Table of Contents
Raspberry PI 4 as Server
CPU bugs
Spectre V1 & V2 and
Variant 4 Speculative Store Bypass
CVE-2018-3640 CVE-2018-3639
GPIO
Basic Info
2x USB2.0 connected to VL805 (wire savings - USB3 wires not connected)
2x USB3.1 Gen 1 5Gbit - VL805 connected via PCIe 2.0 1x (5Gbit)
1x Gigabit Ethernet connected via PCIe 1.0 1x (2Gbit)
VideoCore VI running on ThreadX
Power approx 3-8Watts
iperf3 949Mbit/s
SAMBA Performance
912 Mbit/s = 114 MB/s read and write
ASM1352R FW:B5_20_60 UASP and vl805_fw_0137ab.bin (raw read/write 358/159 MB/s)
Encryption
ChaCha20-Poly1305 is fastest so it can be preferred (approx. 323 MB/s 2GHz)
AES-128-CBC max. 113 MB/s
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
config.txt
# For more options and information see # http://rpf.io/configtxt # Some settings may impact device functionality. See link above for details arm_freq=1200 arm_freq_min=266 disable_splash=1 gpu_freq=100 gpu_freq_min=100 v3d_freq=100 gpu_mem=64 over_voltage=-1 temp_limit=80 arm_64bit=1
Overclock
Add some fan!
arm_freq=1750 over_voltage=2 -- or -- arm_freq=2000 over_voltage=5
SSH on headless mode
Insert empty file named “ssh” in /boot dir
Insert file named “userconf” in /boot dir with user:encryptedpass
echo 'mypassword' | openssl passwd -6 -stdin
SD Card care
Recommended SD card with MLC (Samsung Pro, SanDisk High Endurance, etc)
defaults,noatime,nodiratime,commit=1800
/etc/fstab (move most active locations to RAM)
tmpfs /tmp tmpfs defaults,noatime,nosuid,size=100m 0 0 tmpfs /var/tmp tmpfs defaults,noatime,nosuid,size=30m 0 0 tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=100m 0 0 tmpfs /var/cache/minidlna tmpfs defaults,noatime,nosuid,size=128m 0 0 tmpfs /var/spool/mqueue tmpfs defaults,noatime,nosuid,mode=0700,gid=12,size=30m 0 0 tmpfs /var/lib/logrotate tmpfs defaults,noatime,nosuid,mode=0755,size=10m 0 0 tmpfs /var/lib/samba tmpfs defaults,noatime,nosuid,mode=0755,size=10m 0 0 tmpfs /var/lib/nginx tmpfs defaults,noatime,nosuid,mode=0755,size=100m 0 0 tmpfs /var/lib/php/sessions tmpfs defaults,noatime,nosuid,mode=1733,size=10m 0 0 tmpfs /var/lib/systemd/timers tmpfs defaults,noatime,nosuid,mode=0755,size=1m 0 0 tmpfs /var/lib/systemd/timesync tmpfs defaults,noatime,nosuid,mode=0755,uid=100,gid=102,size=1m 0 0
Create folders in RAM
create file /usr/lib/tmpfiles.d/ramdisk.conf
d /var/log/samba 0755 - - - d /var/log/exim4 0755 110 117 - d /var/lib/samba/private 0755 - - - d /var/lib/samba/usershares 1700 - - - d /var/log/nginx 0755 - - - d /var/log/mysql 0755 112 119 -
Remove fake hwclock
sudo apt-get remove fake-hwclock sudo rm /etc/cron.hourly/fake-hwclock sudo update-rc.d -f fake-hwclock remove sudo rm /etc/init.d/fake-hwclock sudo rm /etc/fake-hwclock.dat
Trim SD Card
sudo ionice -c 3 fstrim -v /
Disable smartd
If installed disable smartd
sudo systemctl disable smartmontools
Info about SD card
/sys/bus/mmc/devices/mmc0:0002
VCGENCMD
Check Temperature
vcgencmd measure_temp
vcgencmd measure_temp | awk '{ print substr($1,6,length($1)-9) }'
Check GPU Memory
vcgencmd get_mem gpu
Check Clock
vcgencmd measure_clock xxx
xxx = arm, core, h264, isp, v3d, uart, pwm, emmc, pixel, vec, hdmi, dpi
Check Voltage
vcgencmd measure_volts xxx
xxx = core, sdram_c, sdram_i, sdram_p
Other
vcgencmd bootloader_version
vcgencmd get_config int
Check time status
timedatectl status
SAMBA
More on SAMBA article for CentOS / RedHat
ffmpeg h264
ffmpeg -vcodec h264_mmal -i input.mkv -s 1920x1080 -c:v h264_omx -b:v 6000k output.mkv
h264 accelerated decode and encode sample
hevc_v4l2m2m
Power Save
##turn on/off wifi
dtoverlay=disable-wifi
Turn off HDMI / Headless
/usr/bin/tvservice -o
Status
/usr/bin/tvservice -s
sysctl
fs.inotify.max_user_watches=524288
HDD Care
Best stable settings are
- autosuspend=-1
- hdparm
- wake script
USB Autosuspend 1 hour
Prevent external USB from 20s sleep by adding this into /boot/cmdline.txt
usbcore.autosuspend=3600
Change disk sleep 1 hour
sudo hdparm -S 241 /dev/sda
Install hd-idle
Download compiled deb package
https://janforman.org/files/Linux/hd-idle_1.05_armhf.deb
OR
sudo apt-get install build-essential fakeroot debhelper -y wget https://janforman.org/files/Linux/hd-idle-1.05.tgz tar -xvf hd-idle-1.05.tgz cd hd-idle dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../hd-idle_*.deb
sudo nano /etc/default/hd-idle
HD_IDLE_OPTS="-i 0 -a sda -i 3600 -a sdb -i 3600"
Disable UASP for specific device
Insert device ids into /boot/cmdline.txt
usb-storage.quirks=152d:8561:u
Hack to permanently wakeup disk
Run this in background
while [ 1 ] do hdparm -C /dev/sda >/dev/null sleep 120 done
Install general things
sudo apt install mc samba minidlna ffmpeg hostapd bridge-utils smartmontools
HostAP
sudo nano /etc/hostapd/hostapd.conf
interface=wlan0 driver=nl80211 ssid=janforman.com hw_mode=a channel=40 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=AardvarkBadgerHedgehog wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Mount FS
sudo mount -t fs_type -o rw,lazytime,noatime,nodiratime,commit=600 device /path/to/dest/fs
Disable swap
sudo systemctl disable dphys-swapfile.service
Format external drive
mkfs.ext4 -b 4096 -i 131072 -I 128 /dev/sda1 tune2fs -i0 -c -1 /dev/sda1 tune2fs -o journal_data_writeback /dev/sda1 tune2fs -m 0 /dev/sda1
How to format 8TB SMR Drive
mkfs.f2fs -s64 -o0 -t0 -a0 /dev/sda1 mount -t f2fs -onoinline_data,noatime,flush_merge,no_heap,extent_cache,noacl,active_logs=2 /dev/sda1 /mnt
Revert RPI-UPDATE
sudo apt-get update; sudo apt-get install --reinstall raspberrypi-bootloader raspberrypi-kernel
Bootloader configuration
show
rpi-eeprom-config
edit
sudo -E rpi-eeprom-config --edit
shutdown
POWER_OFF_ON_HALT=1
disable HDMI for servers
DISABLE_HDMI=1