-
Overview
-
redpesk OS releases
-
Security updates
-
Redpesk OS Tips and Tricks
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
OP-TEE within redpesk
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
Kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
PERM-CHECK extension
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Mender redpesk (OTA)
Mender is an OTA system used to update a large number of devices. This documentation presents how to install and manage the client side on redpesk OS, here the full documentation of mender client https://docs.mender.io/client-installation/overview.
Note: the examples are set for the community factory
Note: the factory part of mender/OTA can be found in OTA models boards chapter
redpesk-config of your factory on target
To communicate with the mender server of your factory, be sure the right
redpesk-config rpm is installed on your target, if not you can find it there:
https://FACTORY_URL/download/redpesk/redpesk-config/packages
For the community stack:
https://community-app.redpesk.bzh/download/redpesk/redpesk-config/packages
Install redpesk-config on target
# on target
# check redpesk-config rpm
rpm -qa redpesk-config
# install the right one
FACTORY_URL=https://community-app.redpesk.bzh
dnf --nobest --nogpgcheck --repofrompath CONFIG,$FACTORY_URL/download/redpesk/redpesk-config/ --repo CONFIG swap redpesk-config redpesk-config
Install mender-redpesk
The mender-redpesk package contains the mender device identity, some
inventory files, and a script mender-init.sh to help configure mender client.
Note: mender-connect is optional, it creates a websocket for bidirectional information with the mender server, especially indicating if the target is connected.
# on target (mender-connect is optional)
dnf install mender-redpesk mender-connect
Configure mender-client with mender-init.sh
Use mender-init.sh to configure your mender-client, especially for setting
device type and private key. Indeed, for mender the identity of device is
defined with the pair of an mac address and the device type, and the
authentification is set with the key.
help of mender-init.sh
/usr/bin/mender-init.sh --help
help of /usr/bin/mender-init.sh
Syntax: mender-init.sh [OPTION]... -d DEVICETYPE -k PRIVATEKEY
options:
-h,--help print this help
-f,--force force mode (override files if exist)
-d,--device-type mender device type
-k,--key mender private key
-p,--path-key mender private key file path
-nr,--norestart do not restart mender services
-ne,--noenable do not enable mender services
example
mender-init.sh --force -d mydevice_type -k "-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAzS9MTydpAT/ENfui5cMLdpFwaGJ/qdaz670XE2w/1B10Df47
4Vr4fKnwHWkA4oeLdQgDvLs47Rf8gfCavkObbv6mZJ8fw+5UlO9CoW/A1VFySgkC
[...]
Z+B31TZ2aZs+rLvO6NBEpWakPoTY6x6UIJU9rCIaNBXlZkx0ce/SzcbJ5QJSd4nt
h4sizCUndUN1k3l8uygmxESeYeQelzNX94Rh+NdGylXo2F431IyH+g==
-----END RSA PRIVATE KEY-----"
Logs in journal
mender-authd is the tool in userspace application being the responsible for authentication against the Mender Server.
To verify the correct installation of the service and check if there is any error, use this journalctl command:
journalctl -u mender-authd mender-updated -f
Your target is now ready to download mender deployments.