Yocto Ssh

Posted : admin On 1/29/2022

GitLab Enterprise Edition.

Use SSH to attach your PC terminal as a Keyboard. Download Micro/sys' Yocto BSP from Yocto Project GitHub. Creating Your Own Tiny Linux Distribution Using Yocto: Keeping it Small With Poky-Tiny - Alejandro Hernandez, Xilinx Poky-tiny was created in 2011, it is a r. In PetaLinux or Yocto, how can I SSH and SCP to Xilinx Evaluation boards as the root user using dropbear? In Yocto or PetaLinux, root login is disabled by default for SSH or SCP. In order to allow SSH as the root user you need to enable the 'debug-tweaks' feature in PetaLinux or Yocto using any of the below methods. The wolfSSL embedded SSL/TLS library is a perfect fit for securing Yocto and OpenEmbedded based applications. WolfSSL has been optimized for low memory use and high performance, is extremely portable, supports current standards up to TLS 1.3 and DTLS 1.2, and can be easily combined with any of wolfSSL’s other products (SSH.


In Yocto or PetaLinux, root login is disabled by default for SSH or SCP.

In order to allow SSH as the root user you need to enable the 'debug-tweaks' feature in PetaLinux or Yocto using any of the below methods.

  1. In 2019.2 and prior releases, enabling debug-tweaks also enables auto-login.
  2. This procedure applies to both Xilinx Evaluation and Custom boards.


Method 1:

In 2019.2 and prior releases, you can enable debug-tweaks from the petalinux-config options as shown below.

In 2020.1 and later releases, you can enable debug-tweaks from the petalinux-config options as shown below.

Method 2:

In 2019.2 and prior releases, you can enable debug-tweaks by adding extra image configuration variables in the <plnx-proj-root>/project-spec/meta-user/conf/petalinuxbsp.conf file.

In 2020.1 and later releases, you can enable debug-tweaks by adding extra image configuration variables in the <plnx-proj-root>/project-spec/meta-user/conf/petalinuxbsp.conf file.


In 2019.2 and prior releases (using meta-petalinux as the distribution layer), you can enable debug-tweaks by adding extra image configuration variables in the <yocto-proj-root>/build/conf/local.conf file.

In 2020.1 and later releases (using meta-petalinux as the distribution layer), you can enable debug-tweaks by adding extra image configuration variables in the <yocto-proj-root>/build/conf/local.conf file.

This post is about building 64-bit Linux systems for Raspberry Pi 4 boards using software from the Yocto Project.

Yocto is a set of tools for building a custom embedded Linux distribution. The systems are usually targeted for a particular application such as a commercial product.

Yocto uses what it calls meta-layers to define the configuration. Within each meta-layer are recipes, classes and configuration files that support the primary build tool, a python app called bitbake.

I have a custom meta-layer for the RPi4 boards called meta-rpi64.

There are a some example images in meta-rpi64 that I have been experimenting with.

These systems use sysvinit, but Yocto supports systemd.

The systems support both QWidget and QML Qt applications using the linuxfb backend, useful for dedicated full-screen applications that do not require a window manager.


If you want a quick look at the resulting systems, you can download some pre-built images here.

Instructions for installing onto an SD card are in the README.


The login user is root with password jumpnowtek.

You will be prompted to change the password on first login.

A dhcp client will run on the ethernet interface and an ssh server is running.

Note: There is a firewall rule that will lock out your IP for 2 minutes after 5 failed logins.

System Info

The Yocto version is 3.1, the [dunfell] branch.

The default is a 5.4 Linux kernel from the github.com/raspberrypi/linux repository.

There is also a 4.19 kernel available though I am not testing this anymore.

These are sysvinit systems using eudev.

The Qt version is 5.13.2 There is no X11 and no desktop installed. Qt GUI applications can be run fullscreen using one of the Qt embedded linux plugins like linuxfb or eglfs, both are provided. The default is linuxfb.

Note: eglfs is not working with the 5.4 kernel, but QML apps are working now with linuxfb which is different from earlier versions.

Python 3.8.2 with a number of modules is included.

gcc/g++ 9.3.0 and associated build tools are installed.

git 2.24.1 is installed.

wireguard from wireguard-linux-compat is installed.

Ubuntu Setup

I am using 18.04 and 20.04 64-bit servers for builds.

You will need at least the following packages installed

You should change the default Ubuntu shell from dash to bash by running this command from a shell

Choose No to dash when prompted.

Clone the dependency repositories

For all upstream repositories, use the [dunfell] branch.

The directory layout I am describing here is my preference. All of the paths to the meta-layers are configurable. If you choose something different, adjust the following instructions accordingly.

First the main Yocto project poky layer

Then the dependency layers under that

And my own common meta-layer that changes some upstream package defaults and adds a few custom recipes.

Clone the meta-rpi repository

Create a separate sub-directory for the meta-rpi64 repository before cloning. This is where you will be doing most of your customization.

The meta-rpi64/README.md file has the last commits from the dependency repositories that I tested. You can always checkout those commits explicitly if you run into problems.

Initialize the build directory

Again much of the following are only my conventions.

Choose a build directory. I tend to do this on a per board and/or per project basis so I can quickly switch between projects. For this example I’ll put the build directory under ~/rpi64/ with the meta-rpi64 layer.

You could manually create the directory structure like this

Yocto Ssh Recipe

Or you could use the Yocto environment script oe-init-build-env like this passing in the path to the build directory

The Yocto environment script will create the build directory if it does not already exist.

Customize the configuration files

There are some sample configuration files in the meta-rpi/conf directory.

Copy them to the build/conf directory (removing the ‘-sample’)

If you used the oe-init-build-env script to create the build directory, it generated some generic configuration files in the build/conf directory. If you want to look at them, save them with a different name before overwriting. They are not needed.

Also not necessary, but something you may want to do is customize the configuration files before your first build.

Warning: Do not use the ‘~’ character when defining directory paths in the Yocto configuration files.

Edit bblayers.conf

In bblayers.conf file replace ${HOME} with the appropriate path to the meta-layer repositories on your system if you modified any of the paths in the previous instructions.

WARNING: Do not include meta-yocto-bsp in your bblayers.conf. The Yocto BSP requirements for the Raspberry Pi are in meta-raspberrypi.

For example, if your directory structure does not look exactly like this, you will need to modify bblayers.conf

Edit local.conf

The variables you may want to customize are the following:

  • DL_DIR


The MACHINE variable is used to determine the target architecture and various compiler tuning flags.

See the conf files under meta-raspberrypi/conf/machine for details.

The only choice for MACHINE that I have tested with 64-bit builds is raspberrypi4-64.


This is where temporary build files and the final build binaries will end up. Expect to use around 20GB.

The default location is under the build directory, in this example ~/rpi64/build/tmp.

If you specify an alternate location as I do in the example conf file make sure the directory is writable by the user running the build.


This is where the downloaded source files will be stored. You can share this among configurations and builds so I always create a general location for this outside the project directory. Make sure the build user has write permission to the directory you decide on.

The default location is in the build directory, ~/rpi64/build/sources.


This is another Yocto build directory that can get pretty big, greater then 4GB. I often put this somewhere else other then my home directory as well.

The default location is in the build directory, ~/rpi64/build/sstate-cache.


The default is 5.4.

Comment this line

and uncomment this one

to use a 4.19 kernel.


There is only one login user by default, root.

The default password is set to jumpnowtek by these two lines in the local.conf file

These two lines force a password change on first login

You can comment them out if you do not want that behavior.

If you want no password at all (development only hopefully), comment those four lines and uncomment this line

You can always add or change the password once logged in.

Run the build

You need to source the Yocto environment into your shell before you can use bitbake. The oe-init-build-env will not overwrite your customized conf files.

I don’t use any of those Common targets, but instead always write my own custom image recipes.

The meta-rpi64 layer has some examples under meta-rpi64/images/ with a lot of the details coming from the meta-jumpnow/images/basic-dev-image.bb recipe.


To build the console-image run the following command

You may occasionally run into build errors related to packages that either failed to download or sometimes out of order builds. The easy solution is to clean the failed package and rerun the build again.

For instance if the build for zip failed for some reason, I would run this

And then continue with the full build.

To build the qt5-image it would be

The cleansstate command (with two s’s) works for image recipes as well.

The image files won’t get deleted from the TMPDIR until the next time you build.

Copying the binaries to an SD card (or eMMC)

After the build completes, the bootloader, kernel and rootfs image files can be found in $TMPDIR/deploy/images/$MACHINE with TMPDIR and MACHINE coming from your local.conf.

The meta-rpi64/scripts directory has some helper scripts to format and copy the files to a microSD card.


This script will partition an SD card with the minimal 2 partitions required for the RPI.

Insert the microSD into your workstation and note where it shows up.

lsblk is convenient for finding the microSD card.

Yocto Ssh Key


For example

So I will use sdc for the card on this machine.

It doesn’t matter if some partitions from the SD card are mounted. The mk2parts.sh script will unmount them.

NOTE: This script will format any disk on your workstation so make sure you choose the SD card.

The script tries to protect against accidents by not running against any device that has partitions currently mounted. I disable automount on my workstations to avoid having to manually unmount partitions.

You only have to format the SD card once.

Temporary mount point

You will need to create a mount point on your workstation for the copy scripts to use.

This is the default

You only have to create this directory once.

If you don’t want that location, you will have to edit the following scripts to use the mount point you choose.


This script copies the GPU firmware, the Linux kernel, dtbs and overlays, config.txt and cmdline.txt to the boot partition of the SD card.

This copy_boot.sh script needs to know the TMPDIR to find the binaries.

If you use the directory structure described above, the script should figure this out on its own.

If not it looks for an environment variable called OETMP.

For instance, if I had this in build/conf/local.conf

Then I would export this environment variable before running copy_boot.sh

If you didn’t override the default TMPDIR in local.conf, then set it to the default TMPDIR

The copy_boot.sh script also needs a MACHINE environment variable specifying the type of RPi board.

Again the script will attempt to figure this out, but if not you can specify with an environment variable.

Then run the copy_boot.sh script passing the location of SD card

This script should run very fast.

If you want to customize the config.txt or cmdline.txt files for the system, you can place either of those files in the meta-rpi64/scripts directory and the copy_boot.sh script will copy them as well.

Take a look at the script if this is unclear.



This script copies the root file system to the second partition of the SD card.

The copy_rootfs.sh script needs the same OETMP and MACHINE environment variables.

The script accepts an optional command line argument for the image type, for example console or qt5. The default is console if no argument is provided.

The script also accepts a hostname argument if you want the host name to be something other then the default MACHINE.

Here’s an example of how you would run copy_rootfs.sh


The copy_rootfs.sh script will take longer to run and depends a lot on the quality of your SD card. With a good Class 10 card it should take less then 30 seconds.

The copy scripts will NOT unmount partitions automatically. If an SD card partition is already mounted, the script will complain and abort. This is for safety, mine mostly, since I run these scripts many times a day on different machines and the SD cards show up in different places.

Here is an example session copying the console-image system to an SD card already partitioned.

Both copy_boot.sh and copy_rootfs.sh are simple scripts, easily customized.

Some custom package examples

spiloop is a spidev test application.

The bitbake recipe that builds and packages spiloop is here

Use it to test the spidev driver before and after placing a jumper between pins the SPI data pins.

tspress is a Qt5 QWidget application installed with the qt5-image. I use it for testing touchscreens.

The recipe is here and can be used a guide for your own applications.

qmlswipe is a Qt5 QML application installed with the qt5-image. Again just for basic testing.

The recipe is here and can be used a guide for your own applications.

Adding additional packages

To display the list of available recipes from the meta-layers included in bblayers.conf

Yocto Ssh-server-dropbear

Once you have the recipe name, you need to find what packages the recipe produces. Use the oe-pkgdata-util utility for this.

Yocto Ssh-server-openssh

For instance, to see the packages produced by the openssh recipe

These are the individual packages you could add to your image recipe.

You can also use oe-pkgdata-util to check the individual files a package will install.

For instance, to see the files for the openssh-sshd package

Yocto Sshfs

For a package to be installed in your image it has to get into the IMAGE_INSTALL variable some way or another. See the example image recipes for some common conventions.

A running system