[LEDE-DEV] [RFC] sysupgrade image format
Felix Fietkau
nbd at nbd.name
Fri Jun 10 02:26:37 PDT 2016
On 2016-06-10 10:55, John Crispin wrote:
> Hi,
>
> some comments inline
>
> On 09/06/2016 20:41, Alexander Couzens wrote:
>> Hi,
>>
>> I'm posting the results of a small group who talked about the
>> sysupgrade image format at the battlemesh in Porto.
>>
>> sysupgrade
>> ##########
>> * don't limit our format by vendor image limitations
>
> i dont understand what is meant by this
Limitations such as not having a board id to prevent flashing
incompatible images.
>> * should contain meta information
>> * meta data like compatible boards, lede version, ..
>> * meta data gets appended as Trailer to be compatible
>
> that wont work for images that have a checksum at the end
I don't think any of our sysupgrade images have a checksum at the end.
The -factory.bin image format remains unaffected by this proposal.
>> * trailer got automatic removed by jffs2 format on first-boot
>
> only works if the kernel is located before the roots and if the image
> actually uses jffs2
In the case of rootfs + kernel, the trailer might end up on flash, but
in a harmless place. Note: it will only end up on flash if a new
sysupgrade image was flashed over a firmware that does not understand
this metadata. In all other cases it will be stripped before flashing
starts.
>> * meta data is a tar ball (compressed)
>>
>> sysupgrade.img := image + meta + trailer
>>
>> Trailer
>> #######
>> * 8 byte version field (of the trailer) + additional unknown
>> informations
>
> why 8 bytes ? would kvl or json not be much more appropriate ?
This is just a fixed length field we can use in case we have to change
the layout/format of the main metadata area. Ideally the version here
would never change after the format is defined.
>> * 4 byte length of the metadata
>
> putting the length at the end of a file is always weird. why no have a
> header, that would save us having to seek the end and not be sure if the
> file is completed
To ensure that the sysupgrade images are backwards compatible for
upgrading from devices running older firmware.
>> * x byte crypto signature
> who would be owner of the key ?
Whatever key is put in during the build process. For releases this would
be a key that is part of the lede keyring. For custom builds it could be
the main build key.
- Felix
More information about the Lede-dev
mailing list