From e0193228adb1f647139f11736e6ee114fb610a13 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 6 Feb 2024 18:11:28 +0100 Subject: [PATCH 01/19] meta-digi: revert revisions to AUTOREV Signed-off-by: Arturo Buzarra --- .../recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend | 4 ++-- .../recipes-security/optee/optee-os-stm32mp_%.bbappend | 4 ++-- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb | 2 +- .../trustfence/nativesdk-trustfence-sign-tools_2023.04.bb | 2 +- .../trustfence/trustfence-sign-tools-native_2023.04.bb | 2 +- .../recipes-digi/trustfence/trustfence-sign-tools.inc | 4 ++-- .../kernel-module-qualcomm/kernel-module-qualcomm.bb | 4 ++-- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 2 +- meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb | 4 ++-- meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb | 2 +- meta-digi-dey/recipes-digi/cccs/cccs_git.bb | 4 ++-- meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc | 4 ++-- meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb | 4 ++-- 17 files changed, 25 insertions(+), 25 deletions(-) diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend index b10eb29e7..ea93c7e6d 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend @@ -8,10 +8,10 @@ TFA_URI_GITHUB = "${DIGI_GITHUB_GIT}/arm-trusted-firmware.git;protocol=https" TFA_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${TFA_URI_STASH}', '${TFA_URI_GITHUB}', d)}" SRCBRANCH = "v2.6/stm32mp/maint" -SRCREV = "8fdd443544f980b720586b77852307a8b8f48caf" +SRCREV = "${AUTOREV}" SRC_URI = " \ - ${TFA_GIT_URI};nobranch=1 \ + ${TFA_GIT_URI};branch=${SRCBRANCH} \ " TF_A_CONFIG[nand] = "${DEVICE_BOARD_ENABLE:NAND},STM32MP_RAW_NAND=1 ${@'STM32MP_FORCE_MTD_START_OFFSET=${TF_A_MTD_START_OFFSET_NAND}' if ${TF_A_MTD_START_OFFSET_NAND} else ''} STM32MP_USB_PROGRAMMER=1" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend index fd13da81d..d3367b5ec 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend @@ -8,9 +8,9 @@ OPTEE_URI_GITHUB = "${DIGI_GITHUB_GIT}/optee_os.git;protocol=https" OPTEE_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${OPTEE_URI_STASH}', '${OPTEE_URI_GITHUB}', d)}" SRCBRANCH = "3.16.0/stm/maint" -SRCREV = "79d8721421218c49384686101379cbfae158d28c" +SRCREV = "${AUTOREV}" SRC_URI = " \ - ${OPTEE_GIT_URI};nobranch=1;name=os \ + ${OPTEE_GIT_URI};branch=${SRCBRANCH};name=os \ file://fonts.tar.gz;subdir=git;name=fonts \ " diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc index 634785380..75199b0b0 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc @@ -27,7 +27,7 @@ INSTALL_FW_UBOOT_SCRIPTS = " \ " SRC_URI = " \ - ${UBOOT_GIT_URI};nobranch=1 \ + ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ file://boot.txt \ ${INSTALL_FW_UBOOT_SCRIPTS} \ " diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb index ff3de034b..1a3fa59a3 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb @@ -3,7 +3,7 @@ require u-boot-dey.inc SRCBRANCH = "v2017.03/maint" -SRCREV = "1ef810133fcecacf14e09155bee10aa66fc6ade7" +SRCREV = "${AUTOREV}" # Disable support to initial environment for U-Boot UBOOT_INITIAL_ENV = "" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb index 0c325e684..4f845bdd2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb @@ -6,6 +6,6 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=30503fd321432fc713238f582193b78e" DEPENDS += "flex-native bison-native" SRCBRANCH = "v2020.04/maint" -SRCREV = "af77921f513e82add24e54a28a5353b9012fdaf6" +SRCREV = "${AUTOREV}" COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8m|ccimx8x)" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb index 7772d9419..3fd75f9a8 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb @@ -7,7 +7,7 @@ DEPENDS += "flex-native bison-native" DEPENDS += "python3-setuptools-native" SRCBRANCH = "v2021.10/maint" -SRCREV = "b790ac5d6d1425604deefd8885e93f1a016d73b5" +SRCREV = "${AUTOREV}" UBOOT_FIT_CFG_FRAGMENTS = " \ file://fit_legacy.cfg \ diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb index 2491af6ba..ca022b584 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb @@ -6,6 +6,6 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1" DEPENDS += "flex-native bison-native" SRCBRANCH = "v2023.04/maint" -SRCREV = "d27aefc1691a14c6edaadf35ab147ac8afe5c98a" +SRCREV = "${AUTOREV}" COMPATIBLE_MACHINE = "(ccimx93)" diff --git a/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb b/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb index 19a36e532..0ff254752 100644 --- a/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb +++ b/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb @@ -3,4 +3,4 @@ require nativesdk-trustfence-sign-tools_git.bb SRCBRANCH = "v2023.04/maint" -SRCREV = "d27aefc1691a14c6edaadf35ab147ac8afe5c98a" +SRCREV = "${AUTOREV}" diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb index a3d99728e..955934262 100644 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb @@ -3,4 +3,4 @@ require trustfence-sign-tools-native_git.bb SRCBRANCH = "v2023.04/maint" -SRCREV = "d27aefc1691a14c6edaadf35ab147ac8afe5c98a" +SRCREV = "${AUTOREV}" diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc index 4de1cf79f..676122560 100644 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc @@ -5,7 +5,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRCBRANCH = "v2020.04/maint" -SRCREV = "af77921f513e82add24e54a28a5353b9012fdaf6" +SRCREV = "${AUTOREV}" S = "${WORKDIR}" @@ -15,7 +15,7 @@ UBOOT_URI_GITHUB = "${DIGI_GITHUB_GIT}/u-boot.git;protocol=https" UBOOT_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${UBOOT_URI_STASH}', '${UBOOT_URI_GITHUB}', d)}" SRC_URI = " \ - ${UBOOT_GIT_URI};nobranch=1 \ + ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ file://trustfence-sign-artifact-nxp.sh \ file://trustfence-sign-artifact-stm.sh \ file://trustfence-gen-pki-stm.sh \ diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb index b229c413a..29213a4a1 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb @@ -9,12 +9,12 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca PV = "v4.0.11.213X" SRCBRANCH = "qca65X4/dey-4.0/maint" -SRCREV = "7ba1cdedd456928ac77c1f11e0d070abaf505e95" +SRCREV = "${AUTOREV}" QCOM_GIT_URI = "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_MTK_GIT}/linux/qcacld-2.0.git;protocol=ssh', '${DIGI_GITHUB_GIT}/qcacld-2.0.git;protocol=https', d)}" SRC_URI = " \ - ${QCOM_GIT_URI};nobranch=1 \ + ${QCOM_GIT_URI};branch=${SRCBRANCH} \ " # Selects whether the interface is SDIO or PCI diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index e8707f309..afda6fa1e 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -16,7 +16,7 @@ LINUX_URI_STASH = "${DIGI_MTK_GIT}/linux/linux.git;protocol=ssh" LINUX_URI_GITHUB = "${DIGI_GITHUB_GIT}/linux.git;protocol=https" LINUX_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1', '${LINUX_URI_STASH}', '${LINUX_URI_GITHUB}', d)}" SRC_URI = " \ - ${LINUX_GIT_URI};nobranch=1 \ + ${LINUX_GIT_URI};branch=${SRCBRANCH} \ ${@oe.utils.conditional('KERNEL_DEFCONFIG', '', 'file://defconfig', '', d)} \ " S = "${WORKDIR}/git" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb index 1531f6b15..50d95348e 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb @@ -4,8 +4,8 @@ require recipes-kernel/linux/linux-dey.inc SRCBRANCH = "v5.15/nxp/dey-4.0/maint" SRCBRANCH:stm32mpcommon = "v5.15/stm/dey-4.0/maint" -SRCREV = "a2833d11fd2fd011b08a517519cdabcdc0bbacdc" -SRCREV:stm32mpcommon = "d63fecf8e08ad95309312fea08f04fbf4aec8a0c" +SRCREV = "${AUTOREV}" +SRCREV:stm32mpcommon = "${AUTOREV}" do_assemble_fitimage:prepend:ccmp1() { # Deploy u-boot script to be included into the FIT image diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb index 6e6510316..1954b8b64 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb @@ -3,7 +3,7 @@ require recipes-kernel/linux/linux-dey.inc SRCBRANCH = "v6.1/nxp/dey-4.0/maint" -SRCREV = "e6c0189b4eefb37def8558d238103023df167a7a" +SRCREV = "${AUTOREV}" # Blacklist btnxpuart module. It will be managed by the bluetooth-init script KERNEL_MODULE_PROBECONF += "btnxpuart" diff --git a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb index 7dce0cc2d..997ea2ad2 100644 --- a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb +++ b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 DEPENDS = "libconfuse libdigiapix openssl recovery-utils swupdate zlib json-c" SRCBRANCH = "dey-4.0/maint" -SRCREV = "dcf2cd2e041d3305f2da9ba248dd52e5bf24b008" +SRCREV = "${AUTOREV}" CC_STASH = "gitsm://git@stash.digi.com/cc/cc_dey.git;protocol=ssh" CC_GITHUB = "gitsm://github.com/digi-embedded/cc_dey.git;protocol=https" @@ -19,7 +19,7 @@ CCCS_DEVICE_TYPE ?= "${MACHINE}" CCCS_CONF_PATH ?= "" SRC_URI = " \ - ${CC_GIT_URI};nobranch=1 \ + ${CC_GIT_URI};branch=${SRCBRANCH} \ file://cccsd-init \ file://cccsd.service \ file://cccs-gs-demo-init \ diff --git a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc index f7c3be174..97a2d77b4 100644 --- a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc +++ b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc @@ -1,11 +1,11 @@ # Copyright (C) 2019-2022 Digi International Inc. SRCBRANCH = "dey-4.0/maint" -SRCREV = "78402f0e3e138023f70d9577faa11212a9dc3f61" +SRCREV = "${AUTOREV}" DEY_EXAMPLES_STASH = "${DIGI_MTK_GIT}/dey/dey-examples.git;protocol=ssh" DEY_EXAMPLES_GITHUB = "${DIGI_GITHUB_GIT}/dey-examples.git;protocol=https" DEY_EXAMPLES_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DEY_EXAMPLES_STASH}', '${DEY_EXAMPLES_GITHUB}', d)}" -SRC_URI = "${DEY_EXAMPLES_GIT_URI};nobranch=1" +SRC_URI = "${DEY_EXAMPLES_GIT_URI};branch=${SRCBRANCH}" diff --git a/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb b/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb index 0ab1f16a2..f0f12c259 100644 --- a/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb +++ b/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb @@ -7,7 +7,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d" SRCBRANCH ?= "dey-4.0/maint" -SRCREV = "fed0071f5d6c4f44a6189c6c4fa5bdeda5a684c3" +SRCREV = "${AUTOREV}" LIBDIGIAPIX_URI_STASH = "${DIGI_MTK_GIT}/dey/libdigiapix.git;protocol=ssh" LIBDIGIAPIX_URI_GITHUB = "${DIGI_GITHUB_GIT}/libdigiapix.git;protocol=https" @@ -15,7 +15,7 @@ LIBDIGIAPIX_URI_GITHUB = "${DIGI_GITHUB_GIT}/libdigiapix.git;protocol=https" LIBDIGIAPIX_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${LIBDIGIAPIX_URI_STASH}', '${LIBDIGIAPIX_URI_GITHUB}', d)}" SRC_URI = " \ - ${LIBDIGIAPIX_GIT_URI};nobranch=1 \ + ${LIBDIGIAPIX_GIT_URI};branch=${SRCBRANCH} \ file://99-digiapix.rules \ file://libdigiapix.conf \ file://digiapix.sh \ From df1a6160baa8f5e0e71e95792ca21b2d456f0c5d Mon Sep 17 00:00:00 2001 From: Stephan Klatt Date: Wed, 14 Feb 2024 17:14:15 +0100 Subject: [PATCH 02/19] bootcount: fix typo in INITSCRIPT_PARAMS Add missing curly brace Signed-off-by: Arturo Buzarra --- meta-digi-dey/recipes-digi/bootcount/bootcount.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-digi/bootcount/bootcount.bb b/meta-digi-dey/recipes-digi/bootcount/bootcount.bb index e1b720d8e..cc3113f90 100644 --- a/meta-digi-dey/recipes-digi/bootcount/bootcount.bb +++ b/meta-digi-dey/recipes-digi/bootcount/bootcount.bb @@ -39,6 +39,6 @@ FILES:${PN} += " \ INITSCRIPT_PACKAGES += "${PN}" INITSCRIPT_NAME:${PN} = "bootcount-init" -INITSCRIPT_PARAMS:${PN = "start 19 2 3 4 5 . stop 21 0 1 6 ." +INITSCRIPT_PARAMS:${PN} = "start 19 2 3 4 5 . stop 21 0 1 6 ." SYSTEMD_SERVICE:${PN} = "bootcount-init.service" From 2a4108f07172c2b151df1228be80108992792b5b Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 26 Mar 2024 12:37:06 +0100 Subject: [PATCH 03/19] trustfence: stm: fix PKI tree check for ccmp13 platform This commit fixes a race condition where, if you have an existing PKI tree with the new format (one key_pass file for each key), the script detects that the PKI tree is incomplete because it is always trying to find the key_pass.txt file with the old format. This commit adds an additional validation step to verify the new keys format. Signed-off-by: Arturo Buzarra --- .../trustfence-sign-tools/trustfence-gen-pki-stm.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh index cba7b6627..0fcb54aa5 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh @@ -74,7 +74,10 @@ if [ "${PLATFORM}" = "ccmp15" ]; then chmod 400 "${KEY_PASS_FILE}" fi elif [ "${PLATFORM}" = "ccmp13" ]; then - if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then + if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" = "8" ]; then + # PKI tree already exists. + echo "Using existing PKI tree" + elif [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then # Backwards compatibility: if a single key_pass.txt file exists, # split into 8 files with one password each for i in $(seq 0 7); do From dfda74348e40ef87ce46a27ed99023e6b4928225 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 26 Mar 2024 13:06:51 +0100 Subject: [PATCH 04/19] trustfence: stm: fix TRUSTFENCE_PASSWORD_FILE initialization for ccmp13 platform Trustfence class was setting the TRUSTFENCE_PASSWORD_FILE variable using the old keys format where a unique key_pass.txt file contains all the key passwords. However, in the new format there are one key_pass file for each key, so using a PKI tree with the new format throws an unexpected error in the FIP generation due to it is not able to find the required key password. This commit sets the TRUSTFENCE_PASSWORD_FILE variable for the ccmp1 platforms on different way. Signed-off-by: Arturo Buzarra --- meta-digi-dey/classes/trustfence.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 0db6afa1d..2030014d4 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -177,9 +177,10 @@ python () { d.setVar("FIP_SIGN_KEY_EXTERNAL", "1") if (d.getVar("DIGI_SOM") == "ccmp15" ): d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey.pem"); + d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt") elif (d.getVar("DIGI_SOM") == "ccmp13" ): d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey0%s.pem" % d.getVar("TRUSTFENCE_KEY_INDEX")); - d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt") + d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass0%s.txt" % d.getVar("TRUSTFENCE_KEY_INDEX")) d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y ") if (d.getVar("TRUSTFENCE_SIGN_ARTIFACTS") == "1"): From 09e302d5efa44142c38833a6ecdfb2235cfb90e0 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 2 Apr 2024 17:53:37 +0200 Subject: [PATCH 05/19] tf-a-stm32mp: fix set_fip_sign_key() to obtain the key password This commit fixes the set_fip_sign_key() function to match the new keys format where there is a key_pass file for each key, no longer needing to search with the key index. Signed-off-by: Arturo Buzarra --- .../recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend index ea93c7e6d..7f1acace1 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend @@ -44,12 +44,9 @@ python set_fip_sign_key() { passfile = d.getVar('TRUSTFENCE_PASSWORD_FILE') if (os.path.isfile(passfile)): with open(passfile, "r") as file: - p = file.read().split() - i = int(d.getVar('TRUSTFENCE_KEY_INDEX')) - if (i > 7): - i = 0 + p = file.read().strip() if (p): - d.setVar('FIP_SIGN_KEY_PASS', p[i]) + d.setVar('FIP_SIGN_KEY_PASS', p) } do_deploy:append() { From c1fa1190d3c69b2e0a4c667ea43421b655866e8c Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Wed, 24 Apr 2024 12:37:17 +0200 Subject: [PATCH 06/19] build-github.sh: pre-fetch source packages before building We have intermittent build failures due to fetch errors of some large source packages (like linux.git). This commit tries to workaround those failures by downloading all the source packages, with a retries mechanism, before starting the build. Signed-off-by: Javier Viguera --- sdk/build-github.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/sdk/build-github.sh b/sdk/build-github.sh index 9f1e07031..55e56cfd1 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -80,6 +80,18 @@ copy_images() { find "${1}" -type f -not -name MD5SUMS -print0 | xargs -r -0 md5sum | sed -e "s,${1}/,,g" | sort -k2,2 > "${1}"/MD5SUMS } +# +# Pre-fetch all the source packages (with a retries mechanism) +# +fetch_all() { + local FETCH_LOG="fetch.log" + for _ in $(seq 1 3); do + bitbake --runall=fetch "${1}" 2>&1 | tee "${FETCH_LOG}" + grep -qs 'Summary.*ERROR' "${FETCH_LOG}" || break + done + rm -f "${FETCH_LOG}" +} + # # In the buildserver we share the state-cache for all the different platforms # we build in a jenkins job. This may cause problems with some packages that @@ -224,6 +236,7 @@ for platform in ${DY_PLATFORMS}; do } >> conf/local.conf for target in ${platform_targets:?}; do printf "\n[INFO] Building the %s target.\n" "${target}" + time fetch_all "${target}" # shellcheck disable=SC2046 time bitbake "${target}" $(swu_recipe_name "${target}") # Build the toolchain for DEY images From 18ba3f592c1dedd5f474bd58e7c0202df44f7404 Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Mon, 22 Apr 2024 18:49:49 +0200 Subject: [PATCH 07/19] ccmp15: add overlay for SOM hardware version 1 At the moment, this overlay adds RTC calibration to compensate the drift observed in the 32kHz input frequency of hardware version 1 of the SOM. Signed-off-by: Hector Palacios https://onedigi.atlassian.net/browse/DEL-8987 --- meta-digi-arm/conf/machine/ccmp15-dvk.conf | 1 + .../recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/meta-digi-arm/conf/machine/ccmp15-dvk.conf b/meta-digi-arm/conf/machine/ccmp15-dvk.conf index a4bf1d40b..9887a7759 100644 --- a/meta-digi-arm/conf/machine/ccmp15-dvk.conf +++ b/meta-digi-arm/conf/machine/ccmp15-dvk.conf @@ -53,6 +53,7 @@ STM32MP_KERNEL_DEVICETREE:ccmp15-dvk += " \ _ov_som_bt_ccmp15.dtbo \ _ov_som_bt_test_ccmp15.dtbo \ _ov_som_m4_ccmp15.dtbo \ + _ov_som_v1_ccmp15.dtbo \ _ov_som_wifi_ccmp15.dtbo \ " # Set DTB load address to U-Boot fdt_addr_r diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt index afe3de4c0..cbf3976b3 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp15-dvk/boot.txt @@ -57,6 +57,13 @@ setexpr module_has_wifi ${hwid_2} \& 20000 setexpr module_has_wifi ${module_has_wifi} / 20000 setexpr module_has_bt ${hwid_2} \& 40000 setexpr module_has_bt ${module_has_bt} / 40000 +setexpr som_hv ${hwid_2} \& 78 +setexpr som_hv ${som_hv} / 8 + +# Apply SOMv1 overlay if the HWID field 'hv' is 1 +if test "${som_hv}" -eq "1"; then + setenv overlays _ov_som_v1_ccmp15.dtbo,${overlays} +fi if test "${module_has_bt}" = "1" && test -z "${disable_bt}"; then setenv overlays _ov_som_bt_ccmp15.dtbo,${overlays} From 41150445902c3be55cb7803cbd64480766c3c44c Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Mon, 3 Jun 2024 17:00:58 +0200 Subject: [PATCH 08/19] imx-boot: apply patches to fix CVE-2023-39902 on i.MX8M platforms The patches have been backported from the lf-6.1.36-2.1.0 release of imx-mkimage. https://onedigi.atlassian.net/browse/DUB-1081 Signed-off-by: Gabriel Valcazar --- ...Generate-hash-of-FIT-FDT-structure-t.patch | 207 ++++++++++++++++++ ...Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch | 179 +++++++++++++++ .../imx-mkimage/imx-boot_1.0.bbappend | 2 + 3 files changed, 388 insertions(+) create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch new file mode 100644 index 000000000..685c7e140 --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch @@ -0,0 +1,207 @@ +From: Ye Li +Date: Mon, 3 Jul 2023 17:31:32 +0800 +Subject: [PATCH] LFU-573-1 imx8m: Generate hash of FIT FDT structure to SPL + image + +Generate the hash of FIT FDT structure by SHA256 and append it +to end of SPL image (after DDR FW). +SPL will get the hash from the position to verify the FIT FDT +structure in loaded FIT image. + +Signed-off-by: Ye Li +(cherry picked from commit 2f2d426f03ebbcf7a9c28cf53680cd5777e70ea1) +--- + iMX8M/mkimage_imx8.c | 109 ++++++++++++++++++++++++++++++++++++++++++- + iMX8M/soc.mak | 14 ++++-- + 2 files changed, 117 insertions(+), 6 deletions(-) + +diff --git a/iMX8M/mkimage_imx8.c b/iMX8M/mkimage_imx8.c +index 54828d1..f8484d0 100644 +--- a/iMX8M/mkimage_imx8.c ++++ b/iMX8M/mkimage_imx8.c +@@ -366,6 +366,31 @@ copy_file (int ifd, const char *datafile, int pad, int offset, int datafile_offs + (void) close (dfd); + } + ++static void append_data(char *filename, uint8_t *data, int size) ++{ ++ int dfd, ret; ++ ++ if ((dfd = open(filename, O_RDWR|O_BINARY)) < 0) { ++ fprintf (stderr, "Can't open %s: %s\n", ++ filename, strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ ++ ret = lseek(dfd, 0, SEEK_END); ++ if (ret < 0) { ++ fprintf(stderr, "%s: lseek error %s\n", ++ __func__, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (write(dfd, data, size) != size) { ++ fprintf (stderr, "Write error %s\n", ++ strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ (void) close (dfd); ++} ++ ++ + enum imximage_fld_types { + CFG_INVALID = -1, + CFG_COMMAND, +@@ -861,6 +886,77 @@ void generate_sld_with_ivt(char * input_file, uint32_t ep, char *out_file) + close(input_fd); + } + ++#define HASH_MAX_LEN 32 ++static void calc_fitimage_hash(char* filename, uint8_t *hash) ++{ ++ int sld_fd; ++ FILE *fp = NULL; ++ char sha_command[512]; ++ char *digest_type = "sha256sum"; ++ char hash_char[2 * HASH_MAX_LEN + 1]; ++ int digest_length = 64; ++ ++ uimage_header_t image_header; ++ uint32_t fit_size; ++ ++ sld_fd = open(filename, O_RDONLY | O_BINARY); ++ if (sld_fd < 0) { ++ fprintf(stderr, "%s: Can't open: %s\n", ++ filename, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ if (read(sld_fd, (char *)&image_header, sizeof(uimage_header_t)) != sizeof(uimage_header_t)) { ++ fprintf (stderr, "generate_ivt_for_fit read failed: %s\n", ++ strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ ++ if (be32_to_cpu(image_header.ih_magic) != FDT_MAGIC){ ++ fprintf (stderr, "generate_ivt_for_fit error: not a FIT file\n"); ++ exit (EXIT_FAILURE); ++ } ++ ++ fit_size = fdt_totalsize(&image_header); ++ ++ fprintf(stderr, "fit_size: %u\n", fit_size); ++ ++ sprintf(sha_command, "dd if=\'%s\' of=tmp_pad bs=%d count=1;\ ++ %s tmp_pad; rm -f tmp_pad;", ++ filename, fit_size, digest_type); ++ ++ memset(hash, 0, HASH_MAX_LEN); ++ ++ fp = popen(sha_command, "r"); ++ if (fp == NULL) { ++ fprintf(stderr, "Failed to run command hash\n" ); ++ exit(EXIT_FAILURE); ++ } ++ ++ if(fgets(hash_char, digest_length + 1, fp) == NULL) { ++ fprintf(stderr, "Failed to hash file: %s\n", filename); ++ exit(EXIT_FAILURE); ++ } ++ ++ for(int i = 0; i < strlen(hash_char)/2; i++){ ++ sscanf(hash_char + 2*i, "%02hhx", &hash[i]); ++ } ++ ++ pclose(fp); ++ (void) close (sld_fd); ++} ++ ++void dump_fit_hash(uint8_t *hash, int size) ++{ ++ int i; ++ ++ fprintf(stderr, "FIT hash: "); ++ for (i = 0; i < size; i++) { ++ fprintf(stderr, "%x", hash[i]); ++ } ++ fprintf(stderr, "\n"); ++} ++ + /* Return this IVT offset in the final output file */ + int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load_addr) + { +@@ -943,6 +1039,8 @@ int main(int argc, char **argv) + uimage_header_t uimage_hdr; + uint32_t version = ROM_V1; + ++ uint8_t fit_hash[HASH_MAX_LEN]; ++ + static struct option long_options[] = + { + {"loader", required_argument, NULL, 'i'}, +@@ -1146,6 +1244,15 @@ int main(int argc, char **argv) + exit(1); + } + ++ if (sld_img && using_fit) { ++ calc_fitimage_hash(sld_img, fit_hash); ++ ++ /* Append hash to ap_img */ ++ append_data(ap_img, fit_hash, HASH_MAX_LEN); ++ ++ dump_fit_hash(fit_hash, HASH_MAX_LEN); ++ } ++ + if (version == ROM_V2) { + + /* On V2, flexspi IVT offset is 0, image offset is 0x1000 */ +@@ -1638,7 +1745,7 @@ int main(int argc, char **argv) + } + + /* The FLEXSPI configuration parameters will add to flash.bin by script, so need add 0x1000 offset to every offset prints */ +- if ((version == ROM_V2 && rom_image_offset == IVT_OFFSET_FLEXSPI) || ++ if ((version == ROM_V2 && rom_image_offset == IVT_OFFSET_FLEXSPI) || + (version == ROM_V1 && ivt_offset == IVT_OFFSET_FLEXSPI)) { + header_image_off += IVT_OFFSET_FLEXSPI; + dcd_off += IVT_OFFSET_FLEXSPI; +diff --git a/iMX8M/soc.mak b/iMX8M/soc.mak +index 6b3a01f..a30523b 100644 +--- a/iMX8M/soc.mak ++++ b/iMX8M/soc.mak +@@ -101,8 +101,9 @@ u-boot-spl-ddr.bin: u-boot-spl.bin $(lpddr4_imem_1d) $(lpddr4_dmem_1d) $(lpddr4_ + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(lpddr4_imem_1d) lpddr4_pmu_train_1d_imem_pad.bin + @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(lpddr4_dmem_1d) lpddr4_pmu_train_1d_dmem_pad.bin + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(lpddr4_imem_2d) lpddr4_pmu_train_2d_imem_pad.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(lpddr4_dmem_2d) lpddr4_pmu_train_2d_dmem_pad.bin + @cat lpddr4_pmu_train_1d_imem_pad.bin lpddr4_pmu_train_1d_dmem_pad.bin > lpddr4_pmu_train_1d_fw.bin +- @cat lpddr4_pmu_train_2d_imem_pad.bin $(lpddr4_dmem_2d) > lpddr4_pmu_train_2d_fw.bin ++ @cat lpddr4_pmu_train_2d_imem_pad.bin lpddr4_pmu_train_2d_dmem_pad.bin > lpddr4_pmu_train_2d_fw.bin + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync + @cat u-boot-spl-pad.bin lpddr4_pmu_train_1d_fw.bin lpddr4_pmu_train_2d_fw.bin > u-boot-spl-ddr.bin + @rm -f u-boot-spl-pad.bin lpddr4_pmu_train_1d_fw.bin lpddr4_pmu_train_2d_fw.bin lpddr4_pmu_train_1d_imem_pad.bin lpddr4_pmu_train_1d_dmem_pad.bin lpddr4_pmu_train_2d_imem_pad.bin +@@ -116,8 +117,9 @@ u-boot-spl-ddr4.bin: u-boot-spl.bin $(ddr4_imem_1d) $(ddr4_dmem_1d) $(ddr4_imem_ + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr4_imem_1d) ddr4_imem_1d_pad.bin + @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr4_dmem_1d) ddr4_dmem_1d_pad.bin + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr4_imem_2d) ddr4_imem_2d_pad.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr4_dmem_2d) ddr4_dmem_2d_pad.bin + @cat ddr4_imem_1d_pad.bin ddr4_dmem_1d_pad.bin > ddr4_1d_fw.bin +- @cat ddr4_imem_2d_pad.bin $(ddr4_dmem_2d) > ddr4_2d_fw.bin ++ @cat ddr4_imem_2d_pad.bin ddr4_dmem_2d_pad.bin > ddr4_2d_fw.bin + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync + @cat u-boot-spl-pad.bin ddr4_1d_fw.bin ddr4_2d_fw.bin > u-boot-spl-ddr4.bin + @rm -f u-boot-spl-pad.bin ddr4_1d_fw.bin ddr4_2d_fw.bin ddr4_imem_1d_pad.bin ddr4_dmem_1d_pad.bin ddr4_imem_2d_pad.bin +@@ -127,10 +129,12 @@ ddr3_dmem_1d = ddr3_dmem_1d$(DDR_FW_VERSION).bin + + u-boot-spl-ddr3l.bin: u-boot-spl.bin $(ddr3_imem_1d) $(ddr3_dmem_1d) + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr3_imem_1d) ddr3_imem_1d.bin_pad.bin +- @cat ddr3_imem_1d.bin_pad.bin $(ddr3_dmem_1d) > ddr3_pmu_train_fw.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr3_dmem_1d) ddr3_dmem_1d.bin_pad.bin ++ @cat ddr3_imem_1d.bin_pad.bin ddr3_dmem_1d.bin_pad.bin > ddr3_pmu_train_fw.bin ++ @dd if=/dev/zero of=ddr3_fw_zero_pad.bin bs=1 count=49152 conv=sync + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync +- @cat u-boot-spl-pad.bin ddr3_pmu_train_fw.bin > u-boot-spl-ddr3l.bin +- @rm -f u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_imem_1d.bin_pad.bin ++ @cat u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_fw_zero_pad.bin > u-boot-spl-ddr3l.bin ++ @rm -f u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_imem_1d.bin_pad.bin ddr3_fw_zero_pad.bin + + u-boot-atf.bin: u-boot.bin bl31.bin + @cp bl31.bin u-boot-atf.bin diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch new file mode 100644 index 000000000..54a2d385e --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch @@ -0,0 +1,179 @@ +From: Ye Li +Date: Thu, 27 Jul 2023 09:52:33 +0800 +Subject: [PATCH] LFU-573-2 imx8m: Reserve new IVT+CSF for FIT FDT signature + +Without using FIT FDT hash, we also allow user to sign FIT FDT structure, +so that FIT image can upgrade individually. The option needs +CONFIG_IMX_SPL_FIT_FDT_SIGNATURE enabled in SPL. + +imx-mkimage will insert the new IVT for FIT FDT signature by default +and reserve the CSF (0x2000) for the FIT FDT signature. + +Signed-off-by: Ye Li +(cherry picked from commit 5a0faefc223e51e088433663b6e7d6fbce89bf59) +--- + iMX8M/mkimage_imx8.c | 30 +++++++++++++++++++++++++++++- + iMX8M/print_fit_hab.sh | 4 ++-- + iMX8M/soc.mak | 17 +++++++++-------- + 3 files changed, 40 insertions(+), 11 deletions(-) + +diff --git a/iMX8M/mkimage_imx8.c b/iMX8M/mkimage_imx8.c +index f8484d0..c2a6c29 100644 +--- a/iMX8M/mkimage_imx8.c ++++ b/iMX8M/mkimage_imx8.c +@@ -999,7 +999,7 @@ int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load + } + + /* ep is the u-boot entry. SPL loads the FIT before the u-boot address. 0x2000 is for CSF_SIZE */ +- load_addr = (ep - (fit_size + CSF_SIZE) - 512 - ++ load_addr = (ep - (fit_size + 2 * CSF_SIZE) - 512 - + align_len) & ~align_len; + + flash_header_v2_t ivt_header = { { 0xd1, 0x2000, 0x40 }, +@@ -1013,6 +1013,24 @@ int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load + exit(EXIT_FAILURE); + } + ++ ret = lseek(fd, fit_offset + fit_size + CSF_SIZE, SEEK_SET); ++ if (ret < 0) { ++ fprintf(stderr, "%s: lseek error %s\n", ++ __func__, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ flash_header_v2_t fdt_ivt_header = { { 0xd1, 0x2000, 0x40 }, ++ load_addr, 0, 0, 0, ++ (load_addr + fit_size + CSF_SIZE ), ++ (load_addr + fit_size + CSF_SIZE + 0x20), ++ 0 }; ++ ++ if (write(fd, &fdt_ivt_header, sizeof(flash_header_v2_t)) != sizeof(flash_header_v2_t)) { ++ fprintf(stderr, "FIT FDT IVT writing error on fit image\n"); ++ exit(EXIT_FAILURE); ++ } ++ + *fit_load_addr = load_addr; + + return fit_offset + fit_size; +@@ -1229,6 +1247,11 @@ int main(int argc, char **argv) + fprintf(stderr, " fit hab block: \t0x%x 0x%x 0x%x\n", + sld_load_addr, sld_src_off, sld_csf_off - sld_src_off); + ++ fprintf(stderr, " fit-fdt_csf_off \t0x%x\n", ++ sld_csf_off + CSF_SIZE); ++ fprintf(stderr, " fit-fdt hab block: \t0x%x 0x%x 0x%x\n", ++ sld_load_addr, sld_src_off, sld_csf_off + CSF_SIZE - sld_src_off); ++ + exit(0); + } + +@@ -1769,6 +1792,11 @@ int main(int argc, char **argv) + fprintf(stderr, " sld hab block: \t0x%x 0x%x 0x%x\n", + sld_load_addr, sld_header_off, sld_csf_off - sld_header_off); + ++ fprintf(stderr, " fit-fdt csf_off \t0x%x\n", ++ sld_csf_off + CSF_SIZE); ++ fprintf(stderr, " fit-fdt hab block: \t0x%x 0x%x 0x%x\n", ++ sld_load_addr, sld_header_off, sld_csf_off + CSF_SIZE - sld_header_off); ++ + return 0; + } + +diff --git a/iMX8M/print_fit_hab.sh b/iMX8M/print_fit_hab.sh +index 6f1a22d..d1e344a 100755 +--- a/iMX8M/print_fit_hab.sh ++++ b/iMX8M/print_fit_hab.sh +@@ -24,10 +24,10 @@ fi + + if [ "$BOOT_DEV" = "flexspi" ] || [ ${fit_off} == 0 ]; then + # We dd flash.bin to 0 offset for flexspi +- let uboot_sign_off=$((fit_off + 0x3000)) ++ let uboot_sign_off=$((fit_off + $FIT_DATA_POS)) + else + # We dd flash.bin to 33KB "0x8400" offset, so need minus 0x8400 +- let uboot_sign_off=$((fit_off - 0x8000 - ivt_off + 0x3000)) ++ let uboot_sign_off=$((fit_off - 0x8000 - ivt_off + $FIT_DATA_POS)) + fi + + let uboot_size=$(stat --printf="%s" $BL33) +diff --git a/iMX8M/soc.mak b/iMX8M/soc.mak +index a30523b..d4946dc 100644 +--- a/iMX8M/soc.mak ++++ b/iMX8M/soc.mak +@@ -84,6 +84,7 @@ VERSION = v1 + CAPSULE_GUID = 296119cf-dd70-43de-8ac8-a7051f312577 + endif + ++FIT_EXTERNAL_POSITION = 0x5000 + + FW_DIR = imx-boot/imx-boot-tools/$(PLAT) + +@@ -158,7 +159,7 @@ u-boot.itb: $(dtb) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) + BL32=$(TEE) DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb) > u-boot.its +- mkimage -E -p 0x3000 -f u-boot.its u-boot.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot.its u-boot.itb + @rm -f u-boot.its + + dtb_ddr3l = valddr3l.dtb +@@ -170,7 +171,7 @@ u-boot-ddr3l.itb: $(dtb_ddr3l) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr3l) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr3l) > u-boot-ddr3l.its +- mkimage -E -p 0x3000 -f u-boot-ddr3l.its u-boot-ddr3l.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr3l.its u-boot-ddr3l.itb + @rm -f u-boot.its $(dtb_ddr3l) + + dtb_ddr3l_evk = evkddr3l.dtb +@@ -182,7 +183,7 @@ u-boot-ddr3l-evk.itb: $(dtb_ddr3l_evk) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr3l_evk) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr3l_evk) > u-boot-ddr3l-evk.its +- mkimage -E -p 0x3000 -f u-boot-ddr3l-evk.its u-boot-ddr3l-evk.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr3l-evk.its u-boot-ddr3l-evk.itb + @rm -f u-boot.its $(dtb_ddr3l_evk) + + dtb_ddr4 = valddr4.dtb +@@ -194,7 +195,7 @@ u-boot-ddr4.itb: $(dtb_ddr4) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr4) > u-boot-ddr4.its +- mkimage -E -p 0x3000 -f u-boot-ddr4.its u-boot-ddr4.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr4.its u-boot-ddr4.itb + @rm -f u-boot.its $(dtb_ddr4) + + dtb_ddr4_evk = evkddr4.dtb +@@ -206,7 +207,7 @@ u-boot-ddr4-evk.itb: $(dtb_ddr4_evk) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4_evk) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr4_evk) > u-boot-ddr4-evk.its +- mkimage -E -p 0x3000 -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb + @rm -f u-boot.its $(dtb_ddr4_evk) + + ifeq ($(HDMI),yes) +@@ -326,20 +327,20 @@ print_fit_hab: u-boot-nodtb.bin bl31.bin $(dtb) + ./$(PAD_IMAGE) $(TEE) 2>&1 | tee $(MKIMAGE_LOG) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) +- { echo $@; TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) 2>&1; } | tee -a $(MKIMAGE_LOG) ++ { echo $@; FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) 2>&1; } | tee -a $(MKIMAGE_LOG) + + print_fit_hab_ddr4: u-boot-nodtb.bin bl31.bin $(dtb_ddr4_evk) + ./$(PAD_IMAGE) $(TEE) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4_evk) +- TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb_ddr4_evk) ++ FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb_ddr4_evk) + @rm -f $(dtb_ddr4_evk) + + print_fit_hab_flexspi: u-boot-nodtb.bin bl31.bin $(dtb) + ./$(PAD_IMAGE) $(TEE) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) +- TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) BOOT_DEV="flexspi" ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) ++ FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) BOOT_DEV="flexspi" ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) + @rm -f $(dtb) + + nightly : diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend index dc26c104f..39c64d6b5 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend @@ -5,6 +5,8 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append:ccimx8m = " \ file://0001-imx8m-soc.mak-preserve-dtbs-after-build.patch \ file://0002-imx8m-soc.mak-capture-commands-output-into-a-log-fil.patch \ + file://0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch \ + file://0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch \ " SRC_URI:append:ccimx93 = " \ From dead98301b09769f2cc33e467a1514da742a926b Mon Sep 17 00:00:00 2001 From: Gonzalo Ruiz Date: Mon, 24 Jun 2024 12:25:15 +0200 Subject: [PATCH 09/19] ccimx93-dvk: add overlay for NHD-3.5-640480EF-MSXP MIPI display https://onedigi.atlassian.net/browse/DEL-9036 Signed-off-by: Gonzalo Ruiz --- meta-digi-arm/conf/machine/ccimx93-dvk.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-digi-arm/conf/machine/ccimx93-dvk.conf b/meta-digi-arm/conf/machine/ccimx93-dvk.conf index 1c125a626..6147e29c3 100644 --- a/meta-digi-arm/conf/machine/ccimx93-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx93-dvk.conf @@ -21,6 +21,7 @@ KERNEL_DEVICETREE ?= " \ digi/_ov_board_lvds_ccimx93-dvk.dtbo \ digi/_ov_board_mikroe-accel2-click_ccimx93-dvk.dtbo \ digi/_ov_board_mikroe-gyro-click_ccimx93-dvk.dtbo \ + digi/_ov_board_nhd-3-5-640480ef-msxp-mipi-dsi_ccimx93-dvk.dtbo \ digi/_ov_som_bt_ccimx93.dtbo \ digi/_ov_som_bt-dtm_ccimx93.dtbo \ digi/_ov_som_npu_ccimx93.dtbo \ From 731bee34985c90bc2a75c299e609ddd8d5629e79 Mon Sep 17 00:00:00 2001 From: Gonzalo Ruiz Date: Mon, 24 Jun 2024 12:29:19 +0200 Subject: [PATCH 10/19] ccimx93-dvk: rename overlay for DLC0200CCP04DF-2 MIPI display Signed-off-by: Gonzalo Ruiz --- meta-digi-arm/conf/machine/ccimx93-dvk.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-arm/conf/machine/ccimx93-dvk.conf b/meta-digi-arm/conf/machine/ccimx93-dvk.conf index 6147e29c3..b38c283c2 100644 --- a/meta-digi-arm/conf/machine/ccimx93-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx93-dvk.conf @@ -16,7 +16,7 @@ BOOTLOADER_SEEK_USERDATA = "32" KERNEL_DEVICETREE ?= " \ digi/ccimx93-dvk.dtb \ - digi/_ov_board_dsi_display_ccimx93-dvk.dtbo \ + digi/_ov_board_dlc0200ccp04df-mipi-dsi_ccimx93-dvk.dtbo \ digi/_ov_board_enet2_ccimx93-dvk.dtbo \ digi/_ov_board_lvds_ccimx93-dvk.dtbo \ digi/_ov_board_mikroe-accel2-click_ccimx93-dvk.dtbo \ From f55c08406449733b41a77e20de426d0d21c1e30d Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Wed, 26 Jun 2024 08:55:20 +0200 Subject: [PATCH 11/19] libubootenv: flush changes to fw_env.config on post inst script On devices with NAND as storage media, a post install script modifies the fw_env.config file basing on the NAND geometry. This only happens once after deployment, typically on production environments. If the power is removed soon after the post install script runs (which is a normal procedure on manufacturing environments), there are chances that pending file system operations have not been flushed, which may occasionally lead to the fw_env.config file end up empty on the next reboot. This commit adds a sync at the end of the post-install script to guarantee the changes are written to the file system. Signed-off-by: Hector Palacios https://onedigi.atlassian.net/browse/DEL-9059 --- meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend index 3a0ee0f8d..15ffa5c44 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv_%.bbappend @@ -1,4 +1,4 @@ -# Copyright (C) 2021-2023 Digi International Inc. +# Copyright (C) 2021-2024 Digi International Inc. FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" @@ -83,6 +83,8 @@ pkg_postinst_ontarget:${PN}() { -e "s/##NBLOCKS##/${NBLOCKS}/g" \ ${CONFIG_FILE} fi + # Flush the file system to have the changes written + sync ${CONFIG_FILE} } inherit ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "remove-pkg-postinst-ontarget", "", d)} From e0be8c3a1fc4232250863eff78bc3f143da48e5e Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Mon, 29 Jan 2024 14:54:24 +0100 Subject: [PATCH 12/19] ccimx6qpsbc: add missing "if" condition terminator in UUU install script One of the conditions used to determine the U-Boot file was missing its terminator, breaking the script. Signed-off-by: Gabriel Valcazar (cherry picked from commit 26dc437a25eb8ce53b2b5eb3a65ae76662589140) --- .../u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh index a0359a376..dc411dae2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh @@ -132,7 +132,7 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then if [ "$module_variant" = "0x01" ] || \ [ "$module_variant" = "0x02" ]; then INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##2GB.imx" - elif [ "$module_variant" = "0x03" ] || \ + elif [ "$module_variant" = "0x03" ]; then INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##1GB.imx" fi From b4f48a6361ed25c17b1f5ba83aae91cd852bea2f Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Mon, 24 Jun 2024 12:44:23 +0200 Subject: [PATCH 13/19] kernel-module-nxp-wlan: rebind mmc node if wlan load failed Occassionally, the loading the WiFi driver might fail, because of the MMC node was not correctly initialized. Fix that by rebinding the MMC node. This fix implements a similar workaround as in c30b9474088da05d99c4b7b33347facf84f97596. https://onedigi.atlassian.net/browse/DEL-9083 Signed-off-by: Isaac Hermida --- .../kernel-module-nxp-wlan/load_iw612.sh | 49 ++++++++++++++++--- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh b/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh index 4aeb58f26..d3526cdff 100644 --- a/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh +++ b/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh @@ -23,24 +23,57 @@ sta_name=wlan \ country_ie_ignore=1 \ txpwrlimit_cfg=nxp/txpower_US.bin \ init_hostcmd_cfg=nxp/rutxpower_US.bin \ -fw_name=nxp/sd_w61x_v1.bin.se\ +fw_name=nxp/sd_w61x_v1.bin.se \ " +MMC_NODE="428b0000.mmc" +# Lock file to track and prevent to re-run the script when rebinding the MMC node. +LOCKFILE="/tmp/iw61x.lock" + log() { - printf "<3>iw612-wifi: $1\n" >/dev/kmsg + printf "<3>iw61x-wifi: $1\n" >/dev/kmsg } +if test -f "$LOCKFILE"; then + # Script called due to rebinding of mmc. Ignore it and remove the lock file. + rm $LOCKFILE + exit 1 +fi + if ! [ -e "/proc/device-tree/wireless/mac-address" ]; then log "[ERROR] wireless mac-address not found" exit 1 fi - WLANADDR=$(hexdump -ve '1/1 "%02X" ":"' /proc/device-tree/wireless/mac-address 2>/dev/null | sed 's/:$//g') -iw reg set US && \ -modprobe mlan && \ -modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \ -[ -d "/sys/class/net/wlan0" ] && log "Wi-Fi activated" && exit 0 +# Force re-detection of the mmc node +rebind_mmc_node() { + DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1 + echo ${MMC_NODE} > ${DRIVER_NODE}/unbind + # Give some time to the mmc driver to re-detect the MMC node in order to re-initialize it. + sleep 2 + echo ${MMC_NODE} > ${DRIVER_NODE}/bind +} -log "[ERROR] cannot load Wi-Fi driver" +load_and_check() { + iw reg set US && \ + modprobe mlan && \ + modprobe moal ${MOAL_PARAMS} mac_addr=${WLANADDR} && \ + sleep $1 && [ -d "/sys/class/net/wlan0" ] +} + +load_and_check 0 && log "Wi-Fi activated" && exit 0 + +# If we are here, the load has failed. Unload (unconditionally) the driver in case it was loaded and retry. +log "[WARN] Loading moal module failed, retrying..." +modprobe -r moal + +# Create a lock file, as rebinding the mmc node will trigger the udev rules +# Do not remove the file at the end, it will be called by the script in the rebind call +touch $LOCKFILE + +# Rebind and load the driver. Use a custom sleep to give enough time to the driver load. +rebind_mmc_node && load_and_check 2 && log "Wi-Fi activated" && exit 0 + +log "[ERROR] Cannot activate Wi-Fi" exit 1 From fbe6481cd34eb6bac9535dcb52e892ae8151bb6b Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 25 Jun 2024 19:52:39 +0200 Subject: [PATCH 14/19] kernel-module-qualcomm: add lock file to avoid endless call to script in failure Add a lock file to avoid to call the file continuously if the initial probe failed. Signed-off-by: Isaac Hermida --- .../kernel-module-qualcomm/qualcomm.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh index e53c799fb..f6a46d1b1 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2023 Digi International Inc. +# Copyright (c) 2023,2024 Digi International Inc. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -16,6 +16,8 @@ # MMC_NODE="##NODE##" +# Lock file to track and prevent to re-run the script when rebinding the MMC node. +LOCKFILE="/tmp/qca65x4.lock" # At this point of the boot (udev script), the system log (syslog) is not # available yet, so use the kernel log buffer from userspace. @@ -23,6 +25,12 @@ log() { printf "<$1>qca65x4: $2\n" >/dev/kmsg } +if test -f "$LOCKFILE"; then + # Script called due to rebinding of mmc. Ignore it and remove the lock file. + rm $LOCKFILE + exit 1 +fi + # Force re-detection of the mmc node rebind_mmc_node() { DRIVER_NODE=$(find /sys/bus/platform/drivers -name ${MMC_NODE} | xargs dirname 2> /dev/null) || return 1 @@ -48,6 +56,10 @@ load_and_check && log "3" "[INFO] wlan module loaded" && exit 0 # If we are here, the load has failed. Retry. log "3" "[WARN] Loading wlan module failed, retrying..." +# Create a lock file, as rebinding the mmc node will trigger the udev rules +# Do not remove the file at the end, it will be called by the script in the rebind call +touch $LOCKFILE + # Try by re-binding the mmc node. rebind_mmc_node && load_and_check && log "3" "[INFO] wlan module loaded" && exit 0 From 8fad761961955ec43035cfb169a7d9636135d4f0 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Thu, 27 Jun 2024 14:50:55 +0200 Subject: [PATCH 15/19] ccimx6ul: install_linux_fw_uuu.sh: increase timeouts to account for large NANDs When running the installation script on variants with larger NANDs, two of the script's commands take longer than our intended timeouts under specific circumstances: * When the variant has a NAND with 512 MiB or more and singlemtdsys is set to "yes", running ubivolscipt takes longer than our 10 second timeout. The larger the NAND storage size, the longer this command takes. * When the variant has a 1 GiB NAND, singlemtdsys is set to "yes" and dualboot is set to "no", the update of the recovery UBI volume takes longer than our 15 second timeout. In both of these cases, the script fails and the installation process cannot continue. Apply the following changes to prevent this: * Increase the ubivolscript timeout from 10 seconds to 30 * Increase the recovery update timeout from 15 seconds to 20 Also, remove the command immediately before ubivolscript is run, since said command is already being run at the beginning of ubivolscript. https://onedigi.atlassian.net/browse/DEL-9097 Signed-off-by: Gabriel Valcazar --- .../u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh index 4d5c36083..aed735e7b 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh @@ -325,8 +325,7 @@ uuu fb: ucmd setenv fastboot_buffer \${loadaddr} uuu "fb[-t 10000]:" ucmd run partition_nand_linux if [ "${SINGLEMTDSYS}" = true ]; then - uuu "fb[-t 30000]:" ucmd nand erase.part system - uuu "fb[-t 10000]:" ucmd run ubivolscript + uuu "fb[-t 30000]:" ucmd run ubivolscript fi if [ "${DUALBOOT}" = true ]; then @@ -346,7 +345,7 @@ else # Update Linux part_update "${LINUX_NAME}" "${INSTALL_LINUX_FILENAME}" 15000 # Update Recovery - part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 15000 + part_update "${RECOVERY_NAME}" "${INSTALL_RECOVERY_FILENAME}" 20000 # Update Rootfs part_update "${ROOTFS_NAME}" "${INSTALL_ROOTFS_FILENAME}" 120000 fi From 5695cf15db1079d4667a1fd8c7dd34619ea6ed30 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Fri, 28 Jun 2024 13:07:11 +0200 Subject: [PATCH 16/19] recovery-initramfs-init: fix "update" volume wipe when singlemtdsys is enabled Currently, when wiping the update volume via the recovery partition on a ccimx6ul with singlemtdsys enabled, the procedure fails with this error: [RECOVERY] Starting recovery... [RECOVERY] Wipe 'update' partition requested [RECOVERY] Formatting 'update' ubi volume ubi0 error: ubi_open_volume.part.0: cannot open device 0, volume 3, error -16 ubiupdatevol: error!: cannot open "/dev/ubi0_3" error 16 (Device or resource busy) This is because the logic used to unmount a volume before formatting it is expecting this entry format when running "mount": ubi0:update on /mnt/update type ubifs While this is the format of the "mount" output in userspace for the rootfs volume, other trivial volumes have this format instead: ubi0_3 on /mnt/update type ubifs Adapt the logic to this format so that the "update" volume wipe procedure can take place. Signed-off-by: Gabriel Valcazar --- .../recovery/recovery-initramfs/recovery-initramfs-init | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index 1bde325b3..4a77b1094 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -277,8 +277,8 @@ format_ubi_volume() { volname="$(ubinfo ${v} | grep ^Name | awk '{print $(2)}')" if [ "${volname}" = "${1}" ]; then # Find mountpoint - u="$(basename ${d})" - mountpoint="$(mount | grep ${u}:${1} | awk '{print $(3) }')" + u="$(basename ${v})" + mountpoint="$(mount | grep ${u} | awk '{print $(3) }')" umount ${mountpoint} 2> /dev/null # Wipe out volume ubiupdatevol ${v} -t From 85e59417a304f7409f53a5a25d86d8a773968c24 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Mon, 1 Jul 2024 10:35:58 +0200 Subject: [PATCH 17/19] recovery: prevent partition encryption when singlemtdsys is enabled In legacy NAND platforms like the ccimx6ul, it's possible to use a single-MTD configuration with dualboot disabled, which allows access to the functionality provided by the recovery partition. However, the partition encryption feature requires a multi-MTD configuation, so said feature shouldn't be accessible in this case. Prevent access to partition encryption in a single-MTD system by: * Adding the "system" partition to the partition blacklist in both the recovery-utils library and the recovery initscript. * Checking the "singlemtdsys" environment variable before using any functionality related to partition encryption. Signed-off-by: Gabriel Valcazar --- .../recovery-initramfs-init | 27 +++++++++++++------ .../recovery-utils/lib/recovery.c | 13 +++++++++ 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index 4a77b1094..51798585e 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -30,11 +30,12 @@ ROOTFS_IMAGE_IN_PACKAGE="no" ENCRYPT_ROOTFS="no" SWUPDATE_OUTPUT="swupdate_output.txt" +ALLOW_ENC="yes" PART_LIST="" ENC_PARTS="" DEFAULT_ENC_PARTS="yes" -NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe" +NAND_PARTS_BLACKLIST="bootloader environment linux recovery safe system" EMMC_PARTS_BLACKLIST="linux recovery safe" ENC_DIFF="" @@ -418,7 +419,7 @@ check_swu_package() { fi # Check if the rootfs is meant to be encrypted - if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes" ]; then + if [ "${ROOTFS_IMAGE_IN_PACKAGE}" = "yes" -a "${ALLOW_ENC}" = "yes" ]; then grep "Description" "${SWUPDATE_OUTPUT}" | grep -qs "Encrypted rootfs" && ENCRYPT_ROOTFS="yes" fi } @@ -552,6 +553,10 @@ psplash_message "Starting recovery..." # Read the recovery command. read_uboot_var "${ENV_RECOVERY_COMMAND}" COMMAND +# Check if system is single-MTD to allow partition encryption or not +read_uboot_var singlemtdsys singlemtdsys +[ "$(is_nand)" = "yes" -a "${singlemtdsys}" = "yes" ] && ALLOW_ENC="no" + # Check if there is any command. if [ -z "${COMMAND}" ]; then quit_with_error "No command found" @@ -563,8 +568,11 @@ for arg in ${COMMAND}; do wipe_update) wipe_update_bool=true;; encryption_key=*) - encryption_key_bool=true; - eval "${arg}";; + if [ "${ALLOW_ENC}" = "yes" ]; then + encryption_key_bool=true; + eval "${arg}"; + fi + ;; update_package=*) update_package_bool=true; eval "${arg}";; @@ -572,10 +580,13 @@ for arg in ${COMMAND}; do update_image_set_bool=true; eval "${arg}";; encrypt_partitions=*) - eval "${arg}"; - DEFAULT_ENC_PARTS="no"; - encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " "); - encrypt_partitions=$(remove_duplicates "${encrypt_partitions}");; + if [ "${ALLOW_ENC}" = "yes" ]; then + eval "${arg}"; + DEFAULT_ENC_PARTS="no"; + encrypt_partitions=$(echo ${encrypt_partitions} | tr "," " "); + encrypt_partitions=$(remove_duplicates "${encrypt_partitions}"); + fi + ;; wipe_ubi_partitions=*) eval "${arg}"; wipe_ubi_partitions=$(echo ${wipe_ubi_partitions} | tr "," " "); diff --git a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c index 5e9833e15..64b1c1270 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c +++ b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c @@ -61,6 +61,7 @@ static char *nand_parts_blacklist[] = { "linux", "recovery", "safe", + "system", NULL }; @@ -758,6 +759,12 @@ int set_encryption_key(char *key, unsigned char force) return ret; } + /* Check if we are in singlemtdsys mode */ + if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) { + fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n"); + return ret; + } + /* Initialize arrays */ parts[0] = NULL; encrypted[0] = NULL; @@ -862,6 +869,12 @@ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force return 1; } + /* Check if we are in singlemtdsys mode */ + if (is_device_nand() && check_uboot_var("singlemtdsys", "yes")) { + fprintf(stderr, "Error: partition encryption unavailable in singlemtdsys mode\n"); + return 1; + } + /* If both lists are empty, we have nothing to do */ if (!to_encrypt && !to_unencrypt) return 1; From 933a87483c64f1fd982a806ce4fbaea81e69547f Mon Sep 17 00:00:00 2001 From: Francisco Gil Date: Mon, 1 Jul 2024 18:14:21 +0200 Subject: [PATCH 18/19] README: dey-4.0-r6 release notes https://onedigi.atlassian.net/browse/DEL-9077 Signed-off-by: Francisco Gil --- README.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c0bb79b55..e54ff0d52 100644 --- a/README.md +++ b/README.md @@ -125,11 +125,36 @@ Documentation is available online at https://www.digi.com/resources/documentatio # Downloads -* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/images/ -* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r5/sdk/ +* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/images/ +* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/4.0/r6/sdk/ # Release Changelog +## 4.0-r6 + +* ST-based platforms + * Added device tree overlay to fix internal RTC drift on ConnectCore MP15 SOM v1 + * Added support for real-time Linux (RT-PREEMPT) for ConnectCore MP15 and ConnectCore MP13 + * Added support for different memory variants + * Updated Wireless firmware binaries to v5.15.58-2023_1128 + * TrustFence + * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key +* NXP-based platforms + * Added support for real-time Linux (RT-PREEMPT) for ConnectCore 93 + * Added missing TPM definitions of i.MX93 to allow using any TPM for PWM signals + * Added basic Time Sensitive Networking support (TSN) for ConnectCore 93 + * Workaround LPUART IP bug of i.MX93 that affected the behavior of CTS line + * TrustFence + * Add support for secure JTAG + * Added secure console for ConnectCore 93 + * Added support to boot signed FIT images (kernel + device tree + U-Boot boot script) for ConnectCore 93 + * Added U-Boot environment encryption support for ConnectCore 93 + * Added support to encrypted boot artifacts for ConnectCore 93 + * Added file system encryption support via `fscrypt` using OP-TEE secure storage for the encryption key for ConnectCore 93 +* Added support to Worldwide regulatory domains +* Added support for Docker and LXC +* General bug fixing and improvements + ## 4.0-r5 * ST-based platforms From 35cf4d61bcb45b64d4aceb3f28e66dfc7b0252ea Mon Sep 17 00:00:00 2001 From: Francisco Gil Date: Mon, 1 Jul 2024 17:36:16 +0200 Subject: [PATCH 19/19] meta-digi: update revisions for dey-4.0-r6.1 Signed-off-by: Francisco Gil --- .../recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend | 4 ++-- .../recipes-security/optee/optee-os-stm32mp_%.bbappend | 4 ++-- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb | 2 +- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb | 2 +- .../trustfence/nativesdk-trustfence-sign-tools_2023.04.bb | 2 +- .../trustfence/trustfence-sign-tools-native_2023.04.bb | 2 +- .../recipes-digi/trustfence/trustfence-sign-tools.inc | 4 ++-- .../kernel-module-qualcomm/kernel-module-qualcomm.bb | 4 ++-- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 2 +- meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb | 4 ++-- meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb | 2 +- meta-digi-dey/recipes-digi/cccs/cccs_git.bb | 4 ++-- meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc | 4 ++-- meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb | 4 ++-- 17 files changed, 25 insertions(+), 25 deletions(-) diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend index 7f1acace1..7c89d3056 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend @@ -8,10 +8,10 @@ TFA_URI_GITHUB = "${DIGI_GITHUB_GIT}/arm-trusted-firmware.git;protocol=https" TFA_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${TFA_URI_STASH}', '${TFA_URI_GITHUB}', d)}" SRCBRANCH = "v2.6/stm32mp/maint" -SRCREV = "${AUTOREV}" +SRCREV = "ed19ce45f72ec7fb0f1bd752ecdf46041d581ccb" SRC_URI = " \ - ${TFA_GIT_URI};branch=${SRCBRANCH} \ + ${TFA_GIT_URI};nobranch=1 \ " TF_A_CONFIG[nand] = "${DEVICE_BOARD_ENABLE:NAND},STM32MP_RAW_NAND=1 ${@'STM32MP_FORCE_MTD_START_OFFSET=${TF_A_MTD_START_OFFSET_NAND}' if ${TF_A_MTD_START_OFFSET_NAND} else ''} STM32MP_USB_PROGRAMMER=1" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend index d3367b5ec..1fe0af5c3 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_%.bbappend @@ -8,9 +8,9 @@ OPTEE_URI_GITHUB = "${DIGI_GITHUB_GIT}/optee_os.git;protocol=https" OPTEE_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${OPTEE_URI_STASH}', '${OPTEE_URI_GITHUB}', d)}" SRCBRANCH = "3.16.0/stm/maint" -SRCREV = "${AUTOREV}" +SRCREV = "084bea4f5aed10b1c0d9204cbaeea631335ca6ce" SRC_URI = " \ - ${OPTEE_GIT_URI};branch=${SRCBRANCH};name=os \ + ${OPTEE_GIT_URI};nobranch=1;name=os \ file://fonts.tar.gz;subdir=git;name=fonts \ " diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc index 6ccfd5c15..2e9e79c70 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc @@ -27,7 +27,7 @@ INSTALL_FW_UBOOT_SCRIPTS = " \ " SRC_URI = " \ - ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ + ${UBOOT_GIT_URI};nobranch=1 \ file://boot.txt \ ${INSTALL_FW_UBOOT_SCRIPTS} \ " diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb index 1a3fa59a3..ff3de034b 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2017.03.bb @@ -3,7 +3,7 @@ require u-boot-dey.inc SRCBRANCH = "v2017.03/maint" -SRCREV = "${AUTOREV}" +SRCREV = "1ef810133fcecacf14e09155bee10aa66fc6ade7" # Disable support to initial environment for U-Boot UBOOT_INITIAL_ENV = "" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb index 4f845bdd2..d946385f5 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2020.04.bb @@ -6,6 +6,6 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=30503fd321432fc713238f582193b78e" DEPENDS += "flex-native bison-native" SRCBRANCH = "v2020.04/maint" -SRCREV = "${AUTOREV}" +SRCREV = "d6e1da4a6b0a5407b39e5705ed4e845737c38536" COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8m|ccimx8x)" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb index 22ee05f7d..57e7ffd62 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2021.10.bb @@ -7,7 +7,7 @@ DEPENDS += "flex-native bison-native" DEPENDS += "python3-setuptools-native" SRCBRANCH = "v2021.10/maint" -SRCREV = "${AUTOREV}" +SRCREV = "8b6b6d30aff53b926fad3c038dba398b15d3ca6a" SRC_URI += " \ ${@oe.utils.conditional('TRUSTFENCE_SIGN_FIT_STM', '1', 'file://fit_signature.cfg', '', d)} \ diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb index ca022b584..8332bfa38 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2023.04.bb @@ -6,6 +6,6 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1" DEPENDS += "flex-native bison-native" SRCBRANCH = "v2023.04/maint" -SRCREV = "${AUTOREV}" +SRCREV = "e4793a0c54e04af31498443a21f74a5add55fa52" COMPATIBLE_MACHINE = "(ccimx93)" diff --git a/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb b/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb index 0ff254752..4f239cd7d 100644 --- a/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb +++ b/meta-digi-arm/recipes-digi/trustfence/nativesdk-trustfence-sign-tools_2023.04.bb @@ -3,4 +3,4 @@ require nativesdk-trustfence-sign-tools_git.bb SRCBRANCH = "v2023.04/maint" -SRCREV = "${AUTOREV}" +SRCREV = "e4793a0c54e04af31498443a21f74a5add55fa52" diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb index 955934262..6fe495704 100644 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools-native_2023.04.bb @@ -3,4 +3,4 @@ require trustfence-sign-tools-native_git.bb SRCBRANCH = "v2023.04/maint" -SRCREV = "${AUTOREV}" +SRCREV = "e4793a0c54e04af31498443a21f74a5add55fa52" diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc index 676122560..0e4d9a184 100644 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc @@ -5,7 +5,7 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRCBRANCH = "v2020.04/maint" -SRCREV = "${AUTOREV}" +SRCREV = "d6e1da4a6b0a5407b39e5705ed4e845737c38536" S = "${WORKDIR}" @@ -15,7 +15,7 @@ UBOOT_URI_GITHUB = "${DIGI_GITHUB_GIT}/u-boot.git;protocol=https" UBOOT_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${UBOOT_URI_STASH}', '${UBOOT_URI_GITHUB}', d)}" SRC_URI = " \ - ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ + ${UBOOT_GIT_URI};nobranch=1 \ file://trustfence-sign-artifact-nxp.sh \ file://trustfence-sign-artifact-stm.sh \ file://trustfence-gen-pki-stm.sh \ diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb index 29213a4a1..b229c413a 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb @@ -9,12 +9,12 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca PV = "v4.0.11.213X" SRCBRANCH = "qca65X4/dey-4.0/maint" -SRCREV = "${AUTOREV}" +SRCREV = "7ba1cdedd456928ac77c1f11e0d070abaf505e95" QCOM_GIT_URI = "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_MTK_GIT}/linux/qcacld-2.0.git;protocol=ssh', '${DIGI_GITHUB_GIT}/qcacld-2.0.git;protocol=https', d)}" SRC_URI = " \ - ${QCOM_GIT_URI};branch=${SRCBRANCH} \ + ${QCOM_GIT_URI};nobranch=1 \ " # Selects whether the interface is SDIO or PCI diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index 3aa8c98d7..04da853ee 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -15,7 +15,7 @@ LINUX_URI_STASH = "${DIGI_MTK_GIT}/linux/linux.git;protocol=ssh" LINUX_URI_GITHUB = "${DIGI_GITHUB_GIT}/linux.git;protocol=https" LINUX_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1', '${LINUX_URI_STASH}', '${LINUX_URI_GITHUB}', d)}" SRC_URI = " \ - ${LINUX_GIT_URI};branch=${SRCBRANCH} \ + ${LINUX_GIT_URI};nobranch=1 \ ${@oe.utils.conditional('KERNEL_DEFCONFIG', '', 'file://defconfig', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', 'file://docker_conf.cfg', '', d)} \ ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'file://fscrypt.cfg', '', d)} \ diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb index 799c39143..5e3e485c9 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_5.15.bb @@ -4,8 +4,8 @@ require recipes-kernel/linux/linux-dey.inc SRCBRANCH = "v5.15/nxp/dey-4.0/maint" SRCBRANCH:stm32mpcommon = "v5.15/stm/dey-4.0/maint" -SRCREV = "${AUTOREV}" -SRCREV:stm32mpcommon = "${AUTOREV}" +SRCREV = "479d8256f51cc583e386ea910f35d4a1eed6339b" +SRCREV:stm32mpcommon = "9d17bc8271e7ba53d8d2b6aee7c4e70d924402db" STM_RT_PATCHES = " \ file://patch-5.15.119-rt65.patch \ diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb index cecbac7ce..915f271b7 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_6.1.bb @@ -23,7 +23,7 @@ SRC_URI:append = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'tsn', 'file://tsn_conf.cfg', '', d)} \ " -SRCREV = "${AUTOREV}" +SRCREV = "0f687b135fed7694e0a2007fe2ab73cd4a6ef81c" # Blacklist btnxpuart module. It will be managed by the bluetooth-init script KERNEL_MODULE_PROBECONF += "btnxpuart" diff --git a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb index 997ea2ad2..48d67ce6d 100644 --- a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb +++ b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 DEPENDS = "libconfuse libdigiapix openssl recovery-utils swupdate zlib json-c" SRCBRANCH = "dey-4.0/maint" -SRCREV = "${AUTOREV}" +SRCREV = "a9908413e2389009a10fd4f33366d694f55a59d3" CC_STASH = "gitsm://git@stash.digi.com/cc/cc_dey.git;protocol=ssh" CC_GITHUB = "gitsm://github.com/digi-embedded/cc_dey.git;protocol=https" @@ -19,7 +19,7 @@ CCCS_DEVICE_TYPE ?= "${MACHINE}" CCCS_CONF_PATH ?= "" SRC_URI = " \ - ${CC_GIT_URI};branch=${SRCBRANCH} \ + ${CC_GIT_URI};nobranch=1 \ file://cccsd-init \ file://cccsd.service \ file://cccs-gs-demo-init \ diff --git a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc index 97a2d77b4..f7c3be174 100644 --- a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc +++ b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-src.inc @@ -1,11 +1,11 @@ # Copyright (C) 2019-2022 Digi International Inc. SRCBRANCH = "dey-4.0/maint" -SRCREV = "${AUTOREV}" +SRCREV = "78402f0e3e138023f70d9577faa11212a9dc3f61" DEY_EXAMPLES_STASH = "${DIGI_MTK_GIT}/dey/dey-examples.git;protocol=ssh" DEY_EXAMPLES_GITHUB = "${DIGI_GITHUB_GIT}/dey-examples.git;protocol=https" DEY_EXAMPLES_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DEY_EXAMPLES_STASH}', '${DEY_EXAMPLES_GITHUB}', d)}" -SRC_URI = "${DEY_EXAMPLES_GIT_URI};branch=${SRCBRANCH}" +SRC_URI = "${DEY_EXAMPLES_GIT_URI};nobranch=1" diff --git a/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb b/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb index f0f12c259..f44742e78 100644 --- a/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb +++ b/meta-digi-dey/recipes-digi/libdigiapix/libdigiapix_git.bb @@ -7,7 +7,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d" SRCBRANCH ?= "dey-4.0/maint" -SRCREV = "${AUTOREV}" +SRCREV = "305fabdf3dbb7efd5630c40519dd18ce28ec7108" LIBDIGIAPIX_URI_STASH = "${DIGI_MTK_GIT}/dey/libdigiapix.git;protocol=ssh" LIBDIGIAPIX_URI_GITHUB = "${DIGI_GITHUB_GIT}/libdigiapix.git;protocol=https" @@ -15,7 +15,7 @@ LIBDIGIAPIX_URI_GITHUB = "${DIGI_GITHUB_GIT}/libdigiapix.git;protocol=https" LIBDIGIAPIX_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${LIBDIGIAPIX_URI_STASH}', '${LIBDIGIAPIX_URI_GITHUB}', d)}" SRC_URI = " \ - ${LIBDIGIAPIX_GIT_URI};branch=${SRCBRANCH} \ + ${LIBDIGIAPIX_GIT_URI};nobranch=1 \ file://99-digiapix.rules \ file://libdigiapix.conf \ file://digiapix.sh \