Merge pull request #248 from advancedtelematic/feat/mergerocko

Merge our current progress from Rocko to master

55 files changed, 755 insertions, 760 deletions

diff --git a/.gitignore b/.gitignore
index bee8a64..8d35cb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 __pycache__
+*.pyc
diff --git a/COPYING.MIT b/COPYING.MIT
new file mode 100644
index 0000000..fb950dc
--- /dev/null
+++ b/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal 
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
+THE SOFTWARE.
diff --git a/README.adoc b/README.adoc
index 0097670..403e0f8 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,10 +1,10 @@
 = meta-updater
 
-This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client].
+This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr].
 
 https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments.
 
-https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client] and/or https://github.com/advancedtelematic/aktualizr[aktualizr] add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
+https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
 
 == Build
 
@@ -22,8 +22,6 @@ If you already have a Yocto-based project and you want to add atomic filesystem
 
 You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named $\{IMAGE_NAME}.-sdimg-ota e.g. core-image-raspberrypi3.rpi-sdimg-ota). You can control this behaviour through <<variables in your local.conf,OSTree-related variables in your local.conf>>.
 
-=== Build with OpenIVI
-
 === Build in AGL
 
 With AGL you can just add agl-sota feature while configuring your build environment:
@@ -46,6 +44,16 @@ and get as a result an "ostree_repo" folder in your images directory (tmp/deploy
 
 Although aglsetup.sh hooks provide reasonable defaults for SOTA-related variables, you may want to tune some of them.
 
+=== Build problems
+
+Multilib systems may require adding this line to `local.conf`:
+
+....
+HOSTTOOLS += "x86_64-linux-gnu-gcc"
+....
+
+Ubuntu users that encounter an error due to missing `Python.h` should install `libpython2.7-dev` on their host machine.
+
 == Supported boards
 
 Currently supported platforms are
@@ -67,35 +75,39 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 
 == SOTA-related variables in local.conf
 
-* OSTREE_REPO - path to your OSTree repository. Defaults to "$\{DEPLOY_DIR_IMAGE}/ostree_repo"
-* OSTREE_BRANCHNAME - the branch your rootfs will be committed to. Defaults to "ota"
-* OSTREE_OSNAME - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
-* OSTREE_INITRAMFS_IMAGE - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
-* SOTA_PACKED_CREDENTIALS - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a JSON credentials file in https://github.com/advancedtelematic/sota-tools#credentials[the format accepted by garage-push].
+* `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo`
+* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
+* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
+* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
+* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
+* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. Multiple can be specified if separated by spaces. Valid options are `hsm` (to build with HSM support) and `secondary-example` (to install an example https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] in the image).
+* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a legacy secondary interface installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `SOTA_CLIENT_FEATURES = "secondary-example"`.
+* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device.
+* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`.
 
 == Usage
 
 === OSTree
 
-OSTree includes its own simple http server. It just exposes the whole OSTree repository to the network so that any remote device can pull data from it to device's local repository. To use the OSTree http server, you will need OSTree installed on your build machine. (Alternatively, you could run version built inside Yocto using bitbake's http://www.openembedded.org/wiki/Devshell[devshell].)
-
-To expose your repo, run ostree trivial-httpd using any free port:
+OSTree used to include a simple HTTP server as part of the ostree binary, but this has been removed in more recent versions. However, OSTree repositories are self-contained directories, and can be trivially served over the network using any HTTP server. For example, you could use Python's SimpleHTTPServer:
 
 ....
-ostree trivial-httpd tmp/deploy/images/qemux86-64/ostree_repo -P 57556
+cd tmp/deploy/images/qemux86-64/ostree_repo
+python -m SimpleHTTPServer <port> # port defaults to 8000
 ....
 
 You can then run ostree from inside your device by adding your repo:
 
 ....
-# agl-remote identifies the remote server in your local repo
-ostree remote add --no-gpg-verify my-remote http://192.168.7.1:57556 ota
+# This behaves like adding a Git remote; you can name it anything
+ostree remote add --no-gpg-verify my-remote http://<your-ip>:<port>
 
-# ota is a branch name in the remote repo, set in OSTREE_BRANCHNAME
-ostree pull my-remote ota
+# If OSTREE_BRANCHNAME is set in local.conf, that will be the name of the
+# branch. If not set, it defaults to the value of MACHINE (e.g. qemux86-64).
+ostree pull my-remote <branch>
 
-# poky is OS name as set in OSTREE_OSNAME
-ostree admin deploy --os=poky my-remote:ota
+# poky is the OS name as set in OSTREE_OSNAME
+ostree admin deploy --os=poky my-remote:<branch>
 ....
 
 After restarting, you will boot into the newly deployed OS image.
@@ -136,5 +148,5 @@ SANITY_TESTED_DISTROS=""
 * Run oe-selftest:
 
 ```
-oe-selftest --run-tests garage_push
+oe-selftest --run-tests updater
 ```
diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index d508574..467fd9a 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo "
 # Write build information to target filesystem
 buildinfo () {
   if [ $(which repo) ]; then
-    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml
+    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
   else
-    echo "Android repo tool not food; manifest not copied."
+    bbwarn "Android repo tool not found; manifest not copied."
   fi
 }
 
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index dc8474c..904db96 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -1,6 +1,6 @@
 # OSTree deployment
 
-IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
+do_image_ostree[depends] += "ostree-native:do_populate_sysroot \
                         openssl-native:do_populate_sysroot \
                         coreutils-native:do_populate_sysroot \
                         unzip-native:do_populate_sysroot \
@@ -11,6 +11,7 @@ export OSTREE_REPO
 export OSTREE_BRANCHNAME
 
 RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}"
+export GARAGE_TARGET_NAME
 
 OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
 
@@ -116,6 +117,7 @@ IMAGE_CMD_ostree () {
     fi
 
     if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
+        mkdir -p var/sota/ecus
         cp ${SOTA_SECONDARY_ECUS} var/sota/ecus
     fi
 
@@ -158,7 +160,7 @@ IMAGE_CMD_ostree () {
 }
 
 IMAGE_TYPEDEP_ostreepush = "ostree"
-IMAGE_DEPENDS_ostreepush = "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot "
+do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot"
 IMAGE_CMD_ostreepush () {
     # Print warnings if credetials are not set or if the file has not been found.
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
@@ -176,11 +178,11 @@ IMAGE_CMD_ostreepush () {
 }
 
 IMAGE_TYPEDEP_garagesign = "ostreepush"
-IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
+do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
-        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
 
         java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
         if [ "${java_version}" = "" ]; then
@@ -191,15 +193,8 @@ IMAGE_CMD_garagesign () {
             exit 1
         fi
 
-        if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
-            garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
-        fi
-
-        if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
-            reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
-        else
-            reposerver_args=""
-        fi
+        rm -rf ${GARAGE_SIGN_REPO}
+        garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
@@ -207,11 +202,11 @@ IMAGE_CMD_garagesign () {
         #   in which case targets.json should be pulled again and the whole procedure repeated
         push_success=0
         for push_retries in $( seq 3 ); do
-            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
-            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
-            garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
+            garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO}
+            garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${GARAGE_TARGET_NAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
             errcode=0
-            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
+            garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
             if [ "$errcode" -eq "0" ]; then
                 push_success=1
                 break
@@ -224,9 +219,20 @@ IMAGE_CMD_garagesign () {
             bberror "Couldn't push to garage repository"
             exit 1
         fi
-    else
-        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
     fi
 }
 
+IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign"
+do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot"
+IMAGE_CMD_garagecheck () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+        garage-check --ref=${ostree_target_hash} \
+                     --credentials=${SOTA_PACKED_CREDENTIALS} \
+                     --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+    fi
+}
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index 1b487e7..84095a6 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -7,9 +7,11 @@
 # boot scripts, kernel and initramfs images
 #
 
+OSTREE_BOOTLOADER ??= 'u-boot'
+
 do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \
-                             ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
-                             ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
+                        ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
+                        ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
 
 calculate_size () {
         BASE=$1
@@ -49,6 +51,8 @@ export OSTREE_BRANCHNAME
 export OSTREE_REPO
 export OSTREE_BOOTLOADER
 
+export GARAGE_TARGET_NAME
+
 IMAGE_CMD_otaimg () {
         if ${@bb.utils.contains('IMAGE_FSTYPES', 'otaimg', 'true', 'false', d)}; then
                 if [ -z "$OSTREE_REPO" ]; then
@@ -81,14 +85,16 @@ IMAGE_CMD_otaimg () {
                         bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
                 fi;
 
-                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${OSTREE_BRANCHNAME}
+                ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
                 export OSTREE_BOOT_PARTITION="/boot"
                 kargs_list=""
                 for arg in ${OSTREE_KERNEL_ARGS}; do
                         kargs_list="${kargs_list} --karg-append=$arg"
                 done
 
-                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${OSTREE_BRANCHNAME}
+                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
 
                 # Copy deployment /home and /var/sota to sysroot
                 HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
@@ -100,6 +106,9 @@ IMAGE_CMD_otaimg () {
                 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true
                 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
                 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
+                # Set package version for the first deployment
+                echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${ostree_target_hash}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/installed_versions
+
                 rm -rf ${HOME_TMP}
 
                 # Calculate image type
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 7e9adca..2a12e8f 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -11,10 +11,10 @@ SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
 
-PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
-PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
+PACKAGECONFIG_append_pn-curl = " ssl"
+PACKAGECONFIG_remove_pn-curl = "gnutls"
 
 WKS_FILE_sota ?= "sdimage-sota.wks"
 
diff --git a/classes/sota_minnowboard.bbclass b/classes/sota_minnowboard.bbclass
index 8417348..63510e3 100644
--- a/classes/sota_minnowboard.bbclass
+++ b/classes/sota_minnowboard.bbclass
@@ -4,4 +4,7 @@ EFI_PROVIDER_sota = "grub-efi"
 WKS_FILE_sota = "efiimage-sota.wks"
 IMAGE_BOOT_FILES_sota = ""
 
+IMAGE_FSTYPES_remove_sota = "live hddimg"
 OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 console=ttyS0,115200 console=tty0"
+
+IMAGE_INSTALL_append = " minnowboard-efi-startup"
diff --git a/classes/sota_qemux86-64.bbclass b/classes/sota_qemux86-64.bbclass
index 5ec4f69..666ad6b 100644
--- a/classes/sota_qemux86-64.bbclass
+++ b/classes/sota_qemux86-64.bbclass
@@ -4,8 +4,10 @@ PREFERRED_VERSION_linux-yocto_qemux86-64_sota = "4.4%"
 IMAGE_FSTYPES_remove = "wic"
 
 # U-Boot support for SOTA
-PREFERRED_PROVIDER_virtual/bootloader_sota = "u-boot-ota"
+PREFERRED_PROVIDER_virtual/bootloader_sota = "u-boot"
 UBOOT_MACHINE_sota = "qemu-x86_defconfig"
 OSTREE_BOOTLOADER ?= "u-boot"
 
 OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda"
+
+IMAGE_ROOTFS_EXTRA_SPACE = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '65536', '', d)}"
diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass
index 51d07b2..2c69ea0 100644
--- a/classes/sota_raspberrypi.bbclass
+++ b/classes/sota_raspberrypi.bbclass
@@ -1,8 +1,10 @@
+RPI_USE_U_BOOT_sota = "1"
 KERNEL_IMAGETYPE_sota = "uImage"
 PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot"
 UBOOT_MACHINE_raspberrypi2_sota ?= "rpi_2_defconfig"
 UBOOT_MACHINE_raspberrypi3_sota ?= "rpi_3_32b_defconfig"
 
+IMAGE_FSTYPES_remove_sota = "rpi-sdimg"
 OSTREE_BOOTLOADER ?= "u-boot"
 
 # OSTree puts its own boot.scr to bcm2835-bootfiles
diff --git a/conf/include/bblayers/sota.inc b/conf/include/bblayers/sota.inc
index 97edecb..26eea22 100644
--- a/conf/include/bblayers/sota.inc
+++ b/conf/include/bblayers/sota.inc
@@ -1,5 +1,3 @@
-
 BBLAYERS += "${METADIR}/meta-updater"
 BBLAYERS += "${METADIR}/meta-openembedded/meta-filesystems"
 BBLAYERS += "${METADIR}/meta-openembedded/meta-oe"
-BBLAYERS += "${METADIR}/meta-rust"
diff --git a/conf/include/bblayers/sota_qemux86-64.inc b/conf/include/bblayers/sota_qemux86-64.inc
index 22ace81..12d32ff 100644
--- a/conf/include/bblayers/sota_qemux86-64.inc
+++ b/conf/include/bblayers/sota_qemux86-64.inc
@@ -1,2 +1 @@
-
 BBLAYERS += " ${METADIR}/meta-updater-qemux86-64 " 
diff --git a/conf/include/bblayers/sota_raspberrypi2.inc b/conf/include/bblayers/sota_raspberrypi2.inc
index 11ede20..cc26679 100644
--- a/conf/include/bblayers/sota_raspberrypi2.inc
+++ b/conf/include/bblayers/sota_raspberrypi2.inc
@@ -1,2 +1,3 @@
+BBLAYERS += " ${METADIR}/meta-openembedded/meta-python "
 
 BBLAYERS += " ${METADIR}/meta-updater-raspberrypi ${METADIR}/meta-raspberrypi " 
diff --git a/conf/include/bblayers/sota_raspberrypi3.inc b/conf/include/bblayers/sota_raspberrypi3.inc
index 11ede20..cc26679 100644
--- a/conf/include/bblayers/sota_raspberrypi3.inc
+++ b/conf/include/bblayers/sota_raspberrypi3.inc
@@ -1,2 +1,3 @@
+BBLAYERS += " ${METADIR}/meta-openembedded/meta-python "
 
 BBLAYERS += " ${METADIR}/meta-updater-raspberrypi ${METADIR}/meta-raspberrypi " 
diff --git a/lib/oeqa/selftest/cases/qemucommand.py b/lib/oeqa/selftest/cases/qemucommand.py
new file mode 120000
index 0000000..075cdb8
--- /dev/null
+++ b/lib/oeqa/selftest/cases/qemucommand.py
@@ -0,0 +1 @@
+../../../../scripts/qemucommand.py
\ No newline at end of file
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
new file mode 100644
index 0000000..91ac9fc
--- /dev/null
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -0,0 +1,236 @@
+# pylint: disable=C0111,C0325
+import os
+import logging
+import subprocess
+import unittest
+from time import sleep
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+from qemucommand import QemuCommand
+
+
+class SotaToolsTests(OESelftestTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(SotaToolsTests, cls).setUpClass()
+        logger = logging.getLogger("selftest")
+        logger.info('Running bitbake to build aktualizr-native tools')
+        bitbake('aktualizr-native')
+
+    def test_push_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-push"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-push found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+
+    def test_deploy_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-deploy"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-deploy found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+
+    def test_garagesign_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+
+
+class HsmTests(OESelftestTestCase):
+
+    def test_hsm(self):
+        self.write_config('SOTA_CLIENT_FEATURES="hsm"')
+        bitbake('core-image-minimal')
+
+
+class GeneralTests(OESelftestTestCase):
+
+    def test_feature_sota(self):
+        result = get_bb_var('DISTRO_FEATURES').find('sota')
+        self.assertNotEqual(result, -1, 'Feature "sota" not set at DISTRO_FEATURES')
+
+    def test_feature_systemd(self):
+        result = get_bb_var('DISTRO_FEATURES').find('systemd')
+        self.assertNotEqual(result, -1, 'Feature "systemd" not set at DISTRO_FEATURES')
+
+    def test_credentials(self):
+        bitbake('core-image-minimal')
+        credentials = get_bb_var('SOTA_PACKED_CREDENTIALS')
+        # skip the test if the variable SOTA_PACKED_CREDENTIALS is not set
+        if credentials is None:
+            raise unittest.SkipTest("Variable 'SOTA_PACKED_CREDENTIALS' not set.")
+        # Check if the file exists
+        self.assertTrue(os.path.isfile(credentials), "File %s does not exist" % credentials)
+        deploydir = get_bb_var('DEPLOY_DIR_IMAGE')
+        imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal')
+        # Check if the credentials are included in the output image
+        result = runCmd('tar -jtvf %s/%s.tar.bz2 | grep sota_provisioning_credentials.zip' %
+                        (deploydir, imagename), ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+
+    def test_java(self):
+        result = runCmd('which java', ignore_status=True)
+        self.assertEqual(result.status, 0, "Java not found.")
+
+    def test_add_package(self):
+        print('')
+        deploydir = get_bb_var('DEPLOY_DIR_IMAGE')
+        imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal')
+        image_path = deploydir + '/' + imagename + '.otaimg'
+        logger = logging.getLogger("selftest")
+
+        logger.info('Running bitbake with man in the image package list')
+        self.write_config('IMAGE_INSTALL_append = " man "')
+        bitbake('-c cleanall man')
+        bitbake('core-image-minimal')
+        result = runCmd('oe-pkgdata-util find-path /usr/bin/man')
+        self.assertEqual(result.output, 'man: /usr/bin/man')
+        path1 = os.path.realpath(image_path)
+        size1 = os.path.getsize(path1)
+        logger.info('First image %s has size %i' % (path1, size1))
+
+        logger.info('Running bitbake without man in the image package list')
+        self.write_config('IMAGE_INSTALL_remove = " man "')
+        bitbake('-c cleanall man')
+        bitbake('core-image-minimal')
+        result = runCmd('oe-pkgdata-util find-path /usr/bin/man', ignore_status=True)
+        self.assertEqual(result.status, 1, "Status different than 1. output: %s" % result.output)
+        self.assertEqual(result.output, 'ERROR: Unable to find any package producing path /usr/bin/man')
+        path2 = os.path.realpath(image_path)
+        size2 = os.path.getsize(path2)
+        logger.info('Second image %s has size %i', path2, size2)
+        self.assertNotEqual(path1, path2, "Image paths are identical; image was not rebuilt.")
+        self.assertNotEqual(size1, size2, "Image sizes are identical; image was not rebuilt.")
+
+
+class QemuTests(OESelftestTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(QemuTests, cls).setUpClass()
+        cls.qemu, cls.s = qemu_launch(machine='qemux86-64')
+
+    @classmethod
+    def tearDownClass(cls):
+        qemu_terminate(cls.s)
+
+    def run_command(self, command):
+        return qemu_send_command(self.qemu.ssh_port, command)
+
+    def test_hostname(self):
+        print('')
+        print('Checking machine name (hostname) of device:')
+        stdout, stderr, retcode = self.run_command('hostname')
+        machine = get_bb_var('MACHINE', 'core-image-minimal')
+        self.assertEqual(stderr, b'', 'Error: ' + stderr.decode())
+        # Strip off line ending.
+        value_str = stdout.decode()[:-1]
+        self.assertEqual(value_str, machine,
+                         'MACHINE does not match hostname: ' + machine + ', ' + value_str)
+        print(value_str)
+
+    def test_var_sota(self):
+        print('')
+        print('Checking contents of /var/sota:')
+        stdout, stderr, retcode = self.run_command('ls /var/sota')
+        self.assertEqual(stderr, b'', 'Error: ' + stderr.decode())
+        self.assertEqual(retcode, 0)
+        print(stdout.decode())
+
+    def test_aktualizr_info(self):
+        print('Checking output of aktualizr-info:')
+        ran_ok = False
+        for delay in [0, 1, 2, 5, 10, 15]:
+            sleep(delay)
+            try:
+                stdout, stderr, retcode = self.run_command('aktualizr-info')
+                if retcode == 0 and stderr == b'':
+                    ran_ok = True
+                    break
+            except IOError as e:
+                print(e)
+        if not ran_ok:
+            print(stdout.decode())
+            print(stderr.decode())
+
+
+class GrubTests(OESelftestTestCase):
+
+    def setUpLocal(self):
+        # This is a bit of a hack but I can't see a better option.
+        path = os.path.abspath(os.path.dirname(__file__))
+        metadir = path + "/../../../../../"
+        grub_config = 'OSTREE_BOOTLOADER = "grub"\nMACHINE = "intel-corei7-64"'
+        self.append_config(grub_config)
+        self.meta_intel = metadir + "meta-intel"
+        self.meta_minnow = metadir + "meta-updater-minnowboard"
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_intel)
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_minnow)
+        self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64')
+
+    def tearDownLocal(self):
+        qemu_terminate(self.s)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_intel, ignore_status=True)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_minnow, ignore_status=True)
+
+    def test_grub(self):
+        print('')
+        print('Checking machine name (hostname) of device:')
+        value, err, retcode = qemu_send_command(self.qemu.ssh_port, 'hostname')
+        machine = get_bb_var('MACHINE', 'core-image-minimal')
+        self.assertEqual(err, b'', 'Error: ' + err.decode())
+        self.assertEqual(retcode, 0)
+        # Strip off line ending.
+        value_str = value.decode()[:-1]
+        self.assertEqual(value_str, machine,
+                         'MACHINE does not match hostname: ' + machine + ', ' + value_str +
+                         '\nIs tianocore ovmf installed?')
+        print(value_str)
+
+
+def qemu_launch(efi=False, machine=None):
+    logger = logging.getLogger("selftest")
+    logger.info('Running bitbake to build core-image-minimal')
+    bitbake('core-image-minimal')
+    # Create empty object.
+    args = type('', (), {})()
+    args.imagename = 'core-image-minimal'
+    args.mac = None
+    # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
+    # subdirectory.
+    args.dir = 'tmp/deploy/images'
+    args.efi = efi
+    args.machine = machine
+    args.kvm = None  # Autodetect
+    args.no_gui = True
+    args.gdb = False
+    args.pcap = None
+    args.overlay = None
+    args.dry_run = False
+
+    qemu = QemuCommand(args)
+    cmdline = qemu.command_line()
+    print('Booting image with run-qemu-ota...')
+    s = subprocess.Popen(cmdline)
+    sleep(10)
+    return qemu, s
+
+def qemu_terminate(s):
+    try:
+        s.terminate()
+    except KeyboardInterrupt:
+        pass
+
+def qemu_send_command(port, command):
+    command = ['ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p ' +
+               str(port) + ' "' + command + '"']
+    s2 = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    stdout, stderr = s2.communicate()
+    return stdout, stderr, s2.returncode
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/oeqa/selftest/garage_push.py b/lib/oeqa/selftest/garage_push.py
deleted file mode 100644
index 21bd1c1..0000000
--- a/lib/oeqa/selftest/garage_push.py
+++ /dev/null
@@ -1,42 +0,0 @@
-import unittest
-import os
-import logging
-
-from oeqa.selftest.base import oeSelfTest
-from oeqa.utils.commands import runCmd, bitbake, get_bb_var
-
-class GaragePushTests(oeSelfTest):
-
-    @classmethod
-    def setUpClass(cls):
-        # Ensure we have the right data in pkgdata
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build aktualizr-native tools')
-        bitbake('aktualizr-native garage-sign-native')
-
-    def test_help(self):
-        image_dir = get_bb_var("D", "aktualizr-native")
-        bin_dir = get_bb_var("bindir", "aktualizr-native")
-        gp_path = os.path.join(image_dir, bin_dir[1:], 'garage-push')
-        result = runCmd('%s --help' % gp_path, ignore_status=True)
-        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
-
-    def test_java(self):
-        result = runCmd('which java', ignore_status=True)
-        self.assertEqual(result.status, 0, "Java not found.")
-
-    def test_sign(self):
-        image_dir = get_bb_var("D", "garage-sign-native")
-        bin_dir = get_bb_var("bindir", "garage-sign-native")
-        gs_path = os.path.join(image_dir, bin_dir[1:], 'garage-sign')
-        result = runCmd('%s --help' % gs_path, ignore_status=True)
-        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
-
-    def test_push(self):
-        bitbake('core-image-minimal')
-        self.write_config('IMAGE_INSTALL_append = " man "')
-        bitbake('core-image-minimal')
-
-    def test_hsm(self):
-        self.write_config('SOTA_CLIENT_FEATURES="hsm hsm-test"')
-        bitbake('core-image-minimal')
diff --git a/recipes-bsp/u-boot/u-boot_2016.11.bb b/recipes-bsp/u-boot/u-boot_2016.11.bb
deleted file mode 100644
index acd4bb8..0000000
--- a/recipes-bsp/u-boot/u-boot_2016.11.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require recipes-bsp/u-boot/u-boot.inc
-
-HOMEPAGE = "http://www.denx.de/wiki/U-Boot/WebHome"
-SECTION = "bootloaders"
-
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://Licenses/README;md5=a2c678cfd4a4d97135585cad908541c6"
-PE = "1"
-
-DEPENDS += "dtc-native"
-
-SRCREV = "5ea3e51fc481613a8dee8c02848d1b42c81ad892"
-SRC_URI = "git://git.denx.de/u-boot.git"
-S = "${WORKDIR}/git"
-
-PV = "v2016.11+git${SRCPV}"
-
-#This patch is not compliant with u-boot 2016.11
-#Version of u-boot from yocto 2.2 Morty is 2016.03 from:
-# meta/recipes-bsp/u-boot/u-boot_2016.03.bb
-SRC_URI_remove_raspberrypi3 = "file://0003-Include-lowlevel_init.o-for-rpi2.patch"
-SRC_URI_remove_raspberrypi2 = "file://0003-Include-lowlevel_init.o-for-rpi2.patch"
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4f9fe4f..2190512 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -1,28 +1,24 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for autoprovisioning"
 DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-DEPENDS = "zip-native"
+DEPENDS = "aktualizr-native zip-native"
 RDEPENDS_${PN} = "aktualizr"
 PV = "1.0"
 PR = "6"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-manual-provision.service \
-  file://aktualizr-autoprovision.service \
-  file://sota_autoprov.toml \
   "
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
+require environment.inc
+require credentials.inc
 
 export SOTA_PACKED_CREDENTIALS
 
-do_install_append() {
+do_install() {
     if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
         bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
@@ -36,27 +32,24 @@ do_install_append() {
         bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
 
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
-        install -d ${D}${libdir}/sota
-        install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
-
-      # deploy SOTA credentials
-      if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-          mkdir -p ${D}/var/sota
-          cp ${SOTA_PACKED_CREDENTIALS} ${D}/var/sota/sota_provisioning_credentials.zip
-          # Device should not be able to push data to treehub
-          zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json
-      fi
-    else
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+
+        # deploy SOTA credentials
+        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
+            cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+            # Device should not be able to push data to treehub
+            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+        fi
     fi
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
-                /var/sota/sota_provisioning_credentials.zip \
+                ${localstatedir}/sota \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
new file mode 100644
index 0000000..5f8da3c
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -0,0 +1,32 @@
+SUMMARY = "Aktualizr configuration with HSM support"
+DESCRIPTION = "Systemd service and configurations for HSM provisioning with Aktualizr, the SOTA Client application written in C++"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+
+DEPENDS = "aktualizr-native"
+RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken"
+
+SRC_URI = " \
+  file://LICENSE \
+  "
+PV = "1.0"
+PR = "6"
+
+require environment.inc
+require credentials.inc
+
+do_install() {
+    install -d ${D}${libdir}/sota
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    fi
+}
+
+FILES_${PN} = " \
+                ${libdir}/sota/sota.toml \
+                "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
deleted file mode 100644
index b14dc29..0000000
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "Aktualizr systemd service and configuration with HSM support"
-DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-
-DEPENDS = "aktualizr-native"
-RDEPENDS_${PN} = "aktualizr"
-
-SRC_URI = " \
-  file://LICENSE \
-  file://aktualizr-autoprovision.service \
-  file://sota_hsm_test.toml \
-  "
-PV = "1.0"
-PR = "6"
-
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
-
-do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
-    install -d ${D}${libdir}/sota
-    aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-        -i ${WORKDIR}/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
-}
-
-FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
-                ${libdir}/sota/sota.toml \
-                "
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 21e38c9..cf3d22c 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -1,34 +1,33 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for implicit provisioning"
 DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+
 DEPENDS = "aktualizr-native"
 RDEPENDS_${PN} = "aktualizr"
-PV = "1.0"
-PR = "1"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-autoprovision.service \
-  file://sota_implicit_prov.toml \
   "
+PV = "1.0"
+PR = "1"
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
+require environment.inc
+require credentials.inc
 
 do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
-    aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-        -i ${WORKDIR}/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    fi
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 ${libdir}/sota/root.crt \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index c98027d..beaf893 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -5,47 +5,80 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
 
-DEPENDS = "boost curl openssl libarchive libsodium "
+DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "
 DEPENDS_append_class-target = "jansson ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
 DEPENDS_append_class-native = "glib-2.0-native "
 
 RDEPENDS_${PN}_class-target = "lshw "
 RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} "
-RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)} "
+RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '  slcand-start', '', d)} "
 
 PV = "1.0+git${SRCPV}"
 PR = "7"
 
 SRC_URI = " \
-  git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  file://aktualizr.service \
+  file://aktualizr-serialcan.service \
   "
-SRCREV = "f043191ae622a96cf2f4d48f9073d5cfa9f16e3f"
+SRCREV = "07d73645231681848bd943074498581e930d8582"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
 
 inherit cmake
 
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "aktualizr.service"
+
 BBCLASSEXTEND =+ "native"
 
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
-EXTRA_OECMAKE_append_class-target = "-DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
-EXTRA_OECMAKE_append_class-native = "-DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
+EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
+EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
 
 do_install_append () {
     rm -f ${D}${bindir}/aktualizr_cert_provider
 }
 do_install_append_class-target () {
     rm -f ${D}${bindir}/aktualizr_implicit_writer
+    rm -f ${D}${libdir}/sota/sota.toml
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)}
+
+    install -d ${D}${systemd_unitdir}/system
+    aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
+    install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
+
+    install -d ${D}${libdir}/sota/schemas
+    install -m 0755 ${S}/config/storage/* ${D}${libdir}/sota/schemas
 }
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
+    rm -f ${D}${bindir}/aktualizr-info
+    rm -f ${D}${bindir}/example-interface
+    install -d ${D}${libdir}/sota
+    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
+    install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
+    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
+
+    install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
+    install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
 }
 
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
+                ${bindir}/aktualizr-info \
+                ${systemd_unitdir}/system/aktualizr.service \
+                ${libdir}/sota/schemas \
                 "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
+                ${bindir}/garage-deploy \
                 ${bindir}/garage-push \
+                ${libdir}/sota/* \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc
new file mode 100644
index 0000000..256c8ff
--- /dev/null
+++ b/recipes-sota/aktualizr/credentials.inc
@@ -0,0 +1 @@
+SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}"
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
new file mode 100644
index 0000000..cba77e7
--- /dev/null
+++ b/recipes-sota/aktualizr/environment.inc
@@ -0,0 +1,17 @@
+export SOTA_LEGACY_SECONDARY_INTERFACE
+export SOTA_VIRTUAL_SECONDARIES
+
+do_install_append() {
+  if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
+    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";
+  fi
+
+  AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
+  for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
+    AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
+  done
+
+  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
+}
+
+FILES_${PN}_append = " ${libdir}/sota/sota.env"
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
deleted file mode 100644
index 8cb8d78..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Aktualizr SOTA Client
-Wants=network-online.target
-After=network.target network-online.target
-Requires=network-online.target
-
-[Service]
-RestartSec=10
-Restart=always
-ExecStart=/usr/bin/aktualizr --config /usr/lib/sota/sota.toml
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-serialcan.service b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
new file mode 100644
index 0000000..b42f348
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Aktualizr SOTA Client
+Wants=network-online.target slcand@ttyACM0.service
+After=network.target network-online.target slcand@ttyACM0.service
+
+Requires=network-online.target
+
+[Service]
+RestartSec=10
+Restart=always
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/bin/sh -c "(ip addr | grep can0) && /usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service b/recipes-sota/aktualizr/files/aktualizr.service
index a70f2f9..b6df9d7 100644
--- a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -7,7 +7,8 @@ Requires=network-online.target
 [Service]
 RestartSec=10
 Restart=always
-ExecStart=/usr/bin/aktualizr --config /sysroot/boot/sota.toml --loglevel 2
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
 
 [Install]
 WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml
deleted file mode 100644
index 9fbb093..0000000
--- a/recipes-sota/aktualizr/files/sota_autoprov.toml
+++ /dev/null
@@ -1,14 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
-[provision]
-provision_path = "/var/sota/sota_provisioning_credentials.zip"
-
diff --git a/recipes-sota/aktualizr/files/sota_hsm_test.toml b/recipes-sota/aktualizr/files/sota_hsm_test.toml
deleted file mode 100644
index 28aefc2..0000000
--- a/recipes-sota/aktualizr/files/sota_hsm_test.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/var/sota/token/root.crt"
-client_certificate = "01"
-cert_source = "pkcs11"
-pkey_file = "02"
-pkey_source = "pkcs11"
-
-[p11]
-module = "/usr/lib/softhsm/libsofthsm2.so"
-pass = "1234"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-key_source = "pkcs11"
-private_key_path = "03"
-public_key_path = "03"
-
diff --git a/recipes-sota/aktualizr/files/sota_implicit_prov.toml b/recipes-sota/aktualizr/files/sota_implicit_prov.toml
deleted file mode 100644
index 756c868..0000000
--- a/recipes-sota/aktualizr/files/sota_implicit_prov.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/usr/lib/sota/root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
diff --git a/recipes-sota/asn1c/asn1c.bb b/recipes-sota/asn1c/asn1c.bb
new file mode 100644
index 0000000..9d1517d
--- /dev/null
+++ b/recipes-sota/asn1c/asn1c.bb
@@ -0,0 +1,17 @@
+SUMMARY = "ASN.1 to C compiler"
+DESCRIPTION = "Generates serialization routines from ASN.1 schemas"
+HOMEPAGE = "http://lionet.info/asn1c"
+SECTION = "base"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ee8bfaaa7d71cf3edb079475e6716d4b"
+
+inherit autotools native
+
+PV = "0.9.28"
+SRC_URI = "https://github.com/vlm/asn1c/releases/download/v${PV}/asn1c-${PV}.tar.gz \
+           file://skeletons_dir_fix.patch"
+SRC_URI[sha256sum] = "8007440b647ef2dd9fb73d931c33ac11764e6afb2437dbe638bb4e5fc82386b9"
+
+BBCLASSEXTEND = "native nativesdk"
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/asn1c/files/skeletons_dir_fix.patch b/recipes-sota/asn1c/files/skeletons_dir_fix.patch
new file mode 100644
index 0000000..f1caa2f
--- /dev/null
+++ b/recipes-sota/asn1c/files/skeletons_dir_fix.patch
@@ -0,0 +1,44 @@
+From 1a1c2c94f700cf0f4dc5dba863950b16477fdc6d Mon Sep 17 00:00:00 2001
+From: Laurent Bonnans <laurent.bonnans@here.com>
+Date: Thu, 25 Jan 2018 09:49:41 +0100
+Subject: [PATCH] Patch the skeletons directory detection
+
+Detect `share/asn1c` from `bin/` if it exists
+---
+ asn1c/asn1c.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/asn1c/asn1c.c b/asn1c/asn1c.c
+index eb1eff7c..dd9fc832 100644
+--- a/asn1c/asn1c.c
++++ b/asn1c/asn1c.c
+@@ -226,22 +226,21 @@ main(int ac, char **av) {
+     if(skeletons_dir == NULL) {
+         struct stat sb;
+         skeletons_dir = DATADIR;
+-        if((av[-optind][0] == '.' || av[-optind][1] == '/')
+-           && stat(skeletons_dir, &sb)) {
++        if(stat(skeletons_dir, &sb)) {
+             /*
+              * The default skeletons directory does not exist,
+              * compute it from my file name:
+-             * ./asn1c/asn1c -> ./skeletons
++             * ./asn1c/asn1c -> ./share/asn1c
+              */
+             char *p;
+             size_t len;
+ 
+             p = a1c_dirname(av[-optind]);
+ 
+-            len = strlen(p) + sizeof("/../skeletons");
++            len = strlen(p) + sizeof("/../share/asn1c");
+             skeletons_dir = malloc(len);
+             assert(skeletons_dir);
+-            snprintf(skeletons_dir, len, "%s/../skeletons", p);
++            snprintf(skeletons_dir, len, "%s/../share/asn1c", p);
+             if(stat(skeletons_dir, &sb)) {
+                 fprintf(stderr,
+                         "WARNING: skeletons are neither in "
+-- 
+2.15.1
+
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
deleted file mode 100644
index d5388bc..0000000
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "garage-sign"
-DESCRIPTION = "Metadata signing tool for ATS Garage"
-HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html"
-SECTION = "base"
-LICENSE = "CLOSED"
-LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
-DEPENDS = ""
-
-PV = "0.2.0-35-g0544c33"
-
-SRC_URI = " \
-  https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
-  "
-
-SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74"
-SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc"
-
-S = "${WORKDIR}/${BPN}"
-
-BBCLASSEXTEND =+ "native"
-
-do_install() {
-    install -d ${D}${bindir}
-    install -m "0755" -t ${D}${bindir} ${S}/bin/*
-    install -d ${D}${libdir}
-    install -m "0644" -t ${D}${libdir} ${S}/lib/*
-}
-
-FILES_${PN} = " \
-  /usr/bin \
-  /usr/bin/garage-sign.bat \
-  /usr/bin/garage-sign \
-  /usr/lib/* \
-  "
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 724976a..ad85775 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -8,22 +8,23 @@ INHERIT_remove_class-native = "systemd"
 
 SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
 
-SRCREV="ae61321046ad7f4148a5884c8c6c8b2594ff840e"
+SRCREV="854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6"
 
 PV = "v2017.13"
+PR = "1"
 
 S = "${WORKDIR}/git"
 
 BBCLASSEXTEND = "native"
 
-DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse libsoup-2.4 e2fsprogs gtk-doc-native curl xz"
+DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse e2fsprogs gtk-doc-native curl xz"
 DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
 DEPENDS_remove_class-native = "systemd-native"
 
 RDEPENDS_${PN} = "python util-linux-libuuid util-linux-libblkid util-linux-libmount libcap bash"
 RDEPENDS_${PN}_remove_class-native = "python-native"
 
-EXTRA_OECONF = "--with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl"
+EXTRA_OECONF = "CFLAGS='-Wno-error=missing-prototypes' --with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl --without-soup"
 EXTRA_OECONF_append_class-native = " --enable-wrpseudo-compat"
 
 # Path to ${prefix}/lib/ostree/ostree-grub-generator is hardcoded on the
diff --git a/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service b/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service
deleted file mode 100644
index 11b1354..0000000
--- a/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=SOTA Client Autoprovisioning
-Requires=network-online.target
-After=network-online.target
-
-[Service]
-Type=oneshot
-WorkingDirectory=/var/sota
-Environment=SOTA_CERT_DIR=/var/sota
-ExecStart=/usr/bin/sota_provision.sh sota_provisioning_credentials
-RemainAfterExit=true
-StandardOutput=journal
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/rvi-sota-client/files/sota-client-ostree.service b/recipes-sota/rvi-sota-client/files/sota-client-ostree.service
deleted file mode 100644
index 093a994..0000000
--- a/recipes-sota/rvi-sota-client/files/sota-client-ostree.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=SOTA Client
-Requires=network-online.target
-After=network.target network-online.target
-
-[Service]
-RestartSec=5
-Restart=on-failure
-Environment="RUST_LOG=debug"
-ExecStart=/usr/bin/sota_client --config /sysroot/boot/sota.toml --device-package-manager ostree
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/rvi-sota-client/files/sota-client-uptane.service b/recipes-sota/rvi-sota-client/files/sota-client-uptane.service
deleted file mode 100644
index a2d80ce..0000000
--- a/recipes-sota/rvi-sota-client/files/sota-client-uptane.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=SOTA Client
-Requires=network-online.target
-After=network.target network-online.target
-Requires=sota-client-autoprovision
-After=sota-client-autoprovision
-
-[Service]
-RestartSec=5
-Restart=on-failure
-Environment="RUST_LOG=debug"
-ExecStart=/usr/bin/sota_client --config /var/sota/sota.toml --device-package-manager uptane
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/rvi-sota-client/files/sota-installer.service b/recipes-sota/rvi-sota-client/files/sota-installer.service
deleted file mode 100644
index a4fd99e..0000000
--- a/recipes-sota/rvi-sota-client/files/sota-installer.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=SOTA Secondary ECU Installer
-Requires=network-online.target
-After=network-online.target
-
-[Service]
-RestartSec=10
-Restart=always
-ExecStart=/usr/bin/sota-installer --level debug --oneshot --config /var/sota/installer.toml
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client.inc b/recipes-sota/rvi-sota-client/rvi-sota-client.inc
deleted file mode 100644
index 712b9b3..0000000
--- a/recipes-sota/rvi-sota-client/rvi-sota-client.inc
+++ /dev/null
@@ -1,173 +0,0 @@
-inherit cargo systemd
-
-DESCRIPTION = "rvi-sota-client recipe"
-HOMEPAGE = "https://github.com/advancedtelematic/rvi_sota_client"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=65d26fcc2f35ea6a181ac777e42db1ea"
-
-BBCLASSEXTEND = "native"
-
-S = "${WORKDIR}/git"
-
-SRC_URI[index.md5sum] = "6a635e8a081b4d4ba4cebffd721c2d7d"
-SRC_URI[index.sha256sum] = "1913c41d4b8de89a931b6f9e418f83e70a083e12e6c247e8510ee932571ebae2"
-
-# also update PV and SRC_URI crates when updating SRCREV
-SRCREV = "be8ec83af2051a2b2499ce8878242771c65f0f1c"
-
-PR = "1"
-
-# generate with: `make package-version`
-PV = "0.2.34-8-gbe8ec83"
-
-# generate with: `make yocto-version`
-SRC_URI = " \
-git://github.com/advancedtelematic/rvi_sota_client \
-file://sota-client-autoprovision.service \
-file://sota-client-ostree.service \
-file://sota-client-uptane.service \
-file://sota-installer.service \
-crate://crates.io/adler32/1.0.2 \
-crate://crates.io/advapi32-sys/0.2.0 \
-crate://crates.io/aho-corasick/0.6.3 \
-crate://crates.io/ansi_term/0.9.0 \
-crate://crates.io/antidote/1.0.0 \
-crate://crates.io/atty/0.2.3 \
-crate://crates.io/backtrace/0.3.3 \
-crate://crates.io/backtrace-sys/0.1.15 \
-crate://crates.io/base64/0.6.0 \
-crate://crates.io/bincode/0.9.0 \
-crate://crates.io/bit-set/0.4.0 \
-crate://crates.io/bit-vec/0.4.4 \
-crate://crates.io/bitflags/0.7.0 \
-crate://crates.io/bitflags/0.9.1 \
-crate://crates.io/block-buffer/0.2.0 \
-crate://crates.io/byte-tools/0.2.0 \
-crate://crates.io/byteorder/1.1.0 \
-crate://crates.io/bytes/0.4.5 \
-crate://crates.io/cc/1.0.1 \
-crate://crates.io/cfg-if/0.1.2 \
-crate://crates.io/chan/0.1.19 \
-crate://crates.io/chan-signal/0.3.1 \
-crate://crates.io/chrono/0.4.0 \
-crate://crates.io/clap/2.26.2 \
-crate://crates.io/coco/0.1.1 \
-crate://crates.io/constant_time_eq/0.1.3 \
-crate://crates.io/core-foundation/0.2.3 \
-crate://crates.io/core-foundation-sys/0.2.3 \
-crate://crates.io/crossbeam/0.3.0 \
-crate://crates.io/crypt32-sys/0.2.0 \
-crate://crates.io/crypto-mac/0.4.0 \
-crate://crates.io/dbghelp-sys/0.2.0 \
-crate://crates.io/dbus/0.5.4 \
-crate://crates.io/digest/0.6.2 \
-crate://crates.io/dtoa/0.4.2 \
-crate://crates.io/either/1.2.0 \
-crate://crates.io/env_logger/0.4.3 \
-crate://crates.io/error-chain/0.10.0 \
-crate://crates.io/fake-simd/0.1.2 \
-crate://crates.io/filetime/0.1.14 \
-crate://crates.io/foreign-types/0.2.0 \
-crate://crates.io/fuchsia-zircon/0.2.1 \
-crate://crates.io/fuchsia-zircon-sys/0.2.0 \
-crate://crates.io/futures/0.1.16 \
-crate://crates.io/gcc/0.3.54 \
-crate://crates.io/generic-array/0.8.3 \
-crate://crates.io/getopts/0.2.15 \
-crate://crates.io/hex/0.2.0 \
-crate://crates.io/hmac/0.4.2 \
-crate://crates.io/httparse/1.2.3 \
-crate://crates.io/hyper/0.10.13 \
-crate://crates.io/hyper-native-tls/0.2.4 \
-crate://crates.io/idna/0.1.4 \
-crate://crates.io/iovec/0.1.1 \
-crate://crates.io/itoa/0.3.4 \
-crate://crates.io/kernel32-sys/0.2.2 \
-crate://crates.io/language-tags/0.2.2 \
-crate://crates.io/lazy_static/0.2.9 \
-crate://crates.io/libc/0.2.32 \
-crate://crates.io/libdbus-sys/0.1.1 \
-crate://crates.io/libflate/0.1.11 \
-crate://crates.io/log/0.3.8 \
-crate://crates.io/maplit/0.1.5 \
-crate://crates.io/matches/0.1.6 \
-crate://crates.io/memchr/1.0.1 \
-crate://crates.io/metadeps/1.1.2 \
-crate://crates.io/mime/0.2.6 \
-crate://crates.io/native-tls/0.1.4 \
-crate://crates.io/net2/0.2.31 \
-crate://crates.io/nodrop/0.1.9 \
-crate://crates.io/num/0.1.40 \
-crate://crates.io/num-integer/0.1.35 \
-crate://crates.io/num-iter/0.1.34 \
-crate://crates.io/num-traits/0.1.40 \
-crate://crates.io/num_cpus/1.7.0 \
-crate://crates.io/odds/0.2.25 \
-crate://crates.io/openssl/0.9.19 \
-crate://crates.io/openssl-sys/0.9.19 \
-crate://crates.io/pem/0.4.1 \
-crate://crates.io/percent-encoding/1.0.0 \
-crate://crates.io/pkg-config/0.3.9 \
-crate://crates.io/quote/0.3.15 \
-crate://crates.io/rand/0.3.17 \
-crate://crates.io/rayon/0.8.2 \
-crate://crates.io/rayon-core/1.2.1 \
-crate://crates.io/redox_syscall/0.1.31 \
-crate://crates.io/redox_termios/0.1.1 \
-crate://crates.io/regex/0.2.2 \
-crate://crates.io/regex-syntax/0.4.1 \
-crate://crates.io/reqwest/0.6.2 \
-crate://crates.io/ring/0.12.1 \
-crate://crates.io/rust-crypto/0.2.36 \
-crate://crates.io/rustc-demangle/0.1.5 \
-crate://crates.io/rustc-serialize/0.3.24 \
-crate://crates.io/safemem/0.2.0 \
-crate://crates.io/schannel/0.1.8 \
-crate://crates.io/scopeguard/0.3.2 \
-crate://crates.io/secur32-sys/0.2.0 \
-crate://crates.io/security-framework/0.1.16 \
-crate://crates.io/security-framework-sys/0.1.16 \
-crate://crates.io/serde/1.0.15 \
-crate://crates.io/serde_derive/1.0.15 \
-crate://crates.io/serde_derive_internals/0.16.0 \
-crate://crates.io/serde_json/1.0.3 \
-crate://crates.io/serde_urlencoded/0.5.1 \
-crate://crates.io/sha1/0.2.0 \
-crate://crates.io/sha2/0.6.0 \
-crate://crates.io/strsim/0.6.0 \
-crate://crates.io/syn/0.11.11 \
-crate://crates.io/synom/0.11.3 \
-crate://crates.io/tar/0.4.13 \
-crate://crates.io/tempdir/0.3.5 \
-crate://crates.io/term_size/0.3.0 \
-crate://crates.io/termion/1.5.1 \
-crate://crates.io/textwrap/0.8.0 \
-crate://crates.io/thread_local/0.3.4 \
-crate://crates.io/time/0.1.38 \
-crate://crates.io/toml/0.2.1 \
-crate://crates.io/toml/0.4.5 \
-crate://crates.io/traitobject/0.1.0 \
-crate://crates.io/tungstenite/0.5.0 \
-crate://crates.io/typeable/0.1.2 \
-crate://crates.io/typenum/1.9.0 \
-crate://crates.io/unicase/1.4.2 \
-crate://crates.io/unicode-bidi/0.3.4 \
-crate://crates.io/unicode-normalization/0.1.5 \
-crate://crates.io/unicode-width/0.1.4 \
-crate://crates.io/unicode-xid/0.0.4 \
-crate://crates.io/unix_socket/0.5.0 \
-crate://crates.io/unreachable/1.0.0 \
-crate://crates.io/untrusted/0.5.1 \
-crate://crates.io/url/1.5.1 \
-crate://crates.io/utf-8/0.7.1 \
-crate://crates.io/utf8-ranges/1.0.0 \
-crate://crates.io/uuid/0.5.1 \
-crate://crates.io/vcpkg/0.2.2 \
-crate://crates.io/vec_map/0.8.0 \
-crate://crates.io/version_check/0.1.3 \
-crate://crates.io/void/1.0.2 \
-crate://crates.io/winapi/0.2.8 \
-crate://crates.io/winapi-build/0.1.1 \
-crate://crates.io/ws2_32-sys/0.2.1 \
-crate://crates.io/xattr/0.1.11 \
-"
diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
deleted file mode 100644
index e286598..0000000
--- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
+++ /dev/null
@@ -1,59 +0,0 @@
-require rvi-sota-client.inc
-
-
-SYSTEMD_SERVICE_${PN} = "sota-client.service sota-client-autoprovision.service"
-
-FILES_${PN} = " \
-/lib64 \
-${bindir}/sota_client \
-${bindir}/sota_sysinfo.sh \
-${bindir}/sota_provision.sh \
-${sysconfdir}/sota_client.version \
-${sysconfdir}/sota_certificates \
-${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/sota-client.service', '', d)} \
-${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/sota-client-autoprovision.service', '', d)} \
-"
-
-DEPENDS += " openssl openssl-native dbus "
-RDEPENDS_${PN} = " \
-bash \
-curl \
-libcrypto \
-libssl \
-lshw \
-jq \
-python-petname \
-sota-launcher \
-zip \
-"
-
-export SOTA_PACKED_CREDENTIALS
-
-do_compile_prepend() {
-  export SOTA_VERSION=$(make sota-version)
-  cd sota-client
-}
-
-do_install() {
-  ln -fs /lib ${D}/lib64
-
-  install -d ${D}${bindir}
-  install -d ${D}${sysconfdir}
-
-  echo `git log -1 --pretty=format:%H` > ${D}${sysconfdir}/sota_client.version
-  install -c ${S}/sota-client/docker/sota_certificates ${D}${sysconfdir}
-
-  install -m 0755 target/${TARGET_SYS}/release/sota_client ${D}${bindir}
-  install -m 0755 ${S}/sota-client/docker/sota_provision.sh ${D}${bindir}
-  install -m 0755 ${S}/sota-client/docker/sota_sysinfo.sh ${D}${bindir}
-
-  if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-    install -d ${D}/${systemd_unitdir}/system
-    if [ -n "$SOTA_PACKED_CREDENTIALS" ]; then
-      install -m 0644 ${WORKDIR}/sota-client-uptane.service ${D}/${systemd_unitdir}/system/sota-client.service
-    else
-      install -m 0644 ${WORKDIR}/sota-client-ostree.service ${D}/${systemd_unitdir}/system/sota-client.service
-    fi
-    install -m 0644 ${WORKDIR}/sota-client-autoprovision.service ${D}/${systemd_unitdir}/system/sota-client-autoprovision.service
-  fi
-}
diff --git a/recipes-sota/rvi-sota-client/sota-installer_git.bb b/recipes-sota/rvi-sota-client/sota-installer_git.bb
deleted file mode 100644
index 09f6e5d..0000000
--- a/recipes-sota/rvi-sota-client/sota-installer_git.bb
+++ /dev/null
@@ -1,25 +0,0 @@
-require rvi-sota-client.inc
-
-
-SYSTEMD_SERVICE_${PN} = "sota-installer.service"
-
-DEPENDS += " rvi-sota-client "
-
-FILES_${PN} = " \
-${bindir}/sota-installer \
-${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/sota-installer.service', '', d)} \
-"
-
-do_compile_prepend() {
-  cd sota-installer
-}
-
-do_install() {
-  install -d ${D}${bindir}
-  install -m 0755 target/${TARGET_SYS}/release/sota-installer ${D}${bindir}
-
-  if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/sota-installer.service ${D}/${systemd_unitdir}/system/sota-installer.service
-  fi
-}
diff --git a/recipes-sota/rvi-sota-client/sota-launcher_git.bb b/recipes-sota/rvi-sota-client/sota-launcher_git.bb
deleted file mode 100644
index e9874e7..0000000
--- a/recipes-sota/rvi-sota-client/sota-launcher_git.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require rvi-sota-client.inc
-
-
-DEPENDS += " rvi-sota-client "
-FILES_${PN} = "${bindir}/sota-launcher"
-
-
-do_compile_prepend() {
-  cd sota-launcher
-}
-
-do_install() {
-  install -d ${D}${bindir}
-  install -m 0755 target/${TARGET_SYS}/release/sota-launcher ${D}${bindir}
-}
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend
index afaadfd..cc95a68 100644
--- a/recipes-support/ca-certificates/ca-certificates_%.bbappend
+++ b/recipes-support/ca-certificates/ca-certificates_%.bbappend
@@ -1 +1 @@
-SYSROOT_DIRS += "/etc"
+SYSROOT_DIRS += "${sysconfdir}"
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend
deleted file mode 100644
index 22e6f05..0000000
--- a/recipes-support/glib-networking/glib-networking_%.bbappend
+++ /dev/null
@@ -1,8 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-# Hackery to prevent relocatable_native_pcfiles from crashing
-do_install_append_class-native () {
-        if [ -d ${D}${libdir}/pkgconfig ]; then
-                rmdir ${D}${libdir}/pkgconfig
-        fi
-}
diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch
new file mode 100644
index 0000000..0538eff
--- /dev/null
+++ b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch
@@ -0,0 +1,42 @@
+From ccab5ce63dd5d3dbb4bd02998d21d34407e550f2 Mon Sep 17 00:00:00 2001
+From: Anton Gerasimov <anton.gerasimov@here.com>
+Date: Fri, 19 Jan 2018 12:44:27 +0100
+Subject: [PATCH] Workaround for a buggy version of openssl (1.0.2m)
+
+---
+ src/p11_pkey.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/p11_pkey.c b/src/p11_pkey.c
+index 45d5ad3..75625e6 100644
+--- a/src/p11_pkey.c
++++ b/src/p11_pkey.c
+@@ -139,8 +139,14 @@ static void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER)
+-static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
++#if OPENSSL_VERSION_NUMBER <= 0x100020e0L || defined(LIBRESSL_VERSION_NUMBER)
++
++#  if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L
++#    undef EVP_PKEY_meth_get_sign
++#    undef EVP_PKEY_meth_get_decrypt
++#  endif
++
++void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+                int (**psign_init) (EVP_PKEY_CTX *ctx),
+                int (**psign) (EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+@@ -152,7 +158,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+                *psign = pmeth->sign;
+ }
+ 
+-static void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
++void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+                int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                        unsigned char *out,
+-- 
+2.15.1
+
diff --git a/recipes-support/libp11/libp11_0.4.7.bb b/recipes-support/libp11/libp11_0.4.7.bb
index 7d77e90..7a93102 100644
--- a/recipes-support/libp11/libp11_0.4.7.bb
+++ b/recipes-support/libp11/libp11_0.4.7.bb
@@ -8,7 +8,8 @@ LICENSE = "LGPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29"
 DEPENDS = "libtool openssl"
 
-SRC_URI = "git://github.com/OpenSC/libp11.git"
+SRC_URI = "git://github.com/OpenSC/libp11.git \
+           file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch"
 SRCREV = "da725ab727342083478150a203a3c80c4551feb4"
 
 S = "${WORKDIR}/git"
diff --git a/recipes-support/libsoup/libsoup-2.4_%.bbappend b/recipes-support/libsoup/libsoup-2.4_%.bbappend
deleted file mode 100644
index 18383f1..0000000
--- a/recipes-support/libsoup/libsoup-2.4_%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-DEPENDS_append_class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ' glib-networking-native', ' ', d)}"
diff --git a/recipes-support/slcand-start/files/slcand@.service b/recipes-support/slcand-start/files/slcand@.service
new file mode 100644
index 0000000..c539568
--- /dev/null
+++ b/recipes-support/slcand-start/files/slcand@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Serial CAN daemon (can-utils)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/slcand -o -c -s4 %I can0
+ExecStartPost=/bin/sh -c '/bin/sleep 3; /sbin/ip link set can0 up'
+
diff --git a/recipes-support/slcand-start/slcand-start.bb b/recipes-support/slcand-start/slcand-start.bb
new file mode 100644
index 0000000..dfefaea
--- /dev/null
+++ b/recipes-support/slcand-start/slcand-start.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Mock smartcard for aktualizr"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+
+inherit systemd
+
+RDEPENDS_${PN} = "can-utils"
+
+SRC_URI = "file://slcand@.service"
+
+SYSTEMD_SERVICE_${PN} = "slcand@.service"
+
+do_install() {
+  install -d ${D}${systemd_unitdir}/system
+  install -m 0644 ${WORKDIR}/slcand@.service ${D}${systemd_unitdir}/system/slcand@.service
+}
+
+FILES_${PN} = "${systemd_unitdir}/system/createtoken.service"
+
diff --git a/recipes-support/util-linux/util-linux_%.bbappend b/recipes-support/util-linux/util-linux_%.bbappend
deleted file mode 100644
index d653bb2..0000000
--- a/recipes-support/util-linux/util-linux_%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-PACKAGES_append_class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ' util-linux-agetty-native util-linux-fdisk-native util-linux-cfdisk-native util-linux-sfdisk-native util-linux-swaponoff-native util-linux-losetup-native util-linux-umount-native util-linux-mount-native util-linux-readprofile-native util-linux-uuidd-native util-linux-uuidgen-native util-linux-lscpu-native util-linux-fsck-native util-linux-blkid util-linux-mkfs-native util-linux-mcookie-native util-linux-reset-native util-linux-mkfs.cramfs-native util-linux-fsck.cramfs-native util-linux-fstrim-native util-linux-partx-native ${PN}-bash-completion-native util-linux-hwclock util-linux-findfs-native util-linux-getopt-native util-linux-sulogin-native', ' ', d)}"
-
-PACKAGES_append_class-native = "${@' util-linux-pylibmount-native' if bb.utils.contains('DISTRO_FEATURES', 'sota', True, False, d) and bb.utils.contains('PACKAGECONFIG', 'pylibmount', True, False, d) else ' '}"
diff --git a/scripts/envsetup.sh b/scripts/envsetup.sh
index 260b048..ff78681 100755
--- a/scripts/envsetup.sh
+++ b/scripts/envsetup.sh
@@ -24,15 +24,7 @@ fi
 METADIR="${SOURCEDIR}/../.."
 
 if [[ ! -f "${BUILDDIR}/conf/local.conf" ]]; then
-  if [ -z "$TEMPLATECONF" ] && [ -d ${METADIR}/meta-updater-${MACHINE}/conf ]; then
-    # Use the template configurations for the specified machine
-    TEMPLATECONF=${METADIR}/meta-updater-${MACHINE}/conf
-    source "$METADIR/poky/oe-init-build-env" "$BUILDDIR"
-    unset TEMPLATECONF
-  else
-    # Use the default configurations or TEMPLATECONF set by the user
-    source "$METADIR/poky/oe-init-build-env" "$BUILDDIR"
-  fi
+  source "$METADIR/poky/oe-init-build-env" "$BUILDDIR"
   echo "METADIR  := \"\${@os.path.abspath('${METADIR}')}\"" >> conf/bblayers.conf
   cat "${METADIR}/meta-updater/conf/include/bblayers/sota.inc" >> conf/bblayers.conf
   cat "${METADIR}/meta-updater/conf/include/bblayers/sota_${MACHINE}.inc" >> conf/bblayers.conf
diff --git a/scripts/lib/wic/plugins/source/otaimage.py b/scripts/lib/wic/plugins/source/otaimage.py
index 26cfb10..ee8088b 100644
--- a/scripts/lib/wic/plugins/source/otaimage.py
+++ b/scripts/lib/wic/plugins/source/otaimage.py
@@ -20,7 +20,7 @@ import os
 import sys
 
 from wic.plugins.source.rawcopy import RawCopyPlugin
-from wic.utils.misc import get_bitbake_var
+from wic.misc import get_bitbake_var
 
 logger = logging.getLogger('wic')
 
diff --git a/scripts/qemucommand.py b/scripts/qemucommand.py
new file mode 100644
index 0000000..6b1106d
--- /dev/null
+++ b/scripts/qemucommand.py
@@ -0,0 +1,126 @@
+from os.path import exists, join, realpath, abspath
+from os import listdir
+import random
+import socket
+from subprocess import check_output, CalledProcessError
+
+EXTENSIONS = {
+    'intel-corei7-64': 'wic',
+    'qemux86-64': 'otaimg'
+}
+
+
+def find_local_port(start_port):
+    """"
+    Find the next free TCP port after 'start_port'.
+    """
+
+    for port in range(start_port, start_port + 10):
+        try:
+            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            s.bind(('', port))
+            return port
+        except socket.error:
+            print("Skipping port %d" % port)
+        finally:
+            s.close()
+    raise Exception("Could not find a free TCP port")
+
+
+def random_mac():
+    """Return a random Ethernet MAC address
+    @link https://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml#ethernet-numbers-2
+    """
+    head = "ca:fe:"
+    hex_digits = '0123456789abcdef'
+    tail = ':'.join([random.choice(hex_digits) + random.choice(hex_digits) for _ in range(4)])
+    return head + tail
+
+
+class QemuCommand(object):
+    def __init__(self, args):
+        if args.machine:
+            self.machine = args.machine
+        else:
+            machines = listdir(args.dir)
+            if len(machines) == 1:
+                self.machine = machines[0]
+            else:
+                raise ValueError("Could not autodetect machine type. More than one entry in %s. Maybe --machine qemux86-64?" % args.dir)
+        if args.efi:
+            self.bios = 'OVMF.fd'
+        else:
+            uboot = abspath(join(args.dir, self.machine, 'u-boot-qemux86-64.rom'))
+            if not exists(uboot):
+                raise ValueError("U-Boot image %s does not exist" % uboot)
+            self.bios = uboot
+        if exists(args.imagename):
+            image = args.imagename
+        else:
+            ext = EXTENSIONS.get(self.machine, 'wic')
+            image = join(args.dir, self.machine, '%s-%s.%s' % (args.imagename, self.machine, ext))
+        self.image = realpath(image)
+        if not exists(self.image):
+            raise ValueError("OS image %s does not exist" % self.image)
+        if args.mac:
+            self.mac_address = args.mac
+        else:
+            self.mac_address = random_mac()
+        self.serial_port = find_local_port(8990)
+        self.ssh_port = find_local_port(2222)
+        if args.kvm is None:
+            # Autodetect KVM using 'kvm-ok'
+            try:
+                check_output(['kvm-ok'])
+                self.kvm = True
+            except Exception:
+                self.kvm = False
+        else:
+            self.kvm = args.kvm
+        self.gui = not args.no_gui
+        self.gdb = args.gdb
+        self.pcap = args.pcap
+        self.overlay = args.overlay
+
+    def command_line(self):
+        netuser = 'user,hostfwd=tcp:0.0.0.0:%d-:22,restrict=off' % self.ssh_port
+        if self.gdb:
+            netuser += ',hostfwd=tcp:0.0.0.0:2159-:2159'
+        cmdline = [
+            "qemu-system-x86_64",
+            "-bios", self.bios
+        ]
+        if not self.overlay:
+            cmdline += ["-drive", "file=%s,if=ide,format=raw,snapshot=on" % self.image]
+        cmdline += [
+            "-serial", "tcp:127.0.0.1:%d,server,nowait" % self.serial_port,
+            "-m", "1G",
+            "-usb",
+            "-device", "usb-tablet",
+            "-show-cursor",
+            "-vga", "std",
+            "-net", netuser,
+            "-net", "nic,macaddr=%s" % self.mac_address
+        ]
+        if self.pcap:
+            cmdline += ['-net', 'dump,file=' + self.pcap]
+        if self.gui:
+            cmdline += ["-serial", "stdio"]
+        else:
+            cmdline.append('-nographic')
+        if self.kvm:
+            cmdline.append('-enable-kvm')
+        else:
+            cmdline += ['-cpu', 'Haswell']
+        if self.overlay:
+            cmdline.append(self.overlay)
+        return cmdline
+
+    def img_command_line(self):
+        cmdline = [
+            "qemu-img", "create",
+            "-o", "backing_file=%s" % self.image,
+            "-f", "qcow2",
+            self.overlay]
+        return cmdline
+
diff --git a/scripts/run-qemu-ota b/scripts/run-qemu-ota
index 641296c..56e4fbc 100755
--- a/scripts/run-qemu-ota
+++ b/scripts/run-qemu-ota
@@ -2,126 +2,12 @@
 
 from argparse import ArgumentParser
 from subprocess import Popen
-from os.path import exists, join, realpath
-from os import listdir
-import random
+from os.path import exists
 import sys
-import socket
+from qemucommand import QemuCommand
 
 DEFAULT_DIR = 'tmp/deploy/images'
 
-EXTENSIONS = {
-    'intel-corei7-64': 'wic',
-    'qemux86-64': 'otaimg'
-}
-
-
-def find_local_port(start_port):
-    """"
-    Find the next free TCP port after 'start_port'.
-    """
-
-    for port in range(start_port, start_port + 10):
-        try:
-            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            s.bind(('', port))
-            return port
-        except socket.error:
-            print("Skipping port %d" % port)
-        finally:
-            s.close()
-    raise Exception("Could not find a free TCP port")
-
-
-def random_mac():
-    """Return a random Ethernet MAC address
-    @link https://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml#ethernet-numbers-2
-    """
-    head = "ca:fe:"
-    hex_digits = '0123456789abcdef'
-    tail = ':'.join([random.choice(hex_digits) + random.choice(hex_digits) for _ in range(4)])
-    return head + tail
-
-
-class QemuCommand(object):
-    def __init__(self, args):
-        if args.machine:
-            self.machine = args.machine
-        else:
-            machines = listdir(args.dir)
-            if len(machines) == 1:
-                self.machine = machines[0]
-            else:
-                raise ValueError("Could not autodetect machine type from %s" % args.dir)
-        if args.efi:
-            self.bios = 'OVMF.fd'
-        else:
-            uboot = join(args.dir, self.machine, 'u-boot-qemux86-64.rom')
-            if not exists(uboot):
-                raise ValueError("U-Boot image %s does not exist" % uboot)
-            self.bios = uboot
-        if exists(args.imagename):
-            image = args.imagename
-        else:
-            ext = EXTENSIONS.get(self.machine, 'wic')
-            image = join(args.dir, self.machine, '%s-%s.%s' % (args.imagename, self.machine, ext))
-        self.image = realpath(image)
-        if not exists(self.image):
-            raise ValueError("OS image %s does not exist" % self.image)
-        if args.mac:
-            self.mac_address = args.mac
-        else:
-            self.mac_address = random_mac()
-        self.serial_port = find_local_port(8990)
-        self.ssh_port = find_local_port(2222)
-        self.kvm = not args.no_kvm
-        self.gui = not args.no_gui
-        self.gdb = args.gdb
-        self.pcap = args.pcap
-        self.overlay = args.overlay
-
-    def command_line(self):
-        netuser = 'user,hostfwd=tcp:0.0.0.0:%d-:22,restrict=off' % self.ssh_port
-        if self.gdb:
-            netuser += ',hostfwd=tcp:0.0.0.0:2159-:2159'
-        cmdline = [
-            "qemu-system-x86_64",
-            "-bios", self.bios
-        ]
-        if not self.overlay:
-            cmdline += ["-drive", "file=%s,if=ide,format=raw,snapshot=on" % self.image]
-        cmdline += [
-            "-serial", "tcp:127.0.0.1:%d,server,nowait" % self.serial_port,
-            "-m", "1G",
-            "-usb",
-            "-usbdevice", "tablet",
-            "-show-cursor",
-            "-vga", "std",
-            "-net", netuser,
-            "-net", "nic,macaddr=%s" % self.mac_address
-        ]
-        if self.pcap:
-            cmdline += ['-net', 'dump,file=' + self.pcap]
-        if self.gui:
-            cmdline += ["-serial", "stdio"]
-        else:
-            cmdline.append('-nographic')
-        if self.kvm:
-            cmdline.append('-enable-kvm')
-        else:
-            cmdline += ['-cpu', 'Haswell']
-        if self.overlay:
-            cmdline.append(self.overlay)
-        return cmdline
-
-    def img_command_line(self):
-        cmdline = [
-        "qemu-img", "create",
-        "-o", "backing_file=%s" % self.image,
-        "-f", "qcow2",
-        self.overlay]
-        return cmdline
-
 
 def main():
     parser = ArgumentParser(description='Run meta-updater image in qemu')
@@ -135,11 +21,18 @@ def main():
                              'OSTREE_BOOTLOADER = "grub" and OVMF.fd firmware to be installed (try "apt install ovmf")',
                         action='store_true')
     parser.add_argument('--machine', default=None, help="Target MACHINE")
-    parser.add_argument('--no-kvm', help='Disable KVM in QEMU', action='store_true')
+    kvm_group = parser.add_argument_group()
+    kvm_group.add_argument('--force-kvm', help='Force use of KVM (default is to autodetect)',
+                           dest='kvm', action='store_true', default=None)
+    kvm_group.add_argument('--no-kvm', help='Disable KVM in QEMU',
+                           dest='kvm', action='store_false')
     parser.add_argument('--no-gui', help='Disable GUI', action='store_true')
     parser.add_argument('--gdb', help='Export gdbserver port 2159 from the image', action='store_true')
     parser.add_argument('--pcap', default=None, help='Dump all network traffic')
-    parser.add_argument('-o', '--overlay', type=str, metavar='file.cow', help='Use an overlay storage image file. Will be created if it does not exist. This option lets you have a persistent image without modifying the underlying image file, permitting multiple different persistent machines.')
+    parser.add_argument('-o', '--overlay', type=str, metavar='file.cow',
+                        help='Use an overlay storage image file. Will be created if it does not exist. ' +
+                             'This option lets you have a persistent image without modifying the underlying image ' +
+                             'file, permitting multiple different persistent machines.')
     parser.add_argument('-n', '--dry-run', help='Print qemu command line rather then run it', action='store_true')
     args = parser.parse_args()
     try: