Merge tag 'dey-4.0-r6.1' into dey-4.0/master

Digi Embedded Yocto 4.0-r6.1

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

README.md

@@ -129,11 +129,36 @@ Documentation is available online at https://www.digi.com/resources/documentatio
 
 # Downloads
 
-* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/images/
-* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/sdk/
+* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/images/
+* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/sdk/
 
 # Release Changelog
 
+## 4.0-r6
+
+* ST-based platforms
+  * Added device tree overlay to fix internal RTC drift on ConnectCore MP15 SOM v1
+  * Added support for real-time Linux (RT-PREEMPT) for ConnectCore MP15 and ConnectCore MP13
+  * Added support for different memory variants
+  * Updated Wireless firmware binaries to v5.15.58-2023_1128
+  * TrustFence
+    * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key
+* NXP-based platforms
+  * Added support for real-time Linux (RT-PREEMPT) for ConnectCore 93
+  * Added missing TPM definitions of i.MX93 to allow using any TPM for PWM signals
+  * Added basic Time Sensitive Networking support (TSN) for ConnectCore 93
+  * Workaround LPUART IP bug of i.MX93 that affected the behavior of CTS line
+  * TrustFence
+    * Add support for secure JTAG
+    * Added secure console for ConnectCore 93
+    * Added support to boot signed FIT images (kernel + device tree + U-Boot boot script) for ConnectCore 93
+    * Added U-Boot environment encryption support for ConnectCore 93
+    * Added support to encrypted boot artifacts for ConnectCore 93
+    * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key for ConnectCore 93
+* Added support to Worldwide regulatory domains
+* Added support for Docker and LXC
+* General bug fixing and improvements
+
 ## 4.0-r5
 
 * ST-based platforms

meta-digi-arm/conf/machine/ccimx93-dvk.conf

@@ -19,7 +19,7 @@ IMXBOOT_TARGETS = "flash_singleboot flash_singleboot_a0"
 
 KERNEL_DEVICETREE ?= " \
     digi/ccimx93-dvk.dtb \
-    digi/_ov_board_dsi_display_ccimx93-dvk.dtbo \
+    digi/_ov_board_dlc0200ccp04df-mipi-dsi_ccimx93-dvk.dtbo \
     digi/_ov_board_lvds_ccimx93-dvk.dtbo \
     digi/_ov_board_enet2_ccimx9-dvk.dtbo \
     digi/_ov_board_mikroe-accel2-click_ccimx9-dvk.dtbo \

meta-digi-arm/conf/machine/ccmp15-dvk.conf

@@ -52,6 +52,7 @@ STM32MP_KERNEL_DEVICETREE:ccmp15-dvk += " \
     _ov_board_v2_ccmp15-dvk.dtbo \
     _ov_som_bt_ccmp15.dtbo \
     _ov_som_bt_test_ccmp15.dtbo \
+    _ov_som_v1_ccmp15.dtbo \
     _ov_som_wifi_ccmp15.dtbo \
 "
 # Set DTB load address to U-Boot fdt_addr_r

meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend

@@ -83,6 +83,8 @@ pkg_postinst_ontarget:${PN}() {
 			-e "s/##NBLOCKS##/${NBLOCKS}/g" \
 			${CONFIG_FILE}
 	fi
+	# Flush the file system to have the changes written
+	sync ${CONFIG_FILE}
 }
 
 inherit ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "remove-pkg-postinst-ontarget", "", d)}

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh

@@ -132,7 +132,7 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then
 	if [ "$module_variant" = "0x01" ] || \
 	   [ "$module_variant" = "0x02" ]; then
 		INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##2GB.imx"
-	elif [ "$module_variant" = "0x03" ] || \
+	elif [ "$module_variant" = "0x03" ]; then
 		INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##1GB.imx"
 	fi
 

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh

@@ -325,8 +325,7 @@ uuu fb: ucmd setenv fastboot_buffer \${loadaddr}
 uuu "fb[-t 10000]:" ucmd run partition_nand_linux
 
 if [ "${SINGLEMTDSYS}" = true ]; then
-	uuu "fb[-t 30000]:" ucmd nand erase.part system
-	uuu "fb[-t 10000]:" ucmd run ubivolscript
+	uuu "fb[-t 30000]:" ucmd run ubivolscript
 fi
 
 if [ "${DUALBOOT}" = true ]; then
@@ -346,7 +345,7 @@ else
 	# Update Linux
 	part_update "${LINUX_NAME}" "${INSTALL_LINUX_FILENAME}" 15000
 	# Update Recovery
-	part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 15000
+	part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 20000
 	# Update Rootfs
 	part_update "${ROOTFS_NAME}" "${INSTALL_ROOTFS_FILENAME}" 120000
 fi

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt

@@ -57,6 +57,13 @@ setexpr module_has_wifi ${hwid_2} \& 20000
 setexpr module_has_wifi ${module_has_wifi} / 20000
 setexpr module_has_bt ${hwid_2} \& 40000
 setexpr module_has_bt ${module_has_bt} / 40000
+setexpr som_hv ${hwid_2} \& 78
+setexpr som_hv ${som_hv} / 8
+
+# Apply SOMv1 overlay if the HWID field 'hv' is 1
+if test "${som_hv}" -eq "1"; then
+	setenv overlays _ov_som_v1_ccmp15.dtbo,${overlays}
+fi
 
 if test "${module_has_bt}" = "1" && test -z "${disable_bt}"; then
 	setenv overlays _ov_som_bt_ccmp15.dtbo,${overlays}

meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2023 by Digi International Inc.
+# Copyright (c) 2023,2024 Digi International Inc.
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -16,6 +16,8 @@
 #
 
 MMC_NODE="##NODE##"
+# Lock file to track and prevent to re-run the script when rebinding the MMC node.
+LOCKFILE="/tmp/qca65x4.lock"
 
 # At this point of the boot (udev script), the system log (syslog) is not
 # available yet, so use the kernel log buffer from userspace.
@@ -23,6 +25,12 @@ log() {
 	printf "<$1>qca65x4: $2\n" >/dev/kmsg
 }
 
+if test -f "$LOCKFILE"; then
+	# Script called due to rebinding of mmc. Ignore it and remove the lock file.
+	rm $LOCKFILE
+	exit 1
+fi
+
 # Force re-detection of the mmc node
 rebind_mmc_node() {
 	DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1
@@ -48,6 +56,10 @@ load_and_check && log "3" "[INFO] wlan module loaded" && exit 0
 # If we are here, the load has failed. Retry.
 log "3" "[WARN] Loading wlan module failed, retrying..."
 
+# Create a lock file, as rebinding the mmc node will trigger the udev rules
+# Do not remove the file at the end, it will be called by the script in the rebind call
+touch $LOCKFILE
+
 # Try by re-binding the mmc node.
 rebind_mmc_node && load_and_check && log "3" "[INFO] wlan module loaded" && exit 0
 

meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh

@@ -23,24 +23,57 @@ sta_name=wlan \
 country_ie_ignore=1 \
 txpwrlimit_cfg=nxp/txpower_US.bin \
 init_hostcmd_cfg=nxp/rutxpower_US.bin \
-fw_name=nxp/sd_w61x_v1.bin.se\
+fw_name=nxp/sd_w61x_v1.bin.se \
 "
 
+MMC_NODE="428b0000.mmc"
+# Lock file to track and prevent to re-run the script when rebinding the MMC node.
+LOCKFILE="/tmp/iw61x.lock"
+
 log() {
-        printf "<3>iw612-wifi: $1\n" >/dev/kmsg
+        printf "<3>iw61x-wifi: $1\n" >/dev/kmsg
 }
 
+if test -f "$LOCKFILE"; then
+	# Script called due to rebinding of mmc. Ignore it and remove the lock file.
+	rm $LOCKFILE
+	exit 1
+fi
+
 if ! [ -e "/proc/device-tree/wireless/mac-address" ]; then
 	log "[ERROR] wireless mac-address not found"
 	exit 1
 fi
-
 WLANADDR=$(hexdump -ve '1/1 "%02X" ":"' /proc/device-tree/wireless/mac-address 2>/dev/null | sed 's/:$//g')
 
-iw reg set US && \
-modprobe mlan && \
-modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \
-[ -d "/sys/class/net/wlan0" ] && log "Wi-Fi activated" && exit 0
+# Force re-detection of the mmc node
+rebind_mmc_node() {
+	DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1
+	echo ${MMC_NODE} > ${DRIVER_NODE}/unbind
+	# Give some time to the mmc driver to re-detect the MMC node in order to re-initialize it.
+	sleep 2
+	echo ${MMC_NODE} > ${DRIVER_NODE}/bind
+}
 
-log "[ERROR] cannot load Wi-Fi driver"
+load_and_check() {
+    iw reg set US && \
+    modprobe mlan && \
+    modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \
+    sleep $1 && [ -d "/sys/class/net/wlan0" ]
+}
+
+load_and_check 0 && log "Wi-Fi activated" && exit 0
+
+# If we are here, the load has failed. Unload (unconditionally) the driver in case it was loaded and retry.
+log "[WARN] Loading moal module failed, retrying..."
+modprobe -r moal
+
+# Create a lock file, as rebinding the mmc node will trigger the udev rules
+# Do not remove the file at the end, it will be called by the script in the rebind call
+touch $LOCKFILE
+
+# Rebind and load the driver. Use a custom sleep to give enough time to the driver load.
+rebind_mmc_node && load_and_check 2 && log "Wi-Fi activated" && exit 0
+
+log "[ERROR] Cannot activate Wi-Fi"
 exit 1

meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init

@@ -30,11 +30,12 @@ ROOTFS_IMAGE_IN_PACKAGE="no"
 ENCRYPT_ROOTFS="no"
 SWUPDATE_OUTPUT="swupdate_output.txt"
 
+ALLOW_ENC="yes"
 PART_LIST=""
 ENC_PARTS=""
 DEFAULT_ENC_PARTS="yes"
 
-NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe"
+NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe system"
 EMMC_PARTS_BLACKLIST="linux recovery safe"
 
 ENC_DIFF=""
@@ -277,8 +278,8 @@ format_ubi_volume() {
 				volname="$(ubinfo ${v} | grep ^Name | awk '{print $(2)}')"
 				if [ "${volname}" = "${1}" ]; then
 					# Find mountpoint
-					u="$(basename ${d})"
-					mountpoint="$(mount | grep ${u}:${1} | awk '{print $(3) }')"
+					u="$(basename ${v})"
+					mountpoint="$(mount | grep ${u} | awk '{print $(3) }')"
 					umount ${mountpoint} 2> /dev/null
 					# Wipe out volume
 					ubiupdatevol ${v} -t
@@ -418,7 +419,7 @@ check_swu_package() {
 	fi
 
 	# Check if the rootfs is meant to be encrypted
-	if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes" ]; then
+	if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes"  -a "${ALLOW_ENC}" = "yes" ]; then
 		grep "Description" "${SWUPDATE_OUTPUT}" | grep -qs "Encrypted rootfs" && ENCRYPT_ROOTFS="yes"
 	fi
 }
@@ -552,6 +553,10 @@ psplash_message "Starting recovery..."
 # Read the recovery command.
 read_uboot_var "${ENV_RECOVERY_COMMAND}" COMMAND
 
+# Check if system is single-MTD to allow partition encryption or not
+read_uboot_var singlemtdsys singlemtdsys
+[ "$(is_nand)" = "yes" -a "${singlemtdsys}" = "yes" ] && ALLOW_ENC="no"
+
 # Check if there is any command.
 if [ -z "${COMMAND}" ]; then
 	quit_with_error "No command found"
@@ -563,8 +568,11 @@ for arg in ${COMMAND}; do
 		wipe_update)
 			wipe_update_bool=true;;
 		encryption_key=*)
-			encryption_key_bool=true;
-			eval "${arg}";;
+			if [ "${ALLOW_ENC}" = "yes" ]; then
+				encryption_key_bool=true;
+				eval "${arg}";
+			fi
+			;;
 		update_package=*)
 			update_package_bool=true;
 			eval "${arg}";;
@@ -572,10 +580,13 @@ for arg in ${COMMAND}; do
 			update_image_set_bool=true;
 			eval "${arg}";;
 		encrypt_partitions=*)
-			eval "${arg}";
-			DEFAULT_ENC_PARTS="no";
-			encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " ");
-			encrypt_partitions=$(remove_duplicates "${encrypt_partitions}");;
+			if [ "${ALLOW_ENC}" = "yes" ]; then
+				eval "${arg}";
+				DEFAULT_ENC_PARTS="no";
+				encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " ");
+				encrypt_partitions=$(remove_duplicates "${encrypt_partitions}");
+			fi
+			;;
 		wipe_ubi_partitions=*)
 			eval "${arg}";
 			wipe_ubi_partitions=$(echo ${wipe_ubi_partitions} | tr "," " ");

meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c

@@ -61,6 +61,7 @@ static char *nand_parts_blacklist[] = {
 	"linux",
 	"recovery",
 	"safe",
+	"system",
 	NULL
 };
 
@@ -758,6 +759,12 @@ int set_encryption_key(char *key, unsigned char force)
 		return ret;
 	}
 
+	/* Check if we are in singlemtdsys mode */
+	if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) {
+		fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n");
+		return ret;
+	}
+
 	/* Initialize arrays */
 	parts[0] = NULL;
 	encrypted[0] = NULL;
@@ -862,6 +869,12 @@ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force
 		return 1;
 	}
 
+	/* Check if we are in singlemtdsys mode */
+	if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) {
+		fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n");
+		return 1;
+	}
+
 	/* If both lists are empty, we have nothing to do */
 	if (!to_encrypt && !to_unencrypt)
 		return 1;

sdk/build-github.sh

@@ -80,6 +80,18 @@ copy_images() {
 	find "${1}" -type f -not -name MD5SUMS -print0 | xargs -r -0 md5sum | sed -e "s,${1}/,,g" | sort -k2,2 > "${1}"/MD5SUMS
 }
 
+#
+# Pre-fetch all the source packages (with a retries mechanism)
+#
+fetch_all() {
+	local FETCH_LOG="fetch.log"
+	for _ in $(seq 1 3); do
+		bitbake --runall=fetch "${1}" 2>&1 | tee "${FETCH_LOG}"
+		grep -qs 'Summary.*ERROR' "${FETCH_LOG}" || break
+	done
+	rm -f "${FETCH_LOG}"
+}
+
 #
 # In the buildserver we share the state-cache for all the different platforms
 # we build in a jenkins job. This may cause problems with some packages that
@@ -224,6 +236,7 @@ for platform in ${DY_PLATFORMS}; do
 			} >> conf/local.conf
 			for target in ${platform_targets:?}; do
 				printf "\n[INFO] Building the %s target.\n" "${target}"
+				time fetch_all "${target}"
 				# shellcheck disable=SC2046
 				time bitbake "${target}" $(swu_recipe_name "${target}")
 				# Build the toolchain for DEY images