Giters

manoj23 / meta-swupdate

Yocto receipes to generate a swupdate rootfilesystem as initrd

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

meta-swupdate, Yocto layer for deploy tool
==========================================

This layer's purpose is to add support for a deployment
mechanism of Yocto's images based on swupdate project.

Layer dependencies
------------------

This layer depends on:

URI: git://github.com/openembedded/meta-openembedded.git
subdirectory: meta-oe

Image hashing
-------------

During creation of the update file, occurrences of @IMAGE (where IMAGE is an
image filename) are replaced with the sha256 hash of the image.

SWU image signing
------------

To enable signing:
    Set SWUPDATE_SIGNING = "1"
    Set SWUPDATE_PRIVATE_KEY to the full path of private key file

sw-description is signed with the private key and the signature is writen to
sw-description.sig which is included in the SWU file.

Encrypted private keys are not currently supported since a secure 
mechanism must exist to provide the passphrase.

SWU image hardware signing
--------------------------

One may prefer to sign the SWU image with a hardware token or hardware security
module (HSM) which doesn't expose the private key.

To enable, SWUPDATE_SIGNING_ENGINE must be set to an available openssl engine.

Example:
    SWUPDATE_SIGNING_ENGINE = "pkcs11"

SWUPDATE_SIGNING_ENGINE_PATH may need to be set so that openssl can locate the
engine.

Example:
    SWUPDATE_SIGNING_ENGINE_PATH = "/usr/lib"

Instead of setting SWUPDATE_PRIVATE_KEY to the full path of a file, set it to
a key string recognized by the engine used.

Example:
    SWUPDATE_PRIVATE_KEY = "pkcs11:model=SoftHSM%20v2;" \
                           "manufacturer=SoftHSM%20project;" \
                           "serial=1234567890;" \
                           "token=test-token;pin-value=123456;" \
                           "object=swupdate-test"

Maintainer
----------

Stefano Babic <sbabic@denx.de>

Submitting patches
------------------

You can submit your patches (or post questions reagarding
this layer to the swupdate Mailing List:

	swupdate@googlegroups.com

When creating patches, please use something like:

    git format-patch -s --subject-prefix='meta-swupdate][PATCH' <revision range>

Please use 'git send- email' to send the generated patches to the ML
to bypass changes from your mailer.

About

Yocto receipes to generate a swupdate rootfilesystem as initrd

License:MIT License

Languages

Language:Shell 45.7%Language:C++ 27.5%Language:BitBake 26.8%