Changes between Version 42 and Version 43 of buildroot


Ignore:
Timestamp:
04/02/2021 10:42:35 PM (20 months ago)
Author:
Tim Harvey
Comment:

add image signing to swupdate example

Legend:

Unmodified
Added
Removed
Modified
  • buildroot

    v42 v43  
    862862make newport_swupdate_defconfig
    863863make
    864 
     864# create a private/public key combo for signature verifcation
     865openssl genrsa -out swupdate-priv.pem # private
     866openssl rsa -in swupdate-priv.pem -out swupdate-public.pem -outform PEM -pubout # public
     867# sign the sw-description
     868openssl dgst -sha256 -sign swupdate-priv.pem sw-description > sw-description.sig
    865869# build swupdate image
    866870cp output/images/rootfs.ext4.gz .
    867 for i in sw-description update.sh rootfs.ext4.gz; do
     871for i in sw-description sw-description.sig update.sh rootfs.ext4.gz; do
    868872        echo $i; done | cpio -ov -H crc > my-software.swu
    869873}}}
     874 * Note that you can skip the inclusion of sw-description.sig and the pub/priv key if you don't care about signatures and have not define CONFIG_SIGNED_IMAGES in your swupdate.config
    870875
    871876Here are some one-time steps you will need to do to your boot firmware:
     
    908913cd /tmp
    909914wget http://myserver/my-software.swu
    910 swupdate -i mysoftware.swu
    911 }}}
     915wget http://myserver/swupdate-public.pem
     916swupdate -i mysoftware.swu -k swupdate-public.pem
     917}}}
     918 * Note that you can skip the -k param have not enabled signed images via CONFIG_SIGNED_IMAGES in your swupdate.config
    912919
    913920Note that if you require support for SWUpdate to complete an install that isn't already there (for example you want to add the capability to update GSC firmware via the gsc_update utility) you will either need to a) add a static linked version of that tool to your image or b) do a 2-stage update where you add the required tools first, then use them in a future update