6、openUBMC 基础配置(烧录前准备和烧录后持久化设置)
6.1 openUBMC 分区配置
openUBMC有很多的持久化分区,为此需要在烧录前完成持久化分区的配置。分区脚本如下:
- setup-partitions.sh
#!/bin/bash
# Recreate MMC partition layout for HI3095
# WARNING: This will DESTROY all data on /dev/mmcblk0
set -euo pipefail
DISK="${1:-/dev/mmcblk0}"
if [ "$(id -u)" -ne 0 ]; then
echo "ERROR: This script must be run as root."
exit 1
fi
if [ ! -b "$DISK" ]; then
echo "ERROR: $DISK is not a block device."
exit 1
fi
echo "=========================================="
echo " WARNING: Destructive operation!"
echo " Target disk: $DISK"
echo " ALL DATA on $DISK will be ERASED."
echo "=========================================="
echo
read -r -p "Type 'YES' to proceed: " confirm
if [ "$confirm" != "YES" ]; then
echo "Aborted."
exit 0
fi
echo ">>> Unmounting any mounted partitions on ${DISK}..."
for mp in $(lsblk -n -o MOUNTPOINT "${DISK}"* 2>/dev/null || true); do
[ -n "$mp" ] && umount "$mp" 2>/dev/null || true
done
echo ">>> Wiping existing partition table..."
wipefs -a "$DISK" 2>/dev/null || dd if=/dev/zero of="$DISK" bs=512 count=2048
echo ">>> Writing partition table..."
sfdisk "$DISK" <<'EOF'
label: dos
unit: sectors
start= 144, size= 2099056, type=83
start= 2099200, size= 7192576, type=c
start= 9291776, size= 7542784, type=5
start= 9293824, size= 1048576, type=c
start=10344448, size= 1466368, type=83
start=11812864, size= 524288, type=83
start=12339200, size= 32768, type=83
start=12374016, size= 2097152, type=83
start=14473216, size= 262144, type=83
start=14737408, size= 2097152, type=83
EOF
echo
echo ">>> Partition table written. Verifying..."
fdisk -l "$DISK"
echo
echo "Done. Partitions:"
lsblk "$DISK"
使用该分区脚本,上传到安全启动的sfc 设备后,执行该脚本即可,最终的分区显示如下:
hi3095 ~ # fdisk -l
Disk /dev/mmcblk0: 26 GB, 27816624128 bytes, 54329344 sectors
848896 cylinders, 4 heads, 16 sectors/track
Units: sectors of 1 * 512 = 512 bytes
Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type
/dev/mmcblk0p1 2,1,1 1023,3,16 144 2099199 2099056 1024M 83 Linux
/dev/mmcblk0p2 1023,3,16 1023,3,16 2099200 9291775 7192576 3512M c Win95 FAT32 (LBA)
/dev/mmcblk0p3 1023,3,16 1023,3,16 9291776 16834559 7542784 3683M 5 Extended
/dev/mmcblk0p5 1023,3,16 1023,3,16 9293824 10342399 1048576 512M c Win95 FAT32 (LBA)
/dev/mmcblk0p6 1023,3,16 1023,3,16 10344448 11810815 1466368 716M 83 Linux
/dev/mmcblk0p7 1023,3,16 1023,3,16 11812864 12337151 524288 256M 83 Linux
/dev/mmcblk0p8 1023,3,16 1023,3,16 12339200 12371967 32768 16.0M 83 Linux
/dev/mmcblk0p9 1023,3,16 1023,3,16 12374016 14471167 2097152 1024M 83 Linux
/dev/mmcblk0p10 1023,3,16 1023,3,16 14473216 14735359 262144 128M 83 Linux
/dev/mmcblk0p11 1023,3,16 1023,3,16 14737408 16834559 2097152 1024M 83 Linux
.......................
6.2 制作与烧录openUBMC镜像
步骤1 制作烧录镜像
在第5小节中,我们已经完成了openUBMC的构建,将rootfs_ext4.img放置在 mpu_solution/build/build_hi309x/output目录下。然后将如下脚本编写为 build_openubmc.sh (放置在mpu_solution目录下)即可:
cd ./build/build_hi309x/output
Hi3095_SIZE=$(stat -c%s Hi3095_ext4fs.img)
truncate -s $Hi3095_SIZE rootfs_iBMC.img
mv rootfs_iBMC.img Hi3095_ext4fs.img
cd ../../build_sign_3095
python3 generate_rootfs_param.py
cd ../build_hi309x/output
cp Hi3095_ext4fs.img hibmc_coresec_ext4_nvfs.img
cat ../../build_sign_3095/rootfs_param.bin >> hibmc_coresec_ext4_nvfs.img
cd ../../../tools/secure_sign_tools/309x_custom_tools
cp ../../../build/build_hi309x/output/hibmc_coresec_ext4_nvfs.img .
./Sign_File.sh hibmc_coresec_ext4_nvfs.img
cp hibmc_coresec_ext4_nvfs.img* ../../../build/output/
cd ../../../build/build_sign_3095/
./3095_sign_fw.sh emmc
./hibmc_packet.sh emmc
然后执行 sh ./build_openubmc.sh
最终会在 mpu/build/build_sign_3095/bmc/emmc_packet下产生两个bin文件
步骤2 烧录镜像
在确保你已经完成 安全SFC镜像烧录 的步骤后,拨码1000进入系统,然后通过ssh上传上述的两个bin文件。然后执行如下命令:
umount /dev/mmcblk0gp*
echo 0 > /sys/block/mmcblk0boot0/force_ro
echo 0 > /sys/block/mmcblk0boot1/force_ro
cd /tmp/
dd if=hi3095_core_sec_boot_rsa_debug.bin of=/dev/mmcblk0boot0 bs=1024k count=2
dd if=hi3095_core_sec_boot_rsa_debug.bin of=/dev/mmcblk0boot1 bs=1024k count=2
dd if=hibmc_core_sec_gpp_nv_rootfs_rsa_debug.bin of=/dev/mmcblk0gp0 bs=1024k
dd if=hibmc_core_sec_gpp_nv_rootfs_rsa_debug.bin of=/dev/mmcblk0gp1 bs=1024k
dd if=hibmc_core_sec_gpp_nv_rootfs_rsa_debug.bin of=/dev/mmcblk0gp2 bs=1024k
dd if=hibmc_core_sec_gpp_nv_rootfs_rsa_debug.bin of=/dev/mmcblk0gp3 bs=1024k
dd if=/dev/zero of=/dev/mmcblk0 seek=16 count=128 bs=512 conv=fsync
然后将拨码切换到0100后,即可启动openUBMC系统
步骤3 持久化配置
第一次启动openubmc大概率会失败,因为很多持久化动作没有完成。所以启动后等待大概5分钟后,重启再次进入就可以正常启动openubmc了
1、系统启动后,执行telnet 192.168.0.11进入环境。执行如下命令:
source /etc/profile
# 设置 Administrator 账号密码
busctl --user call bmc.kepler.account /bmc/kepler/AccountService/Accounts/2 bmc.kepler.AccountService.ManagerAccount ChangePwd a{ss}ay 4 Interface Redfish UserName Administrator ClientAddr 127.0.0.1 Privilege 511 11 65 100 109 105 110 64 57 48 48 48 48
2、然后重启系统,使用ssh方式将SSL.p12证书上传至/tmp目录(使用ssh Administrator@192.168.0.11 登录,passwd为 Admin@90000)
同样ssh登录到CLI界面
busctl --user call bmc.kepler.certificate /bmc/kepler/CertificateService bmc.kepler.CertificateService ImportCertWithKey a{ss}isss 4 Interface Redfish UserName Administrator ClientAddr 127.0.0.1 Privilege 511 1 URI /tmp/SSL.p12 ""
- 如果命令执行失败,尝试设置一下时间:date -s “2026-06-23”
导入证书。随后重启后,等待大约4~5分钟(当前为调试版本,性能还未优化,后续会缩短至2分钟左右),web端即可进入。