First question/discussion here, so be gentle. Also, just wanted to say a BIG THANK YOU to the whole mender team and community for building an awesome set of tools.
tl;dr - Q. What’s the recommended best practice for updating RPi4
config.txt and other files (e.g. firmware) in
/uboot when deploying rootfs updates (to A/B partitions) generated by mender-convert?
I recently started evaluating Mender for RPi4, using the hosted.mender.io trial server together with mender-convert. Our preliminary (tyre kicking) work-flow is:
- Grab clean older RasPi OS Lite distribution (raspios_lite_armhf-2020-05-28 due to MEN-3941).
- Use mender-convert with minimal/simple config to create a .img (and .mender artifact) which is then written to RPi4 sd-card.
- Power-up and authorise RPi4 “vanilla” device to mender server.
- Grab clean RasPi OS Lite distribution (recent raspios_lite_armhf-2020-12-04).
- Write to another sd-card and boot RPi4, boot.
- Run Ansible playbook against RPi4 to construct “golden” configuration, shutdown.
- Grab copy (dd) of RPi4 sd-card image.
- Use mender-convert with more interesting config/overlay, which nullifies machine-id, and installs a systemd one-shot service that renames host at same moment new machine-id is committed, so that our fielded devices don’t inherit device-specifics from golden image. This create a new .mender artifact which is then uploaded to Mender server. NOTE: As mentioned above, .img does not boot reference MEN-3941, so this is not of interest right now.
- Use Mender server to deploy new .mender rootfs artifact to fielded device.
The above works, and it’s great for our current experimentation with Mender. Some of the current gaps and issues (or potential future issues) I can foresee are:
/ubootpartition on the fielded device contains the firmware binaries and
config.txtof the original/older system image, not the golden system. Given that we require specific
config.txtsettings (for HDMI output mode, etc.), and some system/kernel updates go hand-in-hand with new firmware, I’d like to be able to update the firmware files along with the rootfs.
- I understand that handling RPi4 firmware updates is not robust (as described in this post and then this post).
- I figure that it is possible to deploy file updates to
/uboot(given that its writable), so Q. Is it possible to create a mender update artifact that includes a rootfs filesystem image AND a file update to `/uboot’?
In the not-too-distant future, I will look at building for mender with Yocto Project and perhaps also EDI, but that’s a future learning-curve. Q. Could a Yocto Project (and/or EDI) based build make the firmware
/uboot update process more (if not absolutely) robust, compared with mender-convert?
Many thanks and apologies if these questions are already answered in other docs/topics.