Mistake on this page? Email us

Production image configuration

Tip: If you downloaded an evaluation image, you can skip the build stage and go directly to writing.

To build production images, set the Yocto DISTRO to mbl-production (pass the --distro mbl-production parameter to build.sh). Production images include the following extra security features (compared to the development image):

  • Root user login with password: A file containing the plain text password (minimum 12 characters) needs to be provided to run-me.sh using the parameter--root-passwd-file PASSWD_FILE.

  • Only the Ethernet debug interface accepts SSH connections, Link Local IPv6 addressing and mDNS Responder. This is controlled by the variable MBL_PRODUCTION_ETH_DBG set in the mbl-production configuration file (meta-mbl/meta-mbl-distro/conf/distro/include/mbl-distro-production.inc). The gadget Ethernet is used by default for platforms that include the usbgadget (imx7d-pico-mbl, imx6ul-pico-mbl, imx8mmevk-mbl and imx7s-warp-mbl). Otherwise, a USB-to-Ethernet adapter has to be used.

  • System log level messages output and configuration: The following variables are set in the mbl-production configuration file (meta-mbl/meta-mbl-distro/conf/distro/include/mbl-distro-production.inc):

    • ATF_PRODUCTION_CFG: Affects ATF log level messages. The only possible value is silent (set by default) - only error messages are printed out to the console.

    • OPTEE_PRODUCTION_CFG: Affects OPTEE-OS log level messages. The only possible value is silent (set by default) - only error messages are printed out to the console.

    • UBOOT_PRODUCTION_CFG: Affects both U-Boot and Linux Kernel log level messages. The possible values are:

      • silent (default): Disables both U-Boot and kernel message output.
      • noconsole: Disables only U-Boot message output.

      Note that silent and noconsole are mutually exclusive.

      • minimal (default): Disables network booting, fastboot, USB mass storage and device firmware upgrade (DFU) message output.

    You can set the log level variables by:

    • Manually editing the local.conf file inside the BitBake build directory. For example: ./build-pico7/machine-imx7d-pico-mbl/mbl-manifest/build-mbl-production/conf/local.conf.

    • Setting these variables in one of your repositories' configuration files:

      • In your layer.conf file in your meta layer repository.
      • In your local.conf file in your config repository.

      See the help on creating an example project for more information on these repositories.

    • Passing the --local-conf-data STRING parameter to build.sh.

      For example:

      ./mbl-tools/build/run-me.sh --builddir ./build-pico7 --outputdir ./artifacts-pico7 --root-passwd-file PASSWD_FILE -- --machine imx7d-pico-mbl --branch mbl-os-0.9 --distro mbl-production --local-conf-data "UBOOT_PRODUCTION_CFG=\"noconsole\"\nATF_PRODUCTION_CFG=\"\""
      

      Note that --local-conf-data needs to be passed every run.

Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.