(This article was written by open source software enthusiast and Konsulko Group intern Atanas Bunchev, working with Konsulko Senior Engineer Leon Anavi.)
RAUC is one of the popular solutions that provide OTA (over-the-air) updates for Embedded Linux devices. RAUC is developed with focus on stability, security and flexibility and is compatible with all popular build systems: The Yocto Project/OpenEmbedded, Buildroot and PTXdist.
RAUC is capable of covering various use cases the most simple one being A/B updates.
The A/B updates scenario consists of having 2 identical root filesystems (named A and B), booting from one of them and performing the update on the other. After the update is complete the bootloader will boot from the updated partition on the next system boot. Recently the ‘verity’ update bundle format was introduced in RAUC. This new groundbreaking feature improves the verification process and most importantly allows extending RAUC by built-in HTTP(S) network streaming support, adaptive delta-like updates, and full update bundle encryption.
This article provides an example for setting up RAUC for A/B updates scenario on a HummingBoard board. The hardware used for the example is:
- HummingBoard Pro board
- 32GB microSD card
- UART to USB adapter
RAUC is a robust, powerful and flexible open source solution that requires advanced skills for initial integration. To use RAUC in an image built with the Yocto Project and OpenEmbedded for CuBox-I/HummingBoard one needs to:
- Use U-Boot as a bootloader
- Enable SquashFS in the Linux kernel configuration
- Use ext4 root file system
- Design specific storage partitioning for the certain use case and configure RAUC accordingly
- Provide a custom U-Boot script to properly switch between RAUC slots
- Prepare a certificate and keyring to use for signing and verifying RAUC update bundles.
Building a Linux Distribution with RAUC
I’ve recently contributed to meta-rauc-community, a repository containing minimal RAUC example layers for Yocto/OpenEmbedded.
The following steps will show how to use the
meta-rauc-nxp layer from that repository to build and update a minimal Linux distribution. The update will install nano (the text editor) to the system.
Download the reference Yocto distribution, Poky.
We’ll use the latest long term support version, kirkstone.
$ git clone -b kirkstone https://git.yoctoproject.org/poky
$ cd poky
Download meta-rauc-community layers (meta-rauc-nxp):
$ git clone https://github.com/rauc/meta-rauc-community.git
Download the meta-rauc layer:
$ git clone -b kirkstone https://github.com/rauc/meta-rauc.git
Download the BSP layers for cubox-i/HumminbBoard boards:
$ git clone -b kirkstone https://git.yoctoproject.org/meta-freescale
$ git clone -b kirkstone https://github.com/Freescale/meta-fsl-arm-extra.git
Download the meta-openembedded layer (provides nano):
$ git clone -b kirkstone git://git.openembedded.org/meta-openembedded
Initialize the build environment:
$ source oe-init-build-env
Add the layers to conf/bblayers.conf:
$ bitbake-layers add-layer ../meta-openembedded/meta-oe
$ bitbake-layers add-layer ../meta-rauc
$ bitbake-layers add-layer ../meta-freescale
$ bitbake-layers add-layer ../meta-fsl-arm-extra
$ bitbake-layers add-layer ../meta-rauc-community/meta-rauc-nxp
Adjust conf/local.conf by adding the following configurations to the end of the file:
# HummingBoard specifications are very similar to Cubox-I
MACHINE = "cubox-i"
# Accept end user agreement required by the BSP layer.
ACCEPT_FSL_EULA = "1"
# Use systemd as init manager
INIT_MANAGER = "systemd"
# Add RAUC to the image
IMAGE_INSTALL:append = " rauc"
DISTRO_FEATURES:append = " rauc"
# Generate ext4 image of the filesystem
IMAGE_FSTYPES:append = " ext4"
# Use the file containing the partition table specification
WKS_FILE = "sdimage-dual-cubox-i.wks.in"
WKS_FILES:prepend = "sdimage-dual-cubox-i.wks.in "
# Add 150 000 KBytes free space to the root filesystem
# (Adding software with updates require space.)
IMAGE_ROOTFS_EXTRA_SPACE:append = " + 150000"
# Add the boot script to the boot partition
IMAGE_BOOT_FILES:append = " boot.scr"
Note that whitespace inside quotes is intentional and important.
To sign and verify the update bundles RAUC uses SSL keys. A keyring containing all keys that will be used for update bundles needs to be installed on the target.
meta-rauc-community provides a script that would generate example keys and configure the current build environment accordingly. (The script has to be called after sourcing
Build a minimal bootable image:
$ bitbake core-image-minimal
Building an image from scratch is a long process involving a lot of tasks. Please patiently wait until bitbake completes all tasks.
It’s strongly recommended to zero-fill the u-boot environment sectors before flashing the image on the microSD card (replace
/dev/sdX with the proper device path):
$ dd if=/dev/zero of=/dev/sdX seek=2032 count=16
After the build is done, flash the image to a microSD card (replace
/dev/sdX with the proper device path) and boot it on the HummingBoard:
$ bmaptool copy tmp/deploy/images/cubox-i/core-image-minimal-cubox-i.wic.gz /dev/sdX
$ eject /dev/sdX
Attach the USB-to-UART adapter to the HummingBoard Pro, plug the ethernet cable and the microSD card. Turn on the board to verify that the system boots successfully.
By default one can login as
root without password.
Creating an update bundle for RAUC
After sourcing the
oe-init-build-env, append the following line to the build configuration
conf/local.conf to add nano to the system:
# Adding nano
IMAGE_INSTALL:append = " nano"
Build the RAUC update bundle:
$ bitbake update-bundle
Start a web server:
$ cd tmp/deploy/images/cubox-i/
$ pip3 install --user rangehttpserver
$ python3 -m RangeHTTPServer
Now you can install the bundle on the board, then reboot:
# rauc install http://192.168.1.2:8000/update-bundle-cubox-i.raucb
One of the latest RAUC features is the verity bundle format. This format allows updates to be done without storing the whole bundle on the device in advance, which is useful for devices with limited space. One of the requirements for this feature is hosting the bundle on a server that supports HTTP Range Requests.
As alternative, you can transfer the bundle to the device and install it from local storage.
Verify that nano was added to the system:
# which nano
Check RAUC status to confirm the system have booted from the second partition:
# rauc status
For real-world products, this build procedure with the Yocto Project and OpenEmbedded can be optimized further with just a few commands for easy implementation of continuous integration (CI).
Since the earliest days of the OpenEmbedded build framework and Yocto Project, Konsulko engineers have been contributing to the community and helping customers build commercial products with these technologies. We have experience with RAUC, Mender and other open source solutions for software updates. Please contact us to discuss your own embedded product development.