This page describes the process of creating a new guest OS to be used in trust|me containers. It is possible to build a new guest OS using Yocto or by hand using a rootfs image. Both possibilities are described here.
This option mainly targets more advanced users. For information on Yocto, please refer to the manual.
First, your build host needs to be prepared as described in section Setup Host
For the purpose of building both the Base system and guest Operating Systems, follow the instructions provided in chapter Build Base System and skip the rest of this subsection.
In order to setup an environment for building guest operating systems only, follow the steps below.
repo init -u https://github.com/trustm3/trustme_main.git -b zeus -m yocto-generic-container.xml repo sync -j8
source init_ws.sh out-yocto <architecture>
Currently supported architectures are: x86, arm32, and arm64.
Each guest operating system image has a corresponding Yocto recipe file, *
To create a custom image you can either modify the existing image recipes or create your own ones in your meta-layer, using the provided recipes as templates. For the most cases the latter option is recommended. To use the existing recipe as a template for your own, just copy the recipe file to the target meta layer and rename it, e.g.:
cp <yocto workspace directory>/meta-trustx/images/trustx-core.bb <yocto workspace directory>/<target-meta-layer>/images/<custom-image-name>.bb
For the guest operating system one can specify a custom guest OS and container configuration files, using the following definitions in the recipe file of the image:
Guest operating system configuration template: *GUESTOS_CONF_TEMPLATE = “
Container configuration template: *CONTAINER_CONF_TEMPLATE = “
In case the container or guest OS configs are not specified as described above, the standard templates will be used to create configuration files during the build process.
At this point the new guest OS is ready for build and you can customize by adding and removing features, tailor the build process to your needs, etc.
You can build the image by calling the corresponding bitbake command:
The image and configuration files will be located at *tmp_container/deploy/images/
If you are also building the core system from source, in order to include the new guest OS to your trust|\me distro, also rebuild the core system image:
bitbake trustx-cml -cclean bitbake trustx-cml
Now you can use the new guest OS when creating containers as described here.
Steps to manually create a guest OS
./sign_config.sh <guest OS config> ssig.key ssig.cert
This is described in Example: Using docker-convertos