Registered User mNo edit summary Tag: 2017 source edit |
Registered User mNo edit summary Tag: 2017 source edit |
||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 6: | Line 6: | ||
{{DISPLAYTITLE:X-LINUX-AWS Distribution Package}} | {{DISPLAYTITLE:X-LINUX-AWS Distribution Package}} | ||
{{ReviewsComments|-- [[User:Nathalie Sangouard|Nathalie Sangouard]] ([[User talk:Nathalie Sangouard|talk]]) 17:56, 29 February 2024 (CET)<br />I need to update the Template:CodeSource to add AWS package}} | {{ReviewsComments|-- [[User:Nathalie Sangouard|Nathalie Sangouard]] ([[User talk:Nathalie Sangouard|talk]]) 17:56, 29 February 2024 (CET)<br />I need to update the Template:CodeSource to add AWS package}} | ||
==Generate X-LINUX-AWS OpenSTLinux distribution== | ==Generate X-LINUX-AWS OpenSTLinux distribution== | ||
With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS | With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS expansion package.<br> | ||
This procedure is mandatory to use TPM on the X-LINUX-AWS | This procedure is mandatory to use TPM on the X-LINUX-AWS expansion package.<br> | ||
===Download the Distribution Package=== | ===Download the Distribution Package=== | ||
| Line 16: | Line 15: | ||
===Install X-LINUX-AWS environment === | ===Install X-LINUX-AWS environment === | ||
{{Warning|{{SoftwareLicenseAgreement | distribution=X-LINUX-AWS}}}} | |||
====Clone the meta-st-x-linux-aws git repository==== | ====Clone the meta-st-x-linux-aws git repository==== | ||
{{PC$}}cd <Distribution Package installation directory>/layers/meta-st | {{PC$}}cd <Distribution Package installation directory>/layers/meta-st | ||
{{PC$}}git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b {{X-LINUXRelease/Revision | revision=6.0. | {{PC$}}git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b {{X-LINUXRelease/Revision | revision=6.0.1 | name=AWS| type=tag}} | ||
====Clone the meta-st-x-linux-tpm git repository==== | ====Clone the meta-st-x-linux-tpm git repository==== | ||
{{PC$}}cd <Distribution Package installation directory>/layers/meta-st | {{PC$}}cd <Distribution Package installation directory>/layers/meta-st | ||
{{PC$}}git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b 6.0.0 | {{PC$}}git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b {{X-LINUXRelease/Revision | revision=6.0.0 | name=TPM| type=tag}} | ||
====Clone the meta-aws git repository==== | ====Clone the meta-aws git repository==== | ||
| Line 37: | Line 34: | ||
{{PC$}}git clone https://git.yoctoproject.org/meta-security -b scarthgap | {{PC$}}git clone https://git.yoctoproject.org/meta-security -b scarthgap | ||
{{Info | Validated on commit bc865c5276c2ab4031229916e8d7c20148dfbac3}} | {{Info | Validated on commit bc865c5276c2ab4031229916e8d7c20148dfbac3}} | ||
===Configure Yocto project=== | ===Configure Yocto project=== | ||
* '''For a new environment''' | * '''For a new environment''' | ||
:Source the build environment with the correct board and layers: | :Source the build environment with the correct board and layers: | ||
:* For | :* For {{Board | type=135F-DK}} | ||
{{PC$}}cd <Distribution Package installation directory> | |||
{{PC$}}MACHINE=stm32mp1 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh | |||
:* For {{Board | type=257F-DK}} or {{Board | type=257x-EV1}} | |||
{{PC$}}cd <Distribution Package installation directory> | {{PC$}}cd <Distribution Package installation directory> | ||
{{PC$}}MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh | {{PC$}}MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh | ||
| Line 63: | Line 60: | ||
Follow this link to see how to [[STM32MPU_Distribution_Package#Flashing_the_built_image | program the built image]]. | Follow this link to see how to [[STM32MPU_Distribution_Package#Flashing_the_built_image | program the built image]]. | ||
:* For | :* For {{Board | type=135F-DK}} | ||
{{PC$}}cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp1/tmp-glibc/deploy/images/stm32mp1 | |||
{{PC$}}STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp135f-dk-optee.tsv | |||
:* For {{Board | type=257F-DK}} | |||
{{PC$}}cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 | {{PC$}}cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 | ||
{{PC$}}STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv | {{PC$}}STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv | ||
:* For | :* For {{Board | type=257x-EV1}} | ||
{{PC$}}cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 | {{PC$}}cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 | ||
{{PC$}}STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv | {{PC$}}STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv | ||
== Main software modifications == | == Main software modifications == | ||
Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels: | Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels: | ||
*The Linux<sup>®</sup> kernel configuration and Device tree level with the X-LINUX-TPM | *The Linux<sup>®</sup> kernel configuration and Device tree level with the [[X-LINUX-TPM expansion package]] integration. | ||
*User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features. | *User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features. | ||
Latest revision as of 17:27, 19 December 2024
1. Generate X-LINUX-AWS OpenSTLinux distribution[edit | edit source]
With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS expansion package.
This procedure is mandatory to use TPM on the X-LINUX-AWS expansion package.
1.1. Download the Distribution Package[edit | edit source]
- Install the OpenSTLinux Distribution Package by following the dedicated article (STM32MPU Distribution Package) but do not initialize the OpenEmbedded environment (do not source the envsetup.sh).
1.2. Install X-LINUX-AWS environment[edit | edit source]
1.2.1. Clone the meta-st-x-linux-aws git repository[edit | edit source]
cd <Distribution Package installation directory>/layers/meta-st git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b unknown revision
1.2.2. Clone the meta-st-x-linux-tpm git repository[edit | edit source]
cd <Distribution Package installation directory>/layers/meta-st git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b unknown expansion package
1.2.3. Clone the meta-aws git repository[edit | edit source]
cd <Distribution Package installation directory>/layers git clone https://github.com/aws4embeddedlinux/meta-aws.git -b scarthgap
 Information
|
| Validated on commit adc98ad9c3493fc7f928127aaeb4d73741054967 |
1.2.4. Clone the meta-security git repository[edit | edit source]
cd <Distribution Package installation directory>/layers git clone https://git.yoctoproject.org/meta-security -b scarthgap
| Information
|
| Validated on commit bc865c5276c2ab4031229916e8d7c20148dfbac3 |
1.3. Configure Yocto project[edit | edit source]
- For a new environment
- Source the build environment with the correct board and layers:
- For STM32MP135F-DK Discovery kit
- For STM32MP135F-DK Discovery kit
cd <Distribution Package installation directory> MACHINE=stm32mp1 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
- For STM32MP257F-DK Discovery kit or STM32MP257x-EV1 Evaluation board
- For STM32MP257F-DK Discovery kit
cd <Distribution Package installation directory> MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
- For an already installed environment
- Add the layers to the Yocto environment:
cd <Distribution Package installation directory>
source layers/meta-st/scripts/envsetup.sh
bitbake-layers add-layer ../layers/meta-st/meta-st-x-linux-aws ../layers/meta-security/meta-tpm ../layers/meta-st/meta-st-x-linux-tpm ../layers/meta-aws ../layers/meta-security
1.4. Build the image[edit | edit source]
bitbake st-image-aws
| Information
|
| Note that building the image might take a long time depending on the host computer performance. |
1.5. Program the built image[edit | edit source]
Follow this link to see how to program the built image.
- For STM32MP135F-DK Discovery kit
- For STM32MP135F-DK Discovery kit
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp1/tmp-glibc/deploy/images/stm32mp1
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp135f-dk-optee.tsv
- For STM32MP257F-DK Discovery kit
- For STM32MP257F-DK Discovery kit
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv
- For STM32MP257x-EV1 Evaluation board
- For STM32MP257x-EV1 Evaluation board
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv
2. Main software modifications[edit | edit source]
Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels:
- The Linux® kernel configuration and Device tree level with the X-LINUX-TPM expansion package integration.
- User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features.
List of modifications:
- recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend
- Installation of Greengrass core software into directory /opt/greengrass/v2/
- Download and installation of AmazonRootCA1 certificate
- Download and installation of Pkcs11Provider 2.0.6 to use (hard or soft) Security Module at first connection
- Configuration file modifications
- recipes-security/latchset/pkcs11-provider.bb
- Installation of PKCS#11provider for OpenSSL 3.x
- Installation of OpenSSL PKCS#11 provider configuration file
- recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_%.bbappend
- Creation of a directory /etc/tpm2_pkcs11/ to store some metadata to make the tpm2-pkcs11 library operate correctly.
| Information
|
| You can also define that location with the TPM2_PKCS11_STORE environment variable.
In that case, the TPM2_PKCS11_STORE environment variable must be set in the /lib/systemd/system/greengrass.service file Check the tpm2-software documentation for more details. |
- recipes-samples/demo-application/demo-application-aws.bb
- Grant user weston the right to perform some operations
- Creation of a demonstration application to:
- Visualize current Greengrass Core Device configuration
- Show Greengrass component status
- Interact with an MQTT network by subscribing and publishing to topics
- recipes-st/images/st-image-aws.bb
- Creation of a custom build image