From: Francesco Valla <francesco@valla.it>
To: yocto@lists.yoctoproject.org, michael.opdenacker@rootcommit.com
Subject: Re: [yocto] Simple solution to create a non-root partition image?
Date: Mon, 4 May 2026 19:58:13 +0200 [thread overview]
Message-ID: <afjcHHSs2HjRvOrW@bywater> (raw)
In-Reply-To: <9e2ba2a4-9aee-4676-b623-c811a0a7292a@rootcommit.com>
Hi Michael,
On Sun, May 03, 2026 at 10:40:02PM +0200, Michael Opdenacker wrote:
> Greetings,
>
> For an ongoing project with a read-only root filesystem, I'd like to create
> an image for a non-root partition.
>
> To give you some context, this partition would contain data and scripts to
> be used at first boot to do per device provisioning work. Some of these
> would be removed after provisioning, as they could tip attackers about how
> secrets are stored if they get their hands on devices that haven't been
> provisioned yet. Hence, these cannot be in the read-only root filesystem.
>
> To create such an image, I tried to create a new image recipe inheriting the
> "image" class, and then install some packages into the image with a "local"
> IMAGE_INSTALL list.
>
> This seems it could work, but I'm struggling with removing dependencies
> (bootloader, kernel, etc) that are only relevant for a root filesystem
> image.
>
in case you need to have a "full" filesystem, which not only includes
the provisioning tools but e.g. also their dependencies that you don't
want to include in the rootfs, an option might be mimic'ing what is done
for the initramfs [1]:
IMAGE_FEATURES = ""
IMAGE_LINGUAS = ""
PACKAGE_INSTALL = " \
foo \
bar \
baz \
"
PACKAGE_EXCLUDE = "kernel-image-*"
IMAGE_NAME_SUFFIX ?= ""
inherit image
Note there the usage of PACKAGE_INSTALL instead of IMAGE_INSTALL.
[1] https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/images/core-image-initramfs-boot.bb?h=styhead
> Would there be a simpler way to create a non root partition image?
>
> Thanks in advance
> Cheers
> Michael.
Regards,
Francesco
next prev parent reply other threads:[~2026-05-04 17:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-03 20:40 Simple solution to create a non-root partition image? Michael Opdenacker
2026-05-04 8:47 ` [yocto] " Quentin Schulz
2026-05-04 13:08 ` Michael Opdenacker
2026-05-04 13:15 ` Quentin Schulz
2026-05-04 13:39 ` Cleiton Bueno
2026-05-04 13:55 ` Michael Opdenacker
2026-05-14 16:45 ` Michael Opdenacker
[not found] ` <684BE1E8-500C-4169-B5AF-C72E064F28E8@siliconbladeconsultants.com>
2026-05-04 13:27 ` Michael Opdenacker
2026-05-04 14:05 ` Francesco Cervigni
2026-05-14 16:27 ` Michael Opdenacker
2026-05-04 17:58 ` Francesco Valla [this message]
2026-05-06 9:44 ` Felix Mellmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afjcHHSs2HjRvOrW@bywater \
--to=francesco@valla.it \
--cc=michael.opdenacker@rootcommit.com \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.