The following week, Scott will be on hand at the AGL stand at Embedded World (Hall 4, Stand 4-171) in Nuremberg, March 14-16. He’ll be happy to talk about VSS, KUKSA.val and many other AGL technical topics. Please stop by if you are visiting the show.
https://www.konsulko.com/wp-content/uploads/2023/02/AGLAMM-EW-2023.jpg17301730Konsulko Grouphttps://www.konsulko.com/wp-content/uploads/2021/03/KonsulkoGroup-fullcolorlogo-340x156-1.pngKonsulko Group2023-02-26 15:59:132023-03-01 07:32:55Scott Murray on VSS & KUKSA.val at AGL AMM & Embedded World
(This article was written by open source software enthusiast and Konsulko Group intern Atanas Bunchev, working with Konsulko Senior Engineer Leon Anavi.)
RAUC is one of the popular solutions that provide OTA (over-the-air) updates for Embedded Linux devices. RAUC is developed with focus on stability, security and flexibility and is compatible with all popular build systems: The Yocto Project/OpenEmbedded, Buildroot and PTXdist.
The A/B updates scenario consists of having 2 identical root filesystems (named A and B), booting from one of them and performing the update on the other. After the update is complete the bootloader will boot from the updated partition on the next system boot. Recently the ‘verity’ update bundle format was introduced in RAUC. This new groundbreaking feature improves the verification process and most importantly allows extending RAUC by built-in HTTP(S) network streaming support, adaptive delta-like updates, and full update bundle encryption.
This article provides an example for setting up RAUC for A/B updates scenario on a HummingBoard board. The hardware used for the example is:
HummingBoard Pro board
32GB microSD card
UART to USB adapter
RAUC is a robust, powerful and flexible open source solution that requires advanced skills for initial integration. To use RAUC in an image built with the Yocto Project and OpenEmbedded for CuBox-I/HummingBoard one needs to:
Use U-Boot as a bootloader
Enable SquashFS in the Linux kernel configuration
Use ext4 root file system
Design specific storage partitioning for the certain use case and configure RAUC accordingly
Provide a custom U-Boot script to properly switch between RAUC slots
Prepare a certificate and keyring to use for signing and verifying RAUC update bundles.
Building a Linux Distribution with RAUC
I’ve recently contributed to meta-rauc-community, a repository containing minimal RAUC example layers for Yocto/OpenEmbedded.
The following steps will show how to use the meta-rauc-nxp layer from that repository to build and update a minimal Linux distribution. The update will install nano (the text editor) to the system.
Download the reference Yocto distribution, Poky. We’ll use the latest long term support version, kirkstone.
$ git clone -b kirkstone https://git.yoctoproject.org/poky
$ cd poky
Adjust conf/local.conf by adding the following configurations to the end of the file:
# HummingBoard specifications are very similar to Cubox-I
MACHINE = "cubox-i"
# Accept end user agreement required by the BSP layer.
ACCEPT_FSL_EULA = "1"
# Use systemd as init manager
INIT_MANAGER = "systemd"
# Add RAUC to the image
IMAGE_INSTALL:append = " rauc"
DISTRO_FEATURES:append = " rauc"
# Generate ext4 image of the filesystem
IMAGE_FSTYPES:append = " ext4"
# Use the file containing the partition table specification
WKS_FILE = "sdimage-dual-cubox-i.wks.in"
WKS_FILES:prepend = "sdimage-dual-cubox-i.wks.in "
# Add 150 000 KBytes free space to the root filesystem
# (Adding software with updates require space.)
IMAGE_ROOTFS_EXTRA_SPACE:append = " + 150000"
# Add the boot script to the boot partition
IMAGE_BOOT_FILES:append = " boot.scr"
Note that whitespace inside quotes is intentional and important.
To sign and verify the update bundles RAUC uses SSL keys. A keyring containing all keys that will be used for update bundles needs to be installed on the target.
meta-rauc-community provides a script that would generate example keys and configure the current build environment accordingly. (The script has to be called after sourcing oe-init-build-env)
Build a minimal bootable image:
$ bitbake core-image-minimal
Building an image from scratch is a long process involving a lot of tasks. Please patiently wait until bitbake completes all tasks.
It’s strongly recommended to zero-fill the u-boot environment sectors before flashing the image on the microSD card (replace /dev/sdX with the proper device path):
$ dd if=/dev/zero of=/dev/sdX seek=2032 count=16
After the build is done, flash the image to a microSD card (replace /dev/sdX with the proper device path) and boot it on the HummingBoard:
One of the latest RAUC features is the verity bundle format. This format allows updates to be done without storing the whole bundle on the device in advance, which is useful for devices with limited space. One of the requirements for this feature is hosting the bundle on a server that supports HTTP Range Requests.
As alternative, you can transfer the bundle to the device and install it from local storage.
Verify that nano was added to the system:
# which nano
Check RAUC status to confirm the system have booted from the second partition:
# rauc status
For real-world products, this build procedure with the Yocto Project and OpenEmbedded can be optimized further with just a few commands for easy implementation of continuous integration (CI).
Since the earliest days of the OpenEmbedded build framework and Yocto Project, Konsulko engineers have been contributing to the community and helping customers build commercial products with these technologies. We have experience with RAUC, Mender and other open source solutions for software updates. Please contact us to discuss your own embedded product development.
https://www.konsulko.com/wp-content/uploads/2023/02/RAUC-Hummingboard-1.png16001600Konsulko Grouphttps://www.konsulko.com/wp-content/uploads/2021/03/KonsulkoGroup-fullcolorlogo-340x156-1.pngKonsulko Group2023-02-16 15:51:012023-02-24 19:44:53Setting up RAUC on CuBox-I/HummingBoard for Software Updates
Helping companies around the world develop successful products, offering consulting, product engineering, support and capability building at every stage of the engagement.