[yocto] General Question: Device specific value store

Tue Jun 25 06:25:13 PDT 2019

You could either partition the flash with intentional space left at the end
of the disk and write/read directly to the flash at the specified location
or you could put it at the end of the uboot space.  There is a chunk of
unused space at the end of the uboot image that is not used IIRC that
should give enough for a serial and key.  You'd have to test to find out
for sure.  You could cat the uboot image to hexdump to see how much space
is left empty.  The idea of a space at the end of the flash is probably
better as reformatting or re-partitioning with this space left alone should
retain your values.

If anyone has issues with these suggestions feel free to correct me but it
seems pretty safe to me since you have control over how you partition your
device and this data will be pretty static.

On Tue, Jun 25, 2019 at 6:09 AM Gabriele Zampieri <gabbla.malist at gmail.com>
wrote:

> Hi Matthias,
>
> an easier solution may be write those data during production. I don't
> think that having a custom partition for each device is a good idea. You
> could start the device in "production mode" and inject into the device
> specific data through serial or USB. Obviously you must have some piece of
> software running on the device that can read/write that partition.
>
> In my opinion Yocto does not mention anything about this procedure
> probably because this is not the standard way.
>
> Gabriele
>
> Il giorno mar 25 giu 2019 alle ore 10:53 Matthias Schoepfer <
> matthias.schoepfer at googlemail.com> ha scritto:
>
>> Hi Morné,
>>
>> thanks for you answer. Maybe, I will explain more: we have a Dragonboard
>> 410c based hardware. We use a read-only rootfs in one partition
>> (actually two with A/B approach) and we have a data partition for user
>> data as well as device specific data. We can partition and flash the
>> device through fastboot. So, if we can prepare ext4 filesystems (maybe
>> through yocto instead of hand-crafted scripting) for each device,
>> commissioning will be an easy task for the manufacturer.
>>
>> I guess, we are not the only ones that need to store device specific
>> information besides the rootfs, and I do not find a whole lot about it
>> in the yocto manuals. I wonder, if there are best practices, how to
>> protect the data from getting corrupted (intentionally by an attacker or
>> by accident through ... flash corruption or whatever).
>>
>> Regards,
>>
>>     Matthias
>>
>> On 6/24/19 9:08 AM, Morné Lamprecht wrote:
>> > On Mon, Jun 17, 2019 at 05:25:56PM +0200, Matthias Schoepfer wrote:
>> >> Is there a smart, recommended way to deal with device specific data
>> >> (i.e.  serial number, credentials for backend access, you name it),
>> >> that is specific for *one* device, and hence does not belong into the
>> >> rootfs. I know, that there are (safe) hardware stores for it, but
>> >> what, if your device does not have one.
>> >
>> > Not sure if I'm misunderstanding your question, but this should be
>> > part of your device commissioning process, i.e. like injecting
>> > specific security keys etc...so basically this will part of your image
>> > install / flash process, and not really part of the Yocto build
>> > process. The specifics of such a process would depend on your specific
>> > commissioning process.
>> >
>> >         - Morné
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>

-- 
Larry Brown
S/V Trident
Palm Harbor, FL
~~~~~~~~~~~~~~~~~_/)~~~~~~~~
    ~     ~          ~~           ~
~           ~~_/)    ~      ~ ~        ~
     ~                  _/)          ~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190625/26d5109b/attachment.html>