Torizon-minimal: provision device for offline updates

Hello,

thanks to @drew.tx I was able to port our toradex-reference-multimedia based image to a torizon-minimal based image.

Now I want setup the offline update functionality in our Yocto build. According to the documentation in the local.conf I downloaded the credentials.zip from the Torizon Cloud and set the variables to the following:

TORIZON_SOTA_PROV_MODE = "offline"
TORIZON_SOTA_PROV_CREDENTIALS = "<absolute_path_to_credentials.zip>"

But after bitbaking and flashing the image I got this output after bootup:

$ journalctl -f -u aktualizr*
Jun 20 09:01:15 verdin-imx8mm-06898681 aktualizr-torizon[1130]: created: /var/sota/storage/bootloader/metadata
Jun 20 09:01:15 verdin-imx8mm-06898681 aktualizr-torizon[1130]: Bootstrap empty SQL storage
Jun 20 09:01:15 verdin-imx8mm-06898681 aktualizr-torizon[1130]: Bootstraping DB to version 26
Jun 20 09:01:15 verdin-imx8mm-06898681 aktualizr-torizon[1130]: No valid metadata found in storage.
Jun 20 09:01:15 verdin-imx8mm-06898681 aktualizr-torizon[1130]: Adding Secondary with ECU serial: 67c21d669440e8eeb1f728649a09246ac9eb984d75fb849b48d7457893038e53 with hardware ID: verdin-imx8mm-bootloader
Jun 20 09:01:16 verdin-imx8mm-06898681 aktualizr-torizon[1130]: PROXY: initializing...
Jun 20 09:01:16 verdin-imx8mm-06898681 aktualizr-torizon[1130]: PROXY: using TCP port 8850.
Jun 20 09:01:16 verdin-imx8mm-06898681 aktualizr-torizon[1130]: Offline Updates are disabled
Jun 20 09:01:16 verdin-imx8mm-06898681 aktualizr-torizon[1130]: PROXY: starting thread.
Jun 20 09:01:16 verdin-imx8mm-06898681 aktualizr-torizon[1130]: PROXY: listening to connections...

So this didn’t work.

After that I tried the alternative setting and downloaded the shared data with

torizoncore-builder platform provisioning-data --credentials credentials.zip --shared-data shared-data.tar.gz

and set the variables in the local.conf to the following:

TORIZON_SOTA_PROV_MODE = "offline"
TORIZON_PROV_SHARED_DATA = "<absolute_path_to_shared-data.tar.gz>"

Now I get the following bitbake build error:

Credentials required; either set TORIZON_SOTA_PROV_CREDENTIALS or TORIZON_SOTA_PROV_SHARED_DATA (along with TORIZON_SOTA_PROV_ONLINE_DATA when needed)

I didn’t set TORIZON_SOTA_PROV_ONLINE_DATA on purpose since I want to use offline updates.

What do I have to do to get this working?

Best regards,
Markus

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

Hello Markus,

It appears there’s a misunderstanding in the configuration for offline updates in your Yocto build environment. Let’s clarify the steps and ensure your setup is correctly configured for offline updates.

1. Setting Up for Offline Updates: When configuring for offline updates, it’s crucial to ensure that the provisioning mode and credentials are correctly set up in your local.conf file. Your initial approach was correct, but it seems there was an issue with the system recognizing the offline update configuration.

2. Correct Configuration: Based on the output you’ve shared, the system indicates that “Offline Updates are disabled.” This typically means that the system hasn’t been correctly provisioned with the necessary data to enable offline updates.

3. Using Shared Data for Offline Updates: When you attempted to use the shared data by setting TORIZON_PROV_SHARED_DATA, you encountered a build error because the system expected credentials for provisioning, which is not the case for offline updates. For offline updates, you indeed need the shared data, but it seems there was a confusion in how to apply it.

4. Solution:

   • Ensure that TORIZON_SOTA_PROV_MODE is set to "offline" in your local.conf.
   • Use the TORIZON_SOTA_PROV_CREDENTIALS variable to point to your credentials.zip file. This is required for the initial setup to authenticate with the Torizon Platform, even for offline updates.
   • After obtaining the shared-data tarball using torizoncore-builder, you should manually extract this to the correct directory on your device (/var/sota/import) after flashing the image. This step is typically done outside of the Yocto build process and is a part of the device provisioning process post-image flashing.

5. Manual Provisioning Post-Flashing:

   • After flashing your device with the built image, transfer the shared-data.tar.gz to your device.
   • Extract the shared-data tarball to /var/sota/import on the device. This can be done with the following commands:

     scp shared-data.tar.gz torizon@<device-ip-address>:
     ssh torizon@<device-ip-address>
     sudo tar zxvf shared-data.tar.gz --directory /var/sota/import
     

   • This manual step is crucial for provisioning the device with the necessary data for offline updates.

6. Verification: After completing these steps, reboot your device and monitor the `aktualizr

Please, also check if these links can help you solve your problem:

TorizonCore Builder Tool “build” command | Toradex Developer Center.

The solution offered by @ToradexAI is confusing.

Yes, I set TORIZON_SOTA_PROV_MODE and TORIZON_SOTA_PROV_CREDENTIALS to the correct values. But the offline update is still not set up.

And why do I have to transfer the shared-data manually to the device? This articles says that it is possible to prepare the image with the needed data and that the system will automatically finish the provisioning process on initial bootup. The article only covers the TorizonCore builder, but from the documentation in the local.conf I read that this also works in a Yocto environment.

Hi @Mowlwurf

Glad to hear you are at least making some progress here. I’ve honestly never tried enabling offline updates through a Yocto build. I’m running a test now and report back on what I find.

Thanks also for the feedback on the AI. It’s relatively new and I’ve passed that to the team responsible for it in case there are any knobs we can tweak.

Drew

Hi @drew.tx,

I’ve found a solution:
This article says that there must be the file /etc/sota/conf.d/99-offline-updates.toml to configure the device for offline updates.

I thought that this file will be generated automatically when setting TORIZON_SOTA_PROV_MODE = "offline" in my local.conf but this isn’t the case.

I added it in my custom layer with a bbappend recipes-sota.zip (956 Bytes) and now I have the following output on the device:

root@verdin-imx8mm-06898681:~# journalctl -f -u aktualizr*
Jun 21 08:37:00 verdin-imx8mm-06898681 aktualizr-torizon[1135]: created: /var/sota/storage/bootloader/metadata
Jun 21 08:37:00 verdin-imx8mm-06898681 aktualizr-torizon[1135]: Bootstrap empty SQL storage
Jun 21 08:37:00 verdin-imx8mm-06898681 aktualizr-torizon[1135]: Bootstraping DB to version 26
Jun 21 08:37:00 verdin-imx8mm-06898681 aktualizr-torizon[1135]: No valid metadata found in storage.
Jun 21 08:37:00 verdin-imx8mm-06898681 aktualizr-torizon[1135]: Adding Secondary with ECU serial: a6a5f1eedf35995861637a016cce7fb53d28ec43de973cdacbadb5b3bfbb421f with hardware ID: verdin-imx8mm-bootloader
Jun 21 08:47:01 verdin-imx8mm-06898681 aktualizr-torizon[1135]: PROXY: initializing...
Jun 21 08:47:01 verdin-imx8mm-06898681 aktualizr-torizon[1135]: PROXY: using TCP port 8850.
Jun 21 08:47:01 verdin-imx8mm-06898681 aktualizr-torizon[1135]: Offline Updates are enabled
Jun 21 08:47:01 verdin-imx8mm-06898681 aktualizr-torizon[1135]: PROXY: starting thread.
Jun 21 08:47:01 verdin-imx8mm-06898681 aktualizr-torizon[1135]: PROXY: listening to connections...

Offline updates are now enabled

I think the documentation in local.conf should give a little hint that this file has to be added when setting TORIZON_SOTA_PROV_MODE = "offline".

Best regards,
Markus

Hi @Mowlwurf,

I came to the same conclusion and ran the same test as you. I just didn’t manage to get back here to report out at the end of the day yesterday. Indeed I initially had the same confusion as you regarding offline/online provision vs updates. I will work with the tech pubs and dev teams to see what we might do to clarify this.

Drew