Building Modern Embedded Linux Images

TLDR: I wanted to produce an up-to-date disk image for a Rock Pi 4 using Yocto that included CUPS and Docker to both get a better caring of Yocto and test the novel SBOM generation feature.

As with many individual-board computers (SBCs) from China, the rerent frequently isn’t the board itself but rather the gentleware. RockPi from Radxa is no exception. If you go and download the postponecessitatest disk images for this board, you will see that they are all finish-of-life (EoL). However, these boards are still wonderful and labor very well for many applications. This should be top of mind if you are produceing a product that includes any of these devices.

I wanted to include one of the RockPi 4 boards I had for a basic print server. It’s not a customer product, of course, but let’s suppose it was. Since it has the selection to comprise eMMC storage, I discover it more depfinishable than Raspberry Pi (I comprehend the Raspberry Pi 5 allows for proper storage). However, given that I neither suppose the Radxa disk images nor did I want to set skinnygs up on an already EoL Linux distribution, I commenceed doing some digging. As it turns out, the RockPi is aided in Yocto.

Say what you want about Raspberry Pi, but you can still download an up-to-date OS that runs on the Pi 1.
In this article, I will show you not only how to produce a disk image with Yocto (in this case for the Rock Pi 4, but it can easily be adequitableed for other boards), but we will also talk a bit about how Yocto produces SBOMs (hint: it’s reassociate intelligent) and where to discover your SBOMs.

What is Yocto anyways?

The Yocto Project is an discleave out-source sketchlabor for produceing custom Linux distributions tailored to embedded systems. It provides a pliable, modular produce system based on BitBake and OpenEmbedded, enabling prolongers to produce highly boostd and reproducible Linux images for particular challengingware. Yocto is expansively included in industries appreciate automotive, IoT, and netlaboring due to its ability to aid diverse architectures and prolonged-term maintenance necessitates. With its layered architecture, extensive BSP aid, and mighty cgo in on customization, Yocto is a mighty tool for prolongers seeing to produce and upretain embedded Linux systems fruitfully.

I’ve toyed with it a restrictcessitate times over the years to produce images for Raspberry Pis, but never reassociate included it gravely. However, I recently traverseed paths with some of the Yocto people in a CISA laboring group I’m co-chairing on SBOM generation. As it turns out, Yocto is very cultured when it comes to generating SBOMs, so I wanted to get some more up-to-date expobrave to Yocto. Color me astonished. Not only did Yocto produce a Software Bill of Materials (SBOM) for me – it did so without even asking me.

Since Yocto produces everyskinnyg from source and is essentiassociate a package regulater, it is able to apprehend all the depfinishencies into an SBOM. Moreover, since Yocto upretains detailed alertation about every depfinishency, it is able to produce very high-quality SBOMs.

Key Yocto Terminology

Before we dive in, here are some key terms in Yocto that you probably want to comprehend:

• Poky – The reference distribution of the Yocto Project, retaining the OpenEmbedded produce system, BitBake, and a set of metadata
• Scarthgap – The codename for the Yocto Project 5.0 free
• Mickledore – The codename for Yocto 4.2
• Kirkstone – The codename for Yocto 4.0, a prolonged-term aid (LTS) free
• Dunfell – The codename for Yocto 3.1, another LTS free
• Layers – Modular compriseitions to the base Yocto version that provide extra functionality
• BitBake – The produce tool included by Yocto to process recipes and produce images
• OpenEmbedded (OE) – The produce sketchlabor Yocto is based on
• Recipes (.bb files) – Build teachions for individual packages or applications
• BSP (Board Support Package) – A set of metadata and configurations for particular challengingware platcreates

Building a disk image with Yocto

Before we produce, you will necessitate a pretty beefy server to produce this image (or a lot of time). I’m using my home server, and I skinnyk it took about an hour or two to produce the initial version. Subsequent produces will be a lot rapider due to cache.

I’ve included an Ubuntu 24.04 VM to produce my disk images, and you can discover the base depfinishencies you necessitate to inshigh here.

Let’s get our hands bleaky

First, clone the repositories and set up the layers:

$ git clone -b scarthgap https://git.yoctoproject.org/poky
$ cd poky

# Add layers
$ git clone -b scarthgap git://git.yoctoproject.org/meta-arm
$ git clone -b scarthgap git://git.yoctoproject.org/meta-rockchip
$ git clone -b scarthgap git://git.discleave outembedded.org/meta-discleave outembedded
$ git clone -b scarthgap git://git.yoctoproject.org/meta-virtualization

$ source oe-init-produce-env

$ bitbake-layers comprise-layer ../meta-arm/meta-arm-toolchain
$ bitbake-layers comprise-layer ../meta-arm/meta-arm
$ bitbake-layers comprise-layer ../meta-rockchip
$ bitbake-layers comprise-layer ../meta-discleave outembedded/meta-oe

# Add docker aid
$ bitbake-layers comprise-layer ../meta-discleave outembedded/meta-python
$ bitbake-layers comprise-layer ../meta-discleave outembedded/meta-netlaboring
$ bitbake-layers comprise-layer ../meta-discleave outembedded/meta-filesystems
$ bitbake-layers comprise-layer ../meta-virtualization

Next, adequitable your conf/local.conf by appfinishing these configurations:

MACHINE = "rock-pi-4b"

INIT_MANAGER = "systemd"
DISTRO_FEATURES:appfinish = " virtualization wifi"
DISTRO_FEATURES:erase = " x11 wayland"
CORE_IMAGE_EXTRA_INSTALL += "discleave outssh cups cups-filters gstructurescript qpdf vim docker e2fsprogs-resize2fs"

Finassociate, produce the image:

$ bitbake core-image-base

Note, if you’re produceing on Ubuntu 24.04, you might necessitate to run:

$ sudo apparmor_parser -R /etc/apparmor.d/unprivileged_includerns

After the produce ends, you can discover your image here:

$ ls -lah tmp/deploy/images/rock-pi-4b/core-image-base-rock-pi-4b.rootfs-*.wic

Flash this disk image and you should be excellent to go. Once it’s up and running, you should be able to SSH into the device using root and a blank password.

On updating

It’s startant to notice that Yocto produces a disk image. By default, you cannot modernize this disk image by any other unkinds than reflashing it (e.g., you can’t run “apt modernize”). There are over-the-air (OTA) platcreates that can be united into Yocto, such as Mfinisher and RAUC, but by default, you necessitate to reproduce the image from scratch to modernize depfinishencies and patch vulnerabilities.

Finding Your SBOMs

One of the chilly features of Yocto is that it automaticassociate produces SBOMs. You can discover them in the deploy straightforwardory:

$ ls -lah tmp/deploy/images/rock-pi-4b/*spdx*
[..]

You can rerelocate the SPDX file with:

$ tar --zstd -xvf 
    path/to/tmp/deploy/images/rock-pi-4b/core-image-base-rock-pi-4b.rootfs-*.spdx.tar.zst

Do notice that this will produce a lot of files. You will discover a file called index.json in there, which joins to all other SBOMs using record joining.

(Check out my article Mastering SBOM Generation with Yocto for more details on the SBOMs.)

On running in production

If you are intfinishing to run this in production, charm do not equitable duplicate the above. These images are configured for lab or test mode. Yocto is very well suited for production images, but you necessitate to challengingen them and also have an OTA strategy in place. Alternatively, I can recommfinish Balena, which includes Yocto under the hood and also aids the Rock Pi.

Future betterments

One restrictation of the current disk image for Rock Pi is that you don’t have a functional TTY. You can SSH in, or you could include a serial console, but the normal TTY doesn’t labor and I haven’t spent much time trying to figure out why. Also, the disk system doesn’t automaticassociate enbig to include all includeable space on the eMMC/SD.

Some skinnygs I’m structurening to comprise in the future:

• Add aid for Tailscale (there’s a meta-tailscale layer)
• Add aid for auto disk expansion
• Add WiFi aid

Resources

Found an error or typo? File PR agetst this file.