Here at last: rpi-sb-provisioner 2.0
This is a major release - the culmination of feedback collection against every part of the system from hobbyists through to industrial deployments. We now include two additional provisioning modes:
- naked: An unopinionated, low-touch automated provisioner that lets you set up your own security entirely
- fde: The full-disk-encryption-only provisioner, that lets you connect your own storage device unlocking mechanism (specifically, if you don't want to use the Raspberry Pi signed boot & device-unique key support)
Beyond that, we've expanded device support: Zero 2W and family (BCM2710) are now supported platforms, albeit only with the naked or fde provisioners due to limitations in the boot flow.
The biggest change, however, comes in the form of how you drive it. We've removed our TUI entirely: we had feedback that people found it hard to use, and wanted a richer interface for observing and controlling the system - including how to get OS images into the system.
Acting on that, we're introducing the rpi-sb-provisioner WebUI. This is a much richer control and observability plane for rpi-sb-provisioner, allowing you to:
- Observe state changes for individual devices as they progress through provisioning
- Fully configure rpi-sb-provisioner, with inline documentation and fewer free-entry fields to avoid mistakes
- Upload and select the OS image you want to use, including a live health check to verify the image
- Observe individual systemd units as they progress, to better identify failures
- Insert customisation scripts for manipulating the bootfs, rootfs and executing your own Fastboot commands for custom provisioning workflows
- View and export the manufacturing database
- View an audit log of every access to rpi-sb-provisioner, with a configurable time window
- Use a client-side QR reader to confirm devices are recorded in the manufacturing database as provisioned successfully before packaging
And last, but by no means least: An automatic version check, and a link back to this repo, to allow you better keep track of updates to rpi-sb-provisioner.
By default the WebUI will only bind to localhost for security - on port 3142 for HTTP, and on port 3143 as a self-certified HTTPS endpoint. Naturally, if your deployment requires accessing it elsewhere, you are free to use a reverse proxy with authentication. Be careful, however, as exposing the full power of rpi-sb-provisioner to untrusted parties is a hazard.
The Debian changelog, reproduced here for visibility
-
Architecture and Core Changes:
- Split pre-and-post-Fastboot phases for better reliability
- Add support for multiple Fastboot devices with improved
device tracking - Add support for state tracking database with SQLite
- Add WebUI for provisioning management and monitoring
- Remove TUI (Python-based) provisioning interface
-
Provisioning Modes and Device Support:
- Introduce FDE-Only, Naked and Secure-Boot provisioning modes
- Add support for Zero 2W (2710) devices
- Improve JTAG lock configuration
-
Performance Improvements:
- Implement ethernet data transfer when available for faster
provisioning - Use sparse boot images for improved performance
- Restructure environment setup and cleanup processes
- Enhance timeout handling with reduced fatal timeouts
- Implement ethernet data transfer when available for faster
-
Security and Reliability:
- Add branch protection and other hardening measures
- Enhance error management and logging across all provisioners
- Add manufacturing database integration and device metadata
collection - Remove DEMO_MODE from all components
- Switch from system curl to minimal embedded curl library
- Reduce attack surface by disabling unneeded curl features
-
UI and Configuration:
- Add customisation scripts to the WebUI
- Add version check and GitHub link in WebUI
- Add Debian hardening options and build improvements
- Removed RPI_DEVICE_FETCH_METADATA, we now always fetch metadata
-
System Integration:
- Add systemd service integration
- Fix lintian warnings and implement proper systemd service
handling - Increase specificity in device handling and ignore rpiboot
mass-storage endpoint - Add lintian override for embedded curl library
Full Changelog: v1.3.6...v2.0.0