In this guide, you will deploy an end to end solution for rolling out software updates to edge devices. As a first step, you will build on your computer a full-blown backend server. It will include everything you need to manage and deploy updates to remote IoT devices. As a second step, you will build a Linux distribution for one of the supported board by FullMetalUpdate and several containers. As the last step, we will start rolling out updates to your IoT devices. As a part of this introduction, we would like to welcome you to the age of Edge Computing!
Hardware currently supported
Device Name
Machine Name
Yocto Version Supported
SABRE Platform, i.MX 6Quad/6Dual
imx6qdlsabresd
Rocko
NXP® i.MX 8MQuad Evaluation Kit
imx8mqevk
Warrior, Zeus
STM32MP157C-DK2 Discovery Kit
stm32mp1-disco
Thud
Raspberry Pi 3
raspberrypi3
Rocko
Set up the server
Before you start, you might need to install a couple of additional software on your computer:
Linux
Docker
Git
Curl
Python2 or 3 and Pip
On Debian and Ubuntu: golang-docker-credential-helpers
Windows 10
Docker for Windows: https://hub.docker.com/editions/community/docker-ce-desktop-windows
Git for Windows: https://gitforwindows.org/
Python3 and PIP: https://www.python.org/downloads/release/python-373/
Start the server
Let’s get started!
Linux
Start your favorite terminal.
Windows 10
Look for Git BASH in the start menu and start it.
In a working directory, use git to download the latest version of FullMetalUpdate:
FullMetalUpdate comes with a script that brings up automatically the environment. Running this script will setup everything needed on your computer to start FullMetalUpdate server:
$ ./StartServer.sh
The first time you run this command it can take up to 10 minutes (depending of your internet connection) then the following times it will not take longer than 60 seconds. When your FullMetalUpdate server is fully started you should read in your terminal:
org.eclipse.hawkbit.app.Start : Started Start in 24.46 seconds (JVM running for 27.168)
Configure and test the server
A wrap up script is provided to automatically configure the server:
$ ./ConfigureServer.sh
You can now test your installation by connecting on:
http://localhost:8080
The login is admin and the password is admin.
Congratulations! You have finished the FullMetalUpdate server setup!
Install an image
Your first image
It is time to install a first image on your target. This image will be used to boot your board. At first, it includes only a simple hello world container. Before you can install an image, you need either to build one from scratch or download a pre-built image:
Then you need to configure the build to connect your target to the server. You can achieve this step by running the script below:
$ ./ConfigureBuild.sh
FullMetalUpdate comes with a script that automatically bring up the environment and start the build:
$ ./StartBuild.sh sync imx6qdlsabresd rocko dev
$ ./StartBuild.sh all
The first time you will run this command, the build process will take a couple of hours and therefore, it is strongly recommended to run this step overnight.
The result of the build process is located in the directory “images”.
Flash your image
Depending of your Operating System :
Linux
Assuming that you are in the images directory, you can write the image to an SDCARD by using the dd command:
Insert the SD card into your SD card reader. You can use the SD card slot if you have one, or an SD adapter in a USB port. Note the drive letter assigned to the SD card. You can see the drive letter in the left hand column of Windows Explorer, for example G:
Select the image file fullmetalupdate-os-package-<TARGET>.wic in the images directory.
In the device box, select the drive letter of the SD card. Be careful to select the correct drive: if you choose the wrong drive you could destroy the data on your computer’s hard disk! If you are using an SD card slot in your computer, and can’t see the drive in the Win32DiskImager window, try using an external SD adapter.
Depending whether you are running the build on Windows 10 or on Linux, how powerful you computer is and if you already build your image from scratch it can take between 20 minutes and several hours. Then for the next builds it will only take a couple of minutes.
Step 3
Connect on:
http://localhost:8080
The login is admin and the password is admin. Follow the steps in the video below to add the container to your embedded system:
Step 4
Let’s log into the container to update the bitbake recipe used to build the application:
$ ./StartBuild.sh bash
$ cd ../sources/meta-fullmetalupdate-extra/recipes-containers/container-qt-evcs/
You can use nano to edit the recipe:
$ nano evcs_1.0.bb
Edit the file and change “step1” by “step2”. Then press CTRL^X to leave the editor, press y when prompted to save the file. Finally, you can exit the build environment:
$ exit
The last step, consist in rebuilding the container:
The last step, consist in rebuilding the Linux OS:
$ ./StartBuild.sh fullmetalupdate-os
Depending whether you are running the build on Windows 10 or on Linux, how powerful you computer is and if you already build your image from scratch it can take between 20 minutes and several hours. Then for the next builds it will only take a couple of minutes.
Step 3
Connect on:
http://localhost:8080
The login is admin and the password is admin. Follow the steps in the video below to update the OS on your IoT device:
What’s next?
In this Getting Started guide you learned how to update/deploy Containers and OS on many IoT devices. But what should be your next move to transform this demo into a production ready environment? Foremost, you should think about security. Thus, security is paramount but there is no generic solution fitting any type of devices. It is a trade off between how much money and time a hacker will be willing to invest in hacking your device. Opposed to the amount of money and time you will be willing to invest to secure it:
For instance, if you develop a temperature sensor or a lock for a secure vault, the solutions used to secure these devices will be quite different. In fact, the level of security needed for a secure vault is so high that it is not reusable for a temperature sensor. It would increase its price to a degree where it will not be possible to sell it anymore. Thus, it is mandatory to assess what level of security is necessary for your specific type of product.
Production ready
FullMetalUpdate implements everything you need to enable the right level of security for your product. On the embedded side, Yocto gives you access to the secure boot, data encryption and trust zone. On the server side, OsTree is the solution used by Redhat to update its servers. Hawkbit is the solution developed by Bosch to update all their IoT products. These solutions are all industrial grades. They have been tested for years on many projects! But, of course they need a certain level of adaptation to offer your product the right level of security. You can find plenty of documentation on internet to realize this setup yourself. But if you need some help, feel free to contact us.
