Configuring wifi in open embedded builds

Drew Moseley Technical Solutions Architect Mender.io

Session overview ● Discussion of network management packages ● Runtime examples of configuring Wifi credentials ● Static configuration of credentials at build time ⎻ Recipes available in github1 ● Other related considerations ● More “howto” than other talks Goal: Gather all relevant details in one place 1 https://github.com/drewmoseley/meta-wifi-credentials

About me Drew Moseley ○ 10 years in Embedded Linux/Yocto development. ○ Longer than that in general Embedded Software. ○ Project Lead and Solutions Architect. drew.moseley@mender.io https://twitter.com/drewmoseley https://www.linkedin.com/in/drewmoseley/ https://twitter.com/mender_io Mender.io ○ Over-the-air updater for Embedded Linux ○ Open source (Apache License, v2) ○ Dual A/B rootfs layout (client) ○ Remote deployment management (server) ○ Under active development

Challenges for Credentials Storage in Embedded Devices On-target user interface (or lack of) Network management package variety Credential availability at build time (?) System init packages (systemd vs sysvinit) Multiple systems/one image Read-only root filesystem Trusted storage(not discussed here)

Test Setup ● Raspberry Pi Zero W ● Serial console cable ● GL.iNET portable router ● SSID: scale17OEDemo ● Password: monkey123

$ mkdir src $ cd src $ git clone -b thud git://git.openembedded.org/openembedded-core $ git clone -b thud git://git.yoctoproject.org/meta-raspberrypi $ git clone -b 1.40 bitbake $ git clone git://github.com/drewmoseley/meta-wifi-credentials $ cd .. $ . src/openembedded-core/oe-init-build-env $ bitbake-layers add-layer ../src/meta-raspberrypi Prerequisites - Open Embedded Source Code https://www.openembedded.org/wiki/OE-Core_Standalone_Setup

Prerequisites - Basic OE Configuration MACHINE="raspberrypi0-wifi" IMAGE_FSTYPES_append = " rpi-sdimg.bmap" ENABLE_UART = "1" DISTRO_FEATURES_append = " wifi" IMAGE_INSTALL_append = " linux-firmware-rpidistro-bcm43430 kernel-module-brcmfmac " IMAGE_FEATURES_remove = " ssh-server-openssh" Snippet for local.conf:

Prerequisites - Build/Deploy $ bitbake core-image-full-cmdline $ cd tmp-glibc/deploy/images/raspberrypi0-wifi/ $ sudo bmaptool copy --bmap core-image-full-cmdline-raspberrypi0-wifi.rpi-sdimg.bmap core-image-full-cmdline-raspberrypi0-wifi.rpi-sdimg /dev/mmcblk0 $ cd -

Prerequisites - Test Basic Bringup root@raspberrypi0-wifi:~# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether b8:27:eb:53:95:7d brd ff:ff:ff:ff:ff:ff ● Boot device and verify wlan0 device exists. ● Login is root with no password.

Network management options ● sysvinit ○ wpa_supplicant ● systemd ○ systemd-networkd ○ connman ○ NetworkManager

sysvinit + wpa_supplicant build ● Note: This is the thud branch default Snippet for local.conf: IMAGE_INSTALL_append += " wpa-supplicant"

root@raspberrypi0-wifi:~# wpa_passphrase scale17OEDemo monkey123 >> /etc/wpa_supplicant.conf root@raspberrypi0-wifi:~# ifup wlan0 root@raspberrypi0-wifi:~# ping 8.8.8.8 sysvinit + wpa_supplicant runtime configuration

sysvinit + wpa_supplicant build time configuration (1/2) $ bitbake-layers add-layer ../src/meta-wifi-credentials/sysvinit network={ ssid="scale17OEDemo" psk=724d6c4e2d43f965563f25780889ad961ae6471b16d8594c9b58315422773321 } recipes-connectivity/wpa-supplicant/files/scale-demo.conf: FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI += " file://scale-demo.conf" do_install_append () { cat ${WORKDIR}/scale-demo.conf >> ${D}${sysconfdir}/wpa_supplicant.conf } recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend:

sysvinit + wpa_supplicant build time configuration (2/2) # Ensure that wlan0 is set to auto # do_install_append () { echo 'auto wlan0' >> ${D}${sysconfdir}/network/interfaces } $ bitbake-layers add-layer ../src/meta-wifi-credentials/sysvinit recipes-connectivity/init-ifupdown/init-ifupdown_%.bbappend

systemd + systemd-networkd build ● Systemd-networkd is the thud branch default when systemd is enabled. ● There has been talk of making systemd the default init system IMAGE_INSTALL_append += " wpa-supplicant" DISTRO_FEATURES_append += " systemd" DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL-RUNTIME_initscripts = "" * Snippet for local.conf: * Required for all systemd based configurations

systemd + systemd-networkd runtime configuration root@raspberrypi0-wifi:~# mkdir /etc/wpa_supplicant root@raspberrypi0-wifi:~# wpa_passphrase scale17OEDemo monkey123 >> /etc/wpa_supplicant/wpa_supplicant-nl80211.conf root@raspberrypi0-wifi:~# cat > /etc/systemd/network/wlan.network << EOF [Match] Name=wlan* [Network] DHCP=v4 [DHCPv4] UseHostname=false EOF root@raspberrypi0-wifi:~# systemctl restart systemd-networkd root@raspberrypi0-wifi:~# systemctl start wpa_supplicant-nl80211@wlan0 root@raspberrypi0-wifi:~# ping 8.8.8.8

FILESEXTRAPATHS_prepend := "${THISDIR}/files:" PACKAGECONFIG_append = "networkd resolved" SRC_URI += " file://wlan.network" FILES_${PN} += " ${sysconfdir}/systemd/network/wlan.network" do_install_append() { install -d ${D}${sysconfdir}/systemd/network install -m 0644 ${WORKDIR}/wlan.network ${D}${sysconfdir}/systemd/network } systemd + systemd-networkd build time configuration (1/2) $ bitbake-layers add-layer ../src/meta-wifi-credentials/systemd-networkd [Match] Name=wlan* [Network] DHCP=v4 [DHCPv4] UseHostname=false recipes-core/systemd/files/wlan.network: recipes-core/systemd/systemd_%.bbappend:

FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI += "file://wpa_supplicant-nl80211-wlan0.conf" ### SYSTEMD_SERVICE_${PN}_append = " wpa_supplicant-nl80211@wlan0.service" do_install_append () { install -d ${D}${sysconfdir}/wpa_supplicant/ install -D -m 600 ${WORKDIR}/wpa_supplicant-nl80211-wlan0.conf ${D}${sysconfdir}/wpa_supplicant/wpa_supplicant-nl80211-wlan0.conf install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ ln -s ${systemd_unitdir}/system/wpa_supplicant-nl80211@.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/wpa_supplicant-nl80211@wlan0.service } systemd + systemd-networkd build time configuration (2/2) $ bitbake-layers add-layer ../src/meta-wifi-credentials/systemd-networkd ctrl_interface=/var/run/wpa_supplicant update_config=1 network={ ssid="scale17OEDemo" psk=724d6c4e2d43f965563f25780889ad961ae6471b16d8594c9b58315422773321 } recipes-connectivity/wpa-supplicant/files/wpa_supplicant-nl80211-wlan0.conf: recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend:

Using systemd without networkd ● Need to disable resolved and networkd in systemd PACKAGECONFIG PACKAGECONFIG_remove = "networkd resolved" recipes-core/systemd/systemd_%.bbappend:

systemd + connman build IMAGE_INSTALL_append += " connman connman-client" * Snippet for local.conf:

systemd + connman runtime configuration root@raspberrypi0-wifi:~# connmanctl connmanctl> enable wifi Enabled wifi connmanctl> scan wifi Scan completed for wifi connmanctl> agent on Agent registered connmanctl> services scale17OEDemo wifi_b827eb53957d_7363616c6531374f4544656d6f_managed_psk connmanctl> connect wifi_b827eb53957d_7363616c6531374f4544656d6f_managed_psk Agent RequestInput wifi_b827eb53957d_7363616c6531374f4544656d6f_managed_psk Passphrase = [ Type=psk, Requirement=mandatory ] Passphrase? monkey123 connmanctl> quit root@raspberrypi0-wifi:~# ping 8.8.8.8

systemd + connman build time configuration FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI += " file://scale17OEDemo.config" do_install_append() { install -d ${D}/var/lib/${PN} install -m 0600 ${WORKDIR}/scale17OEDemo.config ${D}/var/lib/${PN}/ cat >> ${D}${systemd_unitdir}/system/${PN}.service <<-EOF [Service] ExecStartPost=/bin/sleep 5 ExecStartPost=/usr/bin/connmanctl enable wifi EOF } $ bitbake-layers add-layer ../src/meta-wifi-credentials/connman [global] Name=scale17OEDemo Description=scale17OEDemo WIFI config file [service_wifi_scale17OEDemo] Type=wifi Security=wpa2 Name=scale17OEDemo Passphrase=monkey123 recipes-connectivity/connman/files/scale17OEDemo.config: recipes-connectivity/connman/connman_%.bbappend:

systemd + NetworkManager build $ git clone -b thud git://git.openembedded.org/meta-openembedded ../src/meta-openembedded $ bitbake-layers add-layer ../src/meta-openembedded/meta-oe $ bitbake-layers add-layer ../src/meta-openembedded/meta-python $ bitbake-layers add-layer ../src/meta-openembedded/meta-networking IMAGE_INSTALL_append += " networkmanager networkmanager-nmtui" Snippet for local.conf:

systemd + NetworkManager runtime configuration root@raspberrypi0-wifi:~# nmtui

systemd + NetworkManager build time configuration FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI += "file://scale17OEDemo.nmconnection" do_install_append () { install -d ${D}${sysconfdir}/NetworkManager/system-connections install -m 0600 ${WORKDIR}/scale17OEDemo.nmconnection ${D}${sysconfdir}/NetworkManager/system-connections } $ bitbake-layers add-layer ../src/meta-wifi-credentials/networkmanager [connection] id=scale17OEDemo type=wifi [wifi] ssid=scale17OEDemo [wifi-security] key-mgmt=wpa-psk psk=monkey123 recipes-connectivity/networkmanager/files/scale17OEDemo.nmconnection: recipes-connectivity/networkmanager/networkmanager_%.bbappend:

Other Considerations ● Security of credentials ● Userland drivers: ie WEXT (obsolete) vs nl80211 ● mDNS ● Captive portals ● Access Point mode ● Enterprise WiFi ● 2FA

Thank You! Q&A @drewmoseley https://mender.io drew.moseley@mender.io

Configuring wifi in open embedded builds

More Related Content

What's hot

Similar to Configuring wifi in open embedded builds

More from Mender.io

Recently uploaded

Configuring wifi in open embedded builds