diff --git a/README.md b/README.md index 0b42bc669..3a63968e3 100644 --- a/README.md +++ b/README.md @@ -129,11 +129,36 @@ Documentation is available online at https://www.digi.com/resources/documentatio # Downloads -* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/images/ -* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/sdk/ +* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/images/ +* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/sdk/ # Release Changelog +## 4.0-r6 + +* ST-based platforms + * Added device tree overlay to fix internal RTC drift on ConnectCore MP15 SOM v1 + * Added support for real-time Linux (RT-PREEMPT) for ConnectCore MP15 and ConnectCore MP13 + * Added support for different memory variants + * Updated Wireless firmware binaries to v5.15.58-2023_1128 + * TrustFence + * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key +* NXP-based platforms + * Added support for real-time Linux (RT-PREEMPT) for ConnectCore 93 + * Added missing TPM definitions of i.MX93 to allow using any TPM for PWM signals + * Added basic Time Sensitive Networking support (TSN) for ConnectCore 93 + * Workaround LPUART IP bug of i.MX93 that affected the behavior of CTS line + * TrustFence + * Add support for secure JTAG + * Added secure console for ConnectCore 93 + * Added support to boot signed FIT images (kernel + device tree + U-Boot boot script) for ConnectCore 93 + * Added U-Boot environment encryption support for ConnectCore 93 + * Added support to encrypted boot artifacts for ConnectCore 93 + * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key for ConnectCore 93 +* Added support to Worldwide regulatory domains +* Added support for Docker and LXC +* General bug fixing and improvements + ## 4.0-r5 * ST-based platforms diff --git a/meta-digi-arm/conf/machine/ccimx93-dvk.conf b/meta-digi-arm/conf/machine/ccimx93-dvk.conf index 2d9dfb45b..e6e760be4 100644 --- a/meta-digi-arm/conf/machine/ccimx93-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx93-dvk.conf @@ -19,7 +19,7 @@ IMXBOOT_TARGETS = "flash_singleboot flash_singleboot_a0" KERNEL_DEVICETREE ?= " \ digi/ccimx93-dvk.dtb \ - digi/_ov_board_dsi_display_ccimx93-dvk.dtbo \ + digi/_ov_board_dlc0200ccp04df-mipi-dsi_ccimx93-dvk.dtbo \ digi/_ov_board_lvds_ccimx93-dvk.dtbo \ digi/_ov_board_enet2_ccimx9-dvk.dtbo \ digi/_ov_board_mikroe-accel2-click_ccimx9-dvk.dtbo \ diff --git a/meta-digi-arm/conf/machine/ccmp15-dvk.conf b/meta-digi-arm/conf/machine/ccmp15-dvk.conf index d871e1c6e..fec447b04 100644 --- a/meta-digi-arm/conf/machine/ccmp15-dvk.conf +++ b/meta-digi-arm/conf/machine/ccmp15-dvk.conf @@ -52,6 +52,7 @@ STM32MP_KERNEL_DEVICETREE:ccmp15-dvk += " \ _ov_board_v2_ccmp15-dvk.dtbo \ _ov_som_bt_ccmp15.dtbo \ _ov_som_bt_test_ccmp15.dtbo \ + _ov_som_v1_ccmp15.dtbo \ _ov_som_wifi_ccmp15.dtbo \ " # Set DTB load address to U-Boot fdt_addr_r diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend index 554611f09..1a2f98766 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend @@ -83,6 +83,8 @@ pkg_postinst_ontarget:${PN}() { -e "s/##NBLOCKS##/${NBLOCKS}/g" \ ${CONFIG_FILE} fi + # Flush the file system to have the changes written + sync ${CONFIG_FILE} } inherit ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "remove-pkg-postinst-ontarget", "", d)} diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh index a0359a376..dc411dae2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh @@ -132,7 +132,7 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then if [ "$module_variant" = "0x01" ] || \ [ "$module_variant" = "0x02" ]; then INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##2GB.imx" - elif [ "$module_variant" = "0x03" ] || \ + elif [ "$module_variant" = "0x03" ]; then INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##1GB.imx" fi diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh index 4d5c36083..aed735e7b 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh @@ -325,8 +325,7 @@ uuu fb: ucmd setenv fastboot_buffer \${loadaddr} uuu "fb[-t 10000]:" ucmd run partition_nand_linux if [ "${SINGLEMTDSYS}" = true ]; then - uuu "fb[-t 30000]:" ucmd nand erase.part system - uuu "fb[-t 10000]:" ucmd run ubivolscript + uuu "fb[-t 30000]:" ucmd run ubivolscript fi if [ "${DUALBOOT}" = true ]; then @@ -346,7 +345,7 @@ else # Update Linux part_update "${LINUX_NAME}" "${INSTALL_LINUX_FILENAME}" 15000 # Update Recovery - part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 15000 + part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 20000 # Update Rootfs part_update "${ROOTFS_NAME}" "${INSTALL_ROOTFS_FILENAME}" 120000 fi diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt index afe3de4c0..cbf3976b3 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt @@ -57,6 +57,13 @@ setexpr module_has_wifi ${hwid_2} \& 20000 setexpr module_has_wifi ${module_has_wifi} / 20000 setexpr module_has_bt ${hwid_2} \& 40000 setexpr module_has_bt ${module_has_bt} / 40000 +setexpr som_hv ${hwid_2} \& 78 +setexpr som_hv ${som_hv} / 8 + +# Apply SOMv1 overlay if the HWID field 'hv' is 1 +if test "${som_hv}" -eq "1"; then + setenv overlays _ov_som_v1_ccmp15.dtbo,${overlays} +fi if test "${module_has_bt}" = "1" && test -z "${disable_bt}"; then setenv overlays _ov_som_bt_ccmp15.dtbo,${overlays} diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh index 913961c94..f6a46d1b1 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2023 by Digi International Inc. +# Copyright (c) 2023,2024 Digi International Inc. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -16,6 +16,8 @@ # MMC_NODE="##NODE##" +# Lock file to track and prevent to re-run the script when rebinding the MMC node. +LOCKFILE="/tmp/qca65x4.lock" # At this point of the boot (udev script), the system log (syslog) is not # available yet, so use the kernel log buffer from userspace. @@ -23,6 +25,12 @@ log() { printf "<$1>qca65x4: $2\n" >/dev/kmsg } +if test -f "$LOCKFILE"; then + # Script called due to rebinding of mmc. Ignore it and remove the lock file. + rm $LOCKFILE + exit 1 +fi + # Force re-detection of the mmc node rebind_mmc_node() { DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1 @@ -48,6 +56,10 @@ load_and_check && log "3" "[INFO] wlan module loaded" && exit 0 # If we are here, the load has failed. Retry. log "3" "[WARN] Loading wlan module failed, retrying..." +# Create a lock file, as rebinding the mmc node will trigger the udev rules +# Do not remove the file at the end, it will be called by the script in the rebind call +touch $LOCKFILE + # Try by re-binding the mmc node. rebind_mmc_node && load_and_check && log "3" "[INFO] wlan module loaded" && exit 0 diff --git a/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh b/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh index 4aeb58f26..d3526cdff 100644 --- a/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh +++ b/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh @@ -23,24 +23,57 @@ sta_name=wlan \ country_ie_ignore=1 \ txpwrlimit_cfg=nxp/txpower_US.bin \ init_hostcmd_cfg=nxp/rutxpower_US.bin \ -fw_name=nxp/sd_w61x_v1.bin.se\ +fw_name=nxp/sd_w61x_v1.bin.se \ " +MMC_NODE="428b0000.mmc" +# Lock file to track and prevent to re-run the script when rebinding the MMC node. +LOCKFILE="/tmp/iw61x.lock" + log() { - printf "<3>iw612-wifi: $1\n" >/dev/kmsg + printf "<3>iw61x-wifi: $1\n" >/dev/kmsg } +if test -f "$LOCKFILE"; then + # Script called due to rebinding of mmc. Ignore it and remove the lock file. + rm $LOCKFILE + exit 1 +fi + if ! [ -e "/proc/device-tree/wireless/mac-address" ]; then log "[ERROR] wireless mac-address not found" exit 1 fi - WLANADDR=$(hexdump -ve '1/1 "%02X" ":"' /proc/device-tree/wireless/mac-address 2>/dev/null | sed 's/:$//g') -iw reg set US && \ -modprobe mlan && \ -modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \ -[ -d "/sys/class/net/wlan0" ] && log "Wi-Fi activated" && exit 0 +# Force re-detection of the mmc node +rebind_mmc_node() { + DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1 + echo ${MMC_NODE} > ${DRIVER_NODE}/unbind + # Give some time to the mmc driver to re-detect the MMC node in order to re-initialize it. + sleep 2 + echo ${MMC_NODE} > ${DRIVER_NODE}/bind +} -log "[ERROR] cannot load Wi-Fi driver" +load_and_check() { + iw reg set US && \ + modprobe mlan && \ + modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \ + sleep $1 && [ -d "/sys/class/net/wlan0" ] +} + +load_and_check 0 && log "Wi-Fi activated" && exit 0 + +# If we are here, the load has failed. Unload (unconditionally) the driver in case it was loaded and retry. +log "[WARN] Loading moal module failed, retrying..." +modprobe -r moal + +# Create a lock file, as rebinding the mmc node will trigger the udev rules +# Do not remove the file at the end, it will be called by the script in the rebind call +touch $LOCKFILE + +# Rebind and load the driver. Use a custom sleep to give enough time to the driver load. +rebind_mmc_node && load_and_check 2 && log "Wi-Fi activated" && exit 0 + +log "[ERROR] Cannot activate Wi-Fi" exit 1 diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index 1bde325b3..51798585e 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -30,11 +30,12 @@ ROOTFS_IMAGE_IN_PACKAGE="no" ENCRYPT_ROOTFS="no" SWUPDATE_OUTPUT="swupdate_output.txt" +ALLOW_ENC="yes" PART_LIST="" ENC_PARTS="" DEFAULT_ENC_PARTS="yes" -NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe" +NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe system" EMMC_PARTS_BLACKLIST="linux recovery safe" ENC_DIFF="" @@ -277,8 +278,8 @@ format_ubi_volume() { volname="$(ubinfo ${v} | grep ^Name | awk '{print $(2)}')" if [ "${volname}" = "${1}" ]; then # Find mountpoint - u="$(basename ${d})" - mountpoint="$(mount | grep ${u}:${1} | awk '{print $(3) }')" + u="$(basename ${v})" + mountpoint="$(mount | grep ${u} | awk '{print $(3) }')" umount ${mountpoint} 2> /dev/null # Wipe out volume ubiupdatevol ${v} -t @@ -418,7 +419,7 @@ check_swu_package() { fi # Check if the rootfs is meant to be encrypted - if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes" ]; then + if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes" -a "${ALLOW_ENC}" = "yes" ]; then grep "Description" "${SWUPDATE_OUTPUT}" | grep -qs "Encrypted rootfs" && ENCRYPT_ROOTFS="yes" fi } @@ -552,6 +553,10 @@ psplash_message "Starting recovery..." # Read the recovery command. read_uboot_var "${ENV_RECOVERY_COMMAND}" COMMAND +# Check if system is single-MTD to allow partition encryption or not +read_uboot_var singlemtdsys singlemtdsys +[ "$(is_nand)" = "yes" -a "${singlemtdsys}" = "yes" ] && ALLOW_ENC="no" + # Check if there is any command. if [ -z "${COMMAND}" ]; then quit_with_error "No command found" @@ -563,8 +568,11 @@ for arg in ${COMMAND}; do wipe_update) wipe_update_bool=true;; encryption_key=*) - encryption_key_bool=true; - eval "${arg}";; + if [ "${ALLOW_ENC}" = "yes" ]; then + encryption_key_bool=true; + eval "${arg}"; + fi + ;; update_package=*) update_package_bool=true; eval "${arg}";; @@ -572,10 +580,13 @@ for arg in ${COMMAND}; do update_image_set_bool=true; eval "${arg}";; encrypt_partitions=*) - eval "${arg}"; - DEFAULT_ENC_PARTS="no"; - encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " "); - encrypt_partitions=$(remove_duplicates "${encrypt_partitions}");; + if [ "${ALLOW_ENC}" = "yes" ]; then + eval "${arg}"; + DEFAULT_ENC_PARTS="no"; + encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " "); + encrypt_partitions=$(remove_duplicates "${encrypt_partitions}"); + fi + ;; wipe_ubi_partitions=*) eval "${arg}"; wipe_ubi_partitions=$(echo ${wipe_ubi_partitions} | tr "," " "); diff --git a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c index 5e9833e15..64b1c1270 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c +++ b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c @@ -61,6 +61,7 @@ static char *nand_parts_blacklist[] = { "linux", "recovery", "safe", + "system", NULL }; @@ -758,6 +759,12 @@ int set_encryption_key(char *key, unsigned char force) return ret; } + /* Check if we are in singlemtdsys mode */ + if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) { + fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n"); + return ret; + } + /* Initialize arrays */ parts[0] = NULL; encrypted[0] = NULL; @@ -862,6 +869,12 @@ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force return 1; } + /* Check if we are in singlemtdsys mode */ + if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) { + fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n"); + return 1; + } + /* If both lists are empty, we have nothing to do */ if (!to_encrypt && !to_unencrypt) return 1; diff --git a/sdk/build-github.sh b/sdk/build-github.sh index 9f1e07031..55e56cfd1 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -80,6 +80,18 @@ copy_images() { find "${1}" -type f -not -name MD5SUMS -print0 | xargs -r -0 md5sum | sed -e "s,${1}/,,g" | sort -k2,2 > "${1}"/MD5SUMS } +# +# Pre-fetch all the source packages (with a retries mechanism) +# +fetch_all() { + local FETCH_LOG="fetch.log" + for _ in $(seq 1 3); do + bitbake --runall=fetch "${1}" 2>&1 | tee "${FETCH_LOG}" + grep -qs 'Summary.*ERROR' "${FETCH_LOG}" || break + done + rm -f "${FETCH_LOG}" +} + # # In the buildserver we share the state-cache for all the different platforms # we build in a jenkins job. This may cause problems with some packages that @@ -224,6 +236,7 @@ for platform in ${DY_PLATFORMS}; do } >> conf/local.conf for target in ${platform_targets:?}; do printf "\n[INFO] Building the %s target.\n" "${target}" + time fetch_all "${target}" # shellcheck disable=SC2046 time bitbake "${target}" $(swu_recipe_name "${target}") # Build the toolchain for DEY images