Compile and Load Images

When developing for ARTIK 5/7/10 modules, you have the option of modifying both the Linux code and the boot code. For security on "s" modules, any boot code changes will require you to digitally "sign" your modified boot code images before the ARTIK module will allow them to be loaded to Flash.

Signing – Development vs Production

This article describes the general build and load process during the development phase, with a focus on "s" modules. Signing during development is done by a local tool using a default key. When you are ready for production, you'll obtain a key that is unique to your company and follow the signing process discussed in the next article.

Compiling – Development Phase

Because of the Secure Boot feature of ARTIK "s" modules, a digital signature must be added to each newly generated boot image. During the development phase, the codesigner tool is called to create that signature.

When you use a build script to generate a new image, you won't need to explicitly call the tool as it is called by the build script. An advanced developer would generally only call it from the command line to build a single image for fastboot fusing.

 $ artik530s_codesigner -sign bootloader.img 

 $ artik530s_codesigner -verify bootloader.img 

 Verification of filename.img is successful.

 Verification of filename.img is failure[00f03011].

Build scripts

We recommend that you generate a full image using the release.sh build script, which calls other scripts to take care of:

• Compiling bootloader and kernel ( build_uboot.sh and build_kernel.sh )
• Building root filesystem (rootfs) ( build_ubuntu.sh)
• Signing bootloader images ( mksdxxxx_kms.sh)
• Packaging binaries into image file ( mksdfuse.sh/mksdboot.sh).

Build scripts are provided in the appropriate branch for your module type at https://github.com/SamsungARTIK/build-artik/

To build the entire OS image:
cd build-artik
./release.sh -c config/artikXXXs_ubuntu.cfg --full-build --ubuntu
where you will replace 'XXX' with 530, 533, or 710.

For the script to work, you must clone the bootloader files and copy over the additional security files first as noted in Set Up Environment.

The format shown using --full-build builds rootfs from source code, which takes a long time. You can omit this option to have the scripts download a pre-built binary roofs, but it will not contain the security binaries – you would then have to copy these to your board manually.

For full information on the build scripts, refer to the Build Guide at the GitHub repo and branch of interest.

For ARTIK 530s 1G modules, use artik533s files.

Example: Build A530s

The example here shows a typical build command with selected date and version that will be reflected in the output directory name.

./release.sh -c config/artik530s_ubuntu.cfg --full-build --ubuntu -v 1.0 -d 20171115.19 --local-rootfs /opt/rootfs.tar.gz

The output binary image file in this example will be found at:

build-artik/output/images/artik530s/1.0/20171115.19/artik_release

Error Behavior. If you try to build without downloading the security code such as codesigner or the secure OS binary, the script will terminate the build process and display error messages that indicate how to copy the necessary files.

Loading Images

Follow the normal processes using either an SD card or fastboot as described in the Updating ARTIK Images articles.

Note that both eMMC and SD card versions will be built and placed in the output directory. You can boot and operate from the SD card version as noted in the microSD card article.

• Prev: Set Up Environment
• Next: KMS Code Signing