From 6e11e9079d353d5828772f0c3c7e9e6202ad03ad Mon Sep 17 00:00:00 2001 From: "S.J.R. van Schaik" Date: Fri, 4 Aug 2017 15:41:02 +0200 Subject: [PATCH] user-doc: document important requirements for building the kernel and initramfs --- user-doc/user-doc.tex | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/user-doc/user-doc.tex b/user-doc/user-doc.tex index 8273428..4a6e224 100644 --- a/user-doc/user-doc.tex +++ b/user-doc/user-doc.tex @@ -126,10 +126,26 @@ After the configuration options have been set up, rebuild the u-boot binary agai \subsection{Linux kernel} -{\tt CONFIG\_KEXEC} +Make sure that the following options are enabled: + +\begin{itemize}[noitemsep] +\item {\tt CONFIG\_BLK\_DEV\_INITRD} +\item {\tt CONFIG\_RD\_GZIP} +\item {\tt CONFIG\_RD\_BZIP2} +\item {\tt CONFIG\_RD\_LZMA} +\item {\tt CONFIG\_RD\_XZ} +\item {\tt CONFIG\_RD\_LZO} +\item {\tt CONFIG\_RD\_LZ4} +\item {\tt CONFIG\_KEXEC} +\end{itemize} + +As the ROTS image will be read-only once it has been flashed to the SPI NOR flash, it is encouraged to build a minimal kernel images to reduce the amount of possible bugs and vulnerabilities. +More specifically, it is recommended to build a kernel without any support for networking, graphics and audio. \subsection{initramfs} +For the initramfs, we will need static binaries of \emph{busybox}, \emph{kexec-tools}, \emph{cpio} and \emph{gzip}. + \section{Flashing ROTS} \subsection{Using an External Programmer}