From 36d73114598d474e44f8660674fda7d9b7e1dd85 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Fri, 29 Jul 2016 17:08:25 +0200 Subject: [PATCH 1/9] meta-digi-arm: trustfence-cst: fix native recipe and Makefile This package is native only, this patch ensures it can only be built natively and fix the following problems: * Add openssl-native rather than openssl to the dependencies. * Use the $(CC) $(LDFLAGS) and $(CFLAGS) that Yocto provides to avoid a compilation error. Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-cst/trustfence-cst-2.3.2/Makefile | 5 ++--- ...tfence-cst_2.3.2.bb => trustfence-cst-native_2.3.2.bb} | 8 ++++---- 2 files changed, 6 insertions(+), 7 deletions(-) rename meta-digi-arm/recipes-bsp/trustfence-cst/{trustfence-cst_2.3.2.bb => trustfence-cst-native_2.3.2.bb} (93%) diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile index f443ef3d1..ed9df8301 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile @@ -1,7 +1,6 @@ TARGET = linux64/cst LIBS = -lfrontend -lcrypto -CC = gcc -CFLAGS = -g -Wall +CFLAGS += -g -Wall .PHONY: default all clean @@ -18,7 +17,7 @@ LIBS_PATH = linux64/lib .PRECIOUS: $(TARGET) $(OBJECTS) $(TARGET): $(OBJECTS) - $(CC) $(OBJECTS) $(CFLAGS) -L $(LIBS_PATH) $(LIBS) -I $(HEADERS) -o $@ + $(CC) $(OBJECTS) $(CFLAGS) $(LDFLAGS) -L $(LIBS_PATH) $(LIBS) -I $(HEADERS) -o $@ clean: -rm -f *.o $(TARGET) diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb similarity index 93% rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb index eb5fd5f39..ec1d8a6a7 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb @@ -3,9 +3,11 @@ DESCRIPTION = "Provides software code signing support designed for use with i.MX HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL" LICENSE = "CLOSED" -DEPENDS = "openssl" +DEPENDS = "openssl-native" -S= "${WORKDIR}/cst-${PV}" +S = "${WORKDIR}/cst-${PV}" + +inherit native SRC_URI = " \ ${@base_conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \ @@ -32,5 +34,3 @@ do_install () { install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf } - -BBCLASSEXTEND = "native" From 5a8e57da724825ae2c74181b3d339bc5a44a527d Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Fri, 29 Jul 2016 18:42:03 +0200 Subject: [PATCH 2/9] meta-digi-arm: trustfence-cst: use random password for generated PKI trees Signed-off-by: Diaz de Grenu, Jose --- ...-usa-a-random-password-for-the-defau.patch | 29 +++++++++++++++++++ .../trustfence-cst-native_2.3.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch new file mode 100644 index 000000000..6b668d7c3 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch @@ -0,0 +1,29 @@ +From: "Diaz de Grenu, Jose" +Date: Fri, 29 Jul 2016 17:20:28 +0200 +Subject: [PATCH] hab4_pki_tree.sh: usa a random password for the default PKI + generation + +Signed-off-by: Diaz de Grenu, Jose +--- + keys/hab4_pki_tree.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/keys/hab4_pki_tree.sh b/keys/hab4_pki_tree.sh +index b2c6b71b604e..93347521cea1 100644 +--- a/keys/hab4_pki_tree.sh ++++ b/keys/hab4_pki_tree.sh +@@ -95,9 +95,10 @@ fi + # Check that the file "key_pass.txt" is present, if not create it with default user/pwd: + if [ ! -f key_pass.txt ] + then +- echo "test" > key_pass.txt +- echo "test" >> key_pass.txt +- echo "A default file 'key_pass.txt' was created with password = test!" ++ password="$(openssl rand -base64 32)" ++ echo "${password}" > key_pass.txt ++ echo "${password}" >> key_pass.txt ++ echo "A file 'key_pass.txt' was created with a random password!" + fi + + # The following is required otherwise OpenSSL complains + diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb index ec1d8a6a7..765d5fb0e 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb @@ -14,6 +14,7 @@ SRC_URI = " \ file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \ file://0002-hab4_pki_tree.sh-automate-script.patch \ file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \ + file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \ file://Makefile \ " From 9e5ee618511a4ff8aa4bdf7d046fb58ea85fca14 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 26 Jul 2016 11:44:04 +0200 Subject: [PATCH 3/9] meta-digi: use CAAM for environment encryption https://jira.digi.com/browse/DUB-652 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb | 5 ----- meta-digi-dey/classes/trustfence.bbclass | 9 +++------ 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index 1abe6a6ea..3d84de6b0 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -37,11 +37,6 @@ UBOOT_EXTRA_CONF ?= "" python __anonymous() { if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in ["0", None]) and (d.getVar("TRUSTFENCE_SIGN", True) != "1"): bb.fatal("Only signed U-Boot images can be encrypted. Generate signed images (TRUSTFENCE_SIGN=1) or remove encryption (TRUSTFENCE_DEK_PATH = 0)") - if (d.getVar("TRUSTFENCE_UBOOT_ENV_DEK", True) not in [None, "0"]): - if (d.getVar("TRUSTFENCE_DEK_PATH", True) in [None, "0"]): - bb.warn("It is strongly recommended to encrypt the U-Boot image when using environment encryption. Consider removing TRUSTFENCE_DEK_PATH = 0") - if (len(d.getVar("TRUSTFENCE_UBOOT_ENV_DEK", True)) != 32): - bb.fatal("Invalid TRUSTFENCE_UBOOT_ENV_DEK length. Define a string formed by 32 hexadecimal characters") } do_compile () { diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 6530f01ef..76829cd2c 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -22,7 +22,7 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "1" TRUSTFENCE_SIGN ?= "1" TRUSTFENCE_SIGN_KEYS_PATH ?= "default" TRUSTFENCE_DEK_PATH ?= "default" -TRUSTFENCE_UBOOT_ENV_DEK ?= "gen_random" +TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1" # Trustfence initramfs image recipe TRUSTFENCE_INITRAMFS_IMAGE ?= "dey-image-trustfence-initramfs" @@ -46,9 +46,6 @@ python () { d.appendVar("UBOOT_EXTRA_CONF", " CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE")) # Secure boot configuration - if (d.getVar("TRUSTFENCE_UBOOT_ENV_DEK") == "gen_random"): - d.setVar("TRUSTFENCE_UBOOT_ENV_DEK", str(binascii.hexlify(os.urandom(16)).decode())) - if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"): d.setVar("TRUSTFENCE_SIGN_KEYS_PATH", d.getVar("TOPDIR") + "/trustfence"); @@ -63,6 +60,6 @@ python () { d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX")) if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in [None, "0"]): d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_DEK_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_DEK_PATH")) - if (d.getVar("TRUSTFENCE_UBOOT_ENV_DEK", True) not in [None, "0"]): - d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_KEY=\\"%s\\"' % d.getVar("TRUSTFENCE_UBOOT_ENV_DEK")) + if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"): + d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y') } From dcd13093d2a8577dc91c72af8185ca1fea14b265 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Tue, 2 Aug 2016 13:52:49 +0200 Subject: [PATCH 4/9] meta-digi-dey: dey-trustfence: Force to repackage on console state change. https://jira.digi.com/browse/DEL-2852 Signed-off-by: Alex Gonzalez --- .../recipes-digi/packagegroups/packagegroup-dey-trustfence.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-trustfence.bb b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-trustfence.bb index cab5f931e..ff85f755e 100644 --- a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-trustfence.bb +++ b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-trustfence.bb @@ -10,3 +10,4 @@ inherit packagegroup RDEPENDS_${PN} = "\ ${@base_conditional('TRUSTFENCE_CONSOLE_DISABLE', '1', 'auto-serial-console', '', d)} \ " +do_package[vardeps] += "TRUSTFENCE_CONSOLE_DISABLE" From 106efc497046a9673ce3a2e7234b7d5b2bd1b09f Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Wed, 3 Aug 2016 09:15:51 +0200 Subject: [PATCH 5/9] meta-digi-arm: linux-dey: Add TrustFence dependencies on Linux kernel. When changing any of the secure boot configurable macros the Linux kernel should be re-deployed so that it can be signed/encrypted as needed. https://jira.digi.com/browse/DEL-2750 Signed-off-by: Alex Gonzalez --- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index 19c71f113..a7717b203 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -44,6 +44,8 @@ do_deploy_append() { (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) } +do_deploy[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX TRUSTFENCE_DEK_PATH" + FILES_kernel-image += "/boot/config-${KERNEL_VERSION}" # Don't include kernels in standard images From 0588b4b388cabcf10973acba2468b7b0129a483e Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Wed, 3 Aug 2016 13:15:02 +0200 Subject: [PATCH 6/9] meta-digi-dey: trustfence: Do not disable console access by default. While performing usability testing on the TrustFence documentation, it has been noted that in order to follow the secure boot instructions the console needs to be enabled. We have now moved the secure console section to the end of the documentation so that disabling the console is the last configuration to make in a secure system. Signed-off-by: Alex Gonzalez --- meta-digi-dey/classes/trustfence.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 76829cd2c..c933e34ed 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -10,7 +10,7 @@ # # Default secure console configuration -TRUSTFENCE_CONSOLE_DISABLE ?= "1" +TRUSTFENCE_CONSOLE_DISABLE ?= "0" # Uncomment to enable the console with the specified passphrase #TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "my_secure_passphrase" From a2bb75a602346c20b8c834f3b729bf0a958d1d60 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Mon, 1 Aug 2016 13:42:30 +0200 Subject: [PATCH 7/9] README: Merge Release Notes and Changelog in a single document. The README.md file is rendered by github using github's markdown syntax: https://help.github.com/articles/basic-writing-and-formatting-syntax/ https://jira.digi.com/browse/DEL-2854 Signed-off-by: Alex Gonzalez --- ChangeLog | 19 ------- README | 7 --- README.md | 127 ++++++++++++++++++++++++++++++++++++++++++++++ Release_Notes.txt | 87 ------------------------------- 4 files changed, 127 insertions(+), 113 deletions(-) delete mode 100644 ChangeLog delete mode 100644 README create mode 100644 README.md delete mode 100644 Release_Notes.txt diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index ac6a16f1c..000000000 --- a/ChangeLog +++ /dev/null @@ -1,19 +0,0 @@ - Digi Embedded Yocto (DEY) 2.0 - Release Changelog - - (c) 2016, Digi International - http://www.digiembedded.com/ - - -Version Release date (YYYY-MM-DD) -------------------------------------------------------------------------------- -2.0-r1 2016-02-15 - - * U-Boot 2015.04 for the ConnectCore 6 System-On-Module and SBC. - * Linux kernel v3.14.57 for the ConnectCore 6 System-On-Module and SBC. - * Release based on Yocto 2.0 (Jethro) for ConnectCore 6 SBC including: - - Bluez5 - - QT5 (over X11 and Framebuffer graphical systems) - - New toolchain based on GCC-5.2 and GLIBC-2.22 - - Cellular support - - Package upgrades and security fixes diff --git a/README b/README deleted file mode 100644 index d4808feab..000000000 --- a/README +++ /dev/null @@ -1,7 +0,0 @@ -meta-digi -========= - -This is the location for Digi maintained layers. - -Please see the README files contained in the individual layers for -specific information. diff --git a/README.md b/README.md new file mode 100644 index 000000000..0ac39f12f --- /dev/null +++ b/README.md @@ -0,0 +1,127 @@ +# Digi Embedded Yocto (DEY) 2.0 +## Release 2.0-master + +This document provides information about Digi Embedded Yocto, +Digi International's professional embedded Yocto development environment. + +Digi Embedded Yocto 2.0 is based on the 2.0 (Jethro) Yocto release. + +# Supported Platforms + +The current release supports the following hardware platforms: + +* Digi ConnectCore 6 + * [Digi P/N CC-WMX-J97C-TN](http://www.digi.com/products/models/cc-wmx-j97c-tn) + * [Digi P/N CC-WMX-L96C-TE](http://www.digi.com/products/models/cc-wmx-l96c-te) + * [Digi P/N CC-WMX-L87C-TE](http://www.digi.com/products/models/cc-wmx-l87c-te) + * [Digi P/N CC-MX-L76C-Z1](http://www.digi.com/products/models/cc-mx-l76c-z1) + * [Digi P/N CC-MX-L86C-Z1](http://www.digi.com/products/models/cc-mx-l86c-z1) + * [Digi P/N CC-MX-L96C-Z1](http://www.digi.com/products/models/cc-mx-l96c-z1) + * [Digi P/N CC-WMX-L76C-TE](http://www.digi.com/products/models/cc-wmx-l76c-te) + * Digi P/N CC-WMX-K87C-FJA + * Digi P/N CC-WMX-K77C-TE + * Digi P/N CC-WMX-L97D-TN + * Digi P/N CC-WMX-J98C-FJA + * Digi P/N CC-WMX-J98C-FJA-1 + +Software for the following hardware platforms is in beta support: + +* Digi ConnectCore 6UL + * [Digi P/N CC-WMX-JN58-NE](http://www.digi.com/products/models/cc-wmx-jn58-ne) + * [Digi P/N CC-MX-JN58-Z1](http://www.digi.com/products/models/cc-mx-jn58-z1) +* Digi ConnectCore 6UL Starter Kit + * [Digi P/N CC-WMX6UL-START](http://www.digi.com/products/models/cc-wmx6ul-start) ([Get Started](https://www.digi.com/resources/documentation/digidocs/90001514/default.htm#concept/yocto/c_get_started_with_yocto.htm)) + +* Digi ConnectCore 6 Development Kit + * [Digi P/N CC-WMX6-KIT](http://www.digi.com/products/models/cc-wmx6-kit) ([Get Started](http://www.digi.com/resources/documentation/digidocs/90001945-13/default.htm#concept/yocto/c_get_started_with_yocto.htm%3FTocPath%3DDigi%2520Embedded%2520Yocto%7CGet%2520started%7C_____0)) + +* Digi ConnectCore 6 SBC + * [Digi P/N CC-SB-WMX-J97C-1](http://www.digi.com/products/models/cc-sb-wmx-j97c-1) + * Digi P/N CC-SB-WMX-L87C-1 + * Digi P/N CC-SB-WMX-L76C-1 + +Previous versions of Digi Embedded Yocto include support for additional Digi +hardware. + +# Documentation + +Documentation is available online on the Digi documentation site: + +* [Digi ConnectCore 6UL](http://www.digi.com/resources/documentation/Digidocs/90001514/default.htm) +* [Digi ConnectCore 6](http://www.digi.com/resources/documentation/Digidocs/90001945-13/default.htm) + +# Downloads + +* [Demo images](TBC) +* [Software Development Kit (SDK)](TBC) + +# Release Changelog + +## 2.0-r4 + +## 2.0-r3 + +* Support for the new Digi ConnectCore 6UL System-On-Module and Starter Kit + * U-Boot 2015.04 + * Linux kernel v4.1.28 +* Support for TrustFence security enhancements + * Secure console + * Secure boot + * Secure JTAG + * Encrypted root filesystem + * True Random Number Generator + +## 2.0-r2 + +* Release based on Yocto 2.0 (Jethro) for ConnectCore 6 SBC including: + * Update support for new PMIC hardware revision + * Minor bug fixes + +## 2.0-r1 + +* U-Boot 2015.04 for the Digi ConnectCore 6 System-On-Module and SBC +* Linux kernel v3.14.57 for the Digi ConnectCore 6 System-On-Module and SBC +* Release based on Yocto 2.0 (Jethro) for Digi ConnectCore 6 SBC including: + * Bluez5 + * QT5 (over X11 and Framebuffer graphical systems) + * New toolchain based on GCC-5.2 and GLIBC-2.22 + * Cellular support + * Package upgrades and security fixes + +# Known Issues and Limitations + +## Digi ConnectCore 6UL + +## Digi ConnectCore 6UL Starter Kit + +## Digi ConnectCore 6 + +* NXP i.MX6 processor has a documented errata (ERR004512) whereby the maximum +performance of the Gigabit FEC is limited to 400Mbps (total for Tx and Rx) +* When using softAP mode on Band A on the Qualcomm AR6233, channels used for +Dynamic Frequency Selection (DFS) are not supported +* The Qualcomm AR6233 firmware does not support the following configuration +modes: + * Concurrent modes involving P2P mode, such as P2P + softAP or P2P + STA + * Bluetooth + softAP + STA concurrent mode +* A maximum of five clients are supported when using Qualcomm's AR6233 in +softAP mode +* A maximum of ten connected devices are supported when using Qualcomm's AR6233 +Bluetooth Low Energy mode +* When using TrustFence encrypted images secure boot support, the CAAM will +hang the processor when trying to authenticate an encrypted kernel image after +a failed attempt. Hence the target needs to be reset after an authentication +failure. + +## Digi ConnectCore 6 SBC + +* The Micrel PHY KSZ9031 may take between five and six seconds to +auto-negotiate with Gigabit switches + +# Support Contact Information + +For support questions please contact Digi Technical Support: + +* [Enterprise Support](https://mydigi.secure.force.com/customers/) +* [Product Technical Support](http://www.digi.com/support/product-support) +* [Support forum](http://www.digi.com/support/forum/) diff --git a/Release_Notes.txt b/Release_Notes.txt deleted file mode 100644 index 9d5f7bba0..000000000 --- a/Release_Notes.txt +++ /dev/null @@ -1,87 +0,0 @@ - - Digi Embedded Yocto (DEY) 2.0 - Release Notes - Build 2.0-r1.2 - - (c) 2016, Digi International - http://www.digiembedded.com/ - February, 2016 - - -Introduction ---------------------------------------------------------------------------- - This document provides information about Digi Embedded Yocto 2.0 (DEY-2.0), - Digi International's professional embedded Yocto development environment. - - Digi Embedded Yocto 2.0 is based on the 2.0 (Jethro) Yocto release. - - -Contents -------------------------------------------------------------------------- - This document contains the following sections: - - 1. Supported Platforms - 2. Supported System-On-Module variants - 3. Documentation - 4. Known Issues - 5. Support Contact Information - - -1. Supported Platforms -------------------------------------------------------------------------- - - The current Digi Embedded Yocto 2.0 release fully supports the following - hardware platforms: - - * ConnectCore 6 SBC (Digi P/N CC-SB-WMX-J97C) - - The following hardware platform remains in beta software support: - - * ConnectCore 6 SBC (Digi P/N CC-SB-WMX-J97C-1) - - Previous versions of Digi Embedded Yocto include support for additional Digi - hardware. - - The additional hardware supported by DEY-1.6 is the following: - - * ConnectCard for i.MX28 JumpStart Kit (Digi P/N CC-WMX28-LX) - - The additional hardware supported by DEY-1.4 is the following: - - * ConnectCore for MX51 (Digi P/N CC-(W)MX51-LX) - * ConnectCore for MX53 (Digi P/N CC-(W)MX53-LX) - - -2. Supported System-On-Module variants -------------------------------------------------------------------------- - - Digi's system-on-modules can be ordered in different hardware variants, for - example with different memory configurations. For a list of the available - module variants please refer to the Digi embedded products web page. - - -3. Documentation -------------------------------------------------------------------------- - - Digi Embedded Yocto documentation is available from the Digi online - documentation system. - - -4. Known Issues -------------------------------------------------------------------------- - - Refer to the Digi online documentation. - - -5. Support Contact Information -------------------------------------------------------------------------- - For support questions please contact the Digi technical support experts: - - Digi Technical Support - - Web based Support: http://www.digi.com/support/eservice/login.jsp - Support Web site: http://www.digi.com/support/index.jsp - Support forum: http://www.digi.com/support/forum/ - - -Have fun! From 4070d9efaef9cfc627d121b79ea606ef2ed7f97a Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 3 Aug 2016 18:55:41 +0200 Subject: [PATCH 8/9] meta-digi: meta-digi-arm: u-boot: copy the new artifact u-boot-usb-signed https://jira.digi.com/browse/DEL-2843 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index 3d84de6b0..14e0058c0 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -74,6 +74,7 @@ do_compile () { if [ "${TRUSTFENCE_SIGN}" = "1" ] then cp ${S}/build_${config}/u-boot-signed.imx ${S}/build_${config}/u-boot-signed-${type}.${UBOOT_SUFFIX} + cp ${S}/build_${config}/u-boot-usb-signed.imx ${S}/build_${config}/u-boot-usb-signed-${type}.${UBOOT_SUFFIX} if [ "${TRUSTFENCE_DEK_PATH}" != "0" ] then cp ${S}/build_${config}/u-boot-encrypted.imx ${S}/build_${config}/u-boot-encrypted-${type}.${UBOOT_SUFFIX} @@ -125,6 +126,9 @@ do_deploy_append() { install ${S}/build_${config}/u-boot-signed-${type}.${UBOOT_SUFFIX} u-boot-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ln -sf u-boot-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-signed-${type}.${UBOOT_SUFFIX} + install ${S}/build_${config}/u-boot-usb-signed-${type}.${UBOOT_SUFFIX} u-boot-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} + ln -sf u-boot-usb-signed-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-usb-signed-${type}.${UBOOT_SUFFIX} + if [ "${TRUSTFENCE_DEK_PATH}" != "0" ] then install ${S}/build_${config}/u-boot-encrypted-${type}.${UBOOT_SUFFIX} u-boot-encrypted-${type}-${PV}-${PR}.${UBOOT_SUFFIX} From 454fff56ba42c72697b84c8d297804b0eb886a25 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 3 Aug 2016 18:56:32 +0200 Subject: [PATCH 9/9] meta-digi-dey: trustfence: disable encryption for the ConnectCore 6UL Encryption of U-Boot and kernel images is not yet supported in the Connect Core 6 UL. Signed-off-by: Diaz de Grenu, Jose --- meta-digi-dey/classes/trustfence.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index c933e34ed..b174655e3 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -22,6 +22,7 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0" TRUSTFENCE_SIGN ?= "1" TRUSTFENCE_SIGN_KEYS_PATH ?= "default" TRUSTFENCE_DEK_PATH ?= "default" +TRUSTFENCE_DEK_PATH_ccimx6ul = "0" TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1" # Trustfence initramfs image recipe