Skip navigation

CustomImage - preparing, making for MAG254

CustomImage - software image which is signed with the operator's Custom key.
The Custom key is created by operators on their own and it has not to be signed with the manufacturer's key.

How to update STB with CustomImage:

  1. It can be updated from operator's or Embedded portal (by HTTP or USB) only to other CustomImage versions that are signed with the same Custom key.
  2. It can be updated from the System recovery or Bootloader menu only to PublicImage versions.

CustomImage is proposed to use to operators which intend to implement a secure software update by HTTP keeping the ability to upgrade STBs to PublicImage versions (not signed with custom-key) from the Bootloader.

Image-making steps

  1. Prepare required files according to items 1, 2, 3 of Creation of software image. Key points section as follows:

    1.1 Preparation of environment variables.
    1.2 Profile preparation.
    1.3 Copying the kernel source file from the STB release to the working directory of Operator Utilities.

  2. Create custom-key (if it was not created earlier) and export it from the GPG. Put the stb_custom.bin file in the rootfs in /usr/bin/ directory before image-making.

  3. Make the transitional STB software image with the required customizations.  Without putting an operator logo!

  4. Make the final STB software image with all required customizations including an operator logo (if it is needed).
  5. Update STB in two stages:
    1. Update to the transitional image. Since it signed with the Public key, use the update from the System recovery or Bootloader menu, depending on the STB model.
      Note. For versions below 0.2.14-r8, the update from Portal is used as well.
    2. Update to the final image. Since it signed with a Custom key, use the update from Portal's System Settings menu (HTTP or USB methods).

1. Prepare custom-key

1.1 Perform:

gpg --gen-key

Choose:

(5) RSA (sign only) 
What keysize do you want? (2048) 2048
Key is valid for? (0) 0
Is this correct? (y/N) y
Real name: Key ID

where: Key ID - random key name, which will be stored in GPG

1.2 Export key in the file:

gpg -o stb_custom.bin --export ID_Key

1.3 Place stb_custom.bin file in rootfs in /usr/bin/ directory.

File stb_custom.bin should be used in all further image-making (after 0.2.14-r8).

2. Transitional image

 Make sure that the stb_custom.bin file is in rootfs/usr/bin/ directory.

2.1 Public key is used (the Public key is present in the Operator Utilities). Perform: 
gpg --import stb_secbin.key
export MAG200_OP_KEY=STB_PUBLIC

2.2 The kernel should be signed with the Public key. Perform:

./kernel_sign_254.sh

Transitional image-making.

Attention! Without an operator logo!

Comment the following string

export LOGOTYPE_PATH=./images/logo.bmp.gz

in profile ./img_make.profile.mag254

2.3 Perform imageupdate making: 
./img_make.sh 218 "test_transitional" ../../rootfs MAG254 ./img_make.profile.mag254

2.4 Rename imageupdate . For example:

mv imageupdate imageupdate_trans

3. Final image

3.1 Custom-key is used. Perform:

export MAG200_OP_KEY=ID of custom-key

3.2 Sign the kernel using custom-key:

./kernel_sign_254_custom.sh

3.3 Specify ID of custom-key in file img_make.profile.mag254 :

export MAG200_OP_KEY=<ID of custom-key>

3.4 imageupdate making:

./img_make.sh 218 "test_final" ../../rootfs MAG254 ./img_make.profile.mag254

3.5 Rename imageupdate . For example:

mv imageupdate imageupdate_final

4. Update STB on 'CustomImage' in two stages:

  1. Update STB in two stages:
    • Install the transitional image. Use the update from the System recovery or Bootloader menu.
    • Install the final image. Use the update from the portal's System settings menu (HTTP or USB methods).
 The transitional image should be installed in STB only during the first update to CustomImage (to load on STB the stb_custom.bin file). All further versions of CustomImage are updated with the final image (update using HTTP or USB from the portal).

File

stb_custom.bin

should be in the rootfs, directory

/usr/bin/

in both transitional and final images.

Example of making CustomImage for MAG-254

  Example of making CustomImage for MAG-254 
root@localhost:~/218-r7-test# wget -b  http://wiki.iptv.infomir.com/pub/operators_utils_new_mag200_mag250_mag254.tar.gz
Continuing in background, pid 28657.
Output will be written to ‘wget-log’.
 
root@localhost:~/218-r7-test# wget -b http://soft.infomir.com/mag254/release/0.2.18-r8/rootfs-0.2.18r8.tar.gz
Continuing in background, pid 28659.
Output will be written to ‘wget-log.1’.
 
root@localhost:~/218-r7-test# wget -b http://soft.infomir.com/mag254/release/0.2.18-r8/vmlinux.bin.mag254
Continuing in background, pid 28661.
Output will be written to ‘wget-log.2’.
 
root@localhost:~/218-r7-test# tar -zxf operators_utils_new_mag200_mag250_mag254.tar.gz 
root@localhost:~/218-r7-test# tar -zxf rootfs-0.2.18r8.tar.gz 
root@localhost:~/218-r7-test# mv vmlinux.bin.mag254 operators_utils_new_mag200_mag250_mag254/images/
root@localhost:~/218-r7-test# rm operators_utils_new_mag200_mag250_mag254.tar.gz 
root@localhost:~/218-r7-test# rm rootfs-0.2.18r8.tar.gz 
root@localhost:~/218-r7-test# gpg --gen-key
 
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and E-mail Address in this form:
 "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
 
Real name: testbuildmag254
E-mail address: 
Comment: 
You selected this USER-ID:
 "testbuildmag254"
 
Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
 
gpg: gpg-agent is not available in this session
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".
 
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, use the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
 
Not enough random bytes available.  Please do some other work to give 
the OS a chance to collect more entropy!  (Need 187 more bytes)

To speed up process of random bytes generation try to download some file in duplicated console in /dev/null

wget -O /dev/null http://192.168.1.1/some_big_file.ts
gpg: key AAD87568 marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:1  signed:0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub2048R/AAD87568 2014-11-17
Key fingerprint = E6CB 1AEC 14F6 ACDC 9B74  D10F 1767 2ABE AAD8 7568
uidtestbuildmag254
 
Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.
 
root@localhost:~/218-r7-test# gpg -o stb_custom.bin --export testbuildmag254
root@localhost:~/218-r7-test# cp stb_custom.bin rootfs-0.2.18r8/usr/bin/
 
root@localhost:~/218-r7-test# cd operators_utils_new_mag200_mag250_mag254/
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# gpg --import stb_secbin.key
gpg: key 6BEED1ED: already in secret keyring
gpg: Total number processed: 1
gpg: secret keys read: 1
gpg:  secret keys unchanged: 1
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# export MAG200_OP_KEY=STB_PUBLIC
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# ./kernel_sign_254.sh
 
File vmlinux.sign create - successfully!!!
Image Name:MAG254 SH4 Kernel Linux 2.6.17
Created:Mon Nov 17 13:48:38 2014
Image Type:SuperH Linux Kernel Image (gzip compressed)
Data Size: 3244259 Bytes = 3168.22 kB = 3.09 MB
Load Address: 0x80800000
Entry Point:  0x80801000
File uImzlib_mag254.img create - successfully!!!
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# cat img_make.profile.mag254 
# Kernel's file system
export KERNEL_PATH=./uImzlib_mag254.img
 
# File name for enviroment variable
export ENV_VARIABLE_PATH=./images/env_mag254.txt
 
# Userfs
export USERFS_VERSION=1
export USERFS_PATH=./images/userfs.img
 
# File name for SecondBoot
export SECONDBOOT_PATH=./images/SbootIm_mag254
 
# File name for Logotype
#export LOGOTYPE_PATH=./images/logo.bmp.gz
export MAG200_OP_KEY=STB_PUBLIC
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# ./img_make.sh 218 "test_transitional" ../rootfs-0.2.18r8/ MAG254 ./img_make.profile.mag254
Make rootfs image ../rootfs-0.2.18r8/
Append digital signature MAG200_OP_KEY=STB_PUBLIC
File ./sumsubfsnone.img.sign create - successfully!!!
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
  CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
File result:./imageupdate
Create section "Kernel size:" and append file ./uImzlib_mag254.img.
Create section "Image  size:" and append file ./sumsubfsnone.img.sign.
Create section "Env size:" and append file ./images/env_mag254.txt.
Create section "Userfs size:" and append file ./images/userfs.img.
File ./imageupdate create - successfully!!!
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# mv imageupdate imageupdate_tr

The transitional image was created. Now we proceed to make the final image.

root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# export MAG200_OP_KEY=testbuildmag254
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# ./kernel_sign_254_custom.sh
File vmlinux.sign create - successfully!!!
Image Name:MAG254 SH4 Kernel Linux 2.6.17
Created:Mon Nov 17 13:50:34 2014
Image Type:SuperH Linux Kernel Image (gzip compressed)
Data Size: 3244259 Bytes = 3168.22 kB = 3.09 MB
Load Address: 0x80800000
Entry Point:  0x80801000
File uImzlib_mag254.img create - successfully!!!
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# vi img_make.profile.mag254
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# cat img_make.profile.mag254
# Kernel's file system
export KERNEL_PATH=./uImzlib_mag254.img
 
# File name for enviroment variable
export ENV_VARIABLE_PATH=./images/env_mag254.txt
 
# Userfs
export USERFS_VERSION=1
export USERFS_PATH=./images/userfs.img
 
# File name for SecondBoot
export SECONDBOOT_PATH=./images/SbootIm_mag254
 
# File name for Logotype
export LOGOTYPE_PATH=./images/logo.bmp.gz
export MAG200_OP_KEY=testbuildmag254
 
root@localhost:~/218-r7-test/operators_utils_new_mag200_mag250_mag254# ./img_make.sh 218 "test_final" ../rootfs-0.2.18r8/ MAG254 ./img_make.profile.mag254
Make rootfs image ../rootfs-0.2.18r8/
Append digital signature MAG200_OP_KEY=testbuildmag254
File ./sumsubfsnone.img.sign create - successfully!!!
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
 CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
File result:./imageupdate
Create section "Kernel size:" and append file ./uImzlib_mag254.img.
Create section "Image  size:" and append file ./sumsubfsnone.img.sign.
Create section "Env size:" and append file ./images/env_mag254.txt.
Create section "Userfs size:" and append file ./images/userfs.img.
Create section "Logotype  size:" and append file ./images/logo.bmp.gz.
File ./imageupdate create - successfully!!!
Need Help

Dave is an expert on the MAG STB and the author of this article.

Was this article helpful?

Yes No

Sorry to hear that.
How can we improve this article?

Send
We use cookies in order to optimise our website, provide you with the best possible user experience and help us promote our products. Please read our Cookie Policy to find out how we use cookies and how you can control cookies.
By using this website or closing this message, you acknowledge our Privacy Policy and agree to our use of cookies as described in our Cookie Policy.