Compile and Load Images
When developing for ARTIK 5/7/10 modules, you have the option of modifying both the Linux code and the boot code. For security on "s" modules, any boot code changes will require you to digitally "sign" your modified boot code images before the ARTIK module will allow them to be loaded to Flash.
Signing – Development vs Production
This article describes the general build and load process during the development phase, with a focus on "s" modules. Signing during development is done by a local tool using a default key. When you are ready for production, you'll obtain a key that is unique to your company and follow the signing process discussed in the next article.
Compiling – Development Phase
Because of the Secure Boot feature of ARTIK "s" modules, a digital signature must be added to each newly generated boot image. During the development phase, the
codesigner tool is called to create that signature.
When you use a build script to generate a new image, you won't need to explicitly call the tool as it is called by the build script. An advanced developer would generally only
call it from the command line to build a single image for
Using Codesigner Tool from Command Line
codesigner tool signs its input file with a default key to enable testing. It is called automatically by scripts so you don't need to.
Location/path: Where you copied it here.
Usage: Called automatically by the build script, or executed by command line as noted.
artikXXX_codesigner -sign filename.img
filename is signed and gets written back to the same path with a
$ artik530s_codesigner -sign bootloader.img
To verify :
artikXXX_codesigner -verify filename.img
$ artik530s_codesigner -verify bootloader.img
Verification of filename.img is successful.
Verification of filename.img is failure[00f03011].
We recommend that you generate a full image using the
release.sh build script, which calls other scripts to take care of:
- Compiling bootloader and kernel (
- Building root filesystem (rootfs) (
- Signing bootloader images (
- Packaging binaries into image file (
Build scripts are provided in the appropriate branch for your module type at https://github.com/SamsungARTIK/build-artik/
To build the entire OS image:
./release.sh -c config/artikXXXs_ubuntu.cfg --full-build --ubuntu
where you will replace 'XXX' with 530, 533, or 710.
For the script to work, you must clone the bootloader files and copy over the additional security files first as noted in Set Up Environment.
The format shown using
rootfs from source code, which takes a long time. You can omit this option to have the scripts download a pre-built binary
roofs, but it will not contain the security binaries – you would then have to copy these to your board manually.
For full information on the build scripts, refer to the Build Guide at the GitHub repo and branch of interest.
For ARTIK 530s 1G modules, use artik533s files.
Example: Build A530s
The example here shows a typical build command with selected date and version that will be reflected in the output directory name.
./release.sh -c config/artik530s_ubuntu.cfg --full-build --ubuntu -v 1.0 -d 20171115.19 --local-rootfs /opt/rootfs.tar.gz
The output binary image file in this example will be found at:
Error Behavior. If you try to build without downloading the security code such as
codesigner or the secure OS binary, the script will terminate the build process and display error messages that indicate how to copy the necessary files.
Follow the normal processes using either an SD card or
fastboot as described in the Updating ARTIK Images articles.
Note that both eMMC and SD card versions will be built and placed in the output directory. You can boot and operate from the SD card version as noted in the microSD card article.