Ydtechnologius
This is a collection of news and articles on tech and gadgets.Informative news on technology, gadgets and news.Latest Technology News, Gadget Reviews, Latest Gadgets, Latest Gizmos and Latest News in Tech.
Friday, January 24, 2025
Getting started with Raspberry Pi Touch Display 2
Raspberry Pi Touch Display 2 is a portrait orientation touchscreen LCD display designed for interactive projects like tablets, entertainment systems, and information dashboards. Here, our documentation lead Nate Contino shows you how to connect a Touch Display 2 to your Raspberry Pi, use an on-screen keyboard, and change your screen orientation.
Touch Display 2 running Raspberry Pi OS
Touch Display 2 connects to a Raspberry Pi using a DSI connector and a GPIO connector. Raspberry Pi OS provides touchscreen drivers with support for five-finger multi-touch and an on-screen keyboard, providing full functionality without the need to connect a keyboard or mouse.
Specifications
1280×720px resolution, 24-bit RGB display
155×88 mm active area
7-inch diagonal display
Powered directly by the host Raspberry Pi, requiring no separate power supply
Supports up to five points of simultaneous multi-touch
Touch Display 2 is compatible with all models of Raspberry Pi from Raspberry Pi 1B+ onwards, except Raspberry Pi Zero and Zero 2 W, which lack a DSI connector.
Figure 1: What’s in the box
The Touch Display 2 box contains the following parts (in left-to-right, top-to-bottom order in the Figure 1 image):
To connect a Touch Display 2 to a Raspberry Pi, use a Flat Flexible Cable (FFC) and a GPIO connector. The FFC you’ll use depends upon your Raspberry Pi model: for Raspberry Pi 5, use the included 22‑way to 15-way FFC; for any other Raspberry Pi model, use the included 15-way to 15-way FFC.
Raspberry Pi is connected to Touch Display 2 using the GPIO pins and a Flat Flexible Cable (FFC)
Once you have determined the correct FFC for your Raspberry Pi model, complete the following steps to connect your Touch Display 2 to your Raspberry Pi:
1. Disconnect your Raspberry Pi from power.
2. Lift the retaining clips on either side of the FFC connector on the Touch Display 2.
3. Insert one 15-way end of your FFC into the Touch Display 2 FFC connector, with the metal contacts facing upwards, away from the Touch Display 2.
4. While holding the FFC firmly in place, simultaneously push both retaining clips down on the FFC connector of the Touch Display 2.
5. Lift the retaining clips on either side of the DSI connector of your Raspberry Pi. This port should be marked with some variation of the term ‘DISPLAY’ or ‘DISP’. If your Raspberry Pi has multiple DSI connectors, prefer the port labelled ‘1’.
6. Insert the other end of your FFC into the Raspberry Pi DSI connector, with the metal contacts facing towards the Ethernet and USB-A ports.
7. While holding the FFC firmly in place, simultaneously push both retaining clips down on the DSI connector of your Raspberry Pi (see Figure 2 below).
8. Plug the GPIO connector cable into the port marked J1 on the Touch Display 2.
9. Connect the other (three-pin) end of the GPIO connector cable to pins 2, 4, and 6 of your Raspberry Pi’s GPIO. Connect the red cable (5 V power) to pin 2, and the black cable (ground) to pin 6. Viewed from above, with the Ethernet and USB-A ports facing down, these pins are located at the top right of the board, with pin 2 in the top right-most position (see Figure 3 below).
10. Optionally, use the included M2.5 screws to mount your Raspberry Pi to the back of the Touch Display 2:
11. Align the four corner stand-offs of your Raspberry Pi with the four mount points that surround the FFC connector and J1 port on the back of the Touch Display 2, taking special care not to pinch the FFC.
12. Insert the screws into the four corner stand‑offs and tighten until your Raspberry Pi is secure.
13. Reconnect your Raspberry Pi to power. It may take up to one minute to initialise the Touch Display 2 connection and begin displaying to the screen.
Figure 2: A Raspberry Pi 5 connected and mounted to a Touch Display 2
Use an on-screen keyboard
Raspberry Pi OS Bookworm and later include the Squeekboard on-screen keyboard by default. When a touch display is attached, the on-screen keyboard should automatically show when it is possible to enter text and automatically hide when it is not possible to enter text.
For applications which do not support text entry detection, use the keyboard icon at the right-hand end of the taskbar to manually show and hide the keyboard.
You can also permanently show or hide the on‑screen keyboard in the Display tab of Raspberry Pi Configuration or the Display section of raspi-config.
In Raspberry Pi OS releases prior to Bookworm, use matchbox-keyboard instead. If you use the Wayfire desktop compositor, use wvkbd instead.
Figure 3: The GPIO connection to Touch Display 2
Change screen orientation
If you want to physically rotate the display, or mount it in a specific position, select Screen Configuration from the Preferences menu. Right-click on the touch display rectangle (likely DSI-1) in the layout editor, select Orientation, then pick the best option to fit your needs.
Rotate the screen without a desktop
To set the screen orientation on a device that lacks a desktop environment, edit the /boot/firmware/cmdline.txt configuration file to pass an orientation to the system. Add the following entry to the end of cmdline.txt:
video=DSI-1:720x1280@60,rotate=<rotation-value>
Replace the <rotation-value> placeholder with one of the following values, which correspond to the degree of rotation relative to the default on your display:
0
90
180
270
For example, a rotation value of 90 rotates the display 90 degrees clockwise. 180 rotates the display 180 degrees, or upside-down.
Note: It’s not possible to rotate the DSI display separately from the HDMI one with cmdline.txt. When you use DSI and HDMI simultaneously, they share the same rotation value.
This tutorial is an excerpt from the Raspberry Pi Documentation. Our extensive documentation covers all of our hardware, software, accessories, and microcontrollers as well as Raspberry Pi OS. If you still have questions, try posting on our forums, which are full of Raspberry Pi enthusiasts and some of the finest nerds on the planet.
Lately, well-crafted connected devices with wireless sensors and reliable, low-cost compute hardware have been revolutionising many “unconnected” industries, services, and applications. One such industry and service is the delivery of pre-mixed concrete.
A Canadian customer of ours called Giatec recently launched a unique and very clever product called MixPilot. MixPilot gets mounted to concrete delivery trucks and, through the use of sensors and algorithms, can monitor various aspects of concrete being delivered, including a property known as its slump. This is done to ensure the quality of the concrete and give the fleet operators more visibility into the trucks and their payload, as well as bringing other new operational benefits. Part of their product’s charm is that it’s easy to install on the truck: it’s “set and forget”, meaning it doesn’t require much maintenance.
Slump is a measurement of how well concrete flows when it’s poured. It is important for the slump to be in the right range when the concrete is poured into a form or mould, as otherwise it might not flow correctly to fill the volume, leaving voids. Bad news if you want a structurally sound construction.
To deliver MixPilot, Giatec built a highly reliable wireless gateway based on our Compute Module 4 and paired it with two custom sensors that wirelessly send their sensor readings back to the gateway, where the data is processed and the concrete payload’s status is displayed to the truck operator. The gateway is then connected to Giatec’s cloud via cellular, allowing for further data processing as well as providing the end customer with a cloud console to enable useful features, such as alerts and fleet-wide stats.
Our line of Compute Modules is ideal for this type of “edge compute” application for all lots of reasons:
Low power: allows great levels of compute without needing to worry about heat
Flexible: Giatec engineered a custom Compute Module 4 carrier board that has all the interface hardware and cellular radios needed to enable their product
Great Raspberry Pi software: Giatec’s talented engineers were able to develop and release the product very quickly, in part thanks to our robust Raspberry Pi OS
Secure: Compute Module 4 has the ability to run secure software and supports secure boot, which is provisioned by our handy tools on the customer’s production line
Pre-certified wireless: CM4 optionally includes dual-band Wi-Fi and Bluetooth, so you can effortlessly enable wireless comms without a costly development or certification process
Cost-optimised: CM4 is great value and has 32 SKUs to choose from, so you can scale up or down the RAM, storage, and wireless options to best suit your application
Long lifetime: Giatec and other customers can rely on CM4 to be available from Raspberry Pi until at least January 2034
Meet the engineer: Dominic Plunkett on Compute Module 5
In the latest issue of The MagPi magazine, editor Lucy Hattersley speaks to Senior Principal Hardware Engineer Dominic Plunkett about how the pieces of the Raspberry Pi Compute Module 5 puzzle came together.Read their conversation to learn more about the design process and the sort of products companies are building with CM5.
The MagPi: What’s changed between CM4 and CM5?
Dominic Plunkett: CM5 takes all of the goodness of Raspberry Pi 5 and puts it on the Compute Module. So we’ve got the BCM2712 Broadcom processor used on Raspberry Pi 5. We’ve got our I/O processor, RP1. That’s a whole extra chip on the board compared with CM4, and so that required a lot of effort to get it on there.
I’d set myself the challenge that the central processor wouldn’t move, so that anyone who has used a CM4 with any sort of heatsinking would be able to use the same setup with CM5. That gave me a huge challenge to try and get the RP1 on the board – for weeks it was hanging off the edge of the board, but eventually I managed to squeeze up the bits and get all the electronics on there correctly.
Want to make your own modified CM5 I/O board? Install KiCad, download the design files, and get cracking!
Compute Module 5 is basically a Raspberry Pi 5 without the connectors, so what’s stopping you from just taking Raspberry Pi 5 and sort of snipping off the bits of the PCB with the connectors on?
I can do exactly that, but it won’t be as small. Compute Module is significantly smaller than Raspberry Pi 5, and we also wanted to add things like on-board eMMC, so there’s extra technology to squeeze into the same area as Compute Module 4. In theory, yes, all you’re doing is cutting off the connectors, but there’s a lot of work to make that happen correctly.
So the challenge is to keep the same form factor as CM4?
Yes. It was possible to change the form factor, but that was something that I didn’t want to do, because that potentially affects backward compatibility. You could probably change form factor in small ways that won’t affect many people, but the second you make a change, you’re going to affect somebody.
Apart from the physical change in the shape of the heatsinking of the main processor, it is basically the same form factor. Some of the parts have moved on the board, but they shouldn’t affect end users.
But electrically, there have had to be some changes, because you’re trying to add new features. So there are some differences which means that it’s not 100% compatible. But for most people it will be a drop-in replacement, and we’re already seeing that people are using it within setups that were designed for CM4 with no problems.
We’ve added new features such as USB 3.0 that won’t work when CM5 is plugged into a carrier board designed for CM4, because CM4 didn’t have USB 3.0. That’s life.
If you want something 100% compatible, stay with CM4; CM4 is still in production and will remain in production for a number of years – 2030-something, and it may well be that we extend it beyond that so it remains available.
Compute Module 5Raspberry Pi 5 16GBTo fit all of Raspberry Pi 5’s goodness in a much smaller footprint, the Compute Module 5 PCB has had to go to ten copper layers rather than the six on Raspberry Pi 5
So if a manufacturer wants to get the USB 3.0 functionality out of Compute Module 5, they either have to upgrade to the new carrier board, or design their own electronics, right?
Indeed. The Compute Module is designed for people who want to design their own board. My main aim for both CM4 and CM5 was to absorb as many of the bits that you need into the CM module, so all you need to do is put connectors on your board. So if you look at the Compute Module 5 IO Board, there is very little on there apart from connectors. We’re not talking difficult electronics on there. And that was the whole aim. We do the CM5 IO Board in KiCad, which is a freely downloadable CAD system, and the design files for the CM5 IO Board are freely available, so you can take the files, delete the bits you don’t want, move things around however you want, and design your own board.
What were the challenges in shrinking the functionality of Raspberry Pi 5 onto the CM5 shape?
It was the density, and it was getting RP1 onto the board – RP1 is actually a small chip, but as a proportion of the board, it’s made the electronics quite a bit denser.
So getting it onto the board sensibly was hard because there’s a lot of I/O – it’s our I/O chip, so there’s the USB 3.0 pairs that come out of there. There’s the MIPI pairs; the Ethernet comes out of it via a PHY. And then there’s all the PCIe to get into it, and all the GPIO to come out of it. So that area of the board is very dense, and it took a long time to be able to work out how to make it all fit.
The CM5 itself is now a ten-layer circuit board (Raspberry Pi 5 has six layers). So there’s ten layers of copper inside it, with quite a lot of ground planes, because all of these high-speed signals like USB 3.0 and PCIe have to be electrically matched on the circuit board. So you’ve got to do some quite accurate routing of the traces to make sure you get good signal integrity across the board.
The edge of the RP1 chip, which is on the end of the board, has all the USB 3.0 signals coming off. They can’t come out because there’s no board space, so they have to go down into the board and then be routed on an inner layer of the board. And so that’s quite dense at that corner of the board. And then you’re routing them on the inner layers. And you’ve also got the MIPI pairs in another layer, and then you’ve got Ethernet on the bottom layer. So there are a lot of signals trying to cross each other and route out and take up the same sort of space, and so you’re just trying to keep everything in three dimensions correctly spaced apart with the correct copper reference planes in the board there.
It took a while to work out with our board manufacturers just how it was going to work. And in the end, we actually made the circuit board 40 microns thicker than CM4 to make all the electric impedances correct. That extra thickness then allowed me to get the next part of the puzzle solved.
It’s a big puzzle-solving exercise that just requires a lot of juggling and a lot of looking at and working on it. It’s quite a dense little circuit board, this; it’s complex, but once you’ve sat at it for a couple of weeks, you start to you get a feel of where things are happening, where things are dense… I usually concentrate on the hard bits first, so I’ll do a bit, then I’ll get to a point where I think, ‘Oh, I’m pretty sure I know how that area is going to route out now.’ So then I’ll go and do the next hardest bit, and I’ll come and finish that off once I’m sure I can get all the hard bits done, because if I can’t get the hard bits done, then I have to make a decision of what to change.
Was there anything that you were forced to leave off in the process of shrinking the goodness of Raspberry Pi 5 into the smaller size of Compute Module 5?
Very early on, we had an internal discussion about some of the signals, because we’ve got the 200-pin connectors and we knew we were going to have to change some signals there, as some of the signals don’t exist in the new world. So that freed up some pins. But then we had more signals that we wanted to put on the pins than there were pins available, and we had to decide what features were going to be included. So Raspberry Pi 5 has two USB 2.0 ports on the right-hand side, and they got left off. There was no signal space for those two USB 2.0 ports, so they don’t exist on CM5.
Some people will find that they would like some extra USB ports, but we have to balance and try and get a good product for everybody, and not just one person or one group of people. So the key thing is to make sure it’s good for a number of people, and there was a good level of backwards compatibility for our main customers as well.
You’ve got more USB overall available than you had on CM4. So CM4 had four MIPI ports, but Raspberry Pi 5 onwards only supports two MIPI ports. So that frees up two MIPI ports that we could reallocate for USB 3.0. And that’s exactly what we did.
So if you do plug a CM5 into a CM4 board, and you use one of the MIPI ports, then that can no longer be used for one of the cameras and one of the displays. But that’s life. We have to make some choices. And yes, those choices will be hard for some people, and I fully acknowledge that some people will find the choices that we made were not right for them. But as I say, CM4 is still available, and CM4 was obviously the right product when they designed their product around the CM4 board. It’s not going to become obsolete. But a lot of people will find that they can just drop in CM5 and get more processing performance.
If you have the on-board eMMC, that is significantly faster. So that’s faster than an SD card, and that’s significantly faster than the on-board eMMC that CM4 had. So we’ve made some other improvements as well. There’s more memory available – in future there’ll be a 16GB version.
There’s no 1GB version any more – if someone came along with an order for a few million of them I’m sure we’d consider it, but at the moment there isn’t going to be a 1GB version. In part that’s the inevitable march of progress. It’s also that we already have loads of products on the books, and we have to be rational and not overload ourselves with loads of different products that are just going to sit in inventory.
Where are Compute Modules turning up? What sort of products are companies building with them?
They get into all sorts of places because they are small, efficient compute power for people. And it becomes easy just to add your own I/O to your system, and you get all the goodness of Raspberry Pi. And because it uses the same software, you can do all your development on a Raspberry Pi 5 in advance of creating your custom board.
Read The MagPi #149
You can grab the new issue right now from Tesco, Sainsbury’s, Asda, WHSmith, and other newsagents, including the Raspberry Pi Store in Cambridge. It’s also available at our online store, which ships around the world. Plus you can get it via our app on Android or iOS.
Last but not least, you can subscribe to the print version of The MagPi. Not only do we deliver it globally, but people who sign up to the six- or twelve-month print subscription get a FREE Raspberry Pi Pico W!
Towards the end of last year, we band of merry social media folk had the genius idea to learn more about robotics — so off to the Pi Towers Maker Lab we went, armed with a dream and next to zero idea how difficult building a giant robotic LEGO figure would be.
Under the hood
So, how does our gigantic bright yellow LEGO figure do all their tricks?
Three servos are hidden inside the body: one to move the head and one in charge of each arm. A SparkFun Servo pHAT physically moves the three servos (the HAT is capable of controlling many more than three if you need it to). Running the show is a Raspberry Pi Zero 2 W connected to a Raspberry Pi Power Supply for juice.
Raspberry Pi Zero 2 W
As well as powering the servos, Raspberry Pi Zero 2 W runs a basic web server that allows you to access the LEGO figure from anywhere on your network. You’ll be able to play around with the individual buttons our Maker in Residence programmed to make the figure dance, lift its right or left arm, or swivel its head.
Fluorescent filament
Every limb of the LEGO figure was printed on our trusty Ultimaker S5 printer and assembled by hand. The embossed Raspberry Pi logo on the t-shirt was achieved with an imported CAD file, before the whole t-shirt was 3D-printed as one piece. The eyes, eyebrows, and mouth were cut out on a Cricut machine and carefully stuck on to the head to achieve the appropriate level of jaunt.
Not an ominous greeter at all
Hard hands and servo schooling
Despite being lightly terrified by the technical difficulty of this project at the start, we found some really simple instructions from SparkFun on how to use their servos, and then it all came pretty easily. (Having our Maker in Residence on hand to translate for us laypeople may have been another invaluable bit of support. Probably. We’d have got there on our own in the end though, I’m sure…).
The LEGO figure’s hands also proved pretty tricky: they were hard to orientate for printing, so needed lots of supports. Luckily, snapping off 3D-printed supports is a favourite pastime of mine, so, silver linings.
Our Principal Software Engineer Graham Sanderson explains all the new boot path functionality supported on our RP2350 chip. This section from Graham was part of an in-depth Raspberry Pi Pico 2 feature including expert insights from our engineering team. It first appeared in the bumper Pico 2 launch issue of The MagPi, which you can download to read.
“When you power up the chip, you have to run some software, but the program that the user installs, their firmware is stored in flash, so you have to run some code to be able to read flash before you can do anything else. That code is part of the boot ROM, named because it runs at boot, and it’s stored in ROM.”
“On RP2040, the boot path is fairly simple — there is a program in flash, you go look for it, and then you run it. The rest of the boot ROM space is taken up by things like floating point math support, a variety of other useful runtime APIs, and of course the UF2 bootloader that enables the user to drag and drop programs onto the Pico, mounted as a USB drive, and make them run.”
“The RP2350 boot path supports a bunch of new functionality, with support for RISC-V as well as Arm processors, and particularly completely new support for secure boot on Arm. This requires us to verify that the program stored in flash is trusted to run on RP2350, by verifying a cryptographic signature. Additionally, we have hardened the boot code with the goal of making it impossible to run any user code that is not correctly signed, even in the hands of an attacker.”
“The RP2350 boot ROM also supports dividing the flash into multiple partitions so that you can keep multiple copies of a binary, or keep shared data or resources separate from the main program. Our focus, as ever, has been to make things powerful yet simple; therefore you can set up secure boot and have two (A/B) partitions, but still just drag and drop a UF2 to update your software. Dropping the UF2 will automatically target the partition that isn’t currently in use, before switching at the next boot, thus avoiding situations where you have only half written the program. If your new program version is not correctly signed, the old version will continue to boot. Support for A/B partitions makes it much easier for user code to over-the-air update, for example, reading a new version of itself from a web server — but now it can write that new copy to an unused area of flash, rather than worrying about updating the part of flash it itself is running from!”
“Let’s not forget about the Raspberry Pi Pico SDK either. This has had a lot of enhancements, bug fixes, and new features, and of course, now supports both RP2040 and RP2350, as well as both Arm and RISC-V. Nonetheless, most people should only need to recompile their RP2040 program for RP2350 with minor, if any, changes. I can’t wait to see what people do with the new chip.”
Did you miss the results of the RP2350 Hacking Challenge? Read all about the winners, what they did, and why Eben Upton chose to achieve security through transparency.
Success stories from companies using the most versatile Raspberry Pi — our Compute Module.
Korg synthesizers
Korg is one of the most recognisable names in synths — in fact, it made Japan’s first synthesizer. Since the 2000s, Korg has been using Linux to run on its high-end keyboards powered by the kind of chips you used to get in the netbooks of the era; most recently though, the firm has been using Compute Module 3 in some of its synths, specifically the Wavestate, Modwave, and Opsix models.
This move to Raspberry Pi Compute Module came about when Korg R&D was trying to reach a sub-$1000 price point while still maintaining quality and fixing persistent technical issues along the way. Korg hoped this was the way to reach more musicians, and after using more traditional desktop and laptop-style solutions for over a decade, it realised Raspberry Pi Compute Module was the next logical step to help bring that price down.
This resulted in Wavestate, a successor to the 30-year-old Wavestation that uses a combination of two boards — one for the actual physical synth controls, and another that has audio subsystems and power — both of which connect to CM3.
“Not everyone understands that Raspberry Pi is actually making the sound — many people assume that it’s not,” Dan Phillips from Korg told Raspberry Pi. “We use CM3 because it’s very powerful, which makes it possible to create deep, compelling instruments.”
Size of business: Large enterprise | Industry: Music technology | Technology:Compute Module 3
iPourIt
After waiting in line so long for a specific beer only for it to be sold out by the time he got to the bar, Brett Jones, CTO of iPourIt, thought there had to be a better way. So he designed an automated system that lets customers choose their beer and pay using an RFID device linked to their tab. This system is very popular with businesses, as it allows for faster service, less wastage, and even saves space. In fact, you can find 5800 iPourIt taps in 220 locations across North America.
By 2019, some of the first iPourIt terminals were reaching eight years old, and maintenance and refurbishment were becoming costly. Until then, they’d been based on various Android devices over the years, and it was time for more consistent and reliable technology to replace them. Enter Compute Module 3+, with the help of Raspberry Pi 4.
The whole system went from wireless to PoE (Power-over-Ethernet), simplifying the wiring in the process. Each touchscreen includes a CM3+ to control it, and every twelve taps are then controlled by one Raspberry Pi 4. The system allows for extremely accurate dispensing, and now includes spirit and liquor dispensing.
“Right now we are probably 20% less expensive than our nearest competitor, so price-wise, how [Compute Module] has been designed has really allowed us to reduce the acquisition cost for our operators,” Darren Nicholson, CMO of iPourIt, told Raspberry Pi.
Size of business: Small to medium | Industry: Hospitality (food and beverage) | Technology:Compute Module 3+ and Raspberry Pi 4
Bio Business
In 2009, Mostafa Elwakeel along with two colleagues set up Bio Business, recognising the potential of Internet of Things-based monitoring products. As part of this, they started creating ECG machines, ventilators, and other critical medical equipment. The devices took off, and before long they were making medical equipment for large companies such as Philips, Siemens, and GE.
Bio Business began manufacturing more kinds of IoT devices, including ones that shared imaging data, such as ultrasounds, radiation, x-rays, and MRIs. The next step was creating IoT monitoring devices on an OEM basis that provided detailed environmental information, such as temperature, humidity, air quality, etc. Connecting everything to the cloud complicated things, especially when a lot of the equipment would be mobile. Bio Business also needed to be able to secure components that would easily scale up as its client base/product demand increased.
Raspberry Pi Compute Module 4 and RP2040 ended up being the solution, as the company otherwise started to struggle to keep up with demand. Its CPAP machines use RP2040 to measure oxygen levels, and Bio Business also sells Raspberry Pi-based oxygen concentrators with manual control and power monitoring.
Size of business: SME | Industry: Medical technology | Technology:Compute Module 4, RP2040
TBS mini media server
While TBS supports the television industry in a lot of ways, it also supplies hotel chains with special systems that run the televisions in their rooms. These can stream channels and provide digital signage as well. While developing its new OBP-24 mini-server, one of the main requirements was the ability for customers to be able to add their own tuner card: “So we will be able to stream DVB channels, satellite, terrestrial, or cable through the whole local network,” managing director Christian Kingler told Raspberry Pi.
Maintaining a standard form factor was very important, but adding flexibility to adapt the device for different users was also a requirement. In early tests of the design, TBS used a Raspberry Pi 4 and found everything to be working just fine. After that, the firm started using Compute Module 4 and developed the PCB for the final product from there.
“It was quite attractive to have the CM4 IO board available… We were also able to test with this first, and then we made our own adaptation [for] what we needed in terms of form factor and PoE,” added Kingler. RP2040 was used for the little LCD control panel at the front of the OBP-24 and, thanks to further testing at an early stage using existing hardware, could also be adapted according to the company’s needs.
Homey started life in 2014 as a smart speaker and home hub from the Dutch company Athom. Over the years, the firm has released more powerful devices with more advanced features. This includes Homey Bridge, released in 2022 to add local wireless connectivity to earlier models.
While designing the recent Homey Pro, Athom wanted it to work with as many communication systems as possible — including Zigbee, Z-Wave, Wi-Fi®, Bluetooth, 433MHz RF, infrared, and Thread — without needing the extra Bridge. It became a challenge to fit everything into the device.
“We didn’t want it to look like a gaming router with all these antennas sticking out,” said Emile Nijssen of Athom. “So getting that right took a long time. And we also wanted to profit from the development we did on Homey Bridge. So actually while designing Homey Bridge, which is sort of a light version of Homey Pro, even if you look at it from the outside, we already were thinking about how later on we could put our own carrier board on top of it that could carry, for example, a Compute Module.”
Choosing Compute Module 4 allowed Athom to get to market faster, as it didn’t need to “reinvent the wheel” to get a small Linux computer working. Integration was straightforward thanks to Raspberry Pi’s documentation and robust software support.
Size of business: SME | Industry: Smart home | Technology:Compute Module 4
With a wide range of computing products and a network of trusted Design Partners, Raspberry Pi not only has the technology to help your business but can also provide the vital help you need to find your perfect setup. Learn more about Raspberry Pi for industry.
Security through transparency: RP2350 Hacking Challenge results are in
We launched our second-generation microcontroller, RP2350, in August last year. Building on the success of its predecessor, RP2040, this adds faster processors, more memory, lower power states, and a security model built around Arm TrustZone for Cortex-M. Alongside our own Raspberry Pi Pico 2 board, and numerous partner boards, RP2350 also featured on the DEF CON badge, designed by Entropic Engineering, with firmware by our friend Dmitry Grinberg.
All chips have vulnerabilities, and most vendors’ strategy is not to talk about them. We consider this to be grossly irresponsible, so instead, we entered into the DEF CON spirit by offering a one-month, $10,000 prize to the first person to retrieve a secret value from the one-time-programmable (OTP) memory on the device. Our aim was to smoke out weaknesses early, so that we could fix them before RP2350 became widely deployed in secure applications. This open approach to security engineering has been generally well received: call it “security through transparency”, in contrast with the “security through obscurity” philosophy of other vendors.
Nobody claimed the prize by the deadline, so in September we extended the deadline to the end of the year and doubled the prize to $20,000. Today, we’re pleased (ish) to announce that we received not one but four valid submissions, all of which require physical access to the chip, with varying degrees of intrusiveness. Outside of the contest, Thomas “stacksmashing” Roth and the team at Hextree also discovered a vulnerability, which we describe below.
So with no further ado, the winners are:
“Hazardous threes” – Aedan Cullen
RP2350’s antifuse OTP memory is a security-critical component: security configuration bits are stored in OTP and read early in the reset process. A state machine called the OTP PSM is responsible for these reads. Unfortunately, it turns out that the OTP PSM has an exploitable weakness.
The antifuse array is powered via the USB_OTP_VDD pin. To protect against power faults, the PSM uses “guard reads”: reads of known data very close to reads of security-critical data. A power fault should cause a mismatch in the known guard data, indicating that the associated security-critical read is untrustworthy. We use a single guard word: 0x333333.
However, the OTP may retain the last sensed read data during a power fault, and subsequent reads return the most-recently-read data from when power was good. This is not itself a flaw, but it interacts poorly with the choice of guard word. If USB_OTP_VDD is dropped precisely after a guard read has occurred, 0x333333 will be read until power is restored. Therefore, an attacker can overwrite security-critical configuration data with this value.
Image courtesy of Aedan Cullen
If the CRIT0 and CRIT1 words are replaced by 0x333333 during the execution of the OTP PSM, the RISCV_DISABLE and ARM_DISABLE bits will be set, and the DEBUG_DISABLE bit will be cleared. ARM_DISABLE takes precedence, so the chip leaves reset with the RISC-V cores running and debugging allowed, regardless of the actual configuration written in the fuses. Dumping secret data from the OTP is then straightforward.
More information can be found Aedan’s GitHub repository here, and in his Chaos Communication Congress presentation here.
No mitigation is currently available for this vulnerability, which has been assigned erratum number E16. It is likely to be addressed in a future stepping of RP2350.
USB bootloader single-instruction fault with supply-voltage injection – Marius Muench
A foundational security feature of RP2350 is secure boot, which restricts the chip to only run code signed with a specific private key. If an attacker can bypass or break out of secure boot, they can run their own unsigned code, which can potentially dump secret data from the OTP.
Marius discovered a weakness in the boot ROM’s reboot API. This supports several different reboot modes, one of which is REBOOT_TYPE_PC_SP, which reboots and starts execution with a specific program counter and stack pointer. This can only be triggered from secure firmware already running on the chip, but if an attacker could trigger this boot mode externally, and with controlled parameters, we would start executing code at an attacker-supplied address – without verifying the signature of the code!
But how can one enter this boot mode, if it is only accessible to signed and verified firmware?
The answer (of course) is fault injection. By issuing a normal reboot command to the USB bootloader, and injecting a fault (in this case by glitching the supply voltage) so that an instruction is skipped just at the right time, it is possible to trick the reboot API into believing that REBOOT_TYPE_PC_SP was requested. If an attacker has loaded malicious code beforehand into the RAM, this code can be executed and used to extract the secret.
An interesting aspect of this attack is that the code for accepting the reboot command is actually hardened against fault injection. Unfortunately, the function implementing the reboot logic itself assumes that the incoming parameters (including the requested boot mode) are sanitised. Due to an unlucky arrangement of instructions emitted by the compiler, injecting a fault which skips one out of two very specific instructions confuses the chip into rebooting to the hazardous boot type.
Marius says: “While this break may seem straightforward in retrospect, reality is quite different. Identifying and exploiting these types of issues is far from trivial. Overall, this hacking challenge was a multi-month project for me, with many dead-ends explored along the way and countless iterations of attack code and setups to confirm or refute potential findings. Nonetheless, I had plenty of fun digging deep into the intricacies of the new RP2350 microcontroller, and I would like to thank Raspberry Pi and Hextree for hosting the challenge!”
Several effective mitigations are available against this attack, which has been assigned erratum number E20. The most precise mitigation is to set the OTP flag BOOT_FLAGS0.DISABLE_WATCHDOG_SCRATCH, which disables the ability to reboot to a particular PC/SP where that function is not required by application code.
Signature check single-instruction fault with laser injection – Kévin Courdesses
Kévin discovered an exploitable weakness in the secure boot path, just after the firmware to be validated has been loaded into RAM, and just before the hash function needed for the signature check is computed. Injecting a single precisely timed fault at this stage can cause the hash function to be computed over a different piece of data, controlled by the attacker. If that data is a valid signed firmware, the signature check will pass, and the attacker’s unsigned firmware will run!
Image courtesy of Kévin Courdesses
The most common method of introducing faults, seen in Marius’s attack, is to briefly pull down the supply voltage, introducing a brief “glitch”, which causes the digital logic in the chip to misbehave. RP2350 contains glitch detector circuitry, which is designed to spot most voltage glitches and to purposely halt the chip in response. To permit the injection of faults without triggering the glitch detectors, Kévin built a custom laser fault injection system; this applies a brief pulse of laser light to the back of the die, which has been exposed by grinding away part of the package. And, although several technical compromises were necessary to keep the setup within a limited budget, it worked!
More information can be found in Kévin’s paper here.
No mitigation is available for this attack, which has been assigned erratum number E24. It is likely to be addressed in a future stepping of RP2350.
Extracting antifuse secrets from RP2350 by FIB/PVC – IOActive
OTP memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits because they are inexpensive and require no additional mask steps to fabricate. RP2350 uses an off-the-shelf antifuse memory block for storing secure boot keys and other sensitive configuration data.
Antifuses are widely considered to be a “high security” storage medium, meaning that they are significantly more difficult for an attacker to extract data from than other types of memory, such as flash or mask ROM. However, with this attack, IOActive has (almost) demonstrated that data bits stored in the RP2350 antifuse memory array can be extracted using a well-known semiconductor failure analysis technique: passive voltage contrast (PVC) with a focused ion beam (FIB).
Image courtesy of IOActive
The current form of the attack recovers the bitwise OR of two physically adjacent memory cells sharing common metal-1 contacts. However, with some per-bit effort it may be possible for an attacker to separate the even/odd cell values by taking advantage of the circuit-editing capabilities of the FIB.
IOActive has not yet tested the technique against other antifuse IP blocks or on other process nodes. Nonetheless, it is believed to have broad applicability to all antifuse-based memories. Dr Andrew Zonenberg, who led the technical team on this project along with Antony Moor, Daniel Slone, Lain Agan, and Mario Cop, commented: “Our team found a unique attack vector for reading data out of antifuse memory, which we intend to further develop. Those who rely on antifuse memory for confidentiality should immediately reassess their security posture.”
The suggested mitigation for this attack is to employ a “chaffing” technique, storing either {0, 1} or {1, 0} in each pair of bit cells, as the attack in its current form is unable to distinguish between these two states. To guard against a hypothetical version of the attack which uses circuit editing to distinguish between these states, it is recommended that keys and other secrets be stored as larger blocks of chaffed data, from which the secret is recovered by hashing.
Glitch detector evaluation, and OTP read double-instruction fault with EM injection – Hextree
We commissioned the Hextree team to evaluate the secure boot process, and the effectiveness of the redundancy coprocessor (RCP) and glitch detectors. They found that at the highest sensitivity setting, the glitch detectors can detect many voltage glitches; however, the rate of undetected glitches is still high enough to make attacks feasible with some effort.
The majority of their work focused on electromagnetic fault injection (EMFI), which delivers a high-voltage pulse to a small coil on top of the chip. This creates an electromagnetic field which will collapse in the chip, providing for the injection of very localized faults which do not disturb the glitch detectors. Testing yielded multiple security-relevant results, notably that it is possible to corrupt values read from OTP by injecting faults very early in the boot process, and that random delays provided by the RCP are susceptible to side-channel measurements.
The team also found a path to bypass an aspect of the OTP protection of the chip using a double fault: the s_varm_crit_nsboot function, which locks down the OTP permissions prior to entering BOOTSEL mode, has two instructions which, when both are disturbed by precisely timed faults, can prevent an OTP page from being correctly locked, effectively allowing the user to read-out and write to the OTP even when the chip configuration forbids this. The double fault can be triggered with reasonable reliability by EMFI.
Several effective mitigations are available against this attack, which has been assigned erratum number E21. The attack occurs when the device is running non-secure bootloader code, and the OTP keys are extracted via the PICOBOOT interface. The USB bootloader can be disabled by setting the OTP flags BOOT_FLAGS0.DISABLE_BOOTSEL_USB_PICOBOOT_IFC and BOOT_FLAGS0.DISABLE_BOOTSEL_USB_MSD_IFC, which mitigates this vulnerability at the cost of removing the ability to update firmware on the device over USB.
Image courtesy of NewAE and Fritz
We’d also like to express gratitude to Colin O’Flynn and his team at NewAE for collaborating with both us and Thomas Roth / Hextree on this advanced silicon security research, as well as enabling us with their fantastic ChipWhisperer kit.
What’s next?
We’d like to thank everyone who participated in the challenge. While the rules specify a single $20,000 prize for the “best” attack, we were so impressed by the quality of the submissions that we have chosen to pay the prize in full for each of them.
As expected, we’ve learned a lot. In particular, we’ve revised downward our estimate of the effectiveness of our glitch detection scheme; the difficulty of reliably injecting multiple faults even in the presence of timing uncertainty; and the cost and complexity of laser fault injection. We’ll take these lessons into account as we work to harden future chips, and anticipated future steppings of RP2350.
And while this hacking challenge is over, another one is about to start. As a component of the broader RP2350 security architecture, we’ve been working to develop an implementation of AES which is hardened against side-channel attacks (notably differential power analysis), and we’ll be challenging you to defeat it. Check back next week for more details.
All vendors have security vulnerabilities in their chips. We are unusual because we talk about them, and aim to fix them, rather than brushing them under the carpet. Security through transparency is here to stay.
We first announced Raspberry Pi 5 back in the autumn of 2023, with just two choices of memory density: 4GB and 8GB. Last summer, we released the 2GB variant, aimed at cost-sensitive applications. And today we’re launching its bigger sibling, the 16GB variant, priced at $120.
Why 16GB, and why now?
We’re continually surprised by the uses that people find for our hardware. Many of these fit into 8GB (or even 2GB) of SDRAM, but the threefold step up in performance between Raspberry Pi 4 and Raspberry Pi 5 opens up use cases like large language models and computational fluid dynamics, which benefit from having more storage per core. And while Raspberry Pi OS has been tuned to have low base memory requirements, heavyweight distributions like Ubuntu benefit from additional memory capacity for desktop use cases.
The optimised D0 stepping of the Broadcom BCM2712 application processor includes support for memories larger than 8GB. And our friends at Micron were able to offer us a single package containing eight of their 16Gbit LPDDR4X die, making a 16GB product feasible for the first time.
Carbon Removal Credits
We’re proud of the low environmental impact of Raspberry Pi computers. They are small and light, which translates directly into a small upfront carbon footprint for manufacturing, logistics and disposal. With an idle power consumption in the 2–3W range, and a fully loaded power consumption of less than 10W, replacing a legacy x86 PC with a Raspberry Pi typically results in a significant reduction in operating power consumption, and thus ongoing carbon footprint.
But while our upfront carbon footprint is small, it is not zero. So today, we’re launching Raspberry Pi Carbon Removal Credits, priced at $4, giving you the option to mitigate the emissions associated with the manufacture and disposal of a modern Raspberry Pi.
How does it work?
We commissioned Inhabit to conduct an independent assessment of the carbon footprint of manufacturing, shipping, and disposing of a Raspberry Pi 4 or 5, which came to 6.5kg of CO₂ equivalent. When you buy a Raspberry Pi Carbon Removal Credit from one of our Approved Resellers, we pay our friends at UNDO Carbon to begin capturing that quantity of CO2 from the atmosphere using enhanced rock weathering (ERW) technology.
It’s that simple.
What is enhanced rock weathering?
As rain falls through the atmosphere, it combines with CO₂ to form carbonic acid. When this weak acid falls on mountains, forests and grassland, the CO₂ interacts with rocks and soil, mineralises, and is safely stored in solid carbonate form. The natural process of weathering already accounts for the removal of one billion tonnes of CO₂ from the atmosphere every year.
ERW accelerates this natural process by spreading crushed silicate rock (in our case, basalt) on agricultural land, increasing the surface area of the rock and therefore increasing its contact with CO₂. Overall, this reduces the timescales involved from millions of years to mere decades. Once the reaction takes place, the CO₂ is permanently locked away for 100,000+ years.
In addition to capturing CO₂, spreading basalt on agricultural land also brings with it significant co-benefits. Silicate rocks are mineral-rich; as they weather, they release nutrients such as magnesium, calcium and potassium, improving soil health and reducing the need for fertilisers. Trials with the University of Newcastle have shown an increase in crop yield following the application of crushed basalt rock. In addition, the alkaline bicarbonate ions captured during the ERW process are eventually washed out to sea, where they help to deacidify our oceans.
Generally, when you buy carbon offsets, you are paying for carbon capture which has taken place in the past (for example by planting and growing trees). When you buy Raspberry Pi Carbon Removal Credits, UNDO spreads basalt now, which then captures the rated quantity of carbon over, roughly, the next twenty years.
We’ve chosen ERW because we believe it’s a more rigorous, scalable, verifiable approach to carbon capture than traditional approaches like planting (or, more ridiculously, agreeing not to cut down) trees: quite simply, it’s our best shot at drawing down a material fraction of humanity’s carbon emissions in our lifetimes. But, as it is a relatively new technology, there is no pool of offsets corresponding to historical capture available for us to purchase.
So, we’re doing the next best thing: paying UNDO to start an irrevocable process of carbon capture which will continue over the next two decades and beyond. We hope that our embrace of ERW will help raise awareness of this world-changing technology, and perhaps inspire others to take their first steps with it.
Extracting an arresting array of sounds from a guitar became a mission for keen coder Gary. In the latest issue of The MagPi, he tells Rosie Hattersley how he built a Raspberry Pi-based expression pedal.
The MIDI Gesture Controller is a sort of musical expression pedal that rotates and rolls around a ball joint, providing six degrees of freedom
Guitarist and keen coder Gary Rigg says he always thought floor-based controllers — particularly expression pedals — should have a more prominent role. They are usually operated by pressing your foot down for a subtle or more obvious wah-wah or delay effect, but only in a single direction, also known as one degree of freedom (DOF).
You use your foot to “control the pitch of the pedal, and the pitch determines the parameter value.” Gary reasoned that adding degrees of freedom such as yaw (rotation around an axis) and roll to an expression pedal could extend its pitch parameters. He began pondering what new sounds could be achieved by redesigning how the humble foot pedal was operated. The result is the MIDI Gesture Controller, a Raspberry Pi Pico-based expression pedal that can control three parameters, “which ought to lead to more control while playing live.”
The Gesture Controller can be plugged into a PC as a MIDI control device and works with synthesisers and samplers
New musical direction
Gary hit upon a ball and socket setup, since these move through three or more planes of motion in multiple directions. He soon settled on a desk-based rotating puck design, realising that since the expression pedal did not necessarily need to be foot-operated, it could have several additional uses: “it works as well as a hand controller as a foot controller, so could be used for DJs or in a studio.” Camera controllers, stage lighting, and other non-musical applications also came to mind. Gary points out that MIDI is simply a protocol and could be swapped for something else, such as an HID controlling gameplay, for example. Sensor values are sent down a serial line, so the Gesture Controller could theoretically be used in “any situation needing a multi-axis controller.”
Give it a try
Gary uses Python regularly for his job as a software developer for websites and mobile devices. In “paid work land” he’s used Raspberry Pi for IoT projects to control lights and smart devices, in fire alarm panels, and alongside NFC cards and in MQTT Edge devices. As a hobbyist, Gary has created Raspberry Pi-based retro games consoles, set up sensors, and designed a Ghostbusters PKE Meter, so he is fairly confident with prototyping and seeing diverse projects through to completion.
Prototyping the MIDI Gesture Controller with Raspberry Pi Pico, which runs CircuitPython code
He made use of Adafruit’s MIDI library, and says programming in CircuitPython using Thonny IDE on Raspberry Pi Pico made a lot of sense: “an incredible bit of kit as a low-cost microcontroller, and being in Python-land feels like home.” He also found it to be the best value for money, and the most reliable board for his project. Other components — including the 6DOF AHRS IMU sensor, arcade joystick ball, 3D printer, and neoprene rubber for grip — were bought from The Pi Hut and other stores. The wiring setup was straightforward enough, with the IMU (inertial measurement unit) and yaw reset button connected to Raspberry Pi Pico.
Despite Gary’s years of experience as a computer scientist and software engineer, the MIDI Gesture Controller project took him several weeks to complete and provided plenty of challenges. Getting a smooth motion on the ball joint was particularly difficult. Having designed the casing in CAD software, Gary says he must have 3D-printed nearly 20 variants to get it right. Another challenge involved getting actual pitch, yaw, and roll values from the IMU. “It took a bit of effort, as did calibrating the ranges and limits of minimums and maximums.”
Gary’s YouTube video amply demonstrates the extra sound possibilities his Gesture Controller can generate
Having first contemplated a multi-DOF expression pedal a few years ago, the MIDI Gesture Controller is now up and running, and Gary continues to tweak and improve it, planning to add a few extra features. He always likes to have a project on the go, is unafraid to try things, and is a big advocate for experimenting with designs in Tinkercad. A few years ago, he launched a Raspberry Pi-based Wi-Fi blocker that caught the press’ attention. The Kickstarter campaign wasn’t successful, but it was a fun project, and he still owns the trademark for a Wi-Fi ‘notspot’.
The MagPi #149 out NOW!
You can grab the new issue right now from Tesco, Sainsbury’s, Asda, WHSmith, and other newsagents, including the Raspberry Pi Store in Cambridge. It’s also available at our online store, which ships around the world. You can also get it via our app on Android or iOS.
You can also subscribe to the print version of The MagPi. Not only do we deliver it globally, but people who sign up to the six- or twelve-month print subscription get a FREE Raspberry Pi Pico W!
Education: Bachelor of Computer Applications (BCA) - 2024 Graduate
Technical Skills: Web Development (MERN Stack)
Areas of Interest: Mobile Application Development (Android).
Projectes: Attendance app, Music website etc.
