Skip to content

Latest commit

 

History

History
311 lines (235 loc) · 10.7 KB

README.md

File metadata and controls

311 lines (235 loc) · 10.7 KB

meta-microservicebus-intel-nuc

The meta-microservicebus-intel-nuc layer has been developed together with Intel® to support all Intel® NUC devices.

Intel® NUC Rugged is a PC kit that’s small on size but not on toughness or reliability. It features a fanless, ventless design to minimize particle intrusion, so it’s built to survive environments most PCs can’t—from a busy factory floor to a dusty warehouse. Given its modularity, it is designed to work with a range of Intel® NUC Compute Elements ranging from Intel® Celeron® processor all the way up to Intel® Core™ i7 vPro® processor

This README file contains information on using microservicebus-intel-nuc to enable the use of microServiceBus with meta intel.

Dependencies

This layer depends on:

LAYER: openembedded-core
URI: git://git.openembedded.org/openembedded-core

LAYER: meta-intel
URI: git://git.yoctoproject.org/meta-intel

LAYER: meta-rauc
URI: https://github.com/rauc/meta-rauc.git

Table of Contents

  1. Overview
  2. Building and booting
  3. RAUC
  4. Miscellany
  5. Tested Hardware

1. Overview

This layer adds support for microServiceBus firmware update on Intel NUC platform. It is intended to be used together with meta-microservicebus layer to add microServiceBus agent.

For instructions on building complete microServiceBus enabled image please see meta-microservicebus-intel.

2 Building and booting

The following sections contain information on building a install image.

Recommended to read instructions in meta-intel regarding Yocto Intel support and building basic working image.

The following instructions assumes that a working Yocto build environment for meta-intel is present.

Setup build

Add layers to build, repositories need to be cloned first.

bitbake-layers add-layer meta-microservicebus-intel-nuc
bitbake-layers add-layer meta-rauc

Add configuration required for meta-microservicebus-intel-nuc to your local.conf file as below.

# Set systemd as init system
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"

# Init script
IMAGE_INSTALL_append = " intel-nuc-init"

# RAUC
IMAGE_INSTALL_append = " rauc"
RAUC_BUNDLE_VERSION = "0.0.1"
RAUC_BUNDLE_DESCRIPTION = "Intel NUC"

DISTRO_FEATURES_append = " rauc"

# Set fixed size rootf to not break RAUC update
IMAGE_ROOTFS_EXTRA_SPACE = "0"
IMAGE_ROOTFS_SIZE = "2048000"

# Set grub to use RAUC specific configs
PREFERRED_RPROVIDER_virtual/grub-bootconf = "rauc-qemu-grubconf"

# Building the installer image
WKS_FILE = "image-installer.wks.in"
IMAGE_FSTYPES_append = " ext4"
IMAGE_TYPEDEP_wic = "ext4"
INITRD_IMAGE_LIVE="core-image-minimal-initramfs"
do_image_wic[depends] += "${INITRD_IMAGE_LIVE}:do_image_complete"
do_rootfs[depends] += "virtual/kernel:do_deploy"
EFI_PROVIDER = "grub-efi"
IMAGE_BOOT_FILES_append = "\
    ${KERNEL_IMAGETYPE} \
    microcode.cpio \
    ${IMGDEPLOYDIR}/${IMAGE_BASENAME}-${MACHINE}.ext4;rootfs.img \
    ${@bb.utils.contains('EFI_PROVIDER', 'grub-efi', 'grub-efi-bootx64.efi;EFI/BOOT/bootx64.efi', '', d)} \
    ${@bb.utils.contains('EFI_PROVIDER', 'grub-efi', '${IMAGE_ROOTFS}/boot/EFI/BOOT/grub.cfg;EFI/BOOT/grub.cfg', '', d)} \
    ${@bb.utils.contains('EFI_PROVIDER', 'systemd-boot', 'systemd-bootx64.efi;EFI/BOOT/bootx64.efi', '', d)} \
    ${@bb.utils.contains('EFI_PROVIDER', 'systemd-boot', '${IMAGE_ROOTFS}/boot/loader/loader.conf;loader/loader.conf ', '', d)} \
    ${@bb.utils.contains('EFI_PROVIDER', 'systemd-boot', '${IMAGE_ROOTFS}/boot/loader/entries/boot.conf;loader/entries/boot.conf', '', d)} "

Generate example keys for RAUC

RAUC use keys and certificates to sign and verify firmware updates. A example setup can be generated by running the script in meta-microservicebus-intel-nuc.

$. create-example-keys.sh

This will generate example-ca directory under the build directory.

example-ca/
├── ca.cert.pem
├── ca.csr.pem
├── certs
│   ├── 01.pem
│   └── 02.pem
├── development-1.cert.pem
├── development-1.csr.pem
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── openssl.cnf
├── private
│   ├── ca.key.pem
│   └── development-1.key.pem
├── serial
└── serial.old

This script will also add a site.conf file under build/conf where all the paths for RAUC is set.

# conf/site.conf 

RAUC_KEYRING_FILE=".../build/example-ca/ca.cert.pem"
RAUC_KEY_FILE=".../build/example-ca/private/development-1.key.pem"
RAUC_CERT_FILE=".../build/example-ca/development-1.cert.pem"

Build

You should then be able to build an image:

bitbake core-image-full-cmdline

At the end of a successful build, you'll find the bootable image in the build/tmp/deploy/images/MACHINE directory.

 core-image-full-cmdline-intel-corei7-64.wic

Create USB to install image

The wic image can be burned to an USB drive to generate an installer USB.

Using "dd"

Substitute USB_DEVICE with the name of the USB device. WARNING this will remove all content on device.

 sudo dd if=core-image-full-cmdline-intel-corei7-64.wic of=/dev/USB_DEVICE status=progress

Using GUI tool

As a alternative to dd a GUI program like ether can be used to generate bootable USB device from the wic file, ether support multiple platforms so you can for example burn a wic file to a USB device on Windows.

Install

The instructions above should give you a install USB device. Insert the device into a bootable USB socket on the target, and power on. This will start installation of image to target device. You can follow the installation process on a connected screen, when finished you will be prompted to remove USB and press Enter to reboot.

Booting after install

After install and reboot grub will show 2 boot options at start Slot A and Slot B. Grub will auto boot the option that the boot script have set after 5 seconds, Slot A will be set at first boot. You can abort auto boot by pressing a key and he manually select with Slot you like to boot.

When fully booted the command line interface is shown on the screen and can be accessed by attaching a keyboard.

ssh can be used to access the target over the network using the targets ip and root as user. You can get target IP by running "ifconfig" in target command line.

On remote host run ssh and accept fingerprint by typing yes and press Enter.

ssh root@TARGET_IP
The authenticity of host 'TARGET_IP (TARGET_IP)' can't be established.
ECDSA key fingerprint is SHA256:----------------------.
Are you sure you want to continue connecting (yes/no/[fingerprint])?yes
Warning: Permanently added 'TARGET_IP' (ECDSA) to the list of known hosts.
Last login: Jan  1 00:00:01 1970 from HOST_IP
root@GEAB00000HDP:~#  

3. RAUC

RAUC is a lightweight update client that runs on your embedded device and reliably controls the procedure of updating your device with a new firmware revision. RAUC is also the tool on your host system that lets you create, inspect and modify update artifacts for your device.

For for RAUC documentation please visit rauc.readthedocs

RAUC bundle build

RAUC uses bundles to deploy firmware updates. Bundles is created with RAUC host tool, this is integrated in Yocto by recipes. Important that you have generated keys and certificates for RAUC to be able to generate bundles.

Set bundle version and description in local.conf as you wish

RAUC_BUNDLE_VERSION = "0.0.1"
RAUC_BUNDLE_DESCRIPTION = "Intel NUC"

Build bundle with bitbake

 bitbake nuc-msb-bundle

This will generate an RAUC bundle in

 .../build/tmp/deploy/images/intel-corei7-64

 intel-nuc-msb-bundle-intel-corei7-64.raucb

You can copy the bundle to the target device and manually install it or upload it to microServiceBus.com to enable remote updates.

RAUC on target

In the target image RAUC is running to handle installed firmware and installation of new firmware. Some examples of RAUC commands that you can run on the target is

# View system status (Booted from B)

root@GEAB00000HDP:~# rauc status
=== System Info ===
Compatible:  intel-i7-x64-nuc-msb-rauc
Variant:     
Booted from: rootfs.1 (B)

=== Bootloader ===
Activated: rootfs.1 (B)

=== Slot States ===
x [rootfs.1] (/dev/nvme0n1p3, ext4, booted)
	bootname: B
	mounted: /
	boot status: good

o [rootfs.0] (/dev/nvme0n1p2, ext4, inactive)
	bootname: A
	boot status: good

# Swap boot

root@GEAB00000HDP:~# rauc status mark-active other
rauc-Message: 13:26:07.561: rauc status: activated slot rootfs.0

#Activated set to rootfs.0 (Will boot to B after reboot)

root@GEAB00000HDP:~# rauc status
=== System Info ===
Compatible:  intel-i7-x64-nuc-msb-rauc
Variant:     
Booted from: rootfs.1 (B)

=== Bootloader ===
Activated: rootfs.0 (A)

=== Slot States ===
o [rootfs.1] (/dev/nvme0n1p3, ext4, booted)
	bootname: B
	mounted: /
	boot status: good

x [rootfs.0] (/dev/nvme0n1p2, ext4, inactive)
	bootname: A
	boot status: good

# Install of bundle

root@GEAB00000HDP:~# rauc install .../nuc-msb-bundle-intel-corei7-64.raucb 
installing
  0% Installing
  0% Determining slot states
 20% Determining slot states done.
 20% Checking bundle
 20% Verifying signature
 40% Verifying signature done.
 40% Checking bundle done.
 40% Checking manifest contents
 60% Checking manifest contents done.
 60% Determining target install group
 80% Determining target install group done.
 80% Updating slots
 80% Checking slot rootfs.0
 90% Checking slot rootfs.0 done.
 90% Copying image to rootfs.0
100% Copying image to rootfs.0 done.
100% Updating slots done.
100% Installing done.
Installing `.../nuc-msb-bundle-intel-corei7-64.raucb` succeeded

microServiceBus agent is integrated with RAUC and enable remote firmware updates.

4. Miscellany

There are many options to customize or adopt this layer for different targets or projects.

The install script and RAUC configurations assumes for example that the nvme0n1 is used for boot and rootfs, this may very between targets.

Rootfs size is set to 2 GB which may be to big or to small for your project.

RAUC can be configured to have more or less slots, or for example handle bootloader updates.

You may need to disable secure boot on your target and enable USB boot in BIOS to enable the installation and booting of your own image.

5. Tested Hardware

The following target have been tested.

intel-corei7-64: Intel NUC Rugged Chassis Element (BKCMCR1ABBA2)