UEFI boot and RAUC integration in yocto

What is RAUC ?

RAUC is a safe and secure lightweight update client that runs on your Embedded Linux device and reliably controls the procedure of updating your device with a new firmware revision. RAUC is also the tool on your host system that lets you create, inspect and modify update artifacts for your device.

Basically RAUC update is dual partition approach, So as shown below on target we have two partitions System-A and System-B. System will booted from one partition and new OTA update is done on other partition. In below case System-B is booted/active partition and will apply update on System-A and for next boot System-A will be active partition.

RAUC update mechanism

Update bundle is terminology used for update file/package which basically consist of Image rootfs.

Setup overview:

GRUB bootloader started by UEFI firmware is configured to select proper boot target (system-A or system-B).

With the help of update bundle will do OTA update (rollback mechanism is supported incase of update failure)

Requirements:

poky, meta-rauc, meta-rauc-community layers

How to integrate UEFI boot and RAUC update ?

1. Setup yocto build directory

$ mkdir UEFI-rauc-test
$ cd UEFI-rauc-test
$ git clone -b kirkstone https://git.yoctoproject.org/poky
$ git clone -b kirkstone https://github.com/rauc/meta-rauc.git
$ git clone -b master https://github.com/rauc/meta-rauc-community.git
$ source poky/oe-init-build-env build   # source env variable

# Add the required layers in build environment
$ bitbake-layers add-layer ../meta-rauc-community/meta-rauc-qemux86
$ bitbake-layers add-layer ../meta-rauc

2. Configure the build

# Add below configurations in conf/local.conf file

# add RAUC support to image
DISTRO_FEATURES += "rauc"
CORE_IMAGE_EXTRA_INSTALL += "rauc"   
# add UEFI boot capabilities
MACHINE_FEATURES:append = "pcbios efi"  
EXTRA_IMAGEDEPENDS += "ovmf"
# add GRUB configurations
PREFERRED_RPROVIDER_virtual-grub-bootconf = "rauc-qemu-grubconf" 
# systemd support
INIT_MANAGER = "systemd"
EXTRA_IMAGE_FEATURES += "ssh-server-openssh"

3. update bundle signing

RAUC update bundle is always cryptographically signed and is verified on target using public key certificate. To simplify the process meta-rauc-community layer already providing example script to create cert key, ship them into the bundle and invoke the required variables.

To execute this script run below command-

$ source ../meta-rauc-community/create-example-keys.sh

As a result you will see cert-key pair is created under example-ca dir in build dir. The same you can look at conf/site.conf

4. Build the image

$ bitbake core-image-minimal

Grab the coffee ☕︎ and sit tight till build finishes

5. Boot the image

Once the build is completed, launch the emulated environment

$ runqemu nographic slirp ovmf wic core-image-minimal

This will start the system and you will able to see the GRUB options as like

You can see here the Slot A, Slot B and rescue partitions. Values in the bracket represents the grub env options used by RAUC to boot the system.

select the respective partition (in this case Slot A )and hit Enter.

It will boot the system and login as username root with empty password.

Once you logged in you can use the rauc command interface and check the status as-

Here,

Ref- fig.1 to map the terminologies

rootfs.0 ===> system A partition
rootfs.1 ===> system B partition

You can also see boot status as highlighted, in there

boot status: good   # means active partition and system booted from it
boot status: bad    # means inactive partition 

6. Preparing the update bundle

Run below command

$ bitbake qemu-demo-bundle

You can get bundle file (.raucb file) as below

If you want to check the bundle content run below command-

$ bitbake rauc-native -c addto_recipe_sysroot

then run

7. Installing RAUC Bundle

First copy the bundle to target machine(QEMU) using scp command.

After copying the bundle, run below command-

$ rauc install qemu-demo-bundle-qemux86-64.raucb

in the output you can see update progress-

After successful installation you can see the active partition flag (‘x’ mark )changed to rootfs.1 as previously it was set to rootfs.0

Run below command to get more details about scheme

$ rauc status --detailed

8. Reboot the system to boot from updated partition

As upon first boot (after RAUC update), you will see the GRUB boot menu again, but now with the Slot B entry being pre-selected and once you hit enter you’ll be booted from System-B partition.

Whoa !! you did it.

Clap if you liked it. Comment your questions, will discuss.

Don’t forget to like, comment, and subscribe to my youtube channel https://www.youtube.com/channel/UC0gLxk2vYC4LtbXyjBLy4sA for more tutorials on embedded systems and Linux.