Closed Vishwasrao1 closed 6 months ago
Perhaps it would help if you start by sharing your manual flow - the additional steps required to make your signed image. They might be obvious to you, but it helps to have something concrete to work with.
@pelwell Thank you for your reply. The steps are.
What I want to achieve:
Let me know if you have any idea or if you have already achieved this.
This is something that we are interested in, primarily for buildroot but also Yocto, but it isn't a high priority (just to set your expectations). The first hurdle is likely to be the creation of a suitable initramfs, the hard part being giving the user a reasonable degree of control over what goes into it without it becoming just a huge list of files.
In buildroot you'd typically add something to post-build.sh to collect the necessary (firmware, config, cmdline, initrd) and run make-boot-image. That would create a boot.img file which is then included by genimage.
Presumably, Yocto has equivalent post-build hooks, but I don't know what they would be.
@pelwell Thank you for clarification. @timg236 Yes, I am going to look for any such post build script. This has set my direction. I will keep this issue open for others to reply, I will also post updates if I achieve something regarding this.
There is now an example buildroot board/config for building and signing a boot.img https://github.com/raspberrypi/buildroot/blob/raspberrypi-signed-boot/README.md
As of now , I was manually making boot.img, signing it using usbboot tool for my custom yocto based image.
I would like to incorporate above step in yocto toolchain. so that I will get final signed image from yocto itself. The hardware is rpi CM4. Once I have achieved this I would like to enhance this and generate complete chain of trust including rootfs with help of yocto project.
I was not sure how to start with this, I was wondering if someone from the community has already given it a try or know how to proceed with this. If anyone can guide me or would like to contribute that will be really helpful.