Updating TorizonOS on the STM32MP Targets from Cloud

1. Overview

This page describes basic principles of using the Torizion Cloud with an STM32MP1/2 boards running TorizonOS:

  • How to provision the device to the Cloud;

  • How to customize the Yocto project to automatically push the update packages to the Cloud on rebuild;

  • How to install the update packages to the device.

1.1. Reference Documentation

For detailed information please refer to the official documentation for the Torizon Cloud:

https://developer.toradex.com/torizon/torizon-platform/

1.2. Pre-requisites

To interact with the Cloud the following pre-requirements must be met:

2. Provisioning the STM32MP board to the Cloud

Perform the following steps:

  1. Login to the Torizon Cloud. Activate the Devices menu and click + PROVISION DEVICE.

  2. Copy the command from the pop-up window.

  3. Go to the console of the STM32MP board with TorizonOS booted up on the target, paste and execute the copied command:

    torizon@stm32mp25-eval-002A00194136500B00363653:~$ curl -fsSL https://app.torizon.io/statics/scripts/provision-device.sh | sudo bash -s -- -t eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzYUowczhvMjY4WTdRSzA5R0dmOXJLLVNhS3RMTWNLMkhYcGlqN2pWSm5ZIn0.eyJleHAiOjE3MzUxNDM2MDgsImlhdCI6MTczNTE0MzMwOCwianRpIjoiYjkxOTY2ODQtZTNlYS00ZjQxLWJmYjUtYmJlZTVlZTRlOGZjIiwiaXNzIjoiaHR0cHM6Ly9rYy50b3Jpem9uLmlvL2F1dGgvcmVhbG1zL290YS11c2VycyIsImF1ZCI6InByb3Zpc2lvbi1kZXZpY2UiLCJzdWIiOiI5MTgwZjI4Mi1lZTQ4LTRkZWEtYTdhNy1kZTlmZmQ4MWQ0NzciLCJ0eXAiOiJCZWFyZXIiLCJhenAi OiJwcm92aXNpb24tZGV2aWNlIiwic2Vzc2lvbl9zdGF0ZSI6ImVhYzdmODhlLWQwMWYtNDE2Ny05MmI1LTIzYjQ1NmVhYTQzOSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2FwcC50b3Jpem9uLmlvIiwiaHR0cHM6Ly9hcHAtdjIudG9yaXpvbi5pbyJdLCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJlYWM3Zjg4ZS1kMDFmLTQxNjctOTJiNS0yM2I0NTZlYWE0MzkiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWVzcGFjZSI6IjU3NDUwZGE1LTVkOGQtNGM3NS1hYzM1LTcxODNjNjQ4YjkxNCIsIm5hbWUiOiJWbGFkaW1pciIsInByZWZlcnJlZF91c2VybmFtZSI6InZza3ZvcnRzb3ZAZW1jcmFmdC5jb20iLCJnaXZlbl9uYW1lIjoiVmxhZGltaXIiLCJlbWFpbCI6InZza3ZvcnRzb3ZAZW1jcmFmdC5jb20iLCJ0em5fc2NvcGVzIjpbImNyZWF0ZTpkZXZpY2VzIl19.emtt4hnNm1KtXrBr1mwmbiWju31wS_kreKOri74VyyKLyunVSwQVcBEpMD_5e7HdF-mIgr2c2nEpwYeHerYUIu7Tn3c7qp49dqAvSs_qN_VFOMruKeYDlC_qsljEj7A67Oor2_jz3t5YRJXYfPwlX_U3cA8WAGo8uo-T4wjEL64cYUIn15x9tNKQQEVrKD-3H_m1blJDjMf3HID32iWLCg9ee713h_nr0SK4XuXsD5rWKpt7PygJewwMaqq1Ek3cYdpqtm61wsi1_0hlKSwmPjkxdSrliwNewcAIar4u32xA5ZluVd4MDbu0VDaS71QWRjgX8cN1MDqkNqhNB6HdZA We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. For security reasons, the password you type will not be visible. Password: Checking dependencies... == Registering device (deviceID: stm32mp25-eval-002A00194136500B00363653) in system, and downloading credentials. == Backing up any existing ota device creds jq: error: Could not open file /var/sota/import/info.json: No such file or directory jq: error: Could not open file /var/sota/import/info.json: No such file or directory == Extracing device credentials from archive Archive: device.zip inflating: client.pem inflating: pkey.pem inflating: root.crt inflating: info.json inflating: gateway.url == Success! Device has been registered with the system and credentials are in place! { "registeredName": "Best-Poschweck", "deviceID": "stm32mp25-eval-002A00194136500B00363653-7f3589", "deviceUuid": "7f358948-bb94-47a3-ab38-0e49514099e6", "createdAt": "2024-12-25T16:18:36Z", "groups": [] } == Restarting services... Restarting aktualizr... Restarting fluent-bit... Removing RAC files... Aktualizr should automatically connect with the server. For logs run: sudo journalctl -f -u aktualizr* torizon@stm32mp25-eval-002A00194136500B00363653:~$
  4. Go back to the Torizon Cloud, close the popup window with the provisioning command, then click the REFRESH button. Verify the the device has appeared in the device list.

3. Downloading Credentials

The TorizonOS build procedure supports automatic upload of the update packages to the Torizon Cloud after a new build. For this the account credentials need to to be set up on the build host.

Perform the following steps:

  1. Login to the Torizon Cloud, then click MY ACCOUNT , then DOWNLOAD CREDENTIALS and save the credentials.zip archive to the directory with the Yocto setup.

4. Customizing Yocto

Perform the following steps:

  1. In the Yocto build repository, edit the conf/local.conf file and define the SOTA_PACKED_CREDENTIALS option to enable automatic pushing of the update packages to the Cloud (make sure to use the correct path to the credentials.zip archive downloaded in the step above):

    SOTA_PACKED_CREDENTIALS = "/workdir/credentials.zip"
  2. Make some changes in the projects recipes, for example add minicom to the file system image, by adding it toCORE_IMAGE_BASE_INSTALL:append in the layers/meta-toradex-torizon/recipes-images/images/torizon-core-common.inc file:

    CORE_IMAGE_BASE_INSTALL:append = " \ ... zram \ minicom \ "
  3. Rebuild the project in the console with activated Yocto environment:

  4. When the build has completed, go to the Torizon Cloud, select the Packages menu, click REFRESH. The new package must appear if the My Uploads checkbox is enabled.

5. Installing Update

Perform the following steps:

  1. On the target board, run sudo journalctl -f -u aktualizr* to view events from the OTA service.

  2. In the Torizon Cloud, select the package to install, click INSTALL THIS VERSION. In the pop-up window select the board, click CONFIRM SELECTTIONand then SUBMIT.

  3. Go to the STM32MP serial console, verify that aktualizr has received a query for update and then successfully downloaded and installed the update package:

  4. Note that the actual start of the update on the target board can be delayed up to 5 minutes after it was submitted from the Cloud. This is default setting for polling the server by aktualizr .

  5. After that update has finished and the board has automatically rebooted, verify that update has been actually applied and the minicom utility is available on the target: