1. Overview

This page describes basic principles of using the Torizion Cloud with an STM32MPx board running Torizon OS:

• How to provision the device to the Cloud;

• How to customize the Yocto project to automatically push the update packages to the Cloud on rebuild;

• How to install the update packages to the device.

1.1. Reference Documentation

For detailed information, please refer to the official Toradex documentation for the Torizon Cloud:

https://developer.toradex.com/torizon/torizon-platform/

1.2. Pre-requisites

To interact with the Torizon Cloud, the following pre-requirements must be met:

• You have installed Torizon OS to the STM32MP board, this must be one of the STM32MP2 Evaluation board or Discovery kit or the STM32MP1 Discovery kit. Refer to Installing Torizon OS to STM32MP Targets

• You have registered an account with the Torizon Cloud.

2. Provisioning the STM32MP board to the Cloud

Perform the following steps:

1. Login to the Torizon Cloud. Activate the Recent Devices menu and click + PROVISION DEVICE.

2. Copy the command from the pop-up window.

3. Go to the console of the STM32MP board with Torizon OS booted up on the target, paste and execute the copied command:

   torizon@stm32mp25-eval-002A00194136500B00363653:~$ curl -fsSL https://app.torizon.io/statics/scripts/provision-device.sh | sudo bash -s -- -t eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzYUowczhvMjY4WTdRSzA5R0dmOXJLLVNhS3RMTWNLMkhYcGlqN2pWSm5ZIn0.eyJleHAiOjE3MzUxNDM2MDgsImlhdCI6MTczNTE0MzMwOCwianRpIjoiYjkxOTY2ODQtZTNlYS00ZjQxLWJmYjUtYmJlZTVlZTRlOGZjIiwiaXNzIjoiaHR0cHM6Ly9rYy50b3Jpem9uLmlvL2F1dGgvcmVhbG1zL290YS11c2VycyIsImF1ZCI6InByb3Zpc2lvbi1kZXZpY2UiLCJzdWIiOiI5MTgwZjI4Mi1lZTQ4LTRkZWEtYTdhNy1kZTlmZmQ4MWQ0NzciLCJ0eXAiOiJCZWFyZXIiLCJhenAi OiJwcm92aXNpb24tZGV2aWNlIiwic2Vzc2lvbl9zdGF0ZSI6ImVhYzdmODhlLWQwMWYtNDE2Ny05MmI1LTIzYjQ1NmVhYTQzOSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2FwcC50b3Jpem9uLmlvIiwiaHR0cHM6Ly9hcHAtdjIudG9yaXpvbi5pbyJdLCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJlYWM3Zjg4ZS1kMDFmLTQxNjctOTJiNS0yM2I0NTZlYWE0MzkiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWVzcGFjZSI6IjU3NDUwZGE1LTVkOGQtNGM3NS1hYzM1LTcxODNjNjQ4YjkxNCIsIm5hbWUiOiJWbGFkaW1pciIsInByZWZlcnJlZF91c2VybmFtZSI6InZza3ZvcnRzb3ZAZW1jcmFmdC5jb20iLCJnaXZlbl9uYW1lIjoiVmxhZGltaXIiLCJlbWFpbCI6InZza3ZvcnRzb3ZAZW1jcmFmdC5jb20iLCJ0em5fc2NvcGVzIjpbImNyZWF0ZTpkZXZpY2VzIl19.emtt4hnNm1KtXrBr1mwmbiWju31wS_kreKOri74VyyKLyunVSwQVcBEpMD_5e7HdF-mIgr2c2nEpwYeHerYUIu7Tn3c7qp49dqAvSs_qN_VFOMruKeYDlC_qsljEj7A67Oor2_jz3t5YRJXYfPwlX_U3cA8WAGo8uo-T4wjEL64cYUIn15x9tNKQQEVrKD-3H_m1blJDjMf3HID32iWLCg9ee713h_nr0SK4XuXsD5rWKpt7PygJewwMaqq1Ek3cYdpqtm61wsi1_0hlKSwmPjkxdSrliwNewcAIar4u32xA5ZluVd4MDbu0VDaS71QWRjgX8cN1MDqkNqhNB6HdZA We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. For security reasons, the password you type will not be visible. Password: Checking dependencies... == Registering device (deviceID: stm32mp25-eval-002A00194136500B00363653) in system, and downloading credentials. == Backing up any existing ota device creds jq: error: Could not open file /var/sota/import/info.json: No such file or directory jq: error: Could not open file /var/sota/import/info.json: No such file or directory == Extracing device credentials from archive Archive: device.zip inflating: client.pem inflating: pkey.pem inflating: root.crt inflating: info.json inflating: gateway.url == Success! Device has been registered with the system and credentials are in place! { "registeredName": "Best-Poschweck", "deviceID": "stm32mp25-eval-002A00194136500B00363653-7f3589", "deviceUuid": "7f358948-bb94-47a3-ab38-0e49514099e6", "createdAt": "2024-12-25T16:18:36Z", "groups": [] } == Restarting services... Restarting aktualizr... Restarting fluent-bit... Removing RAC files... Aktualizr should automatically connect with the server. For logs run: sudo journalctl -f -u aktualizr* torizon@stm32mp25-eval-002A00194136500B00363653:~$

4. Go back to the Torizon Cloud, close the popup window with the provisioning command, then click the REFRESH button. Verify the the device has appeared in the device list.

3. Downloading Credentials

The TorizonOS build procedure supports automatic upload of the update packages to the Torizon Cloud after a new build. For this the account credentials need to to be set up on the build host.

Perform the following steps:

1. Login to the Torizon Cloud, then click MY ACCOUNT , then DOWNLOAD CREDENTIALS and save the credentials.zip archive to the directory with the Yocto setup.

4. Customizing Yocto

Perform the following steps:

1. In the Yocto build repository, edit the conf/local.conf file and define the SOTA_PACKED_CREDENTIALS option to enable automatic pushing of the update packages to the Cloud (make sure to use the correct path to the credentials.zip archive downloaded in the step above):

   SOTA_PACKED_CREDENTIALS = "/workdir/credentials.zip"

2. Make some changes in the projects recipes, for example add minicom to the file system image, by adding it toCORE_IMAGE_BASE_INSTALL:append in the layers/meta-toradex-torizon/recipes-images/images/torizon-core-common.inc file:

   CORE_IMAGE_BASE_INSTALL:append = " \ ... zram \ minicom \ "

3. Rebuild the project in the console with activated Yocto environment:

   $$ bitbake torizon-core-docker

4. When the build has completed, go to the Torizon Cloud, select the Packages menu https://app.torizon.io/#/packages , click REFRESH. The new package must appear if the My Uploads checkbox is enabled.

5. Installing Update

Perform the following steps:

1. On the target board, run sudo journalctl -f -u aktualizr* to view events from the OTA service.

2. In the Torizon Cloud, select the package to install, click INSTALL THIS VERSION. In the pop-up window select the board, click CONFIRM SELECTTIONand then SUBMIT.

3. Go to the STM32MP serial console, verify that aktualizr has received a query for update and then successfully downloaded and installed the update package:

   Current versions in storage and reported by OSTree do not match Current version for ECU ID: a1ff4e12a6ae796829d111b921ca0574b883460db9262c815cfd1f128ff00cf0 is unknown New updates found in Director metadata. Checking Image repo metadata... 1 new update found in both Director and Image repo metadata. Event: UpdateCheckComplete, Result - Updates available Current version for ECU ID: a1ff4e12a6ae796829d111b921ca0574b883460db9262c815cfd1f128ff00cf0 is unknown ostree-pull: Receiving metadata objects: 4 outstanding: 1 Event: DownloadProgressReport, Progress at 0% ostree-pull: Receiving metadata objects: 9 outstanding: 1 Event: DownloadProgressReport, Progress at 0% ostree-pull: Receiving metadata objects: 11 outstanding: 3 Event: DownloadProgressReport, Progress at 0% libostree pull from 'aktualizr-remote' for 0 refs complete security: GPG: disabled security: SIGN: disabled http: CA-pinned non-delta: meta: 14 content: 30 transfer: secs: 4 size: 459.5 kB ostree-pull: 14 metadata, 30 content objects fetched; 448 KiB transferred in 4 seconds; 695.1 kB content written Event: DownloadTargetComplete, Result - Success Event: AllDownloadsComplete, Result - Success Current version for ECU ID: a1ff4e12a6ae796829d111b921ca0574b883460db9262c815cfd1f128ff00cf0 is unknown Event: InstallStarted Configuration file wrong or corrupted Failed resetting bootcount Configuration file wrong or corrupted Failed setting upgrade_available for u-boot Configuration file wrong or corrupted Failed resetting rollback flag Installing package using ostree package manager Commit metadata kargs=earlyprintk earlycon console=ttySTM0,115200 note: Deploying commit 4746efed4733e4de37cd52175d5a99a8885795a6e70e56e0bbf5608e72d4e191 which contains content in /var/local that will be ignored. Copying /etc changes: 3 modified, 2 removed, 16 added Transaction complete; bootconfig swap: yes; bootversion: boot.0.1, deployment count change: 1

4. Note that the actual start of the update on the target board can be delayed up to 5 minutes after it was submitted from the Cloud. This is default setting for polling the server by aktualizr .

5. After that update has finished and the board has automatically rebooted, verify that update has been actually applied and the minicom utility is available on the target:

   torizon@stm32mp25-eval-002A00194136500B00363653:~$ minicom --version minicom version 2.8 (compiled Jan 1 1970) Copyright (C) Miquel van Smoorenburg. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.