The BitBoxBase releases are tagged frequently on GitHub so that specific versions can be built from source. They are also released as binary files on the GitHub Releases page.
Releases come in two flavors:
Over-the-air (OTA) update: the BitBoxApp will notify you if a new update is available. If you choose to install it, the BitBoxBase automatically downloads a signed update artefact (
.base) and applies the update as explained in Updates / Process. This update artefact can also be applied manually from the command line.
Full disk image: the
.tar.gzarchive contains a disk image with all necessary partitions that can be written directly to an eMMC chip.
Releases usually also contain the archive
bbb-binaries.tar.gz with all custom application binaries. These are used when you run the customization script directly on the device (using
make build-ondevice) without compiling the custom Go applications from source beforehand.
The OTA artefacts are signed by the Shift BitBoxBase release key, which is checked against the verification key that is already present in the BitBoxBase.
When updating manually, either allowing unsigned OTA artefacts or flashing the full disk image, you need to verify the release binaries yourself to avoid using an inofficial and potentially malicious image. You can verify the checksums of all released binaries against the file SHA256SUMS.asc that is signed by Stadicus.
- Get Stadicus’ public PGP key (yo):
gpg --keyserver hkp://keyserver.ubuntu.com --receive-keys 82AB582358C37100221A0FA8CF4D0ACF957AF4AD
- Verify signature of
$ gpg --verify SHA256SUMS.asc gpg: Signature made So 22 Sep 2019 16:55:18 CEST gpg: using RSA key 863CF135BDC28B36AB902CCA0B66622A0EB6951B gpg: Good signature from "Stadicus <firstname.lastname@example.org>" Primary key fingerprint: 82AB 5823 58C3 7100 221A 0FA8 CF4D 0ACF 957A F4AD Subkey fingerprint: 863C F135 BDC2 8B36 AB90 2CCA 0B66 622A 0EB6 951B
- Verify the SHA256 checksums of the binary release files:
$ sha256sum --check SHA256SUMS.asc --ignore-missing bbb-binaries.tar.gz: OK BitBoxBase-v0.X.X-RockPro64.base: OK BitBoxBase-v0.X.X-RockPro64.tar.gz: OK sha256sum: WARNING: 19 lines are improperly formatted
To use the full disk image with your RockPro64, you need to write it to the eMMC chip with a USB adapter (see the “Do it yourself!” section).
First, extract the
tar.gz archive with the tool of your choice, e.g. 7-Zip on Windows or simply
tar on Linux.
To write it to eMMC, you can use
- a program like Etcher
- or do it directly from the Linux command line.
On the Linux command line use
dd: once the eMMC chip is connected to your computer using the USB adapter, get the device name (e.g.
/dev/sdb). Check it carefully, all data on this device will be lost!
lsblk sudo dd if=BitBoxBase-v0.1.0-RockPro64.img of=/dev/sdb bs=64K conv=sync status=progress sync
With the eMMC chip connected on the RockPro64 board, the BitBoxBase will boot right up.