adafruit-mirror/zephyr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 9

sample: mgmt: hawkbit: sign image by default

Browse source 
Sign the image by default by using the Kconfig options.

Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
This commit is contained in:
Fin Maaß 2024-04-19 15:06:44 +02:00 committed by Fabio Baltieri
parent c78fc290ee
commit 410edaebaa
2 changed files with 15 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
samples/subsys/mgmt/hawkbit/README.rst
View file

@ -97,27 +97,13 @@ and port during runtime, you can use the following command:
.. _hawkbit_sample_sign: .. _hawkbit_sample_sign:
Step 5: Sign and confirm the first image The firmware will be signed automatically by the build system with the
======================================== ``root-rsa-2048.pem`` key. The key is located in the MCUboot repository.
From this section onwards you use a binary (``.bin``) image format. Step 5: Flash the first image
.. code-block:: console
west sign -t imgtool -- --key \
~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem --confirm \
--version 1.0.0
The command above creates a signed and confirmed image file called
:file:`zephyr.signed.confirmed.bin` in the build directory. It's important for
the first image to be confirmed as MCUboot isn't able to confirm an image that
is flashed using a hardware tool, and hawkBit will reboot to trigger a firmware
swap if it isn't able to confirm the running image on init.
Step 6: Flash the first image
============================= =============================
Upload the :file:`zephyr.signed.confirmed.bin` file from Step 5 to image slot-0 Upload the :file:`zephyr.signed.confirmed.bin` file to image slot-0
of your board. of your board.
.. code-block:: console .. code-block:: console
@ -129,22 +115,13 @@ time to the console. After it connects to the internet, in hawkbit server UI,
you should see the ``frdm_k64f`` show up in the Targets pane. It's time to you should see the ``frdm_k64f`` show up in the Targets pane. It's time to
upload a firmware binary to the server, and update it using this UI. upload a firmware binary to the server, and update it using this UI.
Step 7: Building and signing the test image Step 6: Building and signing the test image
=========================================== ===========================================
The easiest way to test the functionality of hawkBit is to repeat step 4 to The easiest way to test the functionality of hawkBit is to repeat step 4 to
build the sample again, so that the build time will be different. Then, similar build the sample again, so that the build time will be different.
to step 5, sign the image and assign it a different version number but without
confirming it like so:
.. code-block:: console This time you need the file :file:`zephyr.signed.bin` from the build directory.
west sign -t imgtool -- --key \
~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem \
--version 1.0.1
The command above creates a signed image file called
:file:`zephyr.signed.bin` in the build directory.
Upload the signed image to the server. Click Upload icon in left pane of UI and Upload the signed image to the server. Click Upload icon in left pane of UI and
create a new Software Module with type Apps (``name:hawkbit,version:1.0.1``). create a new Software Module with type Apps (``name:hawkbit,version:1.0.1``).
@ -156,7 +133,7 @@ hawkBit software module to the created distribution. Click on Deployment
icon in the left pane of UI and assign the ``frdm_k64f_update`` distribution to icon in the left pane of UI and assign the ``frdm_k64f_update`` distribution to
the target ``frdm_k64f``. the target ``frdm_k64f``.
Step 8: Run the update Step 7: Run the update
====================== ======================
Back in the terminal session that you used for debugging the board, type the Back in the terminal session that you used for debugging the board, type the
@ -174,7 +151,7 @@ Your board will reboot automatically and then start with the new image. After re
board will print a different image build time then automatically ping the server board will print a different image build time then automatically ping the server
again and the message ``Image is already updated`` will be printed on the terminal. again and the message ``Image is already updated`` will be printed on the terminal.
Step 9: Clone and build hawkbit with https Step 8: Clone and build hawkbit with https
========================================== ==========================================
Below steps clone and build the hawkbit with self-signed certificate Below steps clone and build the hawkbit with self-signed certificate
@ -277,8 +254,8 @@ Change authentication security from false to true.
java -jar ./hawkbit-runtime/hawkbit-update-server/target/ \ java -jar ./hawkbit-runtime/hawkbit-update-server/target/ \
hawkbit-update-server-#version#-SNAPSHOT.jar hawkbit-update-server-#version#-SNAPSHOT.jar
Step 10: Build hawkBit HTTPS Step 9: Build hawkBit HTTPS
============================ ===========================
* Convert the server.pem file to self_sign.der and place the der file in * Convert the server.pem file to self_sign.der and place the der file in
hawkbit/src directory hawkbit/src directory
@ -291,4 +268,4 @@ Step 10: Build hawkBit HTTPS
:conf: "prj.conf overlay-tls.conf" :conf: "prj.conf overlay-tls.conf"
:goals: build :goals: build
Repeat the steps from 5 to 9, to update the device over https. Repeat the steps from 5 to 7, to update the device over https.

3
samples/subsys/mgmt/hawkbit/prj.conf
View file

@ -15,6 +15,9 @@ CONFIG_DNS_RESOLVER=y
CONFIG_JSON_LIBRARY=y CONFIG_JSON_LIBRARY=y
CONFIG_BOOTLOADER_MCUBOOT=y CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_SETTINGS=y CONFIG_SETTINGS=y
CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE=n
CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE=y
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="./bootloader/mcuboot/root-rsa-2048.pem"
#Main Stack Size #Main Stack Size
CONFIG_MAIN_STACK_SIZE=4096 CONFIG_MAIN_STACK_SIZE=4096