Home Explore Help
Sign In
vdd
/
meta-swupdate
mirror of https://github.com/sbabic/meta-swupdate
1
0
Fork 0
Files Issues 0 Wiki
Tree: 47ce33dfab
Branches Tags
meta-swupdate
/
README

README 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. meta-swupdate, Yocto layer for deploy tool
    2. 

  2. ==========================================
    3. 

  3. 

  4. This layer's purpose is to add support for a deployment
    5. 

  5. mechanism of Yocto's images based on swupdate project.
    6. 

  6. 

  7. Layer dependencies
    8. 

  8. ------------------
    9. 

  9. 

  10. This layer depends on:
    11. 

  11. 

  12. URI: git://github.com/openembedded/meta-openembedded.git
    13. 

  13. subdirectory: meta-oe
    14. 

  14. 

  15. Image hashing
    16. 

  16. -------------
    17. 

  17. 

  18. During creation of the update file, occurrences of @IMAGE (where IMAGE is an
    19. 

  19. image filename) are replaced with the sha256 hash of the image.
    20. 

  20. 

  21. SWU image signing
    22. 

  22. ------------
    23. 

  23. 

  24. To enable signing:
    25. 

  25.     Set SWUPDATE_SIGNING = "1"
    26. 

  26.     Set SWUPDATE_PRIVATE_KEY to the full path of private key file
    27. 

  27. 

  28. sw-description is signed with the private key and the signature is writen to
    29. 

  29. sw-description.sig which is included in the SWU file.
    30. 

  30. 

  31. Encrypted private keys are not currently supported since a secure 
    32. 

  32. mechanism must exist to provide the passphrase.
    33. 

  33. 

  34. SWU image hardware signing
    35. 

  35. --------------------------
    36. 

  36. 

  37. One may prefer to sign the SWU image with a hardware token or hardware security
    38. 

  38. module (HSM) which doesn't expose the private key.
    39. 

  39. 

  40. To enable, SWUPDATE_SIGNING_ENGINE must be set to an available openssl engine.
    41. 

  41. 

  42. Example:
    43. 

  43.     SWUPDATE_SIGNING_ENGINE = "pkcs11"
    44. 

  44. 

  45. SWUPDATE_SIGNING_ENGINE_PATH may need to be set so that openssl can locate the
    46. 

  46. engine.
    47. 

  47. 

  48. Example:
    49. 

  49.     SWUPDATE_SIGNING_ENGINE_PATH = "/usr/lib"
    50. 

  50. 

  51. Instead of setting SWUPDATE_PRIVATE_KEY to the full path of a file, set it to
    52. 

  52. a key string recognized by the engine used.
    53. 

  53. 

  54. Example:
    55. 

  55.     SWUPDATE_PRIVATE_KEY = "pkcs11:model=SoftHSM%20v2;" \
    56. 

  56.                            "manufacturer=SoftHSM%20project;" \
    57. 

  57.                            "serial=1234567890;" \
    58. 

  58.                            "token=test-token;pin-value=123456;" \
    59. 

  59.                            "object=swupdate-test"
    60. 

  60. 

  61. Maintainer
    62. 

  62. ----------
    63. 

  63. 

  64. Stefano Babic <sbabic@denx.de>
    65. 

  65. 

  66. Submitting patches
    67. 

  67. ------------------
    68. 

  68. 

  69. You can submit your patches (or post questions reagarding
    70. 

  70. this layer to the swupdate Mailing List:
    71. 

  71. 

  72. 	swupdate@googlegroups.com
    73. 

  73. 

  74. When creating patches, please use something like:
    75. 

  75. 

  76.     git format-patch -s --subject-prefix='meta-swupdate][PATCH' <revision range>
    77. 

  77. 

  78. Please use 'git send- email' to send the generated patches to the ML
    79. 

  79. to bypass changes from your mailer.
    80.