peridiod
peridiod
is a reference implementation of a Peridio Agent for Embedded Linux. Peridio offers several ways to integrate peridiod into your build workflow via several integration paths:
Configuring
Peridiod is configured via a json formatted file on the filesystem. The location of the file defaults to $XDG_CONFIG_HOME/peridio/peridio-config.json
. if $XDG_CONFIG_HOME
is not set the default path is $HOME/.config/peridio/peridio-config.json
. This file location can be overwritten by setting PERIDIO_CONFIG_FILE=/path/to/peridio.json
. The peridiod configuration has the following top level keys:
version
: The configuration version number. Currently this is 1.device_api
: Configuration for the device api endpointcertificate_path
: Path to the device api ca certificate.url
: The peridio server device api URL.verify
: Enable client side ssl verification for device api connections.
- fwup: Keys related to the use of fwup for the last mile.
devpath
: The block storage device path to use for applying firmware updates.public_keys
: A list of authorized public keys used when verifying update archives.
remote_shell
: Enable or disable the remote console feature.node
: Node configuration settings-
key_pair_source
: Options arefile
,uboot-env
,pkcs11
. This determines the source of the identity key information. -
key_pair_config
: Different depending on thekey_pair_source
key_pair_source: file
:private_key_path
: Path on the filesystem to a PEM encoded private key file.certificate_path
: Path on the filesystem to a PEM encoded x509 certificate file.
key_pair_source: uboot-env
:private_key
: The key in the uboot environment which contains a PEM encoded private key.certificate
: The key in the uboot environment which contains a PEM encoded x509 certificate.
key_pair_source: pkcs11
:key_id
: ThePKCS11
URI used to for private key operations. Examples: ATECCx08 TNG using CryptoAuthLib:pkcs11:token=MCHP;object=device;type=private
cert_id
: ThePKCS11
URI used for certificate operations. Examples: ATECCx08 TNG using CryptoAuthLib:pkcs11:token=MCHP;object=device;type=cert
-
For more information about X509 certificates, see creating CA certificates.
Example Configurations
Common
{
"version": 1,
"device_api": {
"certificate_path": "/etc/peridiod/peridio-cert.pem",
"url": "device.cremini.peridio.com",
"verify": true
},
"fwup": {
"devpath": "/dev/mmcblk1",
"public_keys": ["I93H7n/jHkfNqWik9uZf82Vi/HJuZ24EQBJnAtj9svU="]
},
"remote_shell": true,
"node": {
// ... see Node Configuration
}
}
Node Configurations
Filesystem
"key_pair_source": "file",
"key_pair_config": {
"private_key_path": "/etc/peridiod/device-key.pem",
"certificate_path": "/etc/peridiod/device.pem"
}
U-Boot Environment
"key_pair_source": "uboot-env",
"key_pair_config": {
"private_key": "peridio_identity_private_key",
"certificate": "peridio_identity_certificate"
}
PKCS11 Identity using ATECC608B TrustAndGo
"key_pair_source": "pkcs11",
"key_pair_config": {
"key_id": "pkcs11:token=MCHP;object=device;type=private",
"cert_id": "pkcs11:token=MCHP;object=device;type=cert"
}
Packaging Updates
peridiod currently supports updates packaged using. When an update is applied, the fwup upgrade instructions will be executed for the current system. These instructions can perform a variety of functions such as, manage partitions, write raw filesystems, update U-Boot environment variables and files, etc. More information about fwup functionality can be found on the fwup README.
An example fwup configuration for the QEmu target can be found in the meta-avocado-arm
reference layer.