zbcli update
Requires superuser privilege.
Utility to perform Bootware updates; re-partitions and loads images into the Active, Backup or Both partitions
zbcli update [OPTIONS]
Options:
-f, --key-file <KEY_FILE> Public pem file verifying the update (software signed)
-y Says `yes` to all prompts. This includes rebooting your system
--no-reboot Do not the reboot the system when `yes` flag is enabled
-h, --help Print help
sudo zbcli update
The script will show your configuration for review and confirmation.
After confirmation of the config parameters, the script will prompt for a reboot to complete the process.
Validated bootware installation
--------- Pi Module: Raspberry Pi 4
Operating System: Rpi-Bookworm
Zymbit module: Zymkey Kernel: kernel8.img
--------- Cleaned '/etc/zymbit/zboot/update_artifacts/tmp'
Found update configs
? Proceed with current configs? These can be modified through 'zbcli update-config'
---------
Update endpoint /dev/sda1
Update name my_image
Endpoint type LOCAL
Partition layout A/B
Data partition 1024MB
Update policy UPDATE_BOTH
Hostname Not set
Password Not set
---------
(y/n) › yes
You will need to supply a public key in order to verify the update image. The public key should correspond to the private key used for the image signing process. The key pairs can either be a software key file in PEM format, or a reference to a hardware key slot from the Zymbit HSM key store.
? Enter public key file (Pem format) › pub_key.pem
After verifying the contents of the zi image with your supplied public key, status of the process will be displayed and you will be asked if you would like to reboot now.
✔ Enter public key file (Pem format) · pub_key.pem
Mounted '/dev/sda1' to '/etc/zymbit/zboot/update_artifacts/tmp/.tmpUaPKTT'
Found image tarball (/etc/zymbit/zboot/update_artifacts/tmp/.tmpUaPKTT/zymbit_bookworm64_pi5_1.2.zi)
Unpacked '/etc/zymbit/zboot/update_artifacts/tmp/.tmpoPa4D2/file_deletions'
Unpacked '/etc/zymbit/zboot/update_artifacts/tmp/.tmpoPa4D2/file_manifest'
Unpacked '/etc/zymbit/zboot/update_artifacts/tmp/.tmpoPa4D2/signatures'
Unpacked '/etc/zymbit/zboot/update_artifacts/tmp/.tmpoPa4D2/header.txt'
Unpacked '/etc/zymbit/zboot/update_artifacts/tmp/.tmpoPa4D2/update_artifact.tar'
Decoded header signature
Decoded image signature
Decoded manifest signature
Decoded deletions signature
Found header data
Found image data
Found manifest data
Found file deletions data
Verified header signature
Verified image signature
Verified manifest signature
Verified file deletions signature
Modified zbconfig 'public_key'
Modified zbconfig 'new_update_needed'
Modified zbconfig 'root_a'
Modified zbconfig 'root_b'
Modified zbconfig 'root_dev'
Modified zbconfig 'update_with_new_image'
Modified zbconfig 'kernel_filename'
? Scheduled update for the next reboot. Reboot now? (y/n) › yes
If you are ready to reboot, answer yes
to start the update process.
The Bootware Update process will now take place.
On the console, you will see:
lsblk
to examine the partitions. For instance,lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 29.7G 0 disk
├─mmcblk0p1 179:1 0 512M 0 part /boot/firmware
├─mmcblk0p2 179:2 0 14.4G 0 part
│ └─cryptrfs_A 254:0 0 14.3G 0 crypt /
├─mmcblk0p3 179:3 0 14.4G 0 part
└─mmcblk0p4 179:4 0 512M 0 part
└─cryptrfs_DATA 254:1 0 496M 0 crypt
where mmcblk0p2 is partition A, mmcblk0p3 is partition B, and mmcblk0p4 is the shared data partition.
If the ACTIVE partition is partition A, you will see cryptrfs_A (encrypted partition A) mounted at /. If the ACTIVE partition is partition B, you will see cryptrfs_B mounted at /.
The update process can be run non-interactively by providing the the public key for verification and the -y
option on the command line. Note: This will carry out an update and a reboot with no confirmation later in the process.
sudo zbcli update -f <my_pub_key_file.pem> -y
To run non-interactively up to the point of reboot confirmation, include the --no-reboot
option along with -y
.
sudo zbcli update -f ,my_pub_key_file.pem -y --no-reboot