Hi David,

On 11/27/24 06:28, Jan Kiszka wrote:

Hi David,

On 25.11.24 16:00, d.kauschke154@googlemail.com wrote:

Hello everyone,

I am interested in understanding the current state of hardware support
for the Raspberry Pi 4 within the cip project.
My goal is to use the Raspberry Pi 4 with secure boot and secure update
mechanisms based on the cip project.

1)) What progress has been made so far in supporting the Raspberry Pi 4
hardware in the cip project?
2)) How can any remaining gaps or challenges be addressed to achieve
full support?
IIRC, Quirin once had a prototype for that, just not public. He may
answer best what was need or what would still be missing.
For our internal rpi4 prototype we used the following boot chain:

raspi firmware -> U-Boot -> efibootguard -> CIP kernel -> A/B

I added the following adaptations:
- Raspi-config for booting U-boot
- U-boot config for Raspi4 with EFI support
- Additional bcm2711_defconfig for CIP kernel(6.1.y-cip)
- wks for RPI4 and A/B rootfs

3)) What steps or contributions would be most valuable in advancing this
effort?
Baseline would be a booting image with a compatible CIP kernel. From
there, we would need to see what is missing for SWUpdate and Secure Boot
(both via UEFI). Probably just the integration of a chain-loaded recent
U-Boot as UEFI provider.

But note that no CIP member has so far expressed demand for officially
supporting that hardware and its SoC. So you may have to bring an
RPi-specific recipe rule to add potentially disabled (and not officially
supported) kernel features via a config snippet.

Jan

Therefore CIP support for the Raspi4 platform is not planned in the medium term (next 1-2 years) , correct?
So a possible starting approach could be to create a public meta-cip-raspberrypi4 on Github like the project https://github.com/siemens/meta-iot2050 ?