diff --git a/README.md b/README.md index cf0406762..04725c29b 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,38 @@ Documentation is available online at https://www.digi.com/resources/documentatio ## 5.0-r2 -TODO +* ST-based platforms + * Added support to ConnectCore MP13 + * Added support to ConnectCore MP15 + * Updated BSP + * Trusted Firmware ARM v2.8 (based on tag 'v2.10-stm32mp-r1.2' by ST) + * OP-TEE v4.0.0 (based on tag '4.0.0-stm32mp-r1.2' by ST) + * U-Boot v2023.10 (based on tag 'v2023.10-stm32mp-r1.2' by ST) + * Updated X-LINUX-AI software package (based on tag 'v6.0.1' by ST) + * Updated Wifi driver (based on 'v6.1.110-2025_0602' release from Cypress) + * Updated Wifi firmware to 'imx-scarthgap-jaculus_r1.1' release from Murata + * 2FY Wireless chip: v28.10.387.16 + * 2AE Wireless chip: v13.10.246.356 + * Added initial TrustFence support for ConnectCore MP2 + * Added Qt 6.8.4 support for ConnectCore MP1 platforms + * Added support to new countries on ConnectCore MP1 World CLM blob file + * Added real-time support +* NXP-based platforms + * Added support to ConnectCore 8M Mini + * Added support to ConnectCore 8M Nano + * Added real-time support + * Updated i.MX GStreamer stack to 1.24.7.imx + * Applied certified power limits on ConnectCore 93 and 91 +* TrustFence + * Added support to install signed/encrypted images from uuu install script +* Added support to Flutter framework + * Added new image recipe for Flutter graphical applications +* Removed Crank framework support +* Added UBI health monitor service (for NAND-based SOMs) +* BTRFS filesystem support for LXC incremental snapshots +* Created installer ZIP by default, and not *.sdcard image +* Enabled SSL/TLS support on vsftpd daemon by default +* General bug fixing and improvements ## 5.0-r1 @@ -175,6 +206,18 @@ updated list can be found on the online documentation. not supported. * For P2P connections Digi recommends "Negotiated GO" modes. The QCA6564 devices fail to join autonomous groups. +* Mouse input does not work in Flutter-based applications. When launching + Flutter applications, the system fails to register mouse input. This + prevents interaction with graphical elements and UI components, impacting + use cases that rely on pointer input. + Using a panel with a touchscreen prevents the issue from appearing. + This issue has been reported to the community, and we are waiting for a fix. +* Mouse clicks stop working in WebKit after running the Aquarium demo or + video settings icon. After executing the Aquarium WebGL demo in WebKit, + mouse click events are no longer recognized in subsequent browsing sessions. + An application restart is required to recover proper mouse functionality. + This issue has been reported to the community, and we are working together + on a fix. ## ConnectCore 93 @@ -194,6 +237,20 @@ updated list can be found on the online documentation. reducing the maximum throughput of this interface. * The QCA6564 wireless chip does not support Wake On Wireless LAN. +## ConnectCore MP25 + +* MMC0 input/output errors may appear during extended suspend/resume cycles. +* The system may fail to power off correctly, eventually falling back to a watchdog + reset. + +## ConnectCore MP13 + +* The power button becomes unresponsive after one power-off/power-on cycle. + A system reboot is required to restore normal functionality. + The issue originates from the OP-TEE/ATF firmware and will be addressed in + the next DEY release. + If you need further assistance, please contact Digi Technical Support. + # Support Contact Information For support questions please contact Digi Technical Support: diff --git a/meta-digi-arm/conf/machine/ccimx6qpsbc.conf b/meta-digi-arm/conf/machine/ccimx6qpsbc.conf index 73be213f8..243e82f50 100644 --- a/meta-digi-arm/conf/machine/ccimx6qpsbc.conf +++ b/meta-digi-arm/conf/machine/ccimx6qpsbc.conf @@ -49,8 +49,8 @@ XBEE_TTY ?= "ttymxc4" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - u-boot-ccimx6qpsbc1GB.imx \ - u-boot-ccimx6qpsbc2GB.imx \ + u-boot##SIGNED##-ccimx6qpsbc1GB.imx \ + u-boot##SIGNED##-ccimx6qpsbc2GB.imx \ " # Default overlayfs_etc mount point and type diff --git a/meta-digi-arm/conf/machine/ccimx6sbc.conf b/meta-digi-arm/conf/machine/ccimx6sbc.conf index 232a9c350..d832c16f6 100644 --- a/meta-digi-arm/conf/machine/ccimx6sbc.conf +++ b/meta-digi-arm/conf/machine/ccimx6sbc.conf @@ -51,11 +51,11 @@ XBEE_TTY ?= "ttymxc4" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - u-boot-ccimx6dlsbc512MB.imx \ - u-boot-ccimx6dlsbc.imx \ - u-boot-ccimx6qsbc2GB.imx \ - u-boot-ccimx6qsbc512MB.imx \ - u-boot-ccimx6qsbc.imx \ + u-boot##SIGNED##-ccimx6dlsbc512MB.imx \ + u-boot##SIGNED##-ccimx6dlsbc.imx \ + u-boot##SIGNED##-ccimx6qsbc2GB.imx \ + u-boot##SIGNED##-ccimx6qsbc512MB.imx \ + u-boot##SIGNED##-ccimx6qsbc.imx \ " # Default overlayfs_etc mount point and type diff --git a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf index 5daf216bf..7a6f98339 100644 --- a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf +++ b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf @@ -36,7 +36,7 @@ XBEE_TTY ?= "ttymxc1" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - u-boot-ccimx6ulsbc1GB.imx \ - u-boot-ccimx6ulsbc512MB.imx \ - u-boot-ccimx6ulsbc.imx \ + u-boot##SIGNED##-ccimx6ulsbc1GB.imx \ + u-boot##SIGNED##-ccimx6ulsbc512MB.imx \ + u-boot##SIGNED##-ccimx6ulsbc.imx \ " diff --git a/meta-digi-arm/conf/machine/ccimx6ulstarter.conf b/meta-digi-arm/conf/machine/ccimx6ulstarter.conf index 6771aafdd..c89bcb477 100644 --- a/meta-digi-arm/conf/machine/ccimx6ulstarter.conf +++ b/meta-digi-arm/conf/machine/ccimx6ulstarter.conf @@ -35,7 +35,7 @@ DEFAULT_IMAGE_NAME ?= "core-image-base" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - u-boot-ccimx6ulstarter1GB.imx \ - u-boot-ccimx6ulstarter512MB.imx \ - u-boot-ccimx6ulstarter.imx \ + u-boot##SIGNED##-ccimx6ulstarter1GB.imx \ + u-boot##SIGNED##-ccimx6ulstarter512MB.imx \ + u-boot##SIGNED##-ccimx6ulstarter.imx \ " diff --git a/meta-digi-arm/conf/machine/ccimx8mm-dvk.conf b/meta-digi-arm/conf/machine/ccimx8mm-dvk.conf index 4f296ec50..6ea18d62d 100644 --- a/meta-digi-arm/conf/machine/ccimx8mm-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx8mm-dvk.conf @@ -55,7 +55,7 @@ XBEE_SLEEP_RQ_GPIO ?= "mca-gpio@11,gpio1@7" XBEE_TTY ?= "ttymxc3" # Boot artifacts to be copied from the deploy dir to the installer ZIP -BOOTABLE_ARTIFACTS = "imx-boot-ccimx8mm-dvk.bin" +BOOTABLE_ARTIFACTS = "imx-boot##SIGNED##-ccimx8mm-dvk.bin" # Default overlayfs_etc mount point and type OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data" diff --git a/meta-digi-arm/conf/machine/ccimx8mn-dvk.conf b/meta-digi-arm/conf/machine/ccimx8mn-dvk.conf index 3270b8096..5966e7529 100644 --- a/meta-digi-arm/conf/machine/ccimx8mn-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx8mn-dvk.conf @@ -56,7 +56,7 @@ XBEE_SLEEP_RQ_GPIO ?= "mca-gpio@11,gpio1@7" XBEE_TTY ?= "ttymxc3" # Boot artifacts to be copied from the deploy dir to the installer ZIP -BOOTABLE_ARTIFACTS = "imx-boot-ccimx8mn-dvk.bin" +BOOTABLE_ARTIFACTS = "imx-boot##SIGNED##-ccimx8mn-dvk.bin" # Default overlayfs_etc mount point and type OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data" diff --git a/meta-digi-arm/conf/machine/ccimx8x-sbc-express.conf b/meta-digi-arm/conf/machine/ccimx8x-sbc-express.conf index ffd76bad3..6dd90992a 100644 --- a/meta-digi-arm/conf/machine/ccimx8x-sbc-express.conf +++ b/meta-digi-arm/conf/machine/ccimx8x-sbc-express.conf @@ -34,6 +34,6 @@ XBEE_TTY ?= "ttyLP0" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - imx-boot-ccimx8x-sbc-express-B0.bin \ - imx-boot-ccimx8x-sbc-express-C0.bin \ + imx-boot##SIGNED##-ccimx8x-sbc-express-B0.bin \ + imx-boot##SIGNED##-ccimx8x-sbc-express-C0.bin \ " diff --git a/meta-digi-arm/conf/machine/ccimx8x-sbc-pro.conf b/meta-digi-arm/conf/machine/ccimx8x-sbc-pro.conf index fd55f8cb2..b7d2aa33b 100644 --- a/meta-digi-arm/conf/machine/ccimx8x-sbc-pro.conf +++ b/meta-digi-arm/conf/machine/ccimx8x-sbc-pro.conf @@ -49,8 +49,8 @@ XBEE_TTY ?= "ttyMCA0" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - imx-boot-ccimx8x-sbc-pro-B0.bin \ - imx-boot-ccimx8x-sbc-pro-C0.bin \ + imx-boot##SIGNED##-ccimx8x-sbc-pro-B0.bin \ + imx-boot##SIGNED##-ccimx8x-sbc-pro-C0.bin \ " # Default overlayfs_etc mount point and type diff --git a/meta-digi-arm/conf/machine/ccimx91-dvk.conf b/meta-digi-arm/conf/machine/ccimx91-dvk.conf index 1dbc47989..f0c0ba895 100644 --- a/meta-digi-arm/conf/machine/ccimx91-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx91-dvk.conf @@ -47,7 +47,7 @@ IS_HEADLESS = "true" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - imx-boot-ccimx91-dvk.bin \ + imx-boot##SIGNED##-ccimx91-dvk.bin \ " # Add secure enclave diff --git a/meta-digi-arm/conf/machine/ccimx93-dvk.conf b/meta-digi-arm/conf/machine/ccimx93-dvk.conf index b139b792d..03de79998 100644 --- a/meta-digi-arm/conf/machine/ccimx93-dvk.conf +++ b/meta-digi-arm/conf/machine/ccimx93-dvk.conf @@ -53,6 +53,6 @@ WKS_FILE_DEPENDS:append = " imx-m33-demos" # Boot artifacts to be copied from the deploy dir to the installer ZIP BOOTABLE_ARTIFACTS = " \ - imx-boot-ccimx93-dvk.bin \ - imx-boot-ccimx93-dvk-A0.bin \ + imx-boot##SIGNED##-ccimx93-dvk.bin \ + imx-boot##SIGNED##-ccimx93-dvk-A0.bin \ " diff --git a/meta-digi-arm/conf/templates/ccmp15-dvk/bblayers.conf.sample b/meta-digi-arm/conf/templates/ccmp15-dvk/bblayers.conf.sample index bdbe740ee..615bee8ea 100644 --- a/meta-digi-arm/conf/templates/ccmp15-dvk/bblayers.conf.sample +++ b/meta-digi-arm/conf/templates/ccmp15-dvk/bblayers.conf.sample @@ -20,6 +20,8 @@ BBLAYERS ?= " \ ##DIGIBASE##/meta-timesys \ ##DIGIBASE##/meta-st-stm32mp \ ##DIGIBASE##/meta-st-x-linux-ai \ + ##DIGIBASE##/meta-flutter \ + ##DIGIBASE##/meta-flutter/meta-flutter-apps \ ##DIGIBASE##/meta-digi/meta-digi-arm \ ##DIGIBASE##/meta-digi/meta-digi-dey \ " diff --git a/meta-digi-arm/conf/templates/ccmp15-dvk/conf-notes.txt b/meta-digi-arm/conf/templates/ccmp15-dvk/conf-notes.txt index a0a98b6e5..ed9e5d62f 100644 --- a/meta-digi-arm/conf/templates/ccmp15-dvk/conf-notes.txt +++ b/meta-digi-arm/conf/templates/ccmp15-dvk/conf-notes.txt @@ -15,6 +15,11 @@ Digi Embedded Yocto provides the following image recipes: By default the image is Wayland-based so it provides a full Weston desktop environment. + * dey-image-flutter: graphical Flutter image + + Expansion of custom Digi core-image-base including full Flutter + framework support. + * core-image-base: a console-only image Expansion of native core-image-base by including all the support for the diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend index 5cab81e18..f73e80ea6 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend @@ -118,7 +118,9 @@ do_compile:ccimx8x() { do_install:ccimx8x () { install -d ${D}/boot - for bin in ${BOOTABLE_ARTIFACTS}; do + # Remove ##SIGNED## placeholder from variable (signing takes place later) + BOOT_ARTIFACTS=$(echo "${BOOTABLE_ARTIFACTS}" | sed -e 's,##SIGNED##,,g') + for bin in ${BOOT_ARTIFACTS}; do for target in ${IMXBOOT_TARGETS}; do install -m 0644 ${S}/${bin}-${target} ${D}/boot/ done diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh index d3526cdff..d2467d3a5 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-kernel/kernel-modules/kernel-module-nxp-wlan/load_iw612.sh @@ -21,8 +21,7 @@ drv_mode=${DRIVER_MODE} \ drvdbg=${DRIVER_DEBUG} \ sta_name=wlan \ country_ie_ignore=1 \ -txpwrlimit_cfg=nxp/txpower_US.bin \ -init_hostcmd_cfg=nxp/rutxpower_US.bin \ +cntry_txpwr=2 \ fw_name=nxp/sd_w61x_v1.bin.se \ " diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp.bb b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp.bb index 253394e52..3d3d7d56e 100644 --- a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp.bb +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp.bb @@ -1,4 +1,4 @@ -# Copyright (C) 2023,2024, Digi International Inc. +# Copyright (C) 2023-2025, Digi International Inc. SUMMARY = "Murata NXP firmware binaries" LICENSE = "GPL-2.0-only" @@ -6,7 +6,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ffa10f40b98be2c2bc9608f56827ed23" SRCBRANCH = "imx-6-1-1" SRCREV = "6103e224be638f5b421c323993f29bb6c0ada44a" -SRC_URI = "git://github.com/murata-wireless/nxp-linux-calibration;protocol=http;branch=${SRCBRANCH}" +SRC_URI = "\ + git://github.com/murata-wireless/nxp-linux-calibration;protocol=http;branch=${SRCBRANCH} \ + file://rgpower_CA.bin \ + file://rgpower_EU.bin \ + file://rgpower_JP.bin \ + file://rgpower_US.bin \ + file://rgpower_WW.bin \ +" S = "${WORKDIR}/git" @@ -15,13 +22,25 @@ do_compile[noexec] = "1" do_install () { install -d ${D}${nonarch_base_libdir}/firmware/nxp - install -m 0644 murata/files/2DL/* ${D}${nonarch_base_libdir}/firmware/nxp + install -m 0644 murata/files/2DL/bt_power_config* ${D}${nonarch_base_libdir}/firmware/nxp # For the EU BT power file, set the baudrate to 3Mbps (as used by the btnxpuart driver) sed -i -e "s,00 C2 01 00 00 00 00 00 00 00 00 00,C0 C6 2D 00 00 00 00 00 00 00 00 00,g" \ ${D}${nonarch_base_libdir}/firmware/nxp/bt_power_config_EU.sh # For all the BT power scripts, replace the hcitool reset command to avoid misleading BT behaviour. sed -i -e "s,hcitool -i hci0 cmd 0x03 0x003,hciconfig hci0 reset,g" \ ${D}${nonarch_base_libdir}/firmware/nxp/bt_power_config*.sh + + # Install TX power level management V2 rgpower files + install -m 444 ${WORKDIR}/rgpower_*.bin ${D}${nonarch_base_libdir}/firmware/nxp/ + + # Generate links for countries that share the Europe file + EU_COUNTRIES="AD AL AT BA BE BG CH CY CZ DE DK EE ES FI FR GB \ + GE GR HR HU IE IS IT LI LT LU LV MC MD ME MK MT \ + NL NO PL PT RO RS SE SI SK SM TR VA" + + for country in $EU_COUNTRIES; do + ln -sf rgpower_EU.bin ${D}${nonarch_base_libdir}/firmware/nxp/rgpower_${country}.bin + done } FILES:${PN} = "${nonarch_base_libdir}/firmware" diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_CA.bin b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_CA.bin new file mode 100644 index 000000000..f73d7326c --- /dev/null +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_CA.bin @@ -0,0 +1,39 @@ + +region_pwr_cfg = { +49 02 64 01 00 00 00 00 01 00 ee 01 06 00 43 41 +20 20 00 01 06 02 4c 01 a1 a1 04 01 0b a0 00 00 +00 00 43 41 20 20 a3 13 00 02 08 05 ab 40 61 00 +08 44 02 12 03 84 40 40 00 18 30 02 0d 00 83 80 +20 f0 10 40 06 0e 01 43 a1 90 e8 84 4a 29 16 8c +46 a1 b0 f8 8c 4e 2b 17 8c 80 61 80 b0 0c 3a 3c +05 89 44 25 92 b9 6c 94 1f 30 92 4c c0 72 c9 74 +4e 71 32 95 00 c1 40 b8 65 0e 8b 44 9d cd 65 f3 +10 0c ea 8c 3b 9e 43 e0 14 1a 88 36 a7 47 00 04 +40 00 40 18 20 1e 01 57 80 ec 55 b8 72 b0 06 8c +07 00 e5 42 a0 70 10 20 02 b6 c5 a1 96 f8 84 82 +16 11 82 5c 6e 16 e0 1d cc 05 75 94 56 6f 36 eb +dd ca 07 7f 00 dd b0 54 db d8 2c 09 69 86 46 01 +51 19 dd de 24 0b c6 e3 ef b2 8c 9d a7 31 59 cb +e6 72 19 cc a6 7c 23 12 05 63 40 5a 98 c5 6c 1b +70 ca 80 02 5a 8d 56 b2 16 04 d7 e7 a1 7b 30 0e +b0 09 98 db 6b b6 19 fd e6 62 db 8e d1 e4 b4 b9 +6d ec 67 7f ab 8c ed c1 80 5e 24 38 15 bf 02 01 +c0 95 bb 48 27 b7 bc eb e3 bb 5d c0 1f 7b 65 a8 +ec 78 f3 5e 6f 07 a7 b6 04 06 79 7b f0 ec c0 33 +b1 f1 8d ea e5 bb 10 8f 58 1b 45 08 00 04 41 40 +d0 00 10 14 07 00 04 81 40 90 38 12 0a 0a 01 82 +61 d0 a0 08 +} +ed_mac_ctrl_v3 = { +30 01 1b 00 00 00 00 00 01 00 0a 00 01 00 0a 00 +ff 00 00 00 64 02 03 00 a1 a1 a0 +} +subband_ru_power_cfg = { +6d 02 6c 00 00 00 00 00 01 00 18 01 09 0a 0a 0a +06 00 00 0a 0a 0a 0a 08 00 00 0a 0a 0a 0a 07 00 +00 08 0a 0a 0a 07 07 00 08 0a 0a 0a 0a 00 00 0a +0a 0a 0a 0a 0a 00 07 07 07 07 03 05 00 07 0a 0a +0a 0a 00 00 0a 0a 0a 0a 0a 0a 00 09 09 09 09 09 +09 00 0a 0a 0a 0a 0a 00 00 00 00 00 00 00 00 00 +05 05 05 05 05 64 02 03 00 a1 a1 a0 +} \ No newline at end of file diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_EU.bin b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_EU.bin new file mode 100644 index 000000000..32da16468 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_EU.bin @@ -0,0 +1,27 @@ + +region_pwr_cfg = { +49 02 a3 00 00 00 00 00 01 00 ee 01 06 00 45 55 +20 30 00 02 06 02 8b 00 a1 a1 04 01 0b a0 00 00 +00 00 45 55 20 30 93 07 00 02 08 06 ab 40 20 c0 +68 00 02 0d 82 c1 e1 30 88 34 32 15 0d 85 c4 62 +11 38 78 e6 1d 17 82 83 c0 00 40 18 30 16 02 07 +80 63 60 80 12 b0 04 8c 07 2b e4 42 a0 70 4c 06 +06 00 04 65 b2 f9 8c ce 60 11 06 cb a6 f3 99 a4 +e2 75 31 06 84 a0 d3 da 0d 0e 77 42 00 d1 27 e1 +10 65 22 88 10 00 00 c0 60 40 00 4c 1b 50 a9 55 +2a d5 8a 9d 54 19 5c ad 03 29 60 ab 1d 3a 6e 0a +b0 55 40 +} +ed_mac_ctrl_v3 = { +30 01 1b 00 00 00 00 00 01 00 0a 00 01 00 0a 00 +ff 00 00 00 64 02 03 00 a1 a1 a0 +} +subband_ru_power_cfg = { +6d 02 6c 00 00 00 00 00 01 00 18 01 06 08 0b 0d +0d 00 00 06 08 0b 0d 0d 00 00 06 08 0b 0d 0d 00 +00 06 08 0a 0a 0a 0a 00 06 08 0a 0a 0a 00 00 06 +08 0a 0a 0a 0a 00 06 08 0a 0a 0a 0a 00 06 08 0a +0a 0a 0a 00 00 00 00 00 00 00 00 03 03 03 03 03 +03 00 03 03 03 03 03 00 00 00 00 00 00 00 00 00 +03 03 03 03 03 64 02 03 00 a1 a1 a0 +} \ No newline at end of file diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_JP.bin b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_JP.bin new file mode 100644 index 000000000..9dde3a253 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_JP.bin @@ -0,0 +1,26 @@ + +region_pwr_cfg = { +49 02 99 00 00 00 00 00 01 00 ee 01 06 00 4a 50 +20 40 00 03 06 02 81 00 a1 a1 04 01 0b a0 00 00 +00 00 4a 50 20 40 f3 06 00 02 08 06 ab 40 20 f0 +68 00 02 0e 00 83 41 90 68 44 2a 19 09 85 c0 c0 +e0 e0 34 18 1f 13 8a c4 a2 91 68 2c 0e 3b 04 8b +46 20 c0 d8 28 e6 49 23 8e c9 c1 e0 00 20 0c 1e +ac 04 23 01 c0 30 08 00 54 0e 09 80 02 c0 e0 a4 +ea 79 3e 84 ce 42 c0 d9 ed 0e 8b 44 9d 52 28 d4 +9a 38 04 19 42 06 50 69 95 3a 1d 3a a1 45 a8 82 +a8 40 aa 2d 72 74 0a 00 80 +} +ed_mac_ctrl_v3 = { +30 01 1b 00 00 00 00 00 01 00 0a 00 01 00 0a 00 +ff 00 00 00 64 02 03 00 a1 a1 a0 +} +subband_ru_power_cfg = { +6d 02 6c 00 00 00 00 00 01 00 18 01 06 07 0a 0c +0d 00 00 06 07 0a 0c 0d 00 00 06 07 0a 0c 0d 00 +00 fe 01 04 07 0a 0a 00 01 04 07 0a 0a 00 00 fe +01 04 07 0a 0a 00 fe 01 04 07 0a 0a 00 fe 01 04 +07 0a 0a 00 fe 01 04 07 0a 0a 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +fe fe fe fe fe 64 02 03 00 a1 a1 a0 +} \ No newline at end of file diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_US.bin b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_US.bin new file mode 100644 index 000000000..bd7dcbe63 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_US.bin @@ -0,0 +1,37 @@ + +region_pwr_cfg = { +49 02 40 01 00 00 00 00 01 00 ee 01 06 00 55 53 +20 10 00 01 06 02 28 01 a1 a1 04 01 0b a0 00 00 +00 00 55 53 20 10 63 11 00 02 08 05 ab 40 61 00 +08 44 02 12 03 84 40 40 00 18 30 02 0d 00 83 80 +20 f0 10 40 06 0e 01 43 a1 90 e8 84 4a 29 16 8c +46 a1 b0 f8 8c 4e 2b 17 8c 80 61 80 b0 0c 3a 3c +05 89 44 25 92 b9 6c 94 1f 30 92 4c c0 72 c9 74 +4e 71 32 95 00 c1 40 b8 65 0e 8b 44 9d cd 65 f3 +10 0c ea 8c 3b 9e 43 e0 14 1a 88 36 a7 47 00 04 +40 00 40 18 3e b7 0e 56 00 d1 80 e0 1c a8 55 18 +08 01 01 c0 40 80 22 21 20 85 84 60 96 8b 55 b2 +dc 01 b8 56 6e 71 5b ad b6 df 28 bd 53 40 56 b0 +5d a8 10 0a 88 ce ee 31 20 5e 0c 09 85 07 61 f1 +38 da ce 33 1d 90 c9 59 32 81 18 90 2b 2e 02 cf +03 80 c0 dc 1e 28 00 12 ce e7 f4 3a 3d 2e 53 50 +01 d0 e3 f4 18 3d 66 6a 17 af c6 e1 30 d8 8d b6 +57 61 19 d9 67 81 80 bd 74 38 15 8f 02 01 ed 40 +70 48 13 4f 9d e4 72 81 dc ce 76 bf 8f 85 e9 75 +39 fb 0e 88 10 19 da 09 43 b1 a0 ce 40 33 24 0c +d3 04 78 c1 8a c8 2b d8 12 05 02 79 40 af 06 20 + +} +ed_mac_ctrl_v3 = { +30 01 1b 00 00 00 00 00 01 00 0a 00 01 00 0a 00 +ff 00 00 00 64 02 03 00 a1 a1 a0 +} +subband_ru_power_cfg = { +6d 02 6c 00 00 00 00 00 01 00 18 01 09 0a 0a 0a +06 00 00 0a 0a 0a 0a 08 00 00 0a 0a 0a 0a 07 00 +00 0a 0a 0a 0a 07 07 00 0a 0a 0a 0a 0a 00 00 0a +0a 0a 0a 0a 0a 00 07 07 07 07 03 05 00 07 0a 0a +0a 0a 0a 00 0a 0a 0a 0a 0a 0a 00 09 09 09 09 09 +09 00 0a 0a 0a 0a 0a 00 00 00 00 00 00 00 00 00 +05 05 05 05 05 64 02 03 00 a1 a1 a0 +} \ No newline at end of file diff --git a/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_WW.bin b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_WW.bin new file mode 100644 index 000000000..7d05c0b11 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/firmware-murata-nxp/firmware-murata-nxp/rgpower_WW.bin @@ -0,0 +1,33 @@ + +region_pwr_cfg = { +49 02 07 01 00 00 00 00 01 00 ee 01 06 00 57 57 +20 00 00 00 06 02 ef 00 a1 a1 04 01 0b a0 00 00 +00 00 57 57 20 00 d3 0d 00 02 08 05 83 40 4a d0 +08 30 1a 00 82 80 41 a0 90 64 28 05 08 86 c2 e2 +30 f8 4c 4a 1d 08 05 c5 60 11 70 0c 66 23 1b 81 +46 23 51 99 08 04 14 0b 00 00 e4 f2 99 58 0e 3d +0a 90 45 25 63 b9 78 36 63 22 8f c9 26 52 80 88 +04 08 03 07 cf 81 20 25 60 09 18 0e 01 80 40 02 +a0 70 48 1a 01 01 81 80 01 00 70 4e 9f 51 a9 d5 +6a f5 2a a4 74 04 0d 02 02 c0 93 60 55 42 b9 4f +05 d7 ec 36 30 45 96 b0 10 b4 5a ac 56 4b 35 4e +9e 0a b9 00 af 10 bb 7d de f3 7b 04 df 64 d7 fa +fe 06 cf 5e b0 5c ed b7 5b 86 0c 19 61 bd 00 81 +98 6a 9c 34 15 6b 03 d8 c0 e0 30 20 02 9d 26 cc +66 b3 99 eb be 84 1b 9b ce e7 f2 f6 2c c8 33 51 +9e 86 da 71 f6 20 66 2e df 96 09 db c1 41 4d d0 +27 32 0a d7 84 ac a0 +} +ed_mac_ctrl_v3 = { +30 01 1b 00 00 00 00 00 01 00 0a 00 01 00 0a 00 +ff 00 00 00 64 02 03 00 a1 a1 a0 +} +subband_ru_power_cfg = { +6d 02 6c 00 00 00 00 00 01 00 18 01 06 07 0a 0a +06 00 00 06 07 0a 0a 08 00 00 06 07 0a 0a 07 00 +00 fe 01 04 07 07 07 00 01 04 07 0a 0a 00 00 fe +01 04 07 0a 0a 00 fe 01 04 07 03 05 00 fe 01 04 +07 0a 0a 00 fe 01 04 07 0a 0a 00 03 03 03 03 03 +03 00 03 03 03 03 03 00 00 00 00 00 00 00 00 00 +fe fe fe fe fe 64 02 03 00 a1 a1 a0 +} \ No newline at end of file diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc index 9276797af..dc0cc52d2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc @@ -72,7 +72,6 @@ SIGN_UBOOT:ccimx6 = "sign_uboot" SIGN_UBOOT:ccimx6ul = "sign_uboot" do_deploy[postfuncs] += " \ - adapt_uboot_filenames \ ${@oe.utils.ifelse(d.getVar('BUILD_UBOOT_SCRIPTS') == 'true', 'build_uboot_scripts', '')} \ ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', '${SIGN_UBOOT}', '', d)} \ " @@ -140,29 +139,31 @@ build_uboot_scripts() { fi } -adapt_uboot_filenames() { - # Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form: - # u-boot-.- - # u-boot- - # and add a more suitable symlink in the form: - # u-boot--. - if [ -n "${UBOOT_CONFIG}" ] - then - for config in ${UBOOT_MACHINE}; do - i=$(expr $i + 1); - for type in ${UBOOT_CONFIG}; do - j=$(expr $j + 1); - if [ $j -eq $i ] - then - cd ${DEPLOYDIR} - rm -f ${UBOOT_BINARY}-${type} - ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} - fi - done - unset j - done - unset i - fi +# +# Clean Yocto generated u-boot symlinks. +# +# Left: +# u-boot-. +# u-boot-.- (needed for imx-boot) +# u-boot-spl.bin-- (needed for imx-boot) +# +uboot_deploy_config:append() { + rm -f ${DEPLOYDIR}/${UBOOT_SYMLINK} \ + ${DEPLOYDIR}/${UBOOT_BINARY}-${type} \ + ${DEPLOYDIR}/${UBOOT_BINARY} + ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} +} +uboot_deploy_spl_config:append() { + rm -f ${DEPLOYDIR}/${SPL_BINARYFILE}-${type} \ + ${DEPLOYDIR}/${SPL_BINARYFILE} \ + ${DEPLOYDIR}/${SPL_SYMLINK} +} +# Further cleaning for platforms not generating imx-boot +uboot_deploy_config:append:ccimx6ul() { + rm -f ${DEPLOYDIR}/${UBOOT_SYMLINK}-${type} +} +uboot_deploy_spl_config:append:ccimx6ul() { + rm -f ${DEPLOYDIR}/${SPL_SYMLINK}-${type} } sign_uboot() { diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_media.txt index 5b62ef222..36b04b269 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_media.txt @@ -10,9 +10,9 @@ BASEFILENAME=0 # Determine U-Boot file to program basing on module variant # If module_variant is unknown or not set, return error asking the user if test "${module_variant}" = "0x01" || test "${module_variant}" = "0x02"; then - setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##2GB.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##2GB.imx; elif test "${module_variant}" = "0x03"; then - setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##1GB.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##1GB.imx; fi # Use 'test -n ...' because 'test -z ...' does not work well on old versions of @@ -25,9 +25,9 @@ else echo ""; echo "1. Set variable 'INSTALL_UBOOT_FILENAME' depending on your ConnectCore 6 QuadPlus variant:"; echo " - For a QuadPlus CPU with 2GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##2GB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##2GB.imx"; echo " - For a DualPlus CPU with 1GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##1GB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##1GB.imx"; echo ""; echo ""; echo "2. Run the install script again."; @@ -173,7 +173,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -203,7 +203,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh index dc411dae2..a358e6d92 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6qpsbc/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2021-2024 by Digi International Inc. +# Copyright (C) 2021-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -42,7 +51,6 @@ show_usage() echo " -k Update includes dek file." echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install Trustfence artifacts." echo " -u U-Boot filename." echo " Auto-determined by variant if not provided." exit 2 @@ -61,23 +69,27 @@ part_update() echo "=====================================================================================" echo "\033[0m" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then - uuu fb: download -f "${2}" - if [ -n "${DEK_FILE}" ]; then - uuu fb: ucmd setenv uboot_size \${filesize} - uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} - uuu fb: download -f "${3}" - uuu fb: ucmd setenv dek_size \${filesize} - uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + if [ "${1}" = "bootloader" ]; then + if [ "${ENCRYPTED}" = "true" ]; then + uuu fb: download -f "${2}" + if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek + uuu fb: ucmd setenv uboot_size \${filesize} + uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} + uuu fb: download -f "${3}" + uuu fb: ucmd setenv dek_size \${filesize} + uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + else + # Encrypted bootloader (re-use existing dek) + uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + fi else - uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + # Non-encrypted bootloader (can be signed or not) + uuu fb: flash "${1}" "${2}" fi else - if [ "${1}" = "bootloader" ]; then - uuu fb: flash "${1}" "${2}" - else - uuu fb: flash -raw2sparse "${1}" "${2}" - fi + # Non-bootloader image + uuu fb: flash -raw2sparse "${1}" "${2}" fi } @@ -91,7 +103,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhi:k:ntu:' c +while getopts ':bdhi:k:nu:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -107,7 +119,6 @@ do i) IMAGE_NAME=${OPTARG} ;; k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; esac done @@ -131,9 +142,9 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then # If module_variant is unknown or not set, return error asking the user if [ "$module_variant" = "0x01" ] || \ [ "$module_variant" = "0x02" ]; then - INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##2GB.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-##MACHINE##2GB.imx" elif [ "$module_variant" = "0x03" ]; then - INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##1GB.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-##MACHINE##1GB.imx" fi # U-Boot when the checked value is empty. @@ -148,9 +159,9 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then echo "" echo "1. Set variable 'INSTALL_UBOOT_FILENAME' depending on your ConnectCore 6 QuadPlus variant:" echo " - For a QuadPlus CPU with 2GB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##2GB.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##2GB.imx" echo " - For a DualPlus CPU with 1GB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##1GB.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##1GB.imx" echo "" echo "" echo "2. Run the install script again." @@ -161,6 +172,35 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then fi fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + # remove redirect uuu fb: ucmd setenv stdout serial diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_media.txt index 6fcefb035..58c1830fb 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_media.txt @@ -10,11 +10,11 @@ BASEFILENAME=0 # Determine U-Boot file to program basing on module variant # If module_variant is unknown or not set, return error asking the user if test "${module_variant}" = "0x12"; then - setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc2GB.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc2GB.imx; elif test "${module_variant}" = "0x02" || test "${module_variant}" = "0x04" || test "${module_variant}" = "0x05" || test "${module_variant}" = "0x0b" || test "${module_variant}" = "0x11" || test "${module_variant}" = "0x14" || test "${module_variant}" = "0x15" || test "${module_variant}" = "0x16"; then - setenv INSTALL_UBOOT_FILENAME u-boot-cc${soc_family}sbc.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-cc${soc_family}sbc.imx; elif test "${module_variant}" = "0x03" || test "${module_variant}" = "0x0c" || test "${module_variant}" = "0x0e" || test "${module_variant}" = "0x0f" || test "${module_variant}" = "0x13"; then - setenv INSTALL_UBOOT_FILENAME u-boot-cc${soc_family}sbc512MB.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-cc${soc_family}sbc512MB.imx; fi # Use 'test -n ...' because 'test -z ...' does not work well on old versions of @@ -27,15 +27,15 @@ else echo ""; echo "1. Set variable 'INSTALL_UBOOT_FILENAME' depending on your ConnectCore 6 variant:"; echo " - For a Quad/Dual CPU with 2GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc2GB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc2GB.imx"; echo " - For a Quad/Dual CPU with 1GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc.imx"; echo " - For a Quad/Dual CPU with 512MB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc512MB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc512MB.imx"; echo " - For a DualLite/Solo CPU with 1GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6dlsbc.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6dlsbc.imx"; echo " - For a DualLite/Solo CPU with 512MB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6dlsbc512MB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6dlsbc512MB.imx"; echo ""; echo "2. Run the install script again."; echo ""; @@ -180,7 +180,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -210,7 +210,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_uuu.sh index a818ad60b..1c358dd80 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6sbc/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2021-2024 by Digi International Inc. +# Copyright (C) 2021-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -42,7 +51,6 @@ show_usage() echo " -k Update includes dek file." echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." echo " -u U-Boot filename." echo " Auto-determined by variant if not provided." exit 2 @@ -61,23 +69,27 @@ part_update() echo "=====================================================================================" echo "\033[0m" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then - uuu fb: download -f "${2}" - if [ -n "${DEK_FILE}" ]; then - uuu fb: ucmd setenv uboot_size \${filesize} - uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} - uuu fb: download -f "${3}" - uuu fb: ucmd setenv dek_size \${filesize} - uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + if [ "${1}" = "bootloader" ]; then + if [ "${ENCRYPTED}" = "true" ]; then + uuu fb: download -f "${2}" + if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek + uuu fb: ucmd setenv uboot_size \${filesize} + uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} + uuu fb: download -f "${3}" + uuu fb: ucmd setenv dek_size \${filesize} + uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + else + # Encrypted bootloader (re-use existing dek) + uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + fi else - uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + # Non-encrypted bootloader (can be signed or not) + uuu fb: flash "${1}" "${2}" fi else - if [ "${1}" = "bootloader" ]; then - uuu fb: flash "${1}" "${2}" - else - uuu fb: flash -raw2sparse "${1}" "${2}" - fi + # Non-bootloader image + uuu fb: flash -raw2sparse "${1}" "${2}" fi } @@ -91,7 +103,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhi:k:ntu:' c +while getopts ':bdhi:k:nu:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -105,9 +117,8 @@ do d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;; h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; - k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;; + k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; esac done @@ -131,7 +142,7 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then module_variant=$(getenv "module_variant") # Determine U-Boot file to program basing on SOM's variant if [ "$module_variant" = "0x12" ]; then - INSTALL_UBOOT_FILENAME="u-boot-cc${soc_family}sbc2GB.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-cc${soc_family}sbc2GB.imx" elif [ "$module_variant" = "0x02" ] || \ [ "$module_variant" = "0x04" ] || \ [ "$module_variant" = "0x05" ] || \ @@ -140,13 +151,13 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then [ "$module_variant" = "0x14" ] || \ [ "$module_variant" = "0x15" ] || \ [ "$module_variant" = "0x16" ]; then - INSTALL_UBOOT_FILENAME="u-boot-cc${soc_family}sbc.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-cc${soc_family}sbc.imx" elif [ "$module_variant" = "0x03" ] || \ [ "$module_variant" = "0x0c" ] || \ [ "$module_variant" = "0x0e" ] || \ [ "$module_variant" = "0x0f" ] || \ [ "$module_variant" = "0x13" ]; then - INSTALL_UBOOT_FILENAME="u-boot-cc${soc_family}sbc512MB.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-cc${soc_family}sbc512MB.imx" fi fi @@ -162,15 +173,15 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then echo "" echo "1. Set variable 'INSTALL_UBOOT_FILENAME' depending on your ConnectCore 6 variant:" echo " - For a Quad/Dual CPU with 2GB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc2GB.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc2GB.imx" echo " - For a Quad/Dual CPU with 1GB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc.imx" echo " - For a Quad/Dual CPU with 512MB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6qsbc512MB.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6qsbc512MB.imx" echo " - For a DualLite/Solo CPU with 1GB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6dlsbc.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6dlsbc.imx" echo " - For a DualLite/Solo CPU with 512MB DDR3, run:" - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6dlsbc512MB.imx" + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-ccimx6dlsbc512MB.imx" echo "" echo "2. Run the install script again." echo "" @@ -180,6 +191,35 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then fi fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + # remove redirect uuu fb: ucmd setenv stdout serial diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_media.txt index e18af43ff..3a0bc4120 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_media.txt @@ -10,11 +10,11 @@ BASEFILENAME=0 # Determine U-Boot file to program basing on module variant # If module_variant is unknown or not set, return error asking the user if test "${module_variant}" = "0x02" || test "${module_variant}" = "0x03" || test "${module_variant}" = "0x06" || test "${module_variant}" = "0x09"; then - setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##.imx; elif test "${module_variant}" = "0x04" || test "${module_variant}" = "0x05" || test "${module_variant}" = "0x07"; then - setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##1GB.imx; + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##1GB.imx; elif test "${module_variant}" = "0x08" || test "${module_variant}" = "0x0a"; then - setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##512MB.imx + setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##512MB.imx fi setenv INSTALL_MEDIA_INDEX ##INSTALL_MEDIA_INDEX## @@ -30,11 +30,11 @@ else echo ""; echo "1. Set variable 'INSTALL_UBOOT_FILENAME' depending on your ConnectCore 6UL variant:"; echo " - For a SOM with 1GB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##1GB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##1GB.imx"; echo " - For a SOM with 512MB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##512MB.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##512MB.imx"; echo " - For a SOM with 256MB DDR3, run:"; - echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##MACHINE##.imx"; + echo " => setenv INSTALL_UBOOT_FILENAME u-boot-##SIGNED##-##MACHINE##.imx"; echo ""; echo "2. Run the install script again."; echo ""; @@ -112,7 +112,9 @@ else echo " linux ${INSTALL_LINUX_FILENAME}" echo " recovery ${INSTALL_RECOVERY_FILENAME}" echo " rootfs ${INSTALL_ROOTFS_FILENAME}" + echo " update --format--" fi +echo " data --format--" echo "" echo " Press CTRL+C now if you wish to abort or wait 10 seconds" echo " to continue." @@ -158,9 +160,8 @@ fi # - Set bootlimit to 3 # - If Normal Boot: # - Update the system partitions: linux, recovery, rootfs -# - Erase the 'update' partition -# - Configure recovery to wipe 'update' partition -# - Run 'recovery' and let the system boot after +# - Format the 'update' partition +# - Format the 'data' partition setenv bootcmd " env default -a; setenv singlemtdsys ${singlemtdsys}; @@ -174,7 +175,7 @@ setenv bootcmd " else force_erase=\"-e\"; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -204,7 +205,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; @@ -272,19 +273,33 @@ setenv bootcmd " exit; fi; echo \"\"; - if test \"\$\{singlemtdsys\}\" != yes; then + fi; + if test \"\$\{singlemtdsys\}\" != yes; then + if test \"\$\{dualboot\}\" != yes; then + echo \"\"; + echo \"\"; + echo \">> Formatting 'update' partition\"; + echo \"\"; + echo \"\"; nand erase.part update; + if ubi part update; then + ubi createvol update; + fi; + fi; + echo \"\"; + echo \"\"; + echo \">> Formatting 'data' partition\"; + echo \"\"; + echo \"\"; + nand erase.part data; + if ubi part data; then + ubi createvol data; fi; - setenv boot_recovery yes; - setenv recovery_command wipe_update; fi; saveenv; echo \"\"; echo \"\"; echo \">> Firmware installation complete.\"; - if test \"\$\{dualboot\}\" != yes; then - echo \"Rebooting into recovery mode for final deployment.\"; - fi; echo \"\"; echo \"\"; sleep 1; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh index b3c3f862d..6be65a0d2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx6ul/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2020-2024 by Digi International Inc. +# Copyright (C) 2020-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -42,7 +51,6 @@ show_usage() echo " -k Update includes dek file." echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." echo " -u U-Boot filename." echo " Auto-determined by variant if not provided." exit 2 @@ -74,21 +82,42 @@ part_update() ERASE="-e" fi uuu fb: download -f "${2}" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "uboot" ]; then + if [ "${1}" = "bootloader" ] && [ "${ENCRYPTED}" = "true" ]; then if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek uuu fb: ucmd setenv uboot_size \${filesize} uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} uuu fb: download -f "${4}" uuu fb: ucmd setenv dek_size \${filesize} uuu "fb[-t ${3}]:" ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} else + # Encrypted bootloader (re-use existing dek) uuu "fb[-t ${3}]:" ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} fi else + # Rest of images (including non-encrypted bootloader) uuu "fb[-t ${3}]:" ucmd update "${1}" ram \${fastboot_buffer} \${fastboot_bytes} ${ERASE} fi } +# Format a partition +# Params: +# 1. partition +# Description: +# - erases a partition +# - creates UBI volume with the same name as the partition +format_part() +{ + echo "\033[36m" + echo "=====================================================================================" + echo "Formatting '${1}' partition" + echo "=====================================================================================" + echo "\033[0m" + + uuu "fb[-t 20000]:" ucmd nand erase.part "${1}" + uuu "fb[-t 20000]:" ucmd if ubi part "${1}"\; then ubi createvol "${1}"\;fi +} + clear echo "############################################################" echo "# Linux firmware install through USB OTG #" @@ -99,7 +128,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhi:k:ntu:' c +while getopts ':bdhi:k:nu:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -113,9 +142,8 @@ do d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;; h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; - k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;; + k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; esac done @@ -149,12 +177,12 @@ if [ -z "${INSTALL_UBOOT_FILENAME}" ]; then elif [ "$module_variant" = "0x04" ] || \ [ "$module_variant" = "0x05" ] || \ [ "$module_variant" = "0x07" ]; then - INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##1GB.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-##MACHINE##1GB.imx" elif [ "$module_variant" = "0x02" ] || \ [ "$module_variant" = "0x03" ] || \ [ "$module_variant" = "0x06" ] || \ [ "$module_variant" = "0x09" ]; then - INSTALL_UBOOT_FILENAME="u-boot-##MACHINE##.imx" + INSTALL_UBOOT_FILENAME="u-boot-##SIGNED##-##MACHINE##.imx" fi fi @@ -170,11 +198,11 @@ if [ -z "${INSTALL_UBOOT_FILENAME}" ]; then echo "" echo "1. Add U-boot file name, depending on your ConnectCore 6UL variant, to script command line:" echo " - For a SOM with 1GB DDR3, run:" - echo " => ./install_linux_fw_uuu.sh -u u-boot-##MACHINE##1GB.imx" + echo " => ./install_linux_fw_uuu.sh -u u-boot-##SIGNED##-##MACHINE##1GB.imx" echo " - For a SOM with 512MB DDR3, run:" - echo " => ./install_linux_fw_uuu.sh -u u-boot-##MACHINE##512MB.imx" + echo " => ./install_linux_fw_uuu.sh -u u-boot-##SIGNED##-##MACHINE##512MB.imx" echo " - For a SOM with 256MB DDR3, run:" - echo " => ./install_linux_fw_uuu.sh -u u-boot-##MACHINE##.imx" + echo " => ./install_linux_fw_uuu.sh -u u-boot-##SIGNED##-##MACHINE##.imx" echo "" echo "2. Run the install script again." echo "" @@ -184,6 +212,35 @@ if [ -z "${INSTALL_UBOOT_FILENAME}" ]; then fi fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + # remove redirect uuu fb: ucmd setenv stdout serial @@ -239,6 +296,9 @@ fi LINUX_NAME="linux" RECOVERY_NAME="recovery" ROOTFS_NAME="rootfs" +UPDATE_NAME="update" +DATA_NAME="data" + # Print warning about storage media being deleted if [ "${NOWAIT}" != true ]; then WAIT=10 @@ -266,6 +326,12 @@ if [ "${NOWAIT}" != true ]; then printf " ${RECOVERY_NAME}\t${INSTALL_RECOVERY_FILENAME}\n" printf " ${ROOTFS_NAME}\t${INSTALL_ROOTFS_FILENAME}\n" fi + if [ "${SINGLEMTDSYS}" != true ]; then + if [ "${DUALBOOT}" != true ]; then + printf " ${UPDATE_NAME}\t--format--\n" + fi + printf " ${DATA_NAME}\t\t--format--\n" + fi printf "\n" printf " Press CTRL+C now if you wish to abort.\n" printf "\n" @@ -295,7 +361,8 @@ part_update "uboot" "${INSTALL_UBOOT_FILENAME}" 5000 "${DEK_FILE}" # - Update the 'linux' partition # - Update the 'recovery' partition # - Update the 'rootfs' partition -# - Erase the 'update' partition +# - Format the 'update' partition +# - Format the 'data' partition uuu fb: ucmd setenv bootcmd " env default -a; setenv dualboot \${dualboot}; @@ -349,15 +416,11 @@ else part_update "${ROOTFS_NAME}" "${INSTALL_ROOTFS_FILENAME}" 120000 fi -if [ "${SINGLEMTDSYS}" != true ] && [ "${DUALBOOT}" != true ]; then - # Erase the 'Update' partition - uuu "fb[-t 20000]:" ucmd nand erase.part update -fi - -if [ "${DUALBOOT}" != true ]; then - # Configure u-boot to boot into recovery mode - uuu fb: ucmd setenv boot_recovery yes - uuu fb: ucmd setenv recovery_command wipe_update +if [ "${SINGLEMTDSYS}" != true ]; then + if [ "${DUALBOOT}" != true ]; then + format_part "${UPDATE_NAME}" + fi + format_part "${DATA_NAME}" fi # Set the rootfstype if squashfs diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_media.txt index cdde62c74..9887d1a8c 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_media.txt @@ -7,6 +7,7 @@ install_abort=0 BASEFILENAME=0 +setenv INSTALL_UBOOT_FILENAME imx-boot-##MACHINE##.bin setenv INSTALL_MEDIA_INDEX ##INSTALL_MEDIA_INDEX## setenv INSTALL_MEDIA ##INSTALL_MEDIA## @@ -149,7 +150,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -179,7 +180,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_uuu.sh index f6fbdcd81..41234a8d2 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8m/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2020-2024 by Digi International Inc. +# Copyright (C) 2020-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -42,7 +51,6 @@ show_usage() echo " -k Update includes dek file." echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." echo " -u U-Boot filename." echo " Auto-determined by variant if not provided." exit 2 @@ -61,23 +69,27 @@ part_update() echo "=====================================================================================" echo "\033[0m" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then - uuu fb: download -f "${2}" - if [ -n "${DEK_FILE}" ]; then - uuu fb: ucmd setenv uboot_size \${filesize} - uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} - uuu fb: download -f "${3}" - uuu fb: ucmd setenv dek_size \${filesize} - uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + if [ "${1}" = "bootloader" ]; then + if [ "${ENCRYPTED}" = "true" ]; then + uuu fb: download -f "${2}" + if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek + uuu fb: ucmd setenv uboot_size \${filesize} + uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} + uuu fb: download -f "${3}" + uuu fb: ucmd setenv dek_size \${filesize} + uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + else + # Encrypted bootloader (re-use existing dek) + uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + fi else - uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + # Non-encrypted bootloader (can be signed or not) + uuu fb: flash "${1}" "${2}" fi else - if [ "${1}" = "bootloader" ]; then - uuu fb: flash "${1}" "${2}" - else - uuu fb: flash -raw2sparse "${1}" "${2}" - fi + # Non-bootloader image + uuu fb: flash -raw2sparse "${1}" "${2}" fi } @@ -91,7 +103,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhi:k:ntu:' c +while getopts ':bdhi:k:nu:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -105,9 +117,8 @@ do d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;; h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; - k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;; + k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; esac done @@ -121,9 +132,6 @@ if [ "${dualboot}" = "yes" ]; then DUALBOOT=true; fi -# remove redirect -uuu fb: ucmd setenv stdout serial - echo "" echo "Determining image files to use..." @@ -132,6 +140,38 @@ if [ -z "${INSTALL_UBOOT_FILENAME}" ]; then INSTALL_UBOOT_FILENAME="imx-boot-##SIGNED##-##MACHINE##.bin" fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + +# remove redirect +uuu fb: ucmd setenv stdout serial + # Determine linux, recovery, and rootfs image filenames to update if [ -z "${IMAGE_NAME}" ]; then IMAGE_NAME="##DEFAULT_IMAGE_NAME##" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_media.txt index 5fb16dbda..161b91a7a 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_media.txt @@ -18,6 +18,7 @@ fi # the necessary logic to choose the correct imx-boot file for the target's SOC. setenv skip-uboot-check "yes" +setenv INSTALL_UBOOT_FILENAME imx-boot-##MACHINE##-${soc_rev}.bin setenv INSTALL_MEDIA_INDEX ##INSTALL_MEDIA_INDEX## setenv INSTALL_MEDIA ##INSTALL_MEDIA## @@ -160,7 +161,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -190,7 +191,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_uuu.sh index 88b258932..c87a4e718 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8x/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2020-2024 by Digi International Inc. +# Copyright (C) 2020-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -42,7 +51,6 @@ show_usage() echo " -k Update includes dek file." echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." echo " -u U-Boot filename." echo " Auto-determined by variant if not provided." exit 2 @@ -61,23 +69,27 @@ part_update() echo "=====================================================================================" echo "\033[0m" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then - uuu fb: download -f "${2}" - if [ -n "${DEK_FILE}" ]; then - uuu fb: ucmd setenv uboot_size \${filesize} - uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} - uuu fb: download -f "${3}" - uuu fb: ucmd setenv dek_size \${filesize} - uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + if [ "${1}" = "bootloader" ]; then + if [ "${ENCRYPTED}" = "true" ]; then + uuu fb: download -f "${2}" + if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek + uuu fb: ucmd setenv uboot_size \${filesize} + uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} + uuu fb: download -f "${3}" + uuu fb: ucmd setenv dek_size \${filesize} + uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + else + # Encrypted bootloader (re-use existing dek) + uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + fi else - uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + # Non-encrypted bootloader (can be signed or not) + uuu fb: flash "${1}" "${2}" fi else - if [ "${1}" = "bootloader" ]; then - uuu fb: flash "${1}" "${2}" - else - uuu fb: flash -raw2sparse "${1}" "${2}" - fi + # Non-bootloader image + uuu fb: flash -raw2sparse "${1}" "${2}" fi } @@ -91,7 +103,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhi:k:ntu:' c +while getopts ':bdhi:k:nu:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -105,9 +117,8 @@ do d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;; h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; - k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;; + k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; esac done @@ -136,6 +147,35 @@ if [ -z ${INSTALL_UBOOT_FILENAME} ]; then INSTALL_UBOOT_FILENAME="imx-boot-##SIGNED##-##MACHINE##-${soc_rev}.bin" fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + # remove redirect uuu fb: ucmd setenv stdout serial diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_media.txt index 8667432f6..be42a5eef 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_media.txt @@ -23,6 +23,7 @@ if test "${soc_type}" = "imx93"; then fi fi +setenv INSTALL_UBOOT_FILENAME imx-boot-##MACHINE##${SOCREV}.bin setenv INSTALL_MEDIA_INDEX ##INSTALL_MEDIA_INDEX## setenv INSTALL_MEDIA ##INSTALL_MEDIA## @@ -183,7 +184,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -213,7 +214,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_uuu.sh index bcf92552b..924469283 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx9/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2020-2024 by Digi International Inc. +# Copyright (C) 2020-2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -27,6 +27,15 @@ getenv() uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p" } +# Grep for string in command output +# Params: +# 1. Command +# 2. String to grep +grep_string() +{ + uuu -v fb: ucmd ${1} | grep "${2}" +} + show_usage() { echo "Usage: $0 [options]" @@ -43,7 +52,6 @@ show_usage() echo " (implies -t)." echo " -n No wait. Skips 10 seconds delay to stop script." echo " -u U-Boot filename." - echo " -t Install TrustFence artifacts." echo " Auto-determined by variant if not provided." echo " -U Update redundant bootloader partition." @@ -63,23 +71,27 @@ part_update() echo "=====================================================================================" echo "\033[0m" - if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then - uuu fb: download -f "${2}" - if [ -n "${DEK_FILE}" ]; then - uuu fb: ucmd setenv uboot_size \${filesize} - uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} - uuu fb: download -f "${3}" - uuu fb: ucmd setenv dek_size \${filesize} - uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + if [ "${1}" = "bootloader" ] || [ "${1}" = "bootloader_redundant" ]; then + if [ "${ENCRYPTED}" = "true" ]; then + uuu fb: download -f "${2}" + if [ -n "${DEK_FILE}" ]; then + # Encrypted bootloader + dek + uuu fb: ucmd setenv uboot_size \${filesize} + uuu fb: ucmd setenv fastboot_buffer \${initrd_addr} + uuu fb: download -f "${3}" + uuu fb: ucmd setenv dek_size \${filesize} + uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size} + else + # Encrypted bootloader (re-use existing dek) + uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + fi else - uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes} + # Non-encrypted bootloader (can be signed or not) + uuu fb: flash "${1}" "${2}" fi else - if [ "${1}" = "bootloader" ] || [ "${1}" = "bootloader_redundant" ]; then - uuu fb: flash "${1}" "${2}" - else - uuu fb: flash -raw2sparse "${1}" "${2}" - fi + # Non-bootloader image + uuu fb: flash -raw2sparse "${1}" "${2}" fi } @@ -93,7 +105,7 @@ echo "############################################################" # -i # -u # -k -while getopts ':bdhti:nu:Uk:' c +while getopts ':bdhi:nu:Uk:' c do if [ "${c}" = ":" ]; then c="${OPTARG}" @@ -107,10 +119,9 @@ do d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;; h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; - k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;; + k) DEK_FILE=${OPTARG} ;; n) NOWAIT=true ;; u) INSTALL_UBOOT_FILENAME=${OPTARG} ;; - t) TRUSTFENCE=true ;; U) INSTALL_REDUNDANT_UBOOT=true ;; esac done @@ -145,6 +156,35 @@ if [ -z "${INSTALL_UBOOT_FILENAME}" ]; then INSTALL_UBOOT_FILENAME="imx-boot-##SIGNED##-##MACHINE##${SOCREV}.bin" fi +# Determine if bootloader is signed and/or encrypted +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then + SIGNED=true +fi +if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then + ENCRYPTED=true +fi + +if [ "${ENCRYPTED}" = "true" ]; then + tf_status=$(grep_string "trustfence status" "Secure boot:") + if echo "${tf_status}" | grep -q -e "OPEN"; then + echo "\033[93m" + echo "WARNING!" + echo "You are trying to program encrypted images but the device status is OPEN." + echo "An OPEN device requires manual procedure for installing an encrypted bootloader," + echo "programming the secure keys, and closing the device." + echo "Continuing would result in a non-secure setup or a non-bootable device after the" + echo "close operation." + echo "" + echo "Check the online documentation for manual steps at:" + echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html" + echo "" + echo "You can run this installer to program encrypted artifacts when the device has been closed." + echo "\033[0m" + echo "Exiting." + exit 1 + fi +fi + # remove redirect uuu fb: ucmd setenv stdout serial @@ -344,7 +384,7 @@ if [ -f ${COMPRESSED_ROOTFS_IMAGE} ] && [ -f ${INSTALL_ROOTFS_FILENAME} ]; then rm -f "${INSTALL_ROOTFS_FILENAME}" fi # Set the dboot_kernel_var to fitimage if Trustfence is enabled -if [ "${TRUSTFENCE}" = "true" ] || echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed" -e "encrypted"; then +if [ "${SIGNED}" = "true" ] || [ "${ENCRYPTED}" = "true" ]; then uuu fb: ucmd setenv dboot_kernel_var fitimage fi diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_media.txt index b22e9dbf4..85b68f4f7 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_media.txt @@ -191,7 +191,7 @@ setenv bootcmd " setenv rootfstype ${rootfstype}; setenv install_dualboot ${install_dualboot}; run ubivolscript; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -221,7 +221,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_uuu.sh index 4df790ea4..a2ab168dc 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp1/install_linux_fw_uuu.sh @@ -50,7 +50,6 @@ show_usage() echo " 'dey-image-webkit', 'core-image-base'..." echo " Defaults to '##DEFAULT_IMAGE_NAME##' if not provided." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." exit 2 } @@ -84,7 +83,7 @@ echo "############################################################" # -b, -d, -n (booleans) # -f # -i -while getopts 'a:bdf:hi:nt' c +while getopts 'a:bdf:hi:n' c do case $c in a) INSTALL_ATF_FILENAME=${OPTARG} ;; @@ -94,7 +93,6 @@ do h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; esac done @@ -137,6 +135,11 @@ if [ -z "${INSTALL_FIP_FILENAME}" ]; then INSTALL_FIP_FILENAME="fip-##MACHINE##-${module_ram}-##BOOTSCHEME_DEFAULT##-nand##SIGNED##.bin" fi +# Determine if boot artifacts are signed +if echo "$INSTALL_FIP_FILENAME" | grep -q -e "Signed"; then + SIGNED=true +fi + # Determine linux, recovery, and rootfs image filenames to update if [ -z "${IMAGE_NAME}" ]; then IMAGE_NAME="##DEFAULT_IMAGE_NAME##" @@ -320,7 +323,7 @@ else fi # Set the dboot_kernel_var to fitimage if Trustfence is enabled -if [ "${TRUSTFENCE}" = "true" ] || echo "${INSTALL_FIP_FILENAME}" | grep -q -e "Signed"; then +if [ "${SIGNED}" = "true" ]; then uuu fb: ucmd setenv dboot_kernel_var fitimage uuu fb: ucmd saveenv fi diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_media.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_media.txt index b05dda55f..281586866 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_media.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_media.txt @@ -198,7 +198,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb start; fi; if test \"\$\{dualboot\}\" = yes; then @@ -228,7 +228,7 @@ setenv bootcmd " exit; fi; fi; - if test \"\$\{INSTALL_MEDIA\}\" = "usb"; then + if test "${INSTALL_MEDIA}" = "usb"; then usb reset; fi; echo \"\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_uuu.sh b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_uuu.sh index dc2c4b0f0..046fb0557 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_uuu.sh +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp2/install_linux_fw_uuu.sh @@ -1,7 +1,7 @@ #!/bin/sh #=============================================================================== # -# Copyright (C) 2024 by Digi International Inc. +# Copyright (C) 2024, 2025 by Digi International Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or modify it @@ -44,7 +44,6 @@ show_usage() echo " 'dey-image-webkit', 'core-image-base'..." echo " Defaults to '##DEFAULT_IMAGE_NAME##' if not provided." echo " -n No wait. Skips 10 seconds delay to stop script." - echo " -t Install TrustFence artifacts." exit 2 } @@ -80,7 +79,7 @@ echo "############################################################" # -b, -d, -n (booleans) # -f # -i -while getopts 'a:bdf:hi:nt' c +while getopts 'a:bdf:hi:n' c do case $c in a) INSTALL_ATF_FILENAME=${OPTARG} ;; @@ -90,7 +89,6 @@ do h) show_usage ;; i) IMAGE_NAME=${OPTARG} ;; n) NOWAIT=true ;; - t) TRUSTFENCE=true ;; esac done @@ -117,6 +115,11 @@ if [ -z "${INSTALL_FIP_FILENAME}" ]; then INSTALL_FIP_FILENAME="fip-##MACHINE##-optee-emmc##SIGNED##.bin" fi +# Determine if boot artifacts are signed +if echo "$INSTALL_FIP_FILENAME" | grep -q -e "Signed"; then + SIGNED=true +fi + # remove redirect uuu fb: ucmd setenv stdout serial @@ -306,7 +309,7 @@ else fi # Set the dboot_kernel_var to fitimage if Trustfence is enabled -if [ "${TRUSTFENCE}" = "true" ] || echo "${INSTALL_FIP_FILENAME}" | grep -q -e "Signed"; then +if [ "${SIGNED}" = "true" ]; then uuu fb: ucmd setenv dboot_kernel_var fitimage uuu fb: ucmd saveenv fi diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index fdcbb9e77..3ad4a7016 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -13,6 +13,7 @@ SRC_URI = " \ ${LINUX_GIT_URI};branch=${SRCBRANCH} \ ${@oe.utils.conditional('KERNEL_DEFCONFIG', '', 'file://defconfig', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', 'file://docker_conf.cfg', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tsn', 'file://tsn_conf.cfg', '', d)} \ ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'file://fscrypt.cfg', '', d)} \ " S = "${WORKDIR}/git" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey/tsn_conf.cfg b/meta-digi-arm/recipes-kernel/linux/linux-dey/tsn_conf.cfg index cdc21fd88..dc1c2cb9f 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey/tsn_conf.cfg +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey/tsn_conf.cfg @@ -10,18 +10,24 @@ . consult the product documentation. . .......................................................................... +CONFIG_TSN=y CONFIG_NET_SCH_MULTIQ=m -CONFIG_NET_SCH_CBS=m +CONFIG_NET_SCH_CBS=y CONFIG_NET_SCH_ETF=m -CONFIG_NET_SCH_TAPRIO=m -CONFIG_NET_SCH_MQPRIO=m +CONFIG_NET_SCH_TAPRIO=y +CONFIG_NET_SCH_MQPRIO=y CONFIG_NET_SCH_INGRESS=m CONFIG_NET_CLS_BASIC=m CONFIG_NET_CLS_U32=m +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_FLOWER=m CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_GACT=m +CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=m -CONFIG_NET_ACT_GATE=m CONFIG_NET_ACT_SKBEDIT=m +CONFIG_NET_ACT_GATE=m +CONFIG_FSL_ENETC=y CONFIG_FSL_ENETC_QOS=y +CONFIG_IFB=m diff --git a/meta-digi-dey/classes/dey-image-installer.bbclass b/meta-digi-dey/classes/dey-image-installer.bbclass index c44b5417f..191a0b05a 100644 --- a/meta-digi-dey/classes/dey-image-installer.bbclass +++ b/meta-digi-dey/classes/dey-image-installer.bbclass @@ -31,6 +31,50 @@ HAS_USB_DRIVER:ccimx9 = "true" HAS_USB_DRIVER:ccmp1 = "true" HAS_USB_DRIVER:ccmp2 = "true" +BOOTLOADER_SIGNED_STRING ?= "-signed" +BOOTLOADER_ENCRYPTED_STRING ?= "-encrypted" +BOOTLOADER_SIGNED_USB_STRING ?= "-usb-signed" + +curate_bootloader_artifacts() { + for artifact in ${BOOTABLE_ARTIFACTS}; do + # NXP platforms may have a ##SIGNED## placeholder to replace + if [ "${DEY_SOC_VENDOR}" = "NXP" ] && echo "${artifact}" | grep -q -e "##SIGNED##"; then + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + if [ "${DIGI_SOM}" = "ccimx6ul" ]; then + if [ "${TRUSTFENCE_DEK_PATH}" != "0" ]; then + # Encrypted bootloader + curated_artifact=$(echo "${artifact}" | sed "s,##SIGNED##,${BOOTLOADER_ENCRYPTED_STRING},") + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + else + # Signed, non-encrypted bootloader + curated_artifact=$(echo "${artifact}" | sed "s,##SIGNED##,${BOOTLOADER_SIGNED_STRING},") + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + fi + # Signed, non-encrypted bootloader for USB recovery + curated_artifact=$(echo "${artifact}" | sed "s,##SIGNED##,${BOOTLOADER_SIGNED_USB_STRING},") + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + else + if [ "${TRUSTFENCE_DEK_PATH}" != "0" ]; then + # Encrypted bootloader + curated_artifact=$(echo "${artifact}" | sed "s,##SIGNED##,${BOOTLOADER_ENCRYPTED_STRING},") + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + fi + # Signed, non-encrypted bootloader for USB recovery + curated_artifact=$(echo "${artifact}" | sed "s,##SIGNED##,${BOOTLOADER_SIGNED_STRING},") + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + fi + else + # Non-signed bootloader + curated_artifact=$(echo "${artifact}" | sed 's,##SIGNED##,,') + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${curated_artifact}" + fi + else + CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS} ${artifact}" + fi + done + export CURATED_BOOTABLE_ARTIFACTS="${CURATED_BOOTABLE_ARTIFACTS}" +} + generate_installer_zip () { # Get list of files to pack INSTALLER_FILELIST="${DEPLOY_DIR_IMAGE}/install_linux_fw_sd.scr \ @@ -53,7 +97,10 @@ generate_installer_zip () { INSTALLER_FILELIST="${INSTALLER_FILELIST} ${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.${ext}" fi done - for artifact in ${BOOTABLE_ARTIFACTS}; do + + # Add bootable artifacts to installer + curate_bootloader_artifacts + for artifact in ${CURATED_BOOTABLE_ARTIFACTS}; do if readlink -e "${DEPLOY_DIR_IMAGE}/${artifact}" >/dev/null; then INSTALLER_FILELIST="${INSTALLER_FILELIST} ${DEPLOY_DIR_IMAGE}/${artifact}" fi diff --git a/meta-digi-dey/conf/distro/dey.conf b/meta-digi-dey/conf/distro/dey.conf index 5e21cf0ef..fd7399dee 100644 --- a/meta-digi-dey/conf/distro/dey.conf +++ b/meta-digi-dey/conf/distro/dey.conf @@ -4,7 +4,7 @@ require conf/distro/poky.conf YOCTO_MAJOR = "5" YOCTO_MINOR = "0" DEY_RELEASE = "2" -DEY_BUILD = "1" +DEY_BUILD = "2" # Firmware version of the system. DEY_FIRMWARE_VERSION ?= "${YOCTO_MAJOR}.${YOCTO_MINOR}.${DEY_RELEASE}.${DEY_BUILD}" diff --git a/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/application-resources.bbappend b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/application-resources.bbappend index bdc044640..0b3f5d21e 100644 --- a/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/application-resources.bbappend +++ b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/application-resources.bbappend @@ -3,7 +3,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI += " \ - file://patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch \ file://patches/0002-setup_camera_main_isp-fix-support-for-web-camera.patch \ file://patches/0003-setup_camera_main_isp-fix-support-for-CSI-DCMIPP-cam.patch \ " diff --git a/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/config-npu.bbappend b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/config-npu.bbappend new file mode 100644 index 000000000..4413c3167 --- /dev/null +++ b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/config-npu.bbappend @@ -0,0 +1,7 @@ +# Copyright (C) 2025, Digi International Inc. + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI += " \ + file://patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch \ +" diff --git a/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/files/patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/files/patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch index 8dea1d258..48984e0c9 100644 --- a/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/files/patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch +++ b/meta-digi-dey/dynamic-layers/x-linux-ai/recipes-samples/resources/files/patches/0001-config_board-fix-support-for-web-camera-with-STM32MP.patch @@ -8,11 +8,11 @@ exclusive to cameras using the DCMIPP peripheral. Signed-off-by: Arturo Buzarra --- - .../files/resources-files/config_board_npu.sh | 29 ++++++++++++++++++- - 1 file changed, 28 insertions(+), 1 deletion(-) + .../files/resources-files/config_board_npu.sh | 31 ++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/resources-files/config_board_npu.sh b/resources-files/config_board_npu.sh -index c89b5ca..38dda50 100644 +index c89b5ca..af95558 100644 --- a/resources-files/config_board_npu.sh +++ b/resources-files/config_board_npu.sh @@ -16,10 +16,28 @@ STM32MP251="stm32mp251" @@ -44,7 +44,7 @@ index c89b5ca..38dda50 100644 echo "Software X-LINUX-AI installed is not compatible with the board, please install X-LINUX-AI CPU version for plateform without hardware accelerator" exit 1 fi -@@ -54,11 +72,20 @@ if [[ "$COMPATIBLE" == *"$STM32MP257"* ]] || [[ "$COMPATIBLE" == *"$STM32MP255"* +@@ -54,11 +72,22 @@ if [[ "$COMPATIBLE" == *"$STM32MP257"* ]] || [[ "$COMPATIBLE" == *"$STM32MP255"* MACHINE=$STM32MP2_NPU DWIDTH=760 DHEIGHT=568 @@ -59,6 +59,8 @@ index c89b5ca..38dda50 100644 + else + # Web camera + OPTIONS="" ++ DWIDTH=640 ++ DHEIGHT=480 + fi + IMAGE_CLASSIFICATION_MODEL="mobilenet/mobilenet_v2_1.0_224_int8_per_tensor$NN_EXT" diff --git a/meta-digi-dey/recipes-core/base-files/base-files/sysctl.conf b/meta-digi-dey/recipes-core/base-files/base-files/sysctl.conf index f2466a457..6f98ffd98 100644 --- a/meta-digi-dey/recipes-core/base-files/base-files/sysctl.conf +++ b/meta-digi-dey/recipes-core/base-files/base-files/sysctl.conf @@ -1,3 +1,2 @@ # Console log-level kernel.printk = 4 4 1 7 - diff --git a/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend b/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend index 6c165d9e9..a8c58b6c5 100644 --- a/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend +++ b/meta-digi-dey/recipes-core/base-files/base-files_3.0.14.bbappend @@ -1,4 +1,4 @@ -# Copyright (C) 2013-2024, Digi International Inc. +# Copyright (C) 2013-2025, Digi International Inc. FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" @@ -7,7 +7,12 @@ SRC_URI:append:dey = " \ " do_install:append:dey() { - install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/ + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${sysconfdir}/sysctl.d + install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.d/console.conf + else + install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/ + fi } pkg_postinst_ontarget:${PN}() { @@ -56,4 +61,4 @@ pkg_postinst_ontarget:${PN}() { inherit ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "remove-pkg-postinst-ontarget", "", d)} -CONFFILES:${PN}:dey += "${sysconfdir}/sysctl.conf" +CONFFILES:${PN}:dey += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', '${sysconfdir}/sysctl.conf', d)}" diff --git a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb index e89ef4ead..100ada29d 100644 --- a/meta-digi-dey/recipes-digi/cccs/cccs_git.bb +++ b/meta-digi-dey/recipes-digi/cccs/cccs_git.bb @@ -22,6 +22,7 @@ SRC_URI = " \ ${CC_GIT_URI};branch=${SRCBRANCH} \ file://cccsd-init \ file://cccsd.service \ + file://cccsd.tab \ file://cccs-gs-demo-init \ file://cccs-gs-demo.service \ " @@ -50,16 +51,21 @@ inherit pkgconfig systemd update-rc.d do_install() { oe_runmake DESTDIR=${D} install + install -d ${D}${sysconfdir}/init.d/ + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then # Install systemd unit files install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/cccsd.service ${D}${systemd_unitdir}/system/ install -m 0644 ${WORKDIR}/cccs-gs-demo.service ${D}${systemd_unitdir}/system/ + + install -m 755 ${WORKDIR}/cccsd-init ${D}${sysconfdir}/cccsd + ln -sf /etc/cccsd ${D}${sysconfdir}/init.d/cccsd + else + install -d ${D}${sysconfdir}/inittab.d/ + install -m 755 ${WORKDIR}/cccsd.tab ${D}${sysconfdir}/inittab.d/cccsd.tab fi - install -d ${D}${sysconfdir}/init.d/ - install -m 755 ${WORKDIR}/cccsd-init ${D}${sysconfdir}/cccsd - ln -sf /etc/cccsd ${D}${sysconfdir}/init.d/cccsd install -m 755 ${WORKDIR}/cccs-gs-demo-init ${D}${sysconfdir}/cccs-gs-demo ln -sf /etc/cccs-gs-demo ${D}${sysconfdir}/init.d/cccs-gs-demo @@ -81,13 +87,6 @@ do_install() { fi } -do_install:append:ccimx6ul() { - if [ -z "${CCCS_CONF_PATH}" ]; then - sed -i "/url = \"edp12.devicecloud.com\"/c\url = \"remotemanager.digi.com\"" ${D}${sysconfdir}/cccs.conf - sed -i "/client_cert_path = \"\/mnt\/data\/drm_cert.pem\"/c\client_cert_path = \"\/etc\/ssl\/certs\/drm_cert.pem\"" ${D}${sysconfdir}/cccs.conf - fi -} - pkg_postinst_ontarget:${PN}-daemon() { # If dualboot is enabled, change the CCCSD download path and set on the fly to yes on the first boot if [ "$(fw_printenv -n dualboot 2>/dev/null)" = "yes" ]; then @@ -100,9 +99,7 @@ REMOVE_POSTINST_RPN = "${PN}-daemon" inherit ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "remove-pkg-postinst-ontarget", \ oe.utils.ifelse(d.getVar("CCCS_CONF_PATH"), "remove-pkg-postinst-ontarget", ""), d)} -INITSCRIPT_PACKAGES = "${PN}-daemon ${PN}-gs-demo" -INITSCRIPT_NAME:${PN}-daemon = "cccsd" -INITSCRIPT_PARAMS:${PN}-daemon = "defaults 19 81" +INITSCRIPT_PACKAGES = "${PN}-gs-demo" INITSCRIPT_NAME:${PN}-gs-demo = "cccs-gs-demo" INITSCRIPT_PARAMS:${PN}-gs-demo = "defaults 81 19" @@ -127,6 +124,7 @@ FILES:${PN}-daemon = " \ ${sysconfdir}/cccsd \ ${sysconfdir}/cccs.conf \ ${sysconfdir}/init.d/cccsd \ + ${sysconfdir}/inittab/cccsd.tab \ " FILES:${PN}-gs-demo = " \ diff --git a/meta-digi-dey/recipes-digi/cccs/files/cccsd.tab b/meta-digi-dey/recipes-digi/cccs/files/cccsd.tab new file mode 100644 index 000000000..db9558e19 --- /dev/null +++ b/meta-digi-dey/recipes-digi/cccs/files/cccsd.tab @@ -0,0 +1 @@ +cccs:2345:respawn:/usr/bin/cccsd -d > /dev/null 2>&1 diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 970026150..54e7df828 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -342,7 +342,7 @@ REPORT_PATH="/tmp/sysinfo-${DEY_VERSION}-${BOARD_SN}-${DATE}" echo "-------------------------------------" echo "" - echo "||*Component*||*Version*" + echo "|||:Component|:Version" DUT_HEADER="SN-${BOARD_SN}, ${MACHINE} ${BOARD_VARIANT} ${BOARD_TYPE}v${BOARD_VERSION}" if [ -n "${BOARD_ID}" ]; then DUT_HEADER="${DUT_HEADER} board_ID=${BOARD_ID}" diff --git a/sdk/build-github.sh b/sdk/build-github.sh index 099d2479c..ea8bb116a 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -157,8 +157,6 @@ done<<-_EOF_ ccimx8mm-dvk dey-image-qt ccimx8mn-dvk dey-image-qt ccimx8x-sbc-pro dey-image-qt - ccimx6qpsbc dey-image-qt - ccimx6sbc dey-image-qt ccimx6ulsbc dey-image-qt ccimx6ulstarter core-image-base ccmp15-dvk dey-image-webkit diff --git a/sdk/build.sh b/sdk/build.sh index 6d7d59fca..73407d508 100755 --- a/sdk/build.sh +++ b/sdk/build.sh @@ -189,7 +189,7 @@ done<<-_EOF_ ccimx6ulstarter core-image-base ccimx6ulsom dey-image-mft-module-min ccimx6ulrftest dey-image-mft-module-rf - ccmp15-dvk dey-image-qt,dey-image-webkit,dey-image-lvgl + ccmp15-dvk dey-image-qt,dey-image-webkit,dey-image-lvgl,dey-image-flutter ccmp13-dvk core-image-base ccmp25-dvk dey-image-qt,dey-image-webkit,dey-image-lvgl,dey-image-flutter ccimx91-dvk core-image-base