| Andrew Geissler | 2daf84b | 2023-03-31 09:57:23 -0500 | [diff] [blame] | 1 | dm-verity and beaglebone-black |
| 2 | ------------------------------ |
| 3 | Set/uncomment the MACHINE line for "beaglebone-yocto" if you haven't yet. |
| 4 | |
| 5 | In addition to the basic dm-verity settings, you'll also want in local.conf: |
| 6 | |
| 7 | IMAGE_BOOT_FILES:remove = "zImage" |
| 8 | IMAGE_BOOT_FILES:append = " zImage-initramfs-${MACHINE}.bin;zImage" |
| 9 | WKS_FILES = "${MACHINE}-verity.wks.in" |
| 10 | |
| 11 | Read-only issues: The beaglebone BSP by default declares the following: |
| 12 | |
| 13 | SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0" |
| 14 | SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" |
| 15 | |
| 16 | ...which are variables used by sysV init, in order to determine the |
| 17 | appropriate /etc/inittab entries. The problem that arises is that by |
| 18 | default, an on-target runtime check of /proc/consoles is used to finalize |
| 19 | the /etc/inittab -- and of course that fails a build with read-only-rootfs |
| 20 | [see the pkg_postinst_ontarget rule in the sysvinit rule for details.] |
| 21 | |
| 22 | If you don't need a serial console, the quick fix is to add in local.conf |
| 23 | |
| 24 | SERIAL_CONSOLES = "" |
| 25 | |
| 26 | If you do need/want a serial console, then probably a local bbappend to |
| 27 | manually set the /etc/inittab as desired is easiest. |
| 28 | |
| 29 | After running "wic create -e core-image-minimal beaglebone-yocto-verity" |
| 30 | you should have a "direct" image ready to write to a u-SD card. Remember |
| 31 | that the "direct" image contains the bootloader and partition table |
| 32 | already, so you'll be writing it to a device such as /dev/sdb and not |
| 33 | just a partition -- like /dev/sdb1 |
| 34 | |
| 35 | Also recall that booting from u-SD requires pressing and holding the S2 |
| 36 | (SYSBOOT) button during power-on in order to divert the boot from the normal |
| 37 | soldered on storage and to the removable u-SD card. |