This document demonstrates how SWUpdate updates the software on the SP7350 platforms.
Table of Contents
Ubuntu MATE 24.04 - eMMC boot
When you run “make config” to configure your build environment and after selecting the board, you will be prompted to choose a boot device. Refer to the picture below and Enter “1” to select eMMC.
After selecting eMMC size, you will be prompted to choose a root file system. Refer to the picture below and Enter “7” to select Ubuntu MATE 24.04.1.
swupdate installation
After booting the system of the platform, connect to the internet and use the following commands to install swupdate.
sudo apt update sudo apt-get install swupdate
Apache HTTP Server installation
Use the following command to install apache2.
sudo apt install apache2
chromium installation
Use the following commands to install chromium.
sudo add-apt-repository ppa:xtradeb/apps -y sudo apt install chromium
Generate self-signed certificates
Use the following command to generate self-signed certificates.
openssl req -x509 -newkey rsa:4096 -nodes -keyout mycert.key.pem -out mycert.cert.pem -subj "/O=SWUpdate /CN=target"
It will create mycert.key.pem containing the private key, and mycert.cert.pem containing the public key and certificate. The default validity period of mycert.cert.pem is 30 days and you can use the following command to check it.
openssl x509 -in mycert.cert.pem -noout -dates
If you want to set the validity period by yourself, you can use the following command to generate self-signed certificates. The command adds a parameter of “-days 365” to set the validity period to 365 days.
openssl req -x509 -newkey rsa:4096 -nodes -keyout mycert.key.pem -out mycert.cert.pem -subj "/O=SWUpdate /CN=target" -days 365
sw-description configuration file
The sw-description file created describes the structure and content of the software update (packed in a .swu file) and defines what actions SWUpdate should take when performing the update.
A sw-description file below is an example for updating xboot、uboot and kernel simultaneously for eMMC.
software = {
version = "1.0";
hardware-compatibility: [ "v1.0" ];
images: (
{
filename = "xboot.img";
device = "/dev/mmcblk0boot0";
compressed = false;
type = "raw";
sha256 = "91fc277640036ab292b709bbf762b018f95a8cd2224058f48754a0587451de70";
},
{
filename = "u-boot.img";
device = "/dev/mmcblk0p2";
compressed = false;
type = "raw";
sha256 = "f72733756552297cd719b0a5a8ab26215ca862af67d00fb2a8d6d6bec2840111";
},
{
filename = "uImage";
device = "/dev/mmcblk0p7";
compressed = false;
type = "raw";
sha256 = "c288fbd009205f3d5b30328908a3f820fb0020c9f5acd49d49b79c0db92d5b3a";
}
);
};
“device” is the partition corresponding to the image. Please refer to https://sunplus.atlassian.net/wiki/spaces/C3/pages/1995309077/Exploring+Partitions+of+All+Boot+Devices?atl_f=content-tree.
“sha256” is the hash of the image. Each image must have the attribute. You can use the following command to get the hash of the image.
sha256sum xboot.img
Building a signed SWU image with CMS signature
There are two files, sw-description and its signature sw-description.sig. The signature file must always directly follow the description file.
A simple script to create a signed image can be:
#!/bin/bash
IMAGES="xboot.img u-boot.img uImage"
FILES="sw-description sw-description.sig $IMAGES"
openssl cms -sign -in sw-description -out sw-description.sig -signer /home/sunplus/work/my_key/mycert.cert.pem -inkey /home/sunplus/work/my_key/mycert.key.pem -outform DER -nosmimecap -binary
for i in $FILES;do
echo $i;done | cpio -ov -H crc > update.swu
After executing the script, sw-description.sig will be produced and the “FILES” in the script will be packed (cpio was chosen for its simplicity and because can be streamed) together to the file of update.swu.
HW_FILE
Create and edit a file (/etc/hwrevision) in the platform if it does not exist. The example of the contents is shown below.
SP7350 v1.0
“SP7350” is the hardware board name.
“v1.0” is the hardware revision and it must be the same as “hardware-compatibility” in sw-description.
Update images
The Ubuntu platform can update images (update.swu) via the command or web server.
Run SWUpdate
You can use the following command to update images.
sudo swupdate -i update.swu -k /home/sunplus/work/my_key/mycert.cert.pem -v
The verbose logging is as shown below. After the update process, the system will reboot.
sunplus@ubuntu:~/work/swu_ubuntu$ sudo swupdate -i update.swu -k /home/sunplus/work/my_key/mycert.cert.pem -v
[TRACE] : SWUPDATE running : [load_cert_chain] : Read PEM #1: /O=SWUpdate /CN=target /O=SWUpdate /CN=target
SWUpdate v
Licensed under GPLv2. See source distribution for detailed copyright notices.
[TRACE] : SWUPDATE running : [print_registered_bootloaders] : Registered bootloaders:
[TRACE] : SWUPDATE running : [print_registered_bootloaders] : uboot loaded.
[TRACE] : SWUPDATE running : [print_registered_bootloaders] : none loaded.
[TRACE] : SWUPDATE running : [print_registered_bootloaders] : grub loaded.
[TRACE] : SWUPDATE running : [print_registered_bootloaders] : ebg loaded.
[INFO ] : SWUPDATE running : [main] : Using default bootloader interface: none
[INFO ] : SWUPDATE running : [lua_handlers_init] : External Lua handler(s) not found.
[TRACE] : SWUPDATE running : [lua_report_exception] : Lua exception:
[TRACE] : SWUPDATE running : [lua_report_exception] : [string "require ("swupdate_handlers")"]:1: module 'swupdate_handlers' not found:
[TRACE] : SWUPDATE running : [lua_report_exception] : no field package.preload['swupdate_handlers']
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/share/lua/5.4/swupdate_handlers.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/share/lua/5.4/swupdate_handlers/init.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/lib/lua/5.4/swupdate_handlers.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/lib/lua/5.4/swupdate_handlers/init.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/share/lua/5.4/swupdate_handlers.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/share/lua/5.4/swupdate_handlers/init.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file './swupdate_handlers.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file './swupdate_handlers/init.lua'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/lib/lua/5.4/swupdate_handlers.so'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/lib/aarch64-linux-gnu/lua/5.4/swupdate_handlers.so'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/lib/lua/5.4/swupdate_handlers.so'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file '/usr/local/lib/lua/5.4/loadall.so'
[TRACE] : SWUPDATE running : [lua_report_exception] : no file './swupdate_handlers.so'
[INFO ] : SWUPDATE running : [main] : Running on SP7350 Revision v1.0
[INFO ] : SWUPDATE running : [print_registered_handlers] : Registered handlers:
[INFO ] : SWUPDATE running : [print_registered_handlers] : dummy
[INFO ] : SWUPDATE running : [print_registered_handlers] : archive
[INFO ] : SWUPDATE running : [print_registered_handlers] : tar
[INFO ] : SWUPDATE running : [print_registered_handlers] : uboot
[INFO ] : SWUPDATE running : [print_registered_handlers] : bootloader
[INFO ] : SWUPDATE running : [print_registered_handlers] : btrfs
[INFO ] : SWUPDATE running : [print_registered_handlers] : copy
[INFO ] : SWUPDATE running : [print_registered_handlers] : rawcopy
[INFO ] : SWUPDATE running : [print_registered_handlers] : flash
[INFO ] : SWUPDATE running : [print_registered_handlers] : delta
[INFO ] : SWUPDATE running : [print_registered_handlers] : diskformat
[INFO ] : SWUPDATE running : [print_registered_handlers] : diskpart
[INFO ] : SWUPDATE running : [print_registered_handlers] : toggleboot
[INFO ] : SWUPDATE running : [print_registered_handlers] : gptswap
[INFO ] : SWUPDATE running : [print_registered_handlers] : gptpart
[INFO ] : SWUPDATE running : [print_registered_handlers] : uniqueuuid
[INFO ] : SWUPDATE running : [print_registered_handlers] : flash-hamming1
[INFO ] : SWUPDATE running : [print_registered_handlers] : lua
[INFO ] : SWUPDATE running : [print_registered_handlers] : raw
[INFO ] : SWUPDATE running : [print_registered_handlers] : rawfile
[INFO ] : SWUPDATE running : [print_registered_handlers] : rdiff_image
[INFO ] : SWUPDATE running : [print_registered_handlers] : rdiff_file
[INFO ] : SWUPDATE running : [print_registered_handlers] : readback
[INFO ] : SWUPDATE running : [print_registered_handlers] : shellscript
[INFO ] : SWUPDATE running : [print_registered_handlers] : preinstall
[INFO ] : SWUPDATE running : [print_registered_handlers] : postinstall
[INFO ] : SWUPDATE running : [print_registered_handlers] : ssblswitch
[INFO ] : SWUPDATE running : [print_registered_handlers] : swuforward
[INFO ] : SWUPDATE running : [print_registered_handlers] : ubivol
[INFO ] : SWUPDATE running : [print_registered_handlers] : ubipartition
[INFO ] : SWUPDATE running : [print_registered_handlers] : ubiswap
[INFO ] : SWUPDATE running : [print_registered_handlers] : ucfw
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_imageload
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_imagedelete
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_imageprune
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_containercreate
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_containerdelete
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_containerstart
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_networkcreate
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_networkdelete
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_volumecreate
[INFO ] : SWUPDATE running : [print_registered_handlers] : docker_volumedelete
[DEBUG] : SWUPDATE running : [read_module_settings] : No config settings found for module versions
[TRACE] : SWUPDATE running : [listener_create] : got no socket at /tmp/swupdateprog from systemd
[TRACE] : SWUPDATE running : [network_initializer] : Main loop daemon
[TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/swupdateprog
[TRACE] : SWUPDATE running : [listener_create] : got no socket at /tmp/sockinstctrl from systemd
[TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/sockinstctrl
[DEBUG] : SWUPDATE running : [read_module_settings] : No config settings found for module download
[TRACE] : SWUPDATE running : [start_swupdate_subprocess] : Started chunks_downloader with pid 2054 and fd 8
[TRACE] : SWUPDATE running : [network_thread] : Incoming network request: processing...
[INFO ] : SWUPDATE started : Software Update started !
[TRACE] : SWUPDATE running : [network_initializer] : Software update started
[TRACE] : SWUPDATE running : [start_delta_downloader] : Starting Internal process for downloading chunks
[WARN ] : SWUPDATE running : [scan_mtd_devices] : MTD is not present on the target
[WARN ] : SWUPDATE running : [mtd_init] : MTD is not present in the system
[WARN ] : SWUPDATE running : [mtd_init] : cannot open libmtd
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : Found file
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : filename sw-description
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : size 828
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : Found file
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : filename sw-description.sig
[TRACE] : SWUPDATE running : [extract_file_to_tmp] : size 2110
[WARN ] : SWUPDATE running : [check_signer_name] : The X.509 common name might not be equal to .
[TRACE] : SWUPDATE running : [swupdate_verify_file] : Verified OK
[DEBUG] : SWUPDATE running : [parse_cfg] : Parsing config file /tmp/sw-description
[TRACE] : SWUPDATE running : [get_common_fields] : Version 1.0
[TRACE] : SWUPDATE running : [get_common_fields] : reboot_required 1
[TRACE] : SWUPDATE running : [parse_hw_compatibility] : Accepted Hw Revision : v1.0
[TRACE] : SWUPDATE running : [_parse_images] : Found Image: uImage in device : /dev/mmcblk0p7 for handler raw
[TRACE] : SWUPDATE running : [_parse_images] : Found Image: u-boot.img in device : /dev/mmcblk0p2 for handler raw
[TRACE] : SWUPDATE running : [_parse_images] : Found Image: xboot.img in device : /dev/mmcblk0boot0 for handler raw
[TRACE] : SWUPDATE running : [parse] : Number of found artifacts: 3
[TRACE] : SWUPDATE running : [parse] : Number of scripts: 0
[TRACE] : SWUPDATE running : [parse] : Number of steps to be run: 3
[TRACE] : SWUPDATE running : [check_hw_compatibility] : Hardware SP7350 Revision: v1.0
[TRACE] : SWUPDATE running : [check_hw_compatibility] : Hardware compatibility verified
[DEBUG] : SWUPDATE running : [preupdatecmd] : Running Pre-update command
[TRACE] : SWUPDATE running : [extract_files] : Found file
[TRACE] : SWUPDATE running : [extract_files] : filename xboot.img
[TRACE] : SWUPDATE running : [extract_files] : size 139052 required
[TRACE] : SWUPDATE running : [extract_files] : Found file
[TRACE] : SWUPDATE running : [extract_files] : filename u-boot.img
[TRACE] : SWUPDATE running : [extract_files] : size 937816 required
[TRACE] : SWUPDATE running : [extract_files] : Found file
[TRACE] : SWUPDATE running : [extract_files] : filename uImage
[TRACE] : SWUPDATE running : [extract_files] : size 9354240 required
[TRACE] : SWUPDATE running : [extract_padding] : Expecting up to 512 padding bytes at end-of-file
[TRACE] : SWUPDATE running : [network_initializer] : Valid image found: copying to FLASH
[INFO ] : SWUPDATE running : Installation in progress
[TRACE] : SWUPDATE running : [install_single_image] : Found installer for stream xboot.img raw
[TRACE] : SWUPDATE running : [blkprotect] : Device /dev/mmcblk0boot0: changed force_ro to 0
[TRACE] : SWUPDATE running : [blkprotect] : Device /dev/mmcblk0boot0: changed force_ro to 1
[TRACE] : SWUPDATE running : [install_single_image] : Found installer for stream u-boot.img raw
[TRACE] : SWUPDATE running : [install_single_image] : Found installer for stream uImage raw
[INFO ] : SWUPDATE successful ! SWUPDATE successful !
[TRACE] : SWUPDATE running : [network_initializer] : Main thread sleep again !
[INFO ] : No SWUPDATE running : Waiting for requests...
[INFO ] : SWUPDATE running : [endupdate] : SWUpdate was successful !
[DEBUG] : SWUPDATE running : [postupdate] : Running Post-update command
[TRACE] : SWUPDATE running : [unlink_sockets] : unlink socket /tmp/swupdateprog
[TRACE] : SWUPDATE running : [unlink_sockets] : unlink socket /tmp/sockinstctrl
sunplus@ubuntu:~/work/swu_ubuntu$ [ 1215.274202] [dhd] STATIC-MSG) dhd_static_buf_exit : Enter
[ 1215.981005] reboot: Restarting system
INFO: PSCI Power Domain Map:
INFO: Domain Node : Level 2, parent_node -1, State ON (0x0)
INFO: Domain Node : Level 1, parent_node 0, State ON (0x0)
INFO: CPU Node : MPID 0x0, parent_node 1, State ON (0x0)
INFO: CPU Node : MPID 0x100, parent_node 1, State ON (0x0)
INFO: CPU Node : MPID 0x200, parent_node 1, State ON (0x0)
INFO: CPU Node : MPID 0x300, parent_node 1, State ON (0x0)
Web server
The Ubuntu platform can update images via the web server by itself or other Ubuntu platforms.
SWUpdate web interface files
Use the following command to download the SWUpdate GitHub repository.
git clone https://github.com/sbabic/swupdate.git
Make a directory named “swupdate” in /var/www/ of the platform. Copy all the directories and files in /examples/www/v2/ of the SWUpdate repository into /var/www/swupdate/ of the platform.
Shell script - swupdate.sh
Add the parameters of “-k /home/sunplus/my_key/mycert.cert.pem“ for SWUPDATE_ARGS and “-r /var/www/swupdate -p 8080“ for SWUPDATE_WEBSERVER_ARGS in /usr/lib/swupdate/swupdate.sh of the platform shown below. Then reboot the system to activate the web server.
#!/bin/sh
# Override these variables in sourced script(s) located
# in /usr/lib/swupdate/conf.d or /etc/swupdate/conf.d
SWUPDATE_ARGS="-k /home/sunplus/work/my_key/mycert.cert.pem -v ${SWUPDATE_EXTRA_ARGS}"
SWUPDATE_WEBSERVER_ARGS="-r /var/www/swupdate -p 8080"
SWUPDATE_SURICATTA_ARGS=""
# source all files from /etc/swupdate/conf.d and /usr/lib/swupdate/conf.d/
# A file found in /etc replaces the same file in /usr
for f in `(test -d /usr/lib/swupdate/conf.d/ && ls -1 /usr/lib/swupdate/conf.d/; test -d /etc/swupdate/conf.d && ls -1 /etc/swupdate/conf.d) | sort -u`; do
if [ -f /etc/swupdate/conf.d/$f ]; then
. /etc/swupdate/conf.d/$f
else
. /usr/lib/swupdate/conf.d/$f
fi
done
# handle variable escaping in a simple way. Use exec to forward open filedescriptors from systemd open.
if [ "$SWUPDATE_WEBSERVER_ARGS" != "" -a "$SWUPDATE_SURICATTA_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -w "$SWUPDATE_WEBSERVER_ARGS" -u "$SWUPDATE_SURICATTA_ARGS"
elif [ "$SWUPDATE_WEBSERVER_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -w "$SWUPDATE_WEBSERVER_ARGS"
elif [ "$SWUPDATE_SURICATTA_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -u "$SWUPDATE_SURICATTA_ARGS"
else
exec /usr/bin/swupdate $SWUPDATE_ARGS
fi
Localhost web server
Open chrominum and connect to the localhost web server with:
http://localhost:8080
The default port of SWUpdate web server is 8080. It can update images for itself via localhost.
Click the blank area and select update.swu packed earlier.
After selecting update.swu, SWUpdate will start to process the received images and then restart the system.
Another platform's web server
You can use chrominum to connect to another platform’s web server to update the images for it which must accomplish the following steps first.
Install swupdate.
Install apache2.
Copy swupdate inferface files into /var/www/swupdate/.
Create and edit /etc/hwrevision.
Copy the public key (mycert.cert.pem) from the platform which packs update.swu.
Make sure the platform system clock is within the validity period of the public key (mycert.cert.pem).
Modify /usr/lib/swupdate/swupdate.sh.
Reboot the system to activate its web server.
Connect to the internet.
After the steps above, you can use the browser to connect to the platform’s SWUpdate web server with:
http://<target_ip>:8080
Therefore, you can update the images for it.
Buildroot 2024.02 - eMMC boot
When you run 'make config' to configure your build environment and after selecting the board, you will be prompted to choose a boot device. Refer to the picture below and Enter “1” to select eMMC.
After selecting eMMC size, you will be prompted to choose a root file system. Refer to the picture below and Enter “11” to select Buildroot 2024.02.
Buildroot Setup
After the completion of running “make config”, enter the buildroot configuration by running the following command in the top directory of project.
make bconfig
Select submenus for swupdate : Target packages → System tools. Select <*> for swupdate . Save the configuration and exit. Then execute “make” command to build the images.
Generate self-signed certificates
After updating the images to the platform and boot the system of it, it would fail to start SWUpdate daemon as shown below. It lacks a public key to activate the web server.
The procedure to generate self-signed certificates is the same as that in Ubuntu MATE 24.04 - eMMC boot. After generating the public key (mycert.cert.pem) by itself or coping it from other platforms which generate it, pack update.swu and will update the images for this Buildroot platform, add the parameter of SWUPDATE_ARGS=”-k /root/work/my_key/mycert.cert.pem -v” to /usr/lib/swupdate/conf.d/10-mongoose-args of the Buildroot platform and the web server will be activated successfully after reboot.
sw-description configuration file
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Building a signed SWU image with CMS signature
Reference it in Ubuntu MATE 24.04 - eMMC boot.
HW_FILE
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Update images
The Buildroot platform can update images (update.swu) via the command by itself or web server only by other Ubuntu platforms.
Run SWUpdate
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Web server
Besides adding the parameter (the path of the public key) to /usr/lib/swupdate/conf.d/10-mongoose-args for activating the web server, make sure the platform system clock is within the validity period of the public key (mycert.cert.pem) and reference the procedure of updating images by other Ubuntu platforms in Ubuntu MATE 24.04 - eMMC boot.
Yocto 4.2.4 - eMMC boot
When you run “make config” to configure your build environment and after selecting the board, you will be prompted to choose a boot device. Refer to the picture below and Enter “1” to select eMMC.
After selecting eMMC size, you will be prompted to choose a root file system. Refer to the picture below and Enter “12” to select Yocto 4.2.4.
After the execution of “make config”, you can modify linux\rootfs\initramfs\yocto\meta-swupdate\recipes-support\swupdate\swupdate\defconfig according to your requests. An example shown below enables systemd support、checks for hardware / software compatibility、uses environment in RAM as bootloader interface and enables verification of signed images … etc.
# # Automatically generated file; DO NOT EDIT. # Swupdate Configuration # CONFIG_HAVE_DOT_CONFIG=y # # Swupdate Settings # # # General Configuration # # CONFIG_CURL is not set # CONFIG_CURL_SSL is not set CONFIG_SYSTEMD=y CONFIG_DEFAULT_CONFIG_FILE="/etc/swupdate.cfg" CONFIG_SCRIPTS=y CONFIG_HW_COMPATIBILITY=y CONFIG_HW_COMPATIBILITY_FILE="/etc/hwrevision" CONFIG_SW_VERSIONS_FILE="/etc/sw-versions" # # Socket Paths # CONFIG_SOCKET_CTRL_PATH="" CONFIG_SOCKET_PROGRESS_PATH="" CONFIG_SOCKET_REMOTE_HANDLER_DIRECTORY="/tmp/" CONFIG_MTD=y CONFIG_LUA=y CONFIG_LUAPKG="lua" # CONFIG_FEATURE_SYSLOG is not set # # Build Options # CONFIG_CROSS_COMPILE="" CONFIG_SYSROOT="" CONFIG_EXTRA_LDLIBS="" # # Debugging Options # # CONFIG_DEBUG is not set # CONFIG_WERROR is not set # CONFIG_NOCLEANUP is not set # CONFIG_BOOTLOADER_EBG is not set # CONFIG_UBOOT is not set CONFIG_BOOTLOADER_NONE=y # CONFIG_BOOTLOADER_GRUB is not set CONFIG_BOOTLOADER_DEFAULT_NONE=y # CONFIG_SSL_IMPL_NONE is not set CONFIG_SSL_IMPL_OPENSSL=y # CONFIG_SSL_IMPL_MBEDTLS is not set # CONFIG_DOWNLOAD is not set CONFIG_HASH_VERIFY=y CONFIG_SIGNED_IMAGES=y # CONFIG_SIGALG_RAWRSA is not set # CONFIG_SIGALG_RSAPSS is not set CONFIG_SIGALG_CMS=y # CONFIG_SIGALG_GPG is not set # # CMS / PKCS#7 signature verification options # # CONFIG_CMS_IGNORE_EXPIRED_CERTIFICATE is not set # CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE is not set # CONFIG_CMS_SKIP_UNKNOWN_SIGNERS is not set # CONFIG_ENCRYPTED_IMAGES is not set # CONFIG_SURICATTA is not set CONFIG_WEBSERVER=y CONFIG_MONGOOSE=y CONFIG_MONGOOSEIPV6=y CONFIG_MONGOOSESSL=y CONFIG_GUNZIP=y # CONFIG_ZSTD is not set # # Parser Features # CONFIG_LIBCONFIG=y CONFIG_PARSERROOT="" # CONFIG_JSON is not set # CONFIG_LUAEXTERNAL is not set # CONFIG_SETSWDESCRIPTION is not set # # Image Handlers # # CONFIG_UBIVOL is not set CONFIG_CFI=y # CONFIG_CFIHAMMING1 is not set # CONFIG_DISKPART is not set CONFIG_RAW=y # CONFIG_RDIFFHANDLER is not set CONFIG_LUASCRIPTHANDLER=y CONFIG_SHELLSCRIPTHANDLER=y # CONFIG_HANDLER_IN_LUA is not set # CONFIG_ARCHIVE is not set # CONFIG_REMOTE_HANDLER is not set # CONFIG_SWUFORWARDER_HANDLER is not set # CONFIG_BOOTLOADERHANDLER is not set # CONFIG_SSBLSWITCH is not set # CONFIG_UCFWHANDLER is not set
Modify linux\rootfs\initramfs\yocto\meta-sunplus\recipes-img\images\img-sp7350.bb to install the webserver of nginx during compilation.
Then execute “make” command to build the images.
Generate self-signed certificates
After updating the images to the platform and boot the system of it, it would fail to start SWUpdate daemon as shown below. It lacks a public key to start SWUpdate daemon.
The procedure to generate self-signed certificates is the same as that in Ubuntu MATE 24.04 - eMMC boot. After generating the public key (mycert.cert.pem) by itself or coping it from other platforms which generate it, pack update.swu and will update the images for this Yocto platform, add the parameters of “-k /home/root/my_key/mycert.cert.pem“ for SWUPDATE_ARGS in /usr/lib/swupdate/swupdate.sh of the platform shown below. Then it will start SWUpdate daemon successfully after rebooting the system.
#!/bin/sh
# Override these variables in sourced script(s) located
# in /usr/lib/swupdate/conf.d or /etc/swupdate/conf.d
SWUPDATE_ARGS="-k /home/root/work/my_key/mycert.cert.pem -v ${SWUPDATE_EXTRA_ARGS}"
SWUPDATE_WEBSERVER_ARGS=""
SWUPDATE_SURICATTA_ARGS=""
# source all files from /etc/swupdate/conf.d and /usr/lib/swupdate/conf.d/
# A file found in /etc replaces the same file in /usr
for f in `(test -d /usr/lib/swupdate/conf.d/ && ls -1 /usr/lib/swupdate/conf.d/; test -d /etc/swupda
if [ -f /etc/swupdate/conf.d/$f ]; then
. /etc/swupdate/conf.d/$f
else
. /usr/lib/swupdate/conf.d/$f
fi
done
# handle variable escaping in a simmple way. Use exec to forward open filedescriptors from systemd
if [ "$SWUPDATE_WEBSERVER_ARGS" != "" -a "$SWUPDATE_SURICATTA_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -w "$SWUPDATE_WEBSERVER_ARGS" -u "$SWUPDATE_SURICATTA_ARGS"
elif [ "$SWUPDATE_WEBSERVER_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -w "$SWUPDATE_WEBSERVER_ARGS"
elif [ "$SWUPDATE_SURICATTA_ARGS" != "" ]; then
exec /usr/bin/swupdate $SWUPDATE_ARGS -u "$SWUPDATE_SURICATTA_ARGS"
else
exec /usr/bin/swupdate $SWUPDATE_ARGS
sw-description configuration file
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Building a signed SWU image with CMS signature
Reference it in Ubuntu MATE 24.04 - eMMC boot.
HW_FILE
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Update images
The Yocto platform can update images (update.swu) via the command by itself or web server only by other Ubuntu platforms.
Run SWUpdate
Reference it in Ubuntu MATE 24.04 - eMMC boot.
Web server
The Yocto system can only update images (update.swu) by other Ubuntu systems. Reference it in Ubuntu MATE 24.04 - eMMC boot.