Preparing a release configuration Yocto image (for Raspberry Pi)

In an attempt to build a small image for an application running on Yocto and Raspberry Pi I found the following things helpful:

    IMAGE_LINGUAS = " "


I don't need support for any additional languages.

    IMAGE_FEATURES += "read-only-rootfs"


For my application fixed content and therefore read-only rootfs are fine. I'd imagine this could help reduce the notorious sd-card failures as well.

IMAGE_INSTALL += "\

    packagegroup-core-boot \

    kernel-module-xxx \

    busybox-udhcpc \

    ntpdate \

    ncurses \

    "


For a networked application, I just need to be able to boot, get an IP address and time. Then use a specific kernel driver, no need to install them all. Surprisingly, mDNS avahi seems to be missing dependency declaration to ncurses. 

IMAGE_ROOTFS_SIZE="0"

IMAGE_OVERHEAD_FACTOR="1.15"

IMAGE_ROOTFS_EXTRA_SPACE="1"


Since the rootfs is read-only, it's there's little need for extra space in there. These were the setting that worked fine for me.

RPI_KERNEL_DEVICETREE_OVERLAYS = ""

RPI_KERNEL_DEVICETREE ?= " \

    bcm2710-rpi-3-b.dtb \

    bcm2710-rpi-3-b-plus.dtb \

    bcm2711-rpi-4-b.dtb \

    bcm2710-rpi-cm3.dtb \

    bcm2711-rpi-cm4.dtb \

    "

No need to have all the possible dtb overlays on the boot partition. Just explicitly list the models that need to be supported.

WKS_FILE = "sdimage-xxx.wks"


part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 128 --overhead-factor 1.1

part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label root --align 128


Use a custom kickstart file to minimize boot partition size and lay out partitions tightly on the card.

SERIAL_CONSOLES_CHECK = ""

SERIAL_CONSOLES = ""

USE_VT = "0"

Disabling run time serial consoles check is required for the read-only rootfs, but disabling consoles sure reduces attack surface and might also save some space as well.

DISTRO_FEATURES="ipv4 zeroconf vfat sysvinit"

MACHINE_FEATURES:remove="apm usbhost keyboard vfat ext2 screen touchscreen alsa bluetooth wifi sdio"

NO_RECOMMENDATIONS = "1"


This was a sufficient set of distro features for my application. Also reducing the set of machine features eliminated quite a bit of content being pulled into the image. Your mileage will vary here.

I hope this helps you reduce your image size. I'm sure I'll be returning here as I've surely forgotten many of these by the time I need to prepare a release configuration the next time.

Comments

Post a Comment

Popular posts from this blog

iMovie event library on a network drive, NAS

I was shocked to find that iMovie '09 would not allow storing event libraries on networked disks. The AFP volume would show up, but remain non-functional with a yellow exclamation sign. There are plenty of instructions for hacking around the limitation with clumsy symbolic links. I discovered a much simpler approach, using an undocumented (?) setting built right into iMovie:"Allow Network Volumes". Use at your own risk, try the following command in Terminal defaults write -app iMovie allowNV -bool true
Read more

Proxmox PCIe passthrough on HP gen8 - failed to set iommu for container

Problem Setting up PCIe passthrough from host to a VM was supposed to be easy. However, being an HP server, there was a bit more to it than usual. The VM simply refused to start when configured use Nvidia GPU from the host: vfio error: 0000:04:00.0: failed to setup container for group 21: failed to set iommu for container: Operation not permitted In dmesg there was a bit more background on what was wrong: fio-pci 0000:04:00.1: Device is ineligible for IOMMU domain attach due to platform RMRR requirement.  Contact your platform vendor. Luckily, HP had issued a customer advisory on this. It describes a convoluted method to disable this RMRR per slot basis. It seems to work for me, so I thought I'd write down some notes if I ever run into this again. Basic setup Proxmox has decent instructions for preparing the host for passthrough setup in general, in summary: -  add  intel_iommu=on to   GRUB_CMDLINE_LINUX_DEFAULT  in the file  /etc/default/grub - add vfio ...
Read more

Easy-rsa fails with "Missing or invalid OpenSSL"

Trying to use easyrsa on MacOS High Sierra, it failed with an error message MacBook-Air:vpn me$  EasyRSA-3.0.3/easyrsa init-pki 140736197817224:error:0E065068:configuration file routines:STR_COPY:variable has no   value:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-  22/libressl/crypto/conf/conf_def.c:573:line 3 Easy-RSA error: Missing or invalid OpenSSL Expected to find openssl command at: openssl This seems to be a known issue with MacOS High Sierra which has migrated to Libressl instead of Openssl, and has an easy workaround: MacBook-Air:vpn me$ EASYRSA_OPENSSL=/usr/local/Cellar/openssl/1.0.2n/bin/openssl EasyRSA-3.0.3/easyrsa init-pki init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /Users/me/Documents/vpn/pki
Read more