Last edited 3 months ago

X-LINUX-AWS Distribution Package



1. Generate X-LINUX-AWS OpenSTLinux distribution

With the following procedure, you can generate the complete distribution enabling the X-LINUX-AWS expansion package.
This procedure is mandatory to use TPM on the X-LINUX-AWS expansion package.

1.1. Download the Distribution Package

  • Install the OpenSTLinux Distribution Package by following the dedicated article (STM32MPU Distribution Package) but do not initialize the OpenEmbedded environment (do not source the envsetup.sh).

1.2. Install X-LINUX-AWS environment

1.2.1. Clone the meta-st-x-linux-aws git repository

cd <Distribution Package installation directory>/layers/meta-st
git clone https://github.com/STMicroelectronics/meta-st-x-linux-aws.git -b v6.0.1

1.2.2. Clone the meta-st-x-linux-tpm git repository

cd <Distribution Package installation directory>/layers/meta-st
git clone https://github.com/STMicroelectronics/meta-st-x-linux-tpm.git -b 6.0.0

1.2.3. Clone the meta-aws git repository

cd <Distribution Package installation directory>/layers
git clone https://github.com/aws4embeddedlinux/meta-aws.git -b scarthgap

1.2.4. Clone the meta-security git repository

cd <Distribution Package installation directory>/layers
git clone https://git.yoctoproject.org/meta-security -b scarthgap

1.3. Configure Yocto project

  • For a new environment
Source the build environment with the correct board and layers:
  • For STM32MP135F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>
MACHINE=stm32mp1 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh
  • For STM32MP257F-DK Discovery kit More info green.png or STM32MP257x-EV1 Evaluation board More info green.png
cd <Distribution Package installation directory>
MACHINE=stm32mp2 DISTRO=openstlinux-weston BSP_DEPENDENCY='layers/meta-security/meta-tpm layers/meta-st/meta-st-x-linux-tpm layers/meta-st/meta-st-x-linux-aws layers/meta-aws' source layers/meta-st/scripts/envsetup.sh


  • For an already installed environment
Add the layers to the Yocto environment:
cd <Distribution Package installation directory>
source layers/meta-st/scripts/envsetup.sh
bitbake-layers add-layer ../layers/meta-st/meta-st-x-linux-aws ../layers/meta-security/meta-tpm ../layers/meta-st/meta-st-x-linux-tpm ../layers/meta-aws ../layers/meta-security

1.4. Build the image

bitbake st-image-aws

1.5. Program the built image

Follow this link to see how to program the built image.

  • For STM32MP135F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp1/tmp-glibc/deploy/images/stm32mp1
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp135f-dk-optee.tsv
  • For STM32MP257F-DK Discovery kit More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-dk-optee.tsv
  • For STM32MP257x-EV1 Evaluation board More info green.png
cd <Distribution Package installation directory>/build-openstlinuxweston-stm32mp2/tmp-glibc/deploy/images/stm32mp2
STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-aws/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv

2. Main software modifications

Through the X-LINUX-AWS Distribution Package, the OpenSTLinux distribution is mainly changed at two levels:

  • The Linux® kernel configuration and Device tree level with the X-LINUX-TPM expansion package integration.
  • User space bringing necessary libraries and tools to use AWS Greengrass, OP-TEE, and the TPM expansion board features.

List of modifications:

  • recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend
    • Installation of Greengrass core software into directory /opt/greengrass/v2/
    • Download and installation of AmazonRootCA1 certificate
    • Download and installation of Pkcs11Provider 2.0.6 to use (hard or soft) Security Module at first connection
    • Configuration file modifications
  • recipes-security/latchset/pkcs11-provider.bb
    • Installation of PKCS#11provider for OpenSSL 3.x
    • Installation of OpenSSL PKCS#11 provider configuration file
  • recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_%.bbappend
    • Creation of a directory /etc/tpm2_pkcs11/ to store some metadata to make the tpm2-pkcs11 library operate correctly.
  • recipes-samples/demo-application/demo-application-aws.bb
    • Grant user weston the right to perform some operations
    • Creation of a demonstration application to:
      • Visualize current Greengrass Core Device configuration
      • Show Greengrass component status
      • Interact with an MQTT network by subscribing and publishing to topics
  • recipes-st/images/st-image-aws.bb
    • Creation of a custom build image