.. |br| raw:: html
.. _rauc-guide-index:
RAUC
====
Introduction
------------
RAUC is a lightweight update client that runs on your embedded device
and reliably controls the procedure of updating your device with a new
firmware revision.
RAUC is also the tool on your host system that lets you create,
inspect and modify update files (”bundles”) for your device.
Please refer to `RAUC documentation`_ for a detailed documentation from RAUC.
Yocto Setup
-----------
Setup a complete Yocto build environment using the ``karo-minimal``
DISTRO for your module.
Until now, we only tested rauc with the QSMP* and TXMP* modules and i.MX8- and i.MX9 modules.
.. note:: **QSMP, TXMP** use :ref:`mainline-yocto-guide-index`
#. Setup the Yocto build-directory as described in the Yocto guide for your machine.
#. Add the following to ``conf/local.conf``:
.. code-block:: text
DISTRO_FEATURES:append = " rauc"
#. Compile the image.
.. prompt::
:prompts: $
bitbake karo-image-minimal
.. note:: RAUC is only usable for karo-image-minimal or a custom
image because the other images are to big to have two
rootfs partitions with the same size.
#. Program your module using uuu and reset it.
You can also do your own partitioning of the module. Refer to :ref:`partitioning`.
By default there are two redundant systems on the board for rauc.
#. After reset run
.. prompt::
:prompts: U-Boot >
setenv boot_mode mmc_rauc
saveenv
If the boot_mode is set to mmc, the boot script will not be used
and rauc can't switch between partitions.
#. Boot your board.
Basically, the rauc service is already running when you start Linux.
It is essential to ensure that your rootfs is writable. If it is read-only, you can use the implemented rw-alias to make it writable.
The command
.. prompt::
:prompts: root@txmp-1570:~#
rauc status --detailed
displays the detailed status of the update slots (A/B partitions), including boot information, installed versions, slot statuses, and boot attempts.
Host Setup
----------
Prerequisites for host PC
~~~~~~~~~~~~~~~~~~~~~~~~~
* build-essential
* meson
* libtool
* libdbus-1-dev
* libglib2.0-dev
* libcurl3-dev
* libssl-dev
.. code-block:: text
sudo apt-get install build-essential meson libtool libdbus-1-dev libglib2.0-dev libcurl3-dev libssl-dev
Building rauc for host PC from sources
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: text
git clone https://github.com/rauc/rauc
cd rauc
meson setup build
meson compile -C build # or 'ninja -C build' on meson < 0.54.0
Install rauc on host PC
~~~~~~~~~~~~~~~~~~~~~~~
RAUC can be used directly from the build dir, or optionally be installed.
.. code-block:: text
meson install
Using rauc
----------
Start the rauc service on the module
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The rauc service is started automatically at boot.
You can check whether the service is running using the command:
.. prompt::
:prompts: root@txmp-1570:~#
ps aux | grep rauc
If the service is not running, you can start it manually:
.. prompt::
:prompts: root@txmp-1570:~#
rauc service &
Create a bundle on host PC
~~~~~~~~~~~~~~~~~~~~~~~~~~
Create a directory with the content that should be installed. For example a new root filesystem.
.. code-block:: text
mkdir content-dir/
cp /rootfs.ext4 content-dir/
Create a manifest describing which image to install where together with some meta info
.. code-block:: text
cat >> content-dir/manifest.raucm << EOF
[update]
compatible= (e.g. txmp-1570)
version=2024-06-14
[bundle]
format=verity
[image.rootfs]
filename=rootfs.ext4
EOF
Let RAUC create a bundle from this
.. code-block:: text
rauc --cert /cert.pem --key /key.pem bundle content-dir/ update-2024-06-14.raucb
In your bsp in the meta-karo-distro layer you can find the key and the cert.
.. code-block:: text
...meta-karo-distro/dynamic-layers/recipes-core/bundles/files/development-1.cert.pem
...meta-karo-distro/dynamic-layers/recipes-core/bundles/files/private/development-1.key.pem
.. note:: This key and cert is only a development key and cert. For
productive usage, please create your own ones.
Install the bundle on the module
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The created bundle (in the example update-2024-06-14.raucb) needs
to be copied to the module to install it.
To install the bundle run the following command on the modules
linux commandline
.. prompt::
:prompts: root@txmp-1570:~#
rauc install /update-2024-06-14.raucb
After cyptographically verifying the bundle, RAUC will now
determine the active slots by looking at the rauc.slot variable.
Then, it can select the target slot for the update image from the
inactive slots.
When the update is installed completely, we just need to restart
the system. U-Boot will then try to boot the newly installed
rootfs.
The updated slot will be automatically marked good if the boot process was successful.
.. note:: If the U-Boot boot script detects a slot change, it reboots the board in order to reload the device trees of the new bootfs partition.
HTTPS streaming of the bundle
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instaed of installing the bundle locally, you can also stream it via an internet connection.
The bundles can be installed directly from a HTTP(S) server, without having to download and store the bundle locally.
Simply use the bundle URL as the rauc install argument instead of a local file.
.. prompt::
:prompts: root@txmp-1570:~#
rauc install https:///your_update.raucb
Eclipse hawkBit™
----------------
Using Eclipse hawkBit™ as backend solution
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eclipse hawkBit™ is an open-source backend framework designed to manage software and firmware updates for
network connected devices, particularly for over-the-air (OTA) rollouts.
It allows developers to control update campaigns for large device fleets, supporting phased, secure, and automated deployments.
To utilise RAUC together with the Eclipse hawkBit™ backend framework you need to run a client software running on
each device. It aims to provide a ready-to-use bridge between the hawkBit REST DDR API on one side and the RAUC D-Bus API
on the other. The rauc-hawkbit-updater is a separate application project developed under the RAUC organization umbrella.
For detailed information visit the rauc-hawkbit-updater client project on GitHub: `https://github.com/rauc/rauc-hawkbit-updater`_
To add the rauc-hawkbit-updater client to your image, add the following line to your ``conf/local.conf``:
.. code-block:: text
IMAGE_INSTALL:append = " rauc-hawkbit-updater"
A config-file must be provided to control the rauc-hawkbit-updater. An example can look like this:
.. code-block:: text
[client]
hawkbit_server = :8080
target_name = QSBASE93-0E51AA
auth_token = 26282ab6f9f279b800734a024194ab9c
#gateway_token = chietha8eiD8Ujaxerifoxoh6Aed1koof
#ssl_key = pkcs11:token=mytoken;object=mykey
#ssl_cert = /path/to/certificate.pem
bundle_download_location = /tmp/bundle.raucb
#tenant_id = DEFAULT
ssl = false
#ssl_verify = true
#ssl_engine = pkcs11
#connect_timeout = 20
#timeout = 60
#retry_wait = 300
#low_speed_time = 60
#low_speed_rate = 100
#resume_downloads = false
stream_bundle = true
post_update_reboot = true
log_level = message
#send_download_authentication = true
[device]
product = KaRo-SOM
model = QS93-5210
serialnumber = 00-0C-C6-0E-51-AA
hw_revision = 2
baseboard = qsbase93
key2 = value
Please note:
- Add port 8080 to the server-IP address if the hawkBit™ application is installed in a Docker container.
- The target_name must match the "Controller Id" name in hawkBit™'s Targets definition.
- The auth_token key must match the appropriate key hawkBit™'s Targets definition.
- Set stream_bundle = true, because there is not enough space on the device to store the bundle first.
- post_update_reboot = true cause the updater client to reboot the device after installing the bundle.
This will cause the new update to be booted.
- all the keys, specified in the [device]-section are imported into the database as attributes for
the corresponding target upon initial contact with the hawkBit™ server.
hawkBit™ base server setup
~~~~~~~~~~~~~~~~~~~~~~~~~~
hawkBit™ can either be installed as a Docker image or the source code can be cloned and rebuild.
For detailed informations of all the options please refer to the `Quick Start`_ section of the hawkBit™ documentation
For a monolith configuration and if you want to start also the hawkBit UI, you can use, for PostgreSQL:
.. prompt::
:prompts: [linux]:
git clone https://github.com/eclipse-hawkbit/hawkbit.git
cd hawkbit/docker/postgres
docker compose -f docker-compose-monolith-with-ui-postgres.yml up -d
Access hawkBit™ Management API via Swagger-UI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Swagger UI is an open-source tool that automatically generates interactive, browser-based
documentation for APIs from an OpenAPI Specification. It allows developers to visualize, document,
and test RESTful API endpoints directly in the browser without writing any backend code or implementation logic.
With the Swagger UI you are able to explore the whole Management API in detail.
To enter the UI, please access the following page in your Internet browser:
.. code-block:: text
http://localhost:8080/
Control Management API via hawkBit™-UI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Eclipse hawkBit™ UI is a graphical user interface for the Eclipse hawkBit open-source backend,
designed to manage software and firmware updates (OTA) for IoT and edge devices.
It enables administrators to visualize device rollouts, manage software repositories, and monitor update progress.
Please note, not all of the Management API's functionality is available there.
The Swegger UI is significantly more powerful in terms of its range of features.
To enter the hawkBit™-UI, please access the following page in your Internet browser:
.. code-block:: text
http://localhost:8088/
.. _partitioning:
Custom partitioning and system.conf
-----------------------------------
For creating a custom partitioning and configure rauc to your
needs, you should create your own yocto-layer according to
":ref:`create-custom-layer`\" in the :ref:`yocto-guide-index`\ .
The implemented rauc configuration is just an example, you will
need to tailor the partitioning and system.conf according to your needs.
We decided to setup a redundant system with the following structure:
.. code-block:: text
├── bootfs
│ └── bootfsB
├── rootfs
│ └── rootfsB
└── userfs
└── userfsB
If you want to change this, you can edit the uuu.auto script in your deploy directory.
After changing the partitioning, you should copy the system.conf from
/layers/meta-karo-distro/dynamic-layers/recipes-core/rauc/files/
to your own layer:
/layers/meta-mydistro/dynamic-layers/recipes-core/rauc/files/
and chenge it there according to your needs.
For more informations, please refer to `RAUC partitioning`_
.. _`RAUC documentation`: https://rauc.readthedocs.io/
.. _`RAUC partitioning`: https://rauc.readthedocs.io/en/latest/integration.html#emmc
.. _`https://github.com/rauc/rauc-hawkbit-updater`: https://github.com/rauc/rauc-hawkbit-updater
.. _`Quick Start`: https://hawkbit.eclipse.dev/#/quick-start