[Openembedded-architecture] "stateless" support
Rich Persaud
persaur at gmail.com
Fri Jul 7 16:45:22 UTC 2017
On Jul 7, 2017, at 10:11, Patrick Ohly <patrick.ohly at intel.com> wrote:
>
> I've finished the prototyping work for "stateless" support in IoT Refkit
> and now would like to take the opportunity to get feedback from the
> wider community on how much of that should also be in OE-core itself
> and/or how to move forward.
>
> The changes proposed for IoT Refkit are currently pending review here:
> https://github.com/intel/intel-iot-refkit/pull/233
>
> ...
>
> What I'd like to achieve for now is that we agree on the general
> direction, like introduction of a "stateless" distro feature.
>
> ...
>
> I'd also like to hear what others think about taking some of the
> currently non-upstream patches for "fully stateless" into OE-core. We
> cannot maintain them in IoT Refkit, because the risk that package
> updates in OE-core then break IoT Refkit is too high.
OpenXT uses OE Jethro in "stateless" production systems, with dom0 (Xen control domain) and network VM read-only OE images measured on each boot. There is early support for forward seal (pre-computed TPM PCR measurements) of new images for OTA upgrade of stateless VMs.
For this proposed implementation of "stateless" support, is systemd mandatory? We do not currently use systemd. If we upstream our measured launch (TXT/TPM2) support to OE, it would ideally work with any OE "stateless" image, with or without systemd.
Rich
More information about the Openembedded-architecture
mailing list