From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 16 Jul 2024 15:31:14 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pf1-f184.google.com (mail-pf1-f184.google.com [209.85.210.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46GDVCOr013054 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 16 Jul 2024 15:31:13 +0200 Received: by mail-pf1-f184.google.com with SMTP id d2e1a72fcca58-70afa26ec21sf4355082b3a.2 for ; Tue, 16 Jul 2024 06:31:13 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1721136666; cv=pass; d=google.com; s=arc-20160816; b=EVV2M0iwTp5bMyezB7YEzmHYevjl640Nxh+3gcZ1XhuD+I3vFQoJpqpCYQRBwpL8oa 3iaB5lhbbcgawBkmZxaplkobWks4wnPuzGi357jM8TaqVr3yTl74S/EShsZn1frwOEwL P9naWBZCG4C1+h6YSO2WpBA6FXArgdvVRPNXW47Ju+uvvK/wFQWw/kYbclb33qiyXmb7 EW+4oBpbgQLndVKUlveya1rxwFSjtCz9hh9xbt9OHXj99IrLivM6Lpnai9l33aFT+Xlu wxGV3LLIyu1yxpUpXqp+4m8G+iRgXE/pfH8tnZAzUldilvz5oWUAd4ejlVkGSzOdJQIn B1TQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version :content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :cc:to:from:dkim-signature; bh=UCXFw/zTz4eL/uNPKwLNAqPQw6VUYQ9JNN17RUJd/QU=; fh=xpGfBuoB79FfDjXXHdk6bbGzMSF+dVfjGhawp/Q1ivA=; b=AfDMyBh9V/IeR2oPT3DaybwnkGa9g9qi9+xWVoXxHEXizXB4Ml6EzTCYcWLN12fi32 6YGHBDsxqcK0llHlr5tGTiU+FgA9jiab07SyKHDyS8k3TLcN3xUctbLvLeorWlsU3K+9 kmoZwIq1B7P8T10ac0zkBKsnGCp0kGsB0jGGWuhnb3b9WldnmHUocNLYo12G8nHM9coc fqlU2UNt4FHA0qTkycaqmB7Rd8uNp45BN6vbtu5HtzGlZ6GwdfjyZAvrZ6yxoozebB8p aZHlmE2MPFDXKO6VQaofaDw31hA77EZgFJQmLkN53kq22gCSAWZvAOYQSpaA7S3E4gvA p8YA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jsLwetiQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of alexander.heinisch@siemens.com designates 2a01:111:f403:2606::612 as permitted sender) smtp.mailfrom=alexander.heinisch@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721136666; x=1721741466; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=UCXFw/zTz4eL/uNPKwLNAqPQw6VUYQ9JNN17RUJd/QU=; b=DGCjQwZTJMpQ091bOULKX0NOCIj00oUv5lqA+btU3IgsTe/+wNvrLn7Jj0y3e3upp+ 3mayowLL0xJbMgn998ikRgwcHwx5tyPpqsB2PSWA5KBunfb+4rVSe0FYFpjZA6B8Khl5 fKz599d1fD5nptmR9t6wwRJMaqmnxjrfPcdhrPgp9U3FG+Ng+Mxnayh+v0xHpMR698B6 lvq+fRfcQ1hux9uHYjSDjJ3ov1jdizcLZ+Brl3aFl9GsJMXACYktbEBqteGcXnZ4OMfJ kVgMDvGdZYCxylIwwu08s0bS1MVuXNSyPkM5p37BsxrWeSniS31/76Euq/Vpb8Zcebad zEtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721136666; x=1721741466; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :cc:to:from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UCXFw/zTz4eL/uNPKwLNAqPQw6VUYQ9JNN17RUJd/QU=; b=l89y27asn6a1rLE3M/VVhTrvVmf5U3elDj+b8oYbdLtLvlgGQp4pfj+SknG3g3Wvfz /KHlsX1QNmZei0etPSu6Qd9qy94vg8bdljnQczDq7dDh0VcaDDlKNIxgtKZ2updrSPrp N8CZ1e02tQ3nISMcXyPVWCMkD4jl8Hr4DZyaAnbNg/Eyr30jxLHA8Lk2WJAkl7vcU3dk JiXkzT1WKa8TrbtAVQvTXZONhDgM2SrIj3wI06GS8RosJGqUtscw7toQaDQklW5CPXLM ts7FMkSsNyjVmm7g1/2FDChG4j2ktZfELrfBRK0wNlfuT2v7FOdmGRRSNIJBC3fPDrIR bxtw== X-Forwarded-Encrypted: i=3; AJvYcCWUUgkFfRxJ4Pg8Wnj95r6ZVDQmHs40WZubm1L5C7IFfceLMN/RqRnWeqOQVHfUHJKVpR1BRFeJZTkjoS8AdZCqSd0= X-Gm-Message-State: AOJu0YxPrqICZ5q9Kcv/zryHTc5O+zP0CEvZOW8vvR4Oa2zutEZ0DNVA CSq4NTEfs5SJinzAc71Ie7/x97sPfaLmuaB8xBrc9GcfJTt+h39M X-Google-Smtp-Source: AGHT+IGeOWSdR7eI6ISvQZo0oRIQtLpc8/JBdiS2lxidkjbNN8kqe3yQtn4pN6HGskqf4jlVhjssxA== X-Received: by 2002:a05:6a00:3a07:b0:70b:176e:b3bc with SMTP id d2e1a72fcca58-70c2ea01b17mr2579955b3a.28.1721136666070; Tue, 16 Jul 2024 06:31:06 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6a00:2d98:b0:706:6f90:b107 with SMTP id d2e1a72fcca58-70b5f0d3c55ls3332159b3a.2.-pod-prod-08-us; Tue, 16 Jul 2024 06:31:04 -0700 (PDT) X-Received: by 2002:a05:6a00:3986:b0:706:5dfc:7b73 with SMTP id d2e1a72fcca58-70c1fbdfd96mr3132450b3a.16.1721136664584; Tue, 16 Jul 2024 06:31:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721136664; cv=pass; d=google.com; s=arc-20160816; b=hZq1Ah3GiTJoBDLoKFb+D5SBLKgvJjrsW0EAM5BcEzlGVYEe8wHe7krYWDo2Fb2QoW Nvh3FlbcZucvG5d5vfIi4/yXfJD3Cg7YkBial7enihO4AbXqnnCA+UYHDIB7JdhKAT8H b5IVy8tmwGVhaJtp9oT1bE1is2fW1p5+RTRiotY2cT14BBzh7VnKuvULiIo4ygUsTL5+ g/L89mkZWmiFHnzgW0qD3aNc5rMMSLrTKSQ3wOjF8u4nbC4szElKK9XvnlPYMU/3ZHjW a72CM7/PlucyMPWs0okorr+B7Bh8lTqYuvdybs/7Zy6kwyNfC46Q5Np9m2y3QlbbxN/Y Xa/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :cc:to:from:dkim-signature; bh=jm3KVJnyvPdv9RMpBNqkqOZjTz7L7/rIgwn0bT2D8oQ=; fh=arPikEsT06jPtI25hk2OrVLe9/IkY1Cm6wiNdGb3Wj8=; b=Tdy/XgCu5ngSRtjHqp+QprUKOSE67Zy5KWeuu7C7AxzJqehAxQzr7qu/4D4J0Svpp1 KeHBGeAfT7bDBUNmrcqYyT0/Ty6pG3DjN9Jh2NhhU2wTk+7kWz47zpUjNHhsgvV2aDF2 IxMF6NMl0Hx3jmwc6Ct4HDaoQHazR8gtQIOJ4XQT7zSv0yLvShPBH5rJ8+Icw1da9KNQ Lpm+ukuacsmPFmQ8eV/Vyl1QFdCxUV+CUzOmpmyuuHwjQwP0TQr8abJ2xejposio7vVu gRSiGlH7BrvVcEAnkkIWSmhIJbfp2NYTyFa4E37R2jcsd+tpnwT76BZH96BXfhUQozqL sO2A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jsLwetiQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of alexander.heinisch@siemens.com designates 2a01:111:f403:2606::612 as permitted sender) smtp.mailfrom=alexander.heinisch@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20612.outbound.protection.outlook.com. [2a01:111:f403:2606::612]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-70b7ecc230asi240921b3a.4.2024.07.16.06.31.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jul 2024 06:31:04 -0700 (PDT) Received-SPF: pass (google.com: domain of alexander.heinisch@siemens.com designates 2a01:111:f403:2606::612 as permitted sender) client-ip=2a01:111:f403:2606::612; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cYnoxlmQMl2iFILwYY48v25r09EpZI5UNhqwYQZLPlUL+uxhePDd1kTYGX8ihpbbC1FxnL3zXSck5lLhCcSaUeIkOY2vqibWmun2n91LfSKBqE4dQDNELQLIz9nf2yS+n3DJitTYsPceoprDq2pmKRMUMhz95ZUR/He2Qk9Kcn+qo/r0T+/TCgnViyinFZcL58r4s7TA79OX5t7Xntt3wX+kLhm2xefbKTqvQQ+AzVQmfUfij9rUJCr5Gw8A+3QADX2opzYslM182bLWCcIjsPM4a+irELtGvvQM748zcUwncISn1zPYQBw13QqFPDB8OKFnRBB0lZlOPZFz+kaakw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jm3KVJnyvPdv9RMpBNqkqOZjTz7L7/rIgwn0bT2D8oQ=; b=cCD2z69maIGmHae15gzux35DPQOrGdsDv6cZMdpDZzTa3RCD4EGte/LlAilmC1smtWYPvhXMzKHoDxPItNz1tlIQ+nocNaWxlEtIz78Sn7hhl6U0ozSvZzHvX0iJmNxDoFpNEVYs9KInDccgejPFTzaDxFBLfhxwu+h0AvmdzZNRjO3OEalRJJ8Bbmr5zIcWT/vvhAsAausg5wQLIsxBIKTvnqe7T2WFsb/k7awkKKqEsoLuMwIh6y5sAlDoEbvgRgebH+uVtqHaNPaHM4iUhdKJi5N9Ky0NzGX8O7NzDdjFAtWbgES3AVrv6SUuh+bzsU0kAvMLHAyqZfYMAyvsEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3320.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:10c::13) by VI0PR10MB8469.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:21c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.28; Tue, 16 Jul 2024 13:31:00 +0000 Received: from AM7PR10MB3320.EURPRD10.PROD.OUTLOOK.COM ([fe80::3a6d:95dc:3ce2:6da0]) by AM7PR10MB3320.EURPRD10.PROD.OUTLOOK.COM ([fe80::3a6d:95dc:3ce2:6da0%4]) with mapi id 15.20.7762.027; Tue, 16 Jul 2024 13:30:59 +0000 From: "'Heinisch, Alexander' via isar-users" To: "isar-users@googlegroups.com" CC: "Kiszka, Jan" , "quirin.gylstorff@siemens.com" , "Heinisch, Alexander" Subject: [meta-isar] Proposal to improve initial device bootstrapping Thread-Topic: [meta-isar] Proposal to improve initial device bootstrapping Thread-Index: AdrXglnCFID0IKt2Qheoi3Gzli88Cg== Date: Tue, 16 Jul 2024 13:30:59 +0000 Message-ID: Accept-Language: de-AT, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=0ebf99ed-6d6c-4743-bf47-d3ffa50eda64;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-07-16T13:07:01Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AM7PR10MB3320:EE_|VI0PR10MB8469:EE_ x-ms-office365-filtering-correlation-id: 1fd75e52-0d6e-4261-627c-08dca59b878d x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|3613699012|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?Q?7faP8fDHbvo2ICZQc+QhMNwbF+lsNRiOxMJg3zZ+1WgVhxSpxz/S/scjDC?= =?iso-8859-1?Q?nH+Wuft4b6+Pz2kPBOCEYByJB9/XqU3tPypYbTbXth6wiBeCf3FGVn21GN?= =?iso-8859-1?Q?Rqk3CBv+Qm5lzTF46bdf6jIlowkmduGjcf2/0mHRnsrEiFOft8gl/z31jR?= =?iso-8859-1?Q?4lc1+kCkL3NmlutU7mi7ODIlaPFGXeizEasA1SRHlPl4opv3rMo9yNYSTv?= =?iso-8859-1?Q?pPY3kLboBhgPVHVWBDlpobcxTzTJExqdVRarI4zEsEmWpG1kxN2MFnWQ0O?= =?iso-8859-1?Q?v0kliQjIosSLZz4dargpGUvcVCoAGXHPu+6JfI0LVZtoIdRm54ZhMcO0+o?= =?iso-8859-1?Q?hF1Iixcjztwy7eIVV18f5rTMiph9jl8Aok1JOXSjwbKTxZSgJNzDBI5lq2?= =?iso-8859-1?Q?MDFwC9pMR27SXkyfSCGXxljDFI+XRLb3ahT2afNqMBbAi/oVMC2g5DgMec?= =?iso-8859-1?Q?ofoiSeU8un+99yB9S2Le0KvM+HRyG9sVoclzIVQndyoRtlJcOZiwNigmVL?= =?iso-8859-1?Q?D3JfFQeucIcp+//SvdP+USH/RVF+5rP7sQQDnZrJzL2HcYVTcVlBUgh546?= =?iso-8859-1?Q?2Ann+qMIeQn3dLjmA38mLEceqQkTqlkPhnZcUn8WnT6wYw/MSkoweVzfkp?= =?iso-8859-1?Q?IMT8mA5MuakuNuD4ovNMG31HQX4eEvj/M7TGbtXlxbYRLVxLB8mBerdODT?= =?iso-8859-1?Q?Ls4UHKCtWNC1RHcTJYEnwJx3fcZD72XtsXOGL9zzG8V8MxnIQyOO9Tq9Qz?= =?iso-8859-1?Q?FlXuiuQtMB+rFmuF5cqmPEj/kzXyBCIAUHzeXVpuSgUZQLBSEybE8jy7DK?= =?iso-8859-1?Q?YY3Jqqpj4V/VO8SG6NUz1D1KAqfU7Kb44TI3OQPAXbdy+/15Tqu/Yc6jyH?= =?iso-8859-1?Q?HCSlkT/9dGShvrfMwQTk14j3rvYAanSRapbB0UpdGeqFibsPQTDr9ckAp3?= =?iso-8859-1?Q?4JDaovQFbEe1niAbwLNjAU5YSnicwlTb5Nofg4F5AAm+r5H2ZsirTDLJbR?= =?iso-8859-1?Q?FkwplxJ5Yv0JLxGtv6+1Th2uCV5qiwMCELxPU7ygJMZNLe6uKGpEs3T7qg?= =?iso-8859-1?Q?TonCbOYEFzlPblVhe4JiAHZuAqY0AQ6BWxdh0fHM19wx0/MwpXlfneYrs5?= =?iso-8859-1?Q?GDsqPiF6JuSqtzNjuhRALBVyFcaRAFK32h68LjXbse4Qo/Yz+BFykHtjsG?= =?iso-8859-1?Q?yB3vl8a9BPVq7iZLpvFY+trSsoI470rkFyg9gjIZnP4HItvuWTRei7nx/d?= =?iso-8859-1?Q?UJwBq8yo03Hp/wLSIXcvWed7g9YPfVAjdVkdWhcP48sCIO621zLqvLDp3H?= =?iso-8859-1?Q?jShdJfPhpISlWvcU0oTOPN9tt9wsa/YbYP4yxFF8V0OOqR0+Pc65HLKSdK?= =?iso-8859-1?Q?TDUt5NVgtzOnmTNMGMEuJThIrL7k3m8gMVsK3IMVpyBDnshXNL3CXMcRF5?= =?iso-8859-1?Q?bYgrmLF2Cp20JMdaUpE90ec/RkjbO2ROqMLD0Q=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3320.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(3613699012)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?sXzgnIwxRa9LdU7VgHUJPZQ5Pof4X5rsG/O/voHh11fbXnqY2jKOzlS4Oy?= =?iso-8859-1?Q?RvzVRD+yZTKZD53q61r8euKTBPVBQ/pzDToQwlJGHBym8Jw3jPX4AjRmbi?= =?iso-8859-1?Q?cBi3LJDS5tiL+aW7cAwkDoPSWBTHXqj/hG+pNdnCZlNkj8c810iS+zR1+P?= =?iso-8859-1?Q?4GVjnSNWVvHfGSOnLq0b1KtPoy+9+Y6jf5an1Dnbi3ImtXj0JbpP1MrZU0?= =?iso-8859-1?Q?hDO3/oSNEGYirSxWnBXBNofIAvpFRfwoOKElY0/rEx+zvcUf3EbhdtMHCj?= =?iso-8859-1?Q?jzTVGrRmcjJ0iqkR+/nrkTYhCfG7a3Pl7ANIoX/czK4LkkzKkjUDXRPn8h?= =?iso-8859-1?Q?b3N679ULY5k0wN1J18cPzj4L2r04G3yS5cBSHxFc4UGjg2jm+SHkb9mtRC?= =?iso-8859-1?Q?nVj57hxdBnDhcHKSqeFadGxgHHsWY4h8LFzvo3MdsuIE8qw79xvO0SZ8/g?= =?iso-8859-1?Q?DMCrRMMQShboQ5xWUpmUEZXP+GSkHUcNvHp1n7Qyo9i6o6yG+AMFqFDodR?= =?iso-8859-1?Q?Qz0Z90Uocs5nUEYEj9FSAgiwIsecW28z2Wylyu8aQ0yvIjRauKbYJQKNiI?= =?iso-8859-1?Q?7he6j5PNqItFG1ULV8dgP68oEZmVp6imGn5ECp0m/ahTUwYhNhPq1DbuO+?= =?iso-8859-1?Q?tYiul8I5Xk8+epcirV38SHzI3a/lZ+Nicr/Fk/nKAcfXHv6fJ0DoA67zUQ?= =?iso-8859-1?Q?Gjt68jXU7mpjMSuQtjV1n5zLB8JJb4xxKNdeovcSY+ngWXkoVI2SQ8bLLL?= =?iso-8859-1?Q?BLy0OAia6vb4rmbVlx61zy7aFvN1zhZHvTyEF3ePBcuBGJbQkjg1wRbGRy?= =?iso-8859-1?Q?3SY2vo4noW7ocdZvkmfAiG4mratsVLJH8TOt5Uco6gK/lpBJrW8pkUQTac?= =?iso-8859-1?Q?oJGeucMEgKGHA+XGO1QMNnZQ9mJh0uIKDjBygSNss2ZprqPZMYOOB/yjSB?= =?iso-8859-1?Q?3KJCM1uLegLM6mJbYTfFZVxEQ0Q5zkasQSuiGyoXfK5esiMYwH3I7lZiU9?= =?iso-8859-1?Q?spZzDD8Cac2USPLx6PncOQ10M28+iRGHFFB31VVILH+sTP7STmAa/ioTDx?= =?iso-8859-1?Q?B2KUfiijwTKLTBYiwgTufXqSQNGyPifzzDsAZtaFQ1j+7681WHYX1SNHX/?= =?iso-8859-1?Q?+xjNaO3qHlZhYaCSdaFUtd4wHHBDOvTs5MCTDsBm9Zq2glghuA45YeF18u?= =?iso-8859-1?Q?f9KdQfwFnKsfjFjPGheEu7dCdXXH1FBL7YeX60F0EL5kMSojizX68ee7JU?= =?iso-8859-1?Q?YjHh7j2xcWZKj4Drl+iGPU9dtwm7MMPTuTGQ09c93VsnjxSwxVObJPJUdp?= =?iso-8859-1?Q?DinLzRD2cN0pJq919DOwIk6N+MmKb5W2ejzNHwLKpns39fO7+AtmZfq6pM?= =?iso-8859-1?Q?4moDduX0T4eyMh9P0aWYGBqelWSeJt9gTILGGy4B45qxw+mfaJ4BaAPSGo?= =?iso-8859-1?Q?o0nGivBtpRBG3E6wmCN5RnH0+FjPwx7n1YWo7NE1q//dFNeEZ4Li1HrqFk?= =?iso-8859-1?Q?cM4atZyt/P7YM+zgKpfuTcsv7l2VcjNl4F6p1KB87javAXfwJc/Quble/5?= =?iso-8859-1?Q?DyPuY8RoExUtKpky2PV9VRHXxXruhMFUxbA86wZWIN6kYZpVU4BLEjeBEE?= =?iso-8859-1?Q?4+offUYUI/yiLPyZvcb1u60bboIJVt5hhgqSApGzTKzwAkcPVKgaC43g?= =?iso-8859-1?Q?=3D=3D?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3320.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 1fd75e52-0d6e-4261-627c-08dca59b878d X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2024 13:30:59.1996 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N50YnNOqTQbPuRSZEj2EUX8bl7U3d6QWhJeVvlV/4+72e/diPQiU9q3/KltZYbVyhG2wGVEfbv/rkMsEZeuEBu0fMGEh7jEcM0gQGWYeo6s= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB8469 X-Original-Sender: alexander.heinisch@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jsLwetiQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of alexander.heinisch@siemens.com designates 2a01:111:f403:2606::612 as permitted sender) smtp.mailfrom=alexander.heinisch@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "Heinisch, Alexander" Reply-To: "Heinisch, Alexander" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: b0RfIVCa/+Qy # Device Bootstrapping This is a proposal to improve initial device bootstrapping with meta-isar b= y making the `isar-image-installer` a more versatile and general tool. ## Background Currently, the `isar-image-installer` contains the target image to be deplo= yed (copied) to the target device in it's root filesystem. The installer im= age has to be copied to a usb stick and executed on the target device. In our current manufacturing setup we are targeting prebuilt devices withou= t any OS precommissioned. Flashing images directly to disk is not possible = at that stage easily. That's why we are using the `isar-image-installer` to deploy the target ima= ges to the device via usb. ## Motivation This approach works fine when working with a single device on desk, having = keyboard and screen attached, but does not scale for large rollouts for mul= tiple devices during manufacturing. To scale that process I suggest not only supporting a usb stick scenario, b= ut also a variant to boot via pxe boot (or ipxe-boot) into an live os (whic= h could (and probably will) be `isar-image-installer`). > Note: Currently, we are targeting x86 based architectures providing UEFI. ## Identified Problems 1. =C2=A0**Problem**: The installer script has to provide an unattended mod= e. =C2=A0 =C2=A0 **Possible Solution**: Add setting for unattended mode either= via well known config file or via kernel cmdline. 2. =C2=A0**Problem**: When embedding the target image into the installer ro= otfs a rebuild of the installer image is required everytime we change the t= arget image. =C2=A0 =C2=A0 **Possible Solution**: Installer image could download target = image from http/ftp/s3 server at runtime and install it from memory. (There= fore, we have to ensure enough memory is provided, or probably support some= kind of streaming functionality) 3. =C2=A0**Problem**: Since pxe transferrs only the kernel and the initramf= s via TFTP (rather slow) When using pxe we have to provide the rootfs of th= e installer via nfs. =C2=A0 =C2=A0 **Possible Solution**: Having an online installer downloading= the target images from some external source, enables us to put all install= er logic in the installers initramfs. Thus, no need for an installer-rootfs= . =C2=A0 =C2=A0 > Note: This not always works. Since we also want to support = the usb use case, loading the target image from rootfs is still a desireabl= e option we have to maintain! 4. =C2=A0**Problem**: Enrolling secure boot keys has to be done manually no= w. Currently we are using scripts to do so which get executed after the ins= taller ran. This is needed, since the installer is not signed. =C2=A0 =C2=A0 **Possible Solution**: Sign installer. 5. =C2=A0**Problem**: Still, enrolling the keys manually upfront is cumbers= ome and error prone, and buying devices with preenrolled keys, oftentimes i= s not wanted due to additional cost and additional trust. Enrolling the key= s after installation can be done, but again, is a manual task which should = be automated. =C2=A0 =C2=A0 **Possible Solution**: Enroll secureboot keys as an additiona= l step during installation. =C2=A0 =C2=A0 > Note: Since `installation` is not an appropriate term anymo= re, when not only the image get's installed but additional steps like key-e= nrollment takes place, I will call that workflow `target-bootstrapping` in = the remainder of this text. 6. =C2=A0**Problem**: Disc encryption is currently done on first boot of th= e device (detects if disk is already encrypted, and if not, encrypts it.) W= e saw that this process sometimes takes several minutes and is one of the c= rucial parts when initially starting up. In our scenario after a device got= precommissioned it is put aside and stored (without initial boot of the ta= rget os). Once manufacturing needs to pick up a new device it is taken from= there and assembled to the main asset shipped to the customer during asset= production. Since that step has to be as easy and as fast as possible, wai= ting several minutes (due to initial encryption) to check basic device info= rmation or worse, failing at that stage is inacceptible. =C2=A0 =C2=A0 **Possible Solution**: Encrypt target device disks as an addi= tional step during `target-bootstrapping`. 7. =C2=A0**Problem**: After the initial procomissioning of the device statu= s information of the device (e.g. serial number, hardware info) has to be t= ransferred to our central mgmt. system. =C2=A0 =C2=A0 **Possible Solution**: Run custom scripts as part of the `tar= get-bootstrapping` 8. =C2=A0**Problem**: During `target-bootstrapping` the progress of the boo= tstrapping has to be visualized. When talking about bootstrapping multiple = devices attaching a screen is not desired. Thus we plan to give some status= indication via LED drivers as well, and also report status to our central = mgmt. system. =C2=A0 =C2=A0 **Possible Solution**: Run custom scripts for status reportin= g. This means, that customizeable scripts shall be invoked before and after= every single bootstrapping phase, and ideally also reporting an overall pr= ogress. ## Draft Instead of excecuting the deploy image script as a systemd service we propo= se to implement a configurable target-bootstrapper, which takes prepackaged= scripts as an input and invokes them in a generic way. ``` TARGET_BOOTSTRAPPER_ADDITIONAL_PACKAGES +=3D " deploy-image" TARGET_BOOTSTRAPPER_TASK_deploy-image[script] =3D "deploy-image-wic.sh" TARGET_BOOTSTRAPPER_TASK_deploy-image[workdir] =3D "/usr/bin" TARGET_BOOTSTRAPPER_TASK_deploy-image[effort] =3D "2" ``` This configuration enables us to reuse existing upstream (e.g. deploy-image= [1]) as well as downstream scripts (e.g. encrypt partition [2] from cip-co= re or enroll secure boot keys from other downstream repo) without code-dupl= ication. To allow such bootstrapper to report progress between execution of each of = the prepackaged scripts, customized status reporting utilities can be confi= gured and will be invoked. Such utilities include e.g. led drivers, status = reporting via an REST service, aso.=20 Each script-configuration can not only specify a dedicated workdir and entr= ypoint, but also an effort-estimate to weight the work performed within a s= ingle script more accurately. Besides coming up with an initial draft of such target-bootstrapping (will = send a patchseries in the upcoming days) one of the first steps will be to = refactor the existing deploy-image-wic.sh to allow for `unattended-mode` (b= ased on this patche-series [3] from Jan Kiszka) and extend the script to su= pport downloading the target images from an http server. [1] https://github.com/ilbers/isar/blob/master/meta-isar/recipes-installer/= deploy-image/files/deploy-image-wic.sh [2] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/rec= ipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script?ref_type= =3Dheads [3] https://patchwork.isar-build.org/project/isar/patch/6279c4d497ade9a55ca= d9c0f2f21834ae97f964c.1719927511.git.jan.kiszka@siemens.com/ Looking forward for your inputs, Thank you! Alexander --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= isar-users/AM7PR10MB33207E2BF4AD0A22E2A206B886A22%40AM7PR10MB3320.EURPRD10.= PROD.OUTLOOK.COM.