Logo trust|me

Create new Guest Operating Systems

This page describes the process of creating a new guest OS to be used in trust|me containers. It is possible to build a new guest OS using Yocto or by hand using a rootfs image. Both possibilities are described here.

Using Yocto

This option mainly targets more advanced users. For information on Yocto, please refer to the manual.

Preparing the build environment

First, your build host needs to be prepared as described in section Setup Host

For the purpose of building both the Base system and guest Operating Systems, follow the instructions provided in chapter Build Base System and skip the rest of this subsection.

In order to setup an environment for building guest operating systems only, follow the steps below.

repo init -u https://github.com/trustm3/trustme_main.git -b zeus -m yocto-generic-container.xml
repo sync -j8
source init_ws.sh out-yocto <architecture>

Currently supported architectures are: x86, arm32, and arm64.

Create the image recipe

Each guest operating system image has a corresponding Yocto recipe file, *.bb*. The trustme *meta-trustx* layer provides two standard image recipes:

To create a custom image you can either modify the existing image recipes or create your own ones in your meta-layer, using the provided recipes as templates. For the most cases the latter option is recommended. To use the existing recipe as a template for your own, just copy the recipe file to the target meta layer and rename it, e.g.:

cp <yocto workspace directory>/meta-trustx/images/trustx-core.bb <yocto workspace directory>/<target-meta-layer>/images/<custom-image-name>.bb

(Optional) Create custom guest OS and container configs

For the guest operating system one can specify a custom guest OS and container configuration files, using the following definitions in the recipe file of the image:

In case the container or guest OS configs are not specified as described above, the standard templates will be used to create configuration files during the build process.

Build guest OS image

At this point the new guest OS is ready for build and you can customize by adding and removing features, tailor the build process to your needs, etc.

You can build the image by calling the corresponding bitbake command:

bitbake multiconfig:container:trustx-<custom-image-name>

The image and configuration files will be located at *tmp_container/deploy/images//trustx-guests/* and *tmp_container/deploy/images//trustx-configs/container/*

If you are also building the core system from source, in order to include the new guest OS to your trust|\me distro, also rebuild the core system image:

bitbake trustx-cml -cclean
bitbake trustx-cml

Now you can use the new guest OS when creating containers as described here.

Manually / Using a pre-built docker image

Prerequisites:

Steps to manually create a guest OS

Create rootfs using docker

  1. Adapt the example guest OS config
    • Change the ‘name’ field to a name of your choice
    • (Optional) Adapt the ‘mounts’ entries to your needs.
    • Set the ‘image_size’. ‘image_sha1’ and ‘image_sha2_256’ values to match your root.img
  2. Sign the adapted guest OS config using the sign_config.sh script as follows:
    ./sign_config.sh <guest OS config> ssig.key ssig.cert
    
  3. Copy the created files to to /data/cml/operatingsystems, e.g. the files trustx-customos-1.conf, trustx-customos-1.cert and trustx-customos-1.sig
  4. Create a directory for your guest OS root.img, e.g. /data/cml/operatingsystems/trustx-customos-1
  5. Copy your root.img to the newly created directory
  6. Create a new container using your guest OS as described Basic operation

Using Docker converter from local registry

This is described in Example: Using docker-convertos