the remote console, or to upload VMs to the ESXi host. I've found Fusion to be overall very helpful but I do wish it had more functionality / control over the ESXI host. Overall, I've been very happy with my decision to use a Mac Pro for my ESXi host.
Issues / Lessons Learned
- Purple screen of death. This was not something I was familiar with and I ran into a few of these the first couple of days I had the Mac Pro up and running. It can be hard to decipher these screens. In this case it was a Machine Check Exception (MCE) that has it's own separate page to assist in figuring out what it means. It appears to be an issue with one of the CPUs but this issue ended up disappearing which could have been due to putting the host on an UPS, providing additional cooling, or through dumb luck.
- VMNIC Issues. I installed an Intel Dual NIC roughly the same time I installed the additional hard drives. I wanted additional NICs so that I could play around with link aggregation / NIC teaming. However, I ran into an issue where one of the two built in NICs decided to show up in ESXi as a storage adapter. Just re-scanning the device had no impact so I enabled SSH and took a look at esx.conf. The devices showed up as follows:
/device/00000:010:00.0/vmkname = 'vmnic0'
/device/00000:000:31.2/vmkname = 'vmhba0'
/device/00000:006:00.0/vmkname = 'vmnic1'
/device/00000:006:00.1/vmkname = 'vmnic2'
So three NICs and a virtual machine host bus adapter? I ended up renaming it within the config to match the rest of the NICs, gave it a reboot, and then success!
Well, until the next reboot and now it is back to an hba. If anyone has a persistent answer to this particular issue I'd be most appreciative.
- When uploading an OSX or macOS VM to the ESXi host with Fusion you must go to that VM once it is uploaded and change the guest OS type to Mac OS otherwise it will never work.
- When installing Kali linux in ESXi you may run into a weird problem that I did where upon the initial boot after an install you get nothing but a black screen. What I did was enter my creds blindly and everything starts working once it logs you in. Make sure you update after that and you won't have the problem again.
Manufacturing connected devices that incorporate Azure Sphere hardware involves several factory-floor operations:
- Connecting each Azure Sphere chip to a factory-floor PC
- Recording device IDs
- Updating the Azure Sphere OS if necessary
- Loading software
- Running functional tests
- Enabling Wi-Fi channels on the MT3620
- Performing radio frequency (RF) testing and calibration, if necessary
- Verifying RF configuration
- Finalizing the device
You must connect the chip to the PC first and finalize the device last, but you can perform other operations in any order that suits your manufacturing environment.
Important
The Manufacturing Samples package contains sample scripts for updating the OS on multiple devices in parallel, for claiming multiple devices at once, and for performing a device ready check. A separate RF Tools Package includes utilities and a C API library for use in testing and calibrating radio frequency (RF) operation. Please contact your Microsoft representative if you need either of these packages.
Connect each Azure Sphere chip to a factory-floor PC
During manufacturing, you must connect each Azure Sphere chipto a factory-floor PC. The PC must be running Windows 10 v1607 (Anniversary update) or a more recent release.
The Azure Sphere tools run on the PC and interact with thechip over a chip-to-PC interface. You choose how to implement this interface:
- Design an interface board that connects to your PC during manufacturing.
- Build an interface into each connected device. For example, the MT3620 reference board design (RDB) includes such an interface.
The MCU programming and debugging interface providesdetails on the design and requirements for the chip-to-PC interface.
You'll need to install the Azure Sphere SDK to connect devices to a PC and to perform other factory-floor tasks. See Install Azure Sphere for instructions.
You can simultaneously connect as many Azure Sphere devices to your PC as the PC's USB subsystem will support. The Azure Sphere tools do not limit the number of devices that can be connected at one time. We recommend that you request the Manufacturing Samples package, as described previously, to help you perform manufacturing tasks at scale.
Note
Support for multiple attached devices is provided only on Windows and only by the azsphere CLI. The Visual Studio and Visual Studio Code extensions currently support development and debugging of only a single device (the first device), which must have IP address 192.168.35.2.
The azsphere command supports several features that enable you to gather information about all the devices that are attached to a PC and to perform operations when multiple devices are connected.
Get information about attached devices
You can gather information about all attached Azure Sphere devices by using the following command:
azsphere device list-attached
This command returns the IP address for each Azure Sphere device and a value that identifies the device's USB connection. If the device is responsive, the command also returns the device ID. For example, the following shows output for two devices:
The IP address is assigned when an FTDI-based device interface is attached to the PC; it does not indicate that a responsive device is present. The IP address persists while the FTDI-based device interface is attached to the PC, even if a different Azure Sphere device is plugged into the interface. After a PC reboot, however, the IP address may change. The first device to be attached is assigned the address 192.168.35.2.
The connection path is an FTDI location ID that identifies the USB connection. The location persists while the FTDI-based device interface is attached to the same USB port on the same USB hub, and in turn to the same port on the PC. Thus, it persists over reboot. However, any changes in wiring between the PC and the device may result in changes to the connection path. Like the IP address, it doesn't change even if a different Azure Sphere device is plugged into the FTDI interface.
Perform operations on attached devices
The azsphere device command supports identifying a device by FTDI location or IP address:
- The device IP-address: Identifies a device by its IP address, which is returned by azsphere device list-attached (Windows only).
- The device location FTDI location: Identifies a device by its connection path, which is returned by azsphere device list-attached (Windows only).
Use either of these parameters to identify the device to which an azsphere device <operation> command applies. You can specify only one device per command. If more than one device is attached to the PC and you don't specify an IP address or FTDI location, the command fails.
Every device is assigned an IP address—even if it's unresponsive—so you can use the IP address to identify a device that requires recovery.
The following table lists the azsphere operations with which you can use these two parameters.
Command | Operation |
---|---|
device | app |
certificate | |
claim | |
enable-cloud-test | |
enable-development | |
image | |
manufacturing-state | |
network | |
recover | |
restart | |
show | |
show-attached | |
show-deployment-status | |
show-os-version | |
sideload | |
update | |
wifi | |
tenant | create |
Update the Azure Sphere OS
Every Azure Sphere chip is loaded with the Azure Sphere OS when it isshipped from the silicon manufacturer. Depending on the version of the Azure Sphere OS on chips available from your supplier, and depending on the OS version requirements of your application, you might need to update the Azure Sphere OS during manufacture of the connected device.
You can obtain the most recently available Azure Sphere OS recovery files for MT3620-based hardware after you accept the license terms.
If the Azure Sphere chip is not online on the factory floor, you can update it by loading the recovery files onto the factory-floor PC and then issuing the azsphere device recover command over the programming and debugging interface described earlier. Use the --images
parameter to install specific recovery images.
The Manufacturing Samples include an example script that performs parallel multi-device recovery. Please contact your Microsoft representative to get this package.
Record device IDs
As part of the factory-floor process, you should record the device IDs of allAzure Sphere chips that your company incorporates into manufactured devices. To get the device IDs of all attached devices, use azsphere device list-attached.
You will need the device IDs during cloud configuration to set up device groups and deployments.
Load software
All software that you load—regardless of whether it is a board configuration file, a testing application, or a production application intended for the end user—must be production-signed.
During manufacturing, Azure Sphere devices must not require any special device capabilities, such as the appdevelopment capability, which enables debugging. Acquiring capabilities for individual devices reduces device security and requires internet connectivity, which is typically undesirable on the factory floor.
Get production-signed images
The Azure Sphere Security Service production-signs each image when you upload it. To avoid the need for internet connectivity on the line, create the production-signed images once, download them from the Azure Sphere Security Service, and then save them on a factory-floor PC for sideloading during production.
To get a production-signed image, upload it to the Azure Sphere Security Service by using the azsphere image command:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Replace <path-to-image-package> with the path and name of the image package that contains your software. The Security Service production-signs the image and retains it.
Applications that are intended for use only during factory testing must be explicitly identified as temporary images. This ensures that these applications can be removed at the end of the testing process. Do not use temporary images for applications that will remain on the device after manufacture, or the over-the-air update process will not operate correctly. To mark an image as temporary, use the --temporary parameter when you upload the file for production signing:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Save the component ID that the command displays; you'll need it later to remove the temporary image from the device.
To download the production-signed image, use the following command:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Replace <image-id> with the ID of the image to download, and replace <file-path> with the path and filename in which to save the downloaded image. The image ID appears in the output of the azsphere image add command.
After you save the production-signed image, no further internet connectivity is necessary.
Important
If a device might be claimed into a different tenant than the one used during the steps above, you must retain the precise original (prior to upload) image files so that you can upload them to the actual tenant that a device is claimed into. This requirement is described in more detail in cloud configuration tasks.
Deploy and delete images
To deploy a production-signed image onto a device in the factory, use the azsphere device sideload command:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Replace <file-path> with the name and path to the downloaded image file. If multiple devices are connected to the PC, include the --device
parameter to identify the target device using the IP address or the FTDI location. See Perform operations on attached devices for details about these parameters.
If you load a temporary application for testing, use the following command to delete it after testing is complete:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Run functional tests
Functional tests verify that the product operates correctly. The specific tests thatyou should run depend on your individual hardware.
You can organize your tests as a single OEM application or as a seriesof applications. The application development documentation, the Azure Sphere samples, and the templates in the Azure Sphere SDK provide information about application design. Whatever design you choose, this application needs to be production-signed and then deployed using the steps in the previous section.
Some testing processes require communication with the chip that isbeing tested: to report errors, log data, or sequence tests. If yourtesting process requires communication, you can use the peripheral UARTs on theMT3620 (ISU0, ISU1, ISU2, or ISU3). Connect these UARTs to your factoryPC or external test equipment using suitable circuitry of your design.If you created an interface board to support chip-to-PC communication, you might want to add this circuitry to that board.
Perform RF testing and calibration
Azure Sphere chips require wireless connectivity to receive softwareupdates and communicate with the internet. Testing and calibrating RFoperation is therefore a critical part of the manufacturing process. If you are using a module, certain aspects of RF testing might not berequired; consult the module supplier for details.
The RF Tools package, available upon request, includes utilities and a C API library for use during testing. Using the library, you can program product-specific RF settings in e-fuses, such as the antenna configuration and frequency, as well as tune individual devices for optimal performance. See the next section Program e-fuses to enable Wi-Fi channels for details about how e-fuses settings enable the Wi-Fi channels that are allowed in the device's region of operation. If your test house needs to use the tool to certify your device, please contact your Microsoft representative before sharing the software with them.
Integration between the library and test equipment is yourresponsibility. Currently, Microsoft has partnered withLitePoint to provide a turnkey solution thatintegrates the Azure Sphere RF test library with the LitePointequipment. Solutions from other test equipment vendors may becomeavailable in the future.
The RF testing tools topic describes how to use the RF tools.
At the same time as RF and Wi-Fi calibration, consider also connectingto a Wi-Fi access point to verify that your end-user application will be ableto communicate over Wi-Fi. Ensure that the Wi-Fi connection does nothave internet access, because over-the-air update may occur if the chipconnects to an internet-enabled access point. After Wi-Fi testing, youshould remove any Wi-Fi access points used for testing from the chip sothat it is not visible to customers. For details about Wi-Ficonfiguration, see azsphere device wifi. Note thatdevice recovery removes all Wi-Fi configuration data from the chip.
Program e-fuses to enable Wi-Fi channels
The Azure Sphere OS selects Wi-Fi channels based on the region code that is programmed into the MT3620 e-fuses at offset addresses 0x36 and 0x37. For details about e-fuses on the MT3620, see the MT3620 E-fuse Content Guidelines Mediatek document.
The region code is a two-letter ASCII code. The Azure Sphere OS uses the region code setting in the e-fuses to look up the region in the Linux wireless regulatory database and then selects the channels allowed for that region. If no region code is programmed into the e-fuses, in which case the e-fuses remain set to 0x00 0x00, or if the characters '00' are programmed, the OS defaults to a conservative set of channels that are generally allowed in all regions. The channels allowed for region '00' are specified in the Linux wireless regulatory database.
The region code setting in the e-fuses does not need to match the country where the device will be used. Manufacturers can choose any region code that maps to an allowed set of channels for the region of operation. Different regions and countries often adopt similar or identical regulations, which can allow region codes to be used interchangeably.
Example: To instruct the Azure Sphere OS to select Wi-Fi channels for region 'DE' (Germany), program 0x44=D and 0x45=E into the e-fuses at addresses 0x36 and 0x37. The allowed channels for Germany, excerpted from the Linux wireless regulatory database, are shown below. Most countries in the European Union (EU) allow the same set of channels.
Verify RF configuration
Use the RfSettingsTool to verify that the radio configuration options such as target transmit power, region code, and MAC address have been correctly set. The RF settings tool documentation provides more information about using this tool.
Ethernet configuration
Azure Sphere supports Ethernet connections using the ENC28J60 Ethernet controller. For more information, see Connecting Ethernet adapters to the MT3620 development board.
Sphere Factor Mac Os Catalina
Default MAC address behavior
The Media Access Control (MAC) address is a hardware address that uniquely identifies each board. The MAC address for ENC28J60 is randomly generated when the board is configured.Although, the MAC address is retained during OS update or when the board is configured, it is randomized during device recovery and may break functionalities that require a static MAC address.
Universally administered address
If you need to set the MAC address based on an organizationally unique identifier (OUI) the following options are available:
MAC address is set manually after device recovery
In this case, the device's MAC address is set on the Azure Sphere factory floor and can be customized to enable the manufacturer to use an address that correlates to their IEEE-issued MAC block.
During device recovery, a new MAC address is randomly generated and assigned to the board. If the device is returned to the manufacturer or recovered, the Azure Sphere command-line utility can be used to set the device back to the original MAC address post recovery by updating the Ethernet network interface for the device.
MAC address is retained after device recovery
In this case, the original MAC address can be automatically set after recovery. Due to the fact that non-volatile storage does not exist on the ENC28J60, the manufacturer must add additional storage (such as EEPROM) and the MAC address must be stored by the manufacturer as part of the factory processing.
This external storage is then accessed at runtime to read and set the MAC address by calling the Networking_SetHardwareAddress function. When the device is recovered and the application is reloaded, it reads from the external storage and sets the system MAC address.
Finalize the Azure Sphere device
Finalization ensures that the Azure Sphere device is in a secured stateand is ready to be shipped to customers. You must finalize the devicebefore you ship it. Finalization involves:
Running ready-to-ship checks to ensure that the correct system software and production application are installed and RF tools are disabled.
Setting the device manufacturing state to lock out RF configuration and calibration tools and prevent security breaches.
Run ready-to-ship checks
It is important to run ready-to-ship checks before you ship a product that includes an Azure Sphere device. Different checks must be performed for different manufacturing states. Ready-to-ship checks ensure the following:
Sphere Factor Mac Os 11
- The device manufacturing state is set correctly for that stage of manufacturing.
- The Azure Sphere OS on the device is valid and the expected version. This can only be checked for devices that are not yet in the DeviceComplete state.
- User-supplied images on the device match the list of expected images. This can only be checked for devices that are not yet in the DeviceComplete state.
- No unexpected Wi-Fi networks are configured on the device. This can only be checked for devices that are not yet in the DeviceComplete state.
- The device does not contain any special capability certificates. For MT3620-based devices, this can only be checked on devices not in the Blank state.
Different checks are necessary at different stages of manufacturing because the manufacturing state of the device determines the capabilities of the device.
Which checks you run will also depend on whether you are designing a module or a connected device. For example, as a module manufacturer you might choose to leave the chip in the Blank manufacturing state so that the customer of the module can perform additional radio testing and configuration.
DeviceReady.py
The Manufacturing Samples package includes a sample Python script called deviceready.py, which performs the above checks, as appropriate for each manufacturing state. It also demonstrates how to run the Azure Sphere CLI tools to perform these device-ready checks programmatically as part of an automated test environment. The deviceready.py script can be used as-is or modified to suit your needs. It should be run for each of the manufacturing states relevant to your device.
Os Sphere Plano
The deviceready.py script takes the following parameters:
--expected_mfg_state
Determines which manufacturing state to check for and controls which tests are run. If this parameter is not specified, it defaults to 'DeviceComplete'. If the manufacturing state of the device differs from this value, the check fails.
--images
Specifies the list of image IDs that must be present on the device for the check to succeed. This parameter defaults to the empty list if not specified. If the list of installed image IDs on the device differs from this list, the check fails. By checking image IDs (rather than component IDs) this check ensures that a specific version of a component is present.
--os
Specifies a list of versions of the Azure Sphere OS. This parameter defaults to the empty list if not supplied. If the OS version present on the device is not in this list, this check fails.
--os_components_json_file
Specifies the path to the JSON file that lists the OS components that define each version of the OS. For MT3620-based devices, this file is named mt3620an.json. The mt3620an.json file is not part of the Manufacturing Samples package and is available only by download. If not specified, this parameter defaults to a file named 'mt3620an.json' in the same location as the script.
--azsphere_path
Specifies the path to the azsphere.exe utility. If not specified, this parameter defaults to the default install location for the Azure Sphere SDK on Windows. Use this parameter only if the Azure Sphere SDK is not installed in the default location.
--help
Shows command-line help.
--verbose
Provides additional output detail.
A sample invocation of the deviceready.py script, when running from the same folder as the deviceready.py file and with the mt3620an.json file downloaded to the same folder, looks like the following:
> python .deviceready.py --os 20.10 --images e6ca6889-96d3-4675-bbe5-251e11d02de0 --expected_mfg_state Module1Complete
Sphere Factor Mac Os Download
Set the device manufacturing state
Sensitive manufacturing operations such as placing the radio in test mode and setting Wi-Fi configuration e-fuses should not be accessible to end users of devices that contain an Azure Sphere chip. The manufacturing state of the Azure Sphere device restricts access to these sensitive operations. Manufacturing states include:
Blank. The Blank state does not limit the manufacturing operations on a chip. Chips in the Blank state can enter RF test mode and their e-fuses can be programmed. When chips are shipped from the silicon factory, they are in the Blank manufacturing state.
Module1Complete. The Module1Complete manufacturing state is designed to limit the adjustments users can make to radio configuration settings such as maximum transmit power levels and allowed frequencies. RF commands can be used until Module1Complete is set. Restricting end-user access to these settings may be required to satisfy regulatory policies around radio hardware. This setting primarily affects manufacturers who need to test and calibrate radio operating parameters.
Microsoft recommends that you set this manufacturing state after radio testing and calibration have been completed; RF commands cannot be used after it is set. The Module1State protects the device against changes that may disrupt proper operation of the radio and other wireless devices in the vicinity.
DeviceComplete. The Device Complete manufacturing state allows manufacturers of finished products to secure devices that are deployed in the field against changes. Once a device is placed into the DeviceComplete state, a device-specific capability file is needed to perform any software loading and configuration tasks.
Do not set DeviceComplete for unfinished devices or modular devices (Wi-Fi modules, development boards, and so forth) that may be used as part of a larger system; this state limits manufacturing activities such as production-line testing, software installation, and configuration. Many CLI commands are unavailable after DeviceComplete is set and so certain device ready checks must be run before this state is set. Restricted commands can be re-enabled by using a device capability such as the fieldservicing capability, but only for devices you have claimed.
When manufacturing is complete, use the manufacturing-state update command to set the DeviceComplete state:
Note: The Azure Sphere classic CLI has been deprecated. We recommend using the new Azure Sphere CLI.
Sphere Factor Mac Os X
Important
Moving a chip to the DeviceComplete state is a permanent operation and cannot be undone. Once a chip is in the DeviceComplete state, it cannot enter RF test mode, its e-fuse settings cannot be adjusted, Wi-Fi settings, operating system updates, and installed applications cannot be changed without claiming the device and enabling a device capability. If you need to re-enable these capabilities on an individual chip, such as in a failure analysis scenario, please contact Microsoft.