1. Generate X-LINUX-AWS OpenSTLinux distribution[edit | edit source]
With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS expansion package.
This procedure is mandatory to use TPM on the X-LINUX-AWS expansion package.
1.1. Download the Distribution Package[edit | edit source]
- Install the OpenSTLinux Distribution Package by following the dedicated article (STM32MPU Distribution Package) but do not initialize the OpenEmbedded environment (do not source the envsetup.sh).
1.2. Install X-LINUX-AWS environment[edit | edit source]
1.2.1. Clone the meta-st-x-linux-aws git repository[edit | edit source]
cd <Distribution Package installation directory>/layers/meta-st git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b v6.0.1
1.2.2. Clone the meta-st-x-linux-tpm git repository[edit | edit source]
cd <Distribution Package installation directory>/layers/meta-st git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b 6.0.0
1.2.3. Clone the meta-aws git repository[edit | edit source]
cd <Distribution Package installation directory>/layers git clone https://github.com/aws4embeddedlinux/meta-aws.git -b scarthgap
Information |
Validated on commit adc98ad9c3493fc7f928127aaeb4d73741054967 |
1.2.4. Clone the meta-security git repository[edit | edit source]
cd <Distribution Package installation directory>/layers git clone https://git.yoctoproject.org/meta-security -b scarthgap
Information |
Validated on commit bc865c5276c2ab4031229916e8d7c20148dfbac3 |
1.3. Configure Yocto project[edit | edit source]
- For a new environment
cd <Distribution Package installation directory>
MACHINE=stm32mp1 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
cd <Distribution Package installation directory>
MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
- For an already installed environment
- Add the layers to the Yocto environment:
cd <Distribution Package installation directory> source layers/meta-st/scripts/envsetup.sh bitbake-layers add-layer ../layers/meta-st/meta-st-x-linux-aws ../layers/meta-security/meta-tpm ../layers/meta-st/meta-st-x-linux-tpm ../layers/meta-aws ../layers/meta-security
1.4. Build the image[edit | edit source]
bitbake st-image-aws
Information |
Note that building the image might take a long time depending on the host computer performance. |
1.5. Program the built image[edit | edit source]
Follow this link to see how to program the built image.
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp1/tmp-glibc/deploy/images/stm32mp1 STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp135f-dk-optee.tsv
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2 STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv
2. Main software modifications[edit | edit source]
Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels:
- The Linux® kernel configuration and Device tree level with the X-LINUX-TPM expansion package integration.
- User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features.
List of modifications:
- recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend
- Installation of Greengrass core software into directory /opt/greengrass/v2/
- Download and installation of AmazonRootCA1 certificate
- Download and installation of Pkcs11Provider 2.0.6 to use (hard or soft) Security Module at first connection
- Configuration file modifications
- recipes-security/latchset/pkcs11-provider.bb
- Installation of PKCS#11provider for OpenSSL 3.x
- Installation of OpenSSL PKCS#11 provider configuration file
- recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_%.bbappend
- Creation of a directory /etc/tpm2_pkcs11/ to store some metadata to make the tpm2-pkcs11 library operate correctly.
Information |
You can also define that location with the TPM2_PKCS11_STORE environment variable.
In that case, the TPM2_PKCS11_STORE environment variable must be set in the /lib/systemd/system/greengrass.service file Check the tpm2-software documentation for more details. |
- recipes-samples/demo-application/demo-application-aws.bb
- Grant user weston the right to perform some operations
- Creation of a demonstration application to:
- Visualize current Greengrass Core Device configuration
- Show Greengrass component status
- Interact with an MQTT network by subscribing and publishing to topics
- recipes-st/images/st-image-aws.bb
- Creation of a custom build image