Last edited 2 days ago

X-LINUX-AWS Distribution Package

Applicable for STM32MP13x lines, STM32MP25x lines


1. Generate X-LINUX-AWS OpenSTLinux distribution[edit | edit source]

With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS expansion package.
This procedure is mandatory to use TPM on the X-LINUX-AWS expansion package.

1.1. Download the Distribution Package[edit | edit source]

  • Install the OpenSTLinux Distribution Package by following the dedicated article (STM32MPU Distribution Package) but do not initialize the OpenEmbedded environment (do not source the envsetup.sh).

1.2. Install X-LINUX-AWS environment[edit | edit source]

Warning white.png Warning
The software package is provided AS IS, and by downloading it, you agree to be bound to the terms of the software license agreement (SLA0048). The detailed content licenses can be found here.

1.2.1. Clone the meta-st-x-linux-aws git repository[edit | edit source]

cd <Distribution Package installation directory>/layers/meta-st
git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b v6.0.1

1.2.2. Clone the meta-st-x-linux-tpm git repository[edit | edit source]

cd <Distribution Package installation directory>/layers/meta-st
git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b 6.0.0

1.2.3. Clone the meta-aws git repository[edit | edit source]

cd <Distribution Package installation directory>/layers
git clone https://github.com/aws4embeddedlinux/meta-aws.git -b scarthgap
Info white.png Information
Validated on commit adc98ad9c3493fc7f928127aaeb4d73741054967

1.2.4. Clone the meta-security git repository[edit | edit source]

cd <Distribution Package installation directory>/layers
git clone https://git.yoctoproject.org/meta-security -b scarthgap
Info white.png Information
Validated on commit bc865c5276c2ab4031229916e8d7c20148dfbac3

1.3. Configure Yocto project[edit | edit source]

  • For a new environment
Source the build environment with the correct board and layers:
  • For STM32MP135F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>
MACHINE=stm32mp1 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
  • For STM32MP257F-DK Discovery kit More info green.png or STM32MP257x-EV1 Evaluation board More info green.png
cd <Distribution Package installation directory>
MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh


  • For an already installed environment
Add the layers to the Yocto environment:
cd <Distribution Package installation directory>
source layers/meta-st/scripts/envsetup.sh
bitbake-layers add-layer ../layers/meta-st/meta-st-x-linux-aws ../layers/meta-security/meta-tpm ../layers/meta-st/meta-st-x-linux-tpm ../layers/meta-aws ../layers/meta-security

1.4. Build the image[edit | edit source]

bitbake st-image-aws
Info white.png Information
Note that building the image might take a long time depending on the host computer performance.

1.5. Program the built image[edit | edit source]

Follow this link to see how to program the built image.

  • For STM32MP135F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp1/tmp-glibc/deploy/images/stm32mp1
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp135f-dk-optee.tsv
  • For STM32MP257F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv
  • For STM32MP257x-EV1 Evaluation board More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv

2. Main software modifications[edit | edit source]

Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels:

  • The Linux® kernel configuration and Device tree level with the X-LINUX-TPM expansion package integration.
  • User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features.

List of modifications:

  • recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend
    • Installation of Greengrass core software into directory /opt/greengrass/v2/
    • Download and installation of AmazonRootCA1 certificate
    • Download and installation of Pkcs11Provider 2.0.6 to use (hard or soft) Security Module at first connection
    • Configuration file modifications
  • recipes-security/latchset/pkcs11-provider.bb
    • Installation of PKCS#11provider for OpenSSL 3.x
    • Installation of OpenSSL PKCS#11 provider configuration file
  • recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_%.bbappend
    • Creation of a directory /etc/tpm2_pkcs11/ to store some metadata to make the tpm2-pkcs11 library operate correctly.
Info white.png Information
You can also define that location with the TPM2_PKCS11_STORE environment variable.

In that case, the TPM2_PKCS11_STORE environment variable must be set in the /lib/systemd/system/greengrass.service file

Check the tpm2-software documentation for more details.

  • recipes-samples/demo-application/demo-application-aws.bb
    • Grant user weston the right to perform some operations
    • Creation of a demonstration application to:
      • Visualize current Greengrass Core Device configuration
      • Show Greengrass component status
      • Interact with an MQTT network by subscribing and publishing to topics
  • recipes-st/images/st-image-aws.bb
    • Creation of a custom build image