OTA update by our own built imx-boot

Dear support person,

We are attempting to update bootloader with Torizon Cloud’s “INITIATE SETUP” feature.
We have built our own Torizon OS v6.7.0 and are trying to perform an OTA update using the generated imx-boot.

When we perform an INITIATE UPDATE using this generated imx-boot, the update fails on the GUI.
However, when we check the target system, u-boot is successfully updated and the OS is booted normally.

After booting, we checked the aktualizr logs and found the following logs, but the cause is not clear.

Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Action-handler "/usr/bin/bl_actions.sh" message: bootloader update failed

Note that the update using “bootloader/apalis-imx8/u-boot-ota.bin (2022.04-6.2.0-devel+git.0e1f11392251-n216)” completed successfully and is working properly.

Would you please let us know how to create OTA capable bootloader.

Best regards,
Yoshinobu KATO

Entire aktualizr log is blow.

Oct 22 08:03:51 apalis-imx8-15445076 systemd[1]: Started Aktualizr SOTA Client.
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Aktualizr version tdx-f785d48f starting
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/20-sota-device-cred.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/30-rollback.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/40-hardware-id.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/50-secondaries.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/60-polling-interval.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Reading config: "/usr/lib/sota/conf.d/70-reboot.toml"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Use existing SQL storage: "/var/sota/sql.db"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Couldn`t import data: empty path received
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Initializing docker-compose Secondaries...
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Use existing SQL storage: "/var/sota/storage/docker-compose/sql.db"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: No valid metadata found in storage.
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Adding Secondary with ECU serial: 98c65c8df2abe6977a4167e7a5f7f0b79abf8c4f6dfb2cda144405357a2b3dc7 with hardware ID: docker-compose
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Initializing torizon-generic Secondaries...
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Use existing SQL storage: "/var/sota/storage/bootloader/sql.db"
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Adding Secondary with ECU serial: 35b269e1f6803621016806fdae005130afabc4927e36c3e3daa9e2a4321c04b9 with hardware ID: apalis-imx8-bootloader
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: The current update is pending. Check if secondaries have already been updated
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Trying to complete pending update Hash: 7D0DABBDB4845243A698E74A0F475DFCBDD854083614F3F3C8351C3FA50F994B on Secondary with serial 35b269e1f6803621016806fdae005130afabc4927e36c3e3daa9e2a4321c04b9
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Action-handler "/usr/bin/bl_actions.sh" message: bootloader update failed
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Pending update Hash: 7D0DABBDB4845243A698E74A0F475DFCBDD854083614F3F3C8351C3FA50F994B failed to complete on Secondary with serial 35b269e1f6803621016806fdae005130afabc4927e36c3e3daa9e2a4321c04b9
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Primary ECU serial: 5f2f3a8679bd3597a3adef2e07269b4e9fd38c32e423d29c2419b5f7a134c993 with hardware ID: apalis-imx8
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Device ID: c93750ca-4722-43c2-a591-6fbc71d8c6c8
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Device Gateway URL: https://dgw.torizon.io
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Certificate subject: CN=c93750ca-4722-43c2-a591-6fbc71d8c6c8
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Certificate issuer: CN=ota-devices-CA
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Certificate valid from: Oct 22 07:31:06 2024 GMT until: Oct 22 07:31:06 2124 GMT
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: PROXY: initializing...
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: PROXY: using TCP port 8850.
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: Offline Updates are disabled
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: PROXY: starting thread.
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: PROXY: listening to connections...
Oct 22 08:03:52 apalis-imx8-15445076 aktualizr-torizon[1087]: curl error 58 (http code 0): Problem with the local SSL certificate
Oct 22 08:04:09 apalis-imx8-15445076 aktualizr-torizon[1087]: curl error 58 (http code 0): Problem with the local SSL certificate
Oct 22 08:04:10 apalis-imx8-15445076 aktualizr-torizon[1087]: curl error 58 (http code 0): Problem with the local SSL certificate
Oct 22 08:04:10 apalis-imx8-15445076 aktualizr-torizon[1087]: Failed to post update events: 58 Problem with the local SSL certificate HTTP 0
Oct 22 08:04:10 apalis-imx8-15445076 aktualizr-torizon[1087]: Event: SendDeviceDataComplete
Oct 22 08:04:13 apalis-imx8-15445076 aktualizr-torizon[1087]: Event: UpdateCheckComplete, Result - No updates available

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

Based on the context provided, it seems that you are experiencing an issue with the OTA update process for the bootloader using Torizon Cloud’s “INITIATE SETUP” feature. The logs indicate that the bootloader update failed, even though the U-Boot was successfully updated and the OS booted normally.

Here are a few suggestions to troubleshoot and resolve the issue:

1. Check the bl_actions.sh Script: The log message indicates that the failure is related to the bl_actions.sh script. Verify that this script is correctly handling the bootloader update process. Ensure that all necessary steps and error handling are implemented in the script.

2. SSL Certificate Issues: The logs show multiple curl error 58 messages, indicating a problem with the local SSL certificate. Ensure that the SSL certificates used by the device are correctly configured and valid. This might be affecting the communication with the Torizon Cloud.

3. Metadata and SQL Storage: The log mentions “No valid metadata found in storage.” Ensure that the metadata required for the update process is correctly stored and accessible. Check the SQL storage paths mentioned in the logs to ensure they are correctly set up and contain the necessary data.

4. Update Package Verification: Double-check the integrity and authenticity of the update package. Ensure that the package is correctly signed and that the device can verify it.

5. Consult Torizon Documentation: Review the Torizon Remote Updates documentation for any specific requirements or steps related to bootloader updates. There might be additional configuration or setup steps needed for custom-built images.

If these steps do not resolve the issue, consider reaching out to Toradex support for further assistance, providing them with the detailed logs and any additional information about your setup.

Please, also check if these links can help you solve your problem:

Bootloader Updates in Torizon OS | Toradex Developer Center.

Greetings @Yo_KATO,

It is possible to use our bootloader update feature to update using your own user-provided bootloader. Though the steps required are a bit more involved than just uploading your imx-boot binary.

You need to upload your bootloader binary using TorizonCore Builder via the platform push command. But, specific to bootloader packages, they must be uploaded with certain metadata specified by the --custom-meta option in the platform push command.

For example for the 6.2.0 package uploaded by us the custom metadata looks like this:

"bootloader": {
            "ddOptions": "seek=0",
            "dtVersion": "2022.04-6.2.0-devel+git.0e1f11392251",
            "env": {
              "type": "embedded",
              "resetOnUpdate": true,
              "embeddedOffset": 1005975,
              "embeddedSize": 4130,
              "keepVars": null,
              "setVars": null
            }
          }

The values though need to be specific to your imx-boot binary, otherwise the update may not work properly. To get the values for your imx-boot, if you are doing a Yocto build to produce imx-boot. There should be a file in your deploy directory of your Yocto environment named `u-boot-ota.json. It should have contents that look like similar to this:

{
  "ubootversion": "2022.04",
  "ubootrelease": "2022.04-6.4.0-devel+git.dc27426aa417",
  "envoffset": 1025146,
  "envsize": 4128
}

You should take the values from this file in your build and upload it as custom metadata alongside your bootloader binary as I described earlier.

Try this and try the bootloader update again. If it still doesn’t work then let us know.

Best Regards,
Jeremias