Re: General Question: Device specific value store

From: Gabriele Zampieri <gabbla.malist@gmail.com>
To: Yocto discussion list <yocto@yoctoproject.org>
Subject: Re: General Question: Device specific value store
Date: Tue, 25 Jun 2019 12:08:24 +0200	[thread overview]
Message-ID: <CAAx3WaA+OemjNchvCFd_3m3K5LE4OedqFVtwdPAjYNwUSWv28Q@mail.gmail.com> (raw)
In-Reply-To: <43163f9c-29e2-6069-bd13-ff65f82d55bd@googlemail.com>

[-- Attachment #1: Type: text/plain, Size: 2562 bytes --]

Hi Matthias,

an easier solution may be write those data during production. I don't think
that having a custom partition for each device is a good idea. You could
start the device in "production mode" and inject into the device specific
data through serial or USB. Obviously you must have some piece of software
running on the device that can read/write that partition.

In my opinion Yocto does not mention anything about this procedure probably
because this is not the standard way.

Gabriele

Il giorno mar 25 giu 2019 alle ore 10:53 Matthias Schoepfer <
matthias.schoepfer@googlemail.com> ha scritto:

> Hi Morné,
>
> thanks for you answer. Maybe, I will explain more: we have a Dragonboard
> 410c based hardware. We use a read-only rootfs in one partition
> (actually two with A/B approach) and we have a data partition for user
> data as well as device specific data. We can partition and flash the
> device through fastboot. So, if we can prepare ext4 filesystems (maybe
> through yocto instead of hand-crafted scripting) for each device,
> commissioning will be an easy task for the manufacturer.
>
> I guess, we are not the only ones that need to store device specific
> information besides the rootfs, and I do not find a whole lot about it
> in the yocto manuals. I wonder, if there are best practices, how to
> protect the data from getting corrupted (intentionally by an attacker or
> by accident through ... flash corruption or whatever).
>
> Regards,
>
>     Matthias
>
> On 6/24/19 9:08 AM, Morné Lamprecht wrote:
> > On Mon, Jun 17, 2019 at 05:25:56PM +0200, Matthias Schoepfer wrote:
> >> Is there a smart, recommended way to deal with device specific data
> >> (i.e.  serial number, credentials for backend access, you name it),
> >> that is specific for *one* device, and hence does not belong into the
> >> rootfs. I know, that there are (safe) hardware stores for it, but
> >> what, if your device does not have one.
> >
> > Not sure if I'm misunderstanding your question, but this should be
> > part of your device commissioning process, i.e. like injecting
> > specific security keys etc...so basically this will part of your image
> > install / flash process, and not really part of the Yocto build
> > process. The specifics of such a process would depend on your specific
> > commissioning process.
> >
> >         - Morné
> --
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>

[-- Attachment #2: Type: text/html, Size: 3280 bytes --]