| Message ID | 20250501210124.41224-1-perezmeyer@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | Add Yocto instructions for encryption | expand |
Hi Lisandro, On 5/1/25 23:01, 'Lisandro Damián Nicanor Pérez Meyer' via swupdate wrote: > From: Lisandro Perez Meyer <lpmeyer@ics.com> > The patch is missing you Signed-off-by to track your contribution to the project. Please add it. The Signed-off-by means also you agree with the Developer's Certificate and with rules stated at https://sbabic.github.io/swupdate/contributing.html. > --- > doc/source/building-with-yocto.rst | 60 ++++++++++++++++++++++++++++++ > 1 file changed, 60 insertions(+) > > diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst > index f55b83ad..491f7cba 100644 > --- a/doc/source/building-with-yocto.rst > +++ b/doc/source/building-with-yocto.rst > @@ -265,6 +265,66 @@ In the simple way, your recipe looks like > SWUPDATE_IMAGES_FSTYPES[<name of your image>] = <fstype to be put into SWU> > inherit swupdate-image > > + > +SWU image content's encryption > +----------------------------- > + > +The swupdate class is able to encrypt the contents of the SWU image. In order to do > +so, set `SWUPDATE_AES_FILE` to the full path of the key. Then, for each content > +you want to encrypt, on your SWU image recipe, add: > + > +:: > + > + > + SWUPDATE_IMAGES_ENCRYPTED[content] = "1" > + > + > +Where `content` matches the files described on `sw-description`. > + > +If you want to encrypt the headers set "headers" means .h or .hpp files. Just replace it with "sw-description". > + > +:: > + > + > + SWUPDATE_ENCRYPT_SWDESC = "1" > + > + > +Do not forget to add ``encrypted = 1;`` on each of the contents that will require > +decryption on the ``sw-description`` file. > + > +Expanding on the previous example: > + > +:: > + > + DESCRIPTION = "Example recipe generating SWU image" > + SECTION = "" > + > + LICENSE = "" > + > + # Add all local files to be added to the SWU > + # sw-description must always be in the list. > + # You can extend with scripts or whatever you need > + SRC_URI = " \ > + file://sw-description \ > + " > + > + # images to build before building swupdate image > + IMAGE_DEPENDS = "core-image-full-cmdline virtual/kernel" > + > + # images and files that will be included in the .swu image > + SWUPDATE_IMAGES = "core-image-full-cmdline uImage" > + > + # a deployable image can have multiple format, choose one > + SWUPDATE_IMAGES_FSTYPES[core-image-full-cmdline] = ".ubifs" > + SWUPDATE_IMAGES_FSTYPES[uImage] = ".bin" > + > + SWUPDATE_IMAGES_ENCRYPTED[core-image-full-cmdline.ubifs] = "1" > + SWUPDATE_IMAGES_ENCRYPTED[uImage] = "1" > + SWUPDATE_ENCRYPT_SWDESC = "1" > + > + inherit swupdate > + > + > What about grub ? > ================= > In order to use swupdate with grub, swupdate needs to be configured to use grub. Some of Best regards, Stefano Babic
diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst index f55b83ad..491f7cba 100644 --- a/doc/source/building-with-yocto.rst +++ b/doc/source/building-with-yocto.rst @@ -265,6 +265,66 @@ In the simple way, your recipe looks like SWUPDATE_IMAGES_FSTYPES[<name of your image>] = <fstype to be put into SWU> inherit swupdate-image + +SWU image content's encryption +----------------------------- + +The swupdate class is able to encrypt the contents of the SWU image. In order to do +so, set `SWUPDATE_AES_FILE` to the full path of the key. Then, for each content +you want to encrypt, on your SWU image recipe, add: + +:: + + + SWUPDATE_IMAGES_ENCRYPTED[content] = "1" + + +Where `content` matches the files described on `sw-description`. + +If you want to encrypt the headers set + +:: + + + SWUPDATE_ENCRYPT_SWDESC = "1" + + +Do not forget to add ``encrypted = 1;`` on each of the contents that will require +decryption on the ``sw-description`` file. + +Expanding on the previous example: + +:: + + DESCRIPTION = "Example recipe generating SWU image" + SECTION = "" + + LICENSE = "" + + # Add all local files to be added to the SWU + # sw-description must always be in the list. + # You can extend with scripts or whatever you need + SRC_URI = " \ + file://sw-description \ + " + + # images to build before building swupdate image + IMAGE_DEPENDS = "core-image-full-cmdline virtual/kernel" + + # images and files that will be included in the .swu image + SWUPDATE_IMAGES = "core-image-full-cmdline uImage" + + # a deployable image can have multiple format, choose one + SWUPDATE_IMAGES_FSTYPES[core-image-full-cmdline] = ".ubifs" + SWUPDATE_IMAGES_FSTYPES[uImage] = ".bin" + + SWUPDATE_IMAGES_ENCRYPTED[core-image-full-cmdline.ubifs] = "1" + SWUPDATE_IMAGES_ENCRYPTED[uImage] = "1" + SWUPDATE_ENCRYPT_SWDESC = "1" + + inherit swupdate + + What about grub ? ================= In order to use swupdate with grub, swupdate needs to be configured to use grub. Some of
From: Lisandro Perez Meyer <lpmeyer@ics.com> --- doc/source/building-with-yocto.rst | 60 ++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+)