diff --git a/README.md b/README.md index b6ca14a5f..7a5d471a4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Digi Embedded Yocto (DEY) 2.0 -## Release 2.0-r3 +## Release 2.0-r4 This document provides information about Digi Embedded Yocto, Digi International's professional embedded Yocto development environment. @@ -59,6 +59,10 @@ Documentation is available online on the Digi documentation site: # Release Changelog +## 2.0-r4 + +* TBC + ## 2.0-r3 * Support for the new Digi ConnectCore 6UL System-On-Module and Starter Kit @@ -93,8 +97,12 @@ Documentation is available online on the Digi documentation site: This is a list of known issues and limitations at the time of release. An updated list can be found on the online documentation. -* When using the TrustFence (TM) U-Boot environment encryption, access to the -U-Boot environment from the Linux OS is not supported. +* When using TrustFence (TM) encrypted images secure boot support, the CAAM +will hang the processor when trying to authenticate an encrypted firmware image +after a failed attempt. Hence the target needs to be reset after an +authentication failure. +* If TrustFence (TM) image encryption support is enabled, the uSD image will +boot a signed U-Boot only. ## Digi ConnectCore 6UL @@ -121,21 +129,12 @@ modes: softAP mode * A maximum of ten connected devices are supported when using Qualcomm's AR6233 Bluetooth Low Energy mode -* NXP i.MX6 processor does not set the sticky bit which write protects the -SRK_REVOKE eFuse on closed devices. This means that in the ConnectCore 6, -key revocation is always possible, no matter the value of the Yocto macro -TRUSTFENCE_UNLOCK_KEY_REVOCATION. -* When using TrustFence (TM) encrypted images secure boot support, the CAAM -will hang the processor when trying to authenticate an encrypted kernel image -after a failed attempt. Hence the target needs to be reset after an -authentication failure. +* The MIPI and CSI1 camera connectors cannot be used simultaneously. ## Digi ConnectCore 6 SBC * The Micrel PHY KSZ9031 may take between five and six seconds to auto-negotiate with Gigabit switches -* Secure uSD booting only supports booting signed images. A uSD image is not -generated if TrustFence (TM) image encryption support is enabled. # Support Contact Information diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 9588d2d86..03dfd64e7 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -29,8 +29,8 @@ IMAGE_CMD_boot.vfat() { # Add Trustfence initramfs if enabled if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then - BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot)" - BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot" + BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf)" + BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf" fi # Size of kernel and device tree + 10% extra space (in bytes) @@ -75,6 +75,7 @@ IMAGE_DEPENDS_boot.ubifs = " \ mtd-utils-native:do_populate_sysroot \ u-boot:do_deploy \ virtual/kernel:do_deploy \ + ${@TRUSTFENCE_BOOTIMAGE_DEPENDS(d)} \ " IMAGE_CMD_boot.ubifs() { @@ -90,6 +91,11 @@ IMAGE_CMD_boot.ubifs() { done fi + # Add Trustfence initramfs if enabled + if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then + BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf" + fi + # Create temporary folder TMP_BOOTDIR="$(mktemp -d ${DEPLOY_DIR_IMAGE}/boot.XXXXXX)" @@ -130,6 +136,27 @@ IMAGE_CMD_rootfs.initramfs() { } IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz" +IMAGE_CMD_cpio.gz.u-boot.tf() { + # + # Image generation code for image type 'cpio.gz.u-boot.tf' + # (signed/encrypted ramdisk) + # + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + # Set environment variables for trustfence configuration + export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" + [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" + [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" + + # Sign/encrypt the ramdisk + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf" + else + # Rename image + mv "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf" + fi +} + +IMAGE_TYPEDEP_cpio.gz.u-boot.tf = "cpio.gz.u-boot" + # Set alignment to 4MB [in KiB] IMAGE_ROOTFS_ALIGNMENT = "4096" diff --git a/meta-digi-arm/conf/machine/ccardimx28js.conf b/meta-digi-arm/conf/machine/ccardimx28js.conf index 85bda517c..7f7582489 100644 --- a/meta-digi-arm/conf/machine/ccardimx28js.conf +++ b/meta-digi-arm/conf/machine/ccardimx28js.conf @@ -1,6 +1,6 @@ #@TYPE: Machine #@NAME: ConnectCore for MX28 JumpStart Kit. -#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK. +#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK. include conf/machine/include/ccardimx28.inc diff --git a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf new file mode 100644 index 000000000..cefca191a --- /dev/null +++ b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf @@ -0,0 +1,30 @@ +#@TYPE: Machine +#@NAME: SBC for ConnectCore for i.MX6UL +#@DESCRIPTION: Machine configuration for Digi's ConnectCore 6UL SBC. + +# Include the machine configuration for Digi's ConnectCore 6UL. +include conf/machine/include/ccimx6ul.inc + +# U-Boot configurations +# Last one is the default (the one the symlinks point at) +UBOOT_CONFIG ??= "ccimx6ulsbc" +UBOOT_CONFIG[ccimx6ulsbc] = "ccimx6ulsbc_defconfig" + +KERNEL_DEVICETREE ?= " \ + imx6ul-ccimx6ulsbc.dtb \ + imx6ul-ccimx6ulsbc-wb.dtb \ + imx6ul-ccimx6ulsbc-id135.dtb \ +" + +SERIAL_CONSOLES = "115200;ttymxc4" + +MACHINE_FEATURES += "second-eth" + +# Bluetooth tty +BT_TTY ?= "ttymxc0" + +# U-Boot script to be copied to the boot image +BOOT_SCRIPTS = "boot.scr:boot.scr" + +# Flash image types +IMAGE_FSTYPES ?= "tar.bz2 ubifs boot.ubifs" diff --git a/meta-digi-arm/conf/machine/include/ccardimx28.inc b/meta-digi-arm/conf/machine/include/ccardimx28.inc index e9a6af2fe..115fb2a86 100644 --- a/meta-digi-arm/conf/machine/include/ccardimx28.inc +++ b/meta-digi-arm/conf/machine/include/ccardimx28.inc @@ -40,8 +40,8 @@ MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" # web1 Y Y Y Y # Per-variant machine features -MACHINE_FEATURES_append_e = " ext-eth" +MACHINE_FEATURES_append_e = " second-eth" MACHINE_FEATURES_append_w = " wifi" MACHINE_FEATURES_append_wb = " wifi bluetooth" -MACHINE_FEATURES_append_web = " wifi ext-eth bluetooth" -MACHINE_FEATURES_append_web1 = " wifi ext-eth bluetooth 1-wire" +MACHINE_FEATURES_append_web = " wifi second-eth bluetooth" +MACHINE_FEATURES_append_web1 = " wifi second-eth bluetooth 1-wire" diff --git a/meta-digi-arm/conf/machine/include/ccimx6.inc b/meta-digi-arm/conf/machine/include/ccimx6.inc index 2d73b7725..b0d4e2a7c 100644 --- a/meta-digi-arm/conf/machine/include/ccimx6.inc +++ b/meta-digi-arm/conf/machine/include/ccimx6.inc @@ -27,7 +27,7 @@ MACHINE_EXTRA_RDEPENDS += " \ e2fsprogs-mke2fs \ e2fsprogs-resize2fs \ parted \ - ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \ + u-boot-fw-utils \ " MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module rng-tools" diff --git a/meta-digi-arm/conf/machine/include/ccimx6ul.inc b/meta-digi-arm/conf/machine/include/ccimx6ul.inc index 1b4302fe7..e8aa9ce89 100644 --- a/meta-digi-arm/conf/machine/include/ccimx6ul.inc +++ b/meta-digi-arm/conf/machine/include/ccimx6ul.inc @@ -22,7 +22,7 @@ MACHINE_FIRMWARE ?= "" MACHINE_EXTRA_RDEPENDS += " \ imx-kobs \ mtd-utils-ubifs \ - ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \ + u-boot-fw-utils \ " MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module" diff --git a/meta-digi-arm/conf/machine/include/digi-defaults.inc b/meta-digi-arm/conf/machine/include/digi-defaults.inc index fd77702be..5fbfd1764 100644 --- a/meta-digi-arm/conf/machine/include/digi-defaults.inc +++ b/meta-digi-arm/conf/machine/include/digi-defaults.inc @@ -16,12 +16,12 @@ PREFERRED_PROVIDER_virtual/xserver = "xserver-xorg" # # Help variables used in recipes -HAVE_WIFI = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}" -HAVE_EXT_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'ext-eth', '1', '', d)}" -HAVE_BT = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}" -HAVE_1WIRE = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}" -HAVE_GUI = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}" -HAVE_EXAMPLE = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}" +HAVE_WIFI = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}" +HAVE_SECOND_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'second-eth', '1', '', d)}" +HAVE_BT = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}" +HAVE_1WIRE = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}" +HAVE_GUI = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}" +HAVE_EXAMPLE = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}" # # Ethernet configuration used in recipes diff --git a/meta-digi-arm/conf/machine/include/imx-digi-base.inc b/meta-digi-arm/conf/machine/include/imx-digi-base.inc index ffc4f2104..883273e87 100644 --- a/meta-digi-arm/conf/machine/include/imx-digi-base.inc +++ b/meta-digi-arm/conf/machine/include/imx-digi-base.inc @@ -19,11 +19,13 @@ MACHINE_EXTRA_RRECOMMENDS = "kernel-modules" # DEFAULTTUNE_mx6 ?= "cortexa9t-neon" # handled by hardware DEFAULTTUNE_mx6 ?= "cortexa9thf-neon" +DEFAULTTUNE_mx6ul ?= "cortexa7thf-neon" # Sub-architecture support MACHINE_SOCARCH_SUFFIX ?= "" MACHINE_SOCARCH_SUFFIX_mx6q = "-mx6qdl" MACHINE_SOCARCH_SUFFIX_mx6dl = "-mx6qdl" +MACHINE_SOCARCH_SUFFIX_mx6ul = "-mx6ul" MACHINE_ARCH_FILTER = "virtual/kernel imx-vpu" MACHINE_SOCARCH_FILTER_append_mx6 = " libfslcodec libfslvpuwrap libfslparser" @@ -52,23 +54,28 @@ MACHINE_HAS_VIVANTE_KERNEL_DRIVER_SUPPORT ?= "${SOC_HAS_VIVANTE_KERNEL_DRIVER_SU # mx6 GPU libraries PREFERRED_PROVIDER_virtual/egl_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/egl_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/egl_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgles1_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgles1_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgles1_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgles2_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgles2_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgles2_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgl_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgl_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgl_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libg2d_mx6 ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libg2d_mx6ul = "" EXTRA_IMAGEDEPENDS = "u-boot" KERNEL_IMAGETYPE = "uImage" -MACHINE_FEATURES = "apm usbgadget usbhost vfat alsa touchscreen" +MACHINE_FEATURES = "usbgadget usbhost vfat alsa touchscreen" # Add the ability to specify _imx machines MACHINEOVERRIDES =. "imx:" diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin index a46e19861..0f583c713 100644 Binary files a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin and b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin differ diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin old mode 100755 new mode 100644 index 7fe4abdd1..4a3e0f66c Binary files a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin and b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin differ diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini index da41d3e05..fff4052f0 100644 --- a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini +++ b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini @@ -11,7 +11,7 @@ gEnableIdleScan=0 # Increase sleep duration (seconds) during IMPS -# 0 implies no periodic wake up from IMPS. Periodic wakeup is +# 0 implies no periodic wake up from IMPS. Periodic wakeup is # unnecessary if Idle Scan is disabled. gImpsModSleepTime=0 @@ -106,7 +106,7 @@ gNeighborLookupThreshold=76 gNeighborReassocThreshold=81 #Check if the AP to which we are roaming is better than current AP in terms of RSSI. -#Checking is disabled if set to Zero.Otherwise it will use this value as to how better +#Checking is disabled if set to Zero.Otherwise it will use this value as to how better #the RSSI of the new/roamable AP should be for roaming RoamRssiDiff=3 @@ -162,7 +162,7 @@ gApAutoChannelSelection=0 gEnablePhyAgcListenMode=128 -#SOFTAP Channel Range selection +#SOFTAP Channel Range selection gAPChannelSelectStartChannel=1 @@ -241,7 +241,7 @@ gVhtTxMCS2x2=2 gSetTxChainmask1x1=1 gSetRxChainmask1x1=1 -# 1=enable STBC; 0=disable STBC +# 1=enable STBC; 0=disable STBC gEnableRXSTBC=1 # 1=enable tx STBC; 0=disable @@ -250,7 +250,7 @@ gEnableTXSTBC=1 # 1=enable rx LDPC; 0=disable gEnableRXLDPC=1 -#Enable Scan Results Aging based on timer +#Enable Scan Results Aging based on timer #Timer value is in seconds #If Set to 0 it will not enable the feature gScanAgingTime=0 diff --git a/meta-digi-arm/recipes-bsp/formfactor/formfactor/machconfig b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6/machconfig similarity index 100% rename from meta-digi-arm/recipes-bsp/formfactor/formfactor/machconfig rename to meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6/machconfig diff --git a/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig new file mode 100644 index 000000000..12a9134ab --- /dev/null +++ b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig @@ -0,0 +1,4 @@ +# Display options +HAVE_TOUCHSCREEN=1 +HAVE_KEYBOARD=0 +SHOWCURSOR="yes" diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile index ed9df8301..194718797 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile @@ -11,7 +11,7 @@ OBJECTS = code/back_end/src/*.c HEADERS = code/back_end/hdr LIBS_PATH = linux64/lib -%.o: %.c +%.o: %.c $(CC) $(CFLAGS) -c $< -o $@ .PRECIOUS: $(TARGET) $(OBJECTS) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt new file mode 100644 index 000000000..a69bc6c18 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt @@ -0,0 +1,23 @@ +# +# U-Boot bootscript for NAND images created by Yocto. +# + +# +# Set device tree filename depending on the board ID (if defined) +# +if test -n "${board_id}"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc-id${board_id}.dtb +else + # + # Set device tree filename depending on the hardware variant + # + if test "${module_variant}" = "0x02"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc-wb.dtb + elif test "${module_variant}" = "0x03"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc.dtb + else + echo "------ Using default fdt_file: $fdt_file" + fi +fi + +dboot linux nand diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt new file mode 100644 index 000000000..91eedbc14 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt @@ -0,0 +1,106 @@ +# +# U-Boot script for installing Linux images created by Yocto from the micro SD +# card into the NAND +# + +echo "############################################################" +echo "# Linux firmware install from micro SD #" +echo "############################################################" +echo "" +echo " This process will erase your NAND and will install a new" +echo " U-Boot and Linux firmware images on the NAND." +echo "" +echo " Press CTRL+C now if you wish to abort or wait 10 seconds" +echo " to continue." + +sleep 10 +if test $? -eq 1; then + echo "Aborted by user."; + exit; +fi + +setenv INSTALL_MMCDEV 0 +setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6ulsbc.imx +setenv INSTALL_LINUX_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.boot.ubifs +setenv INSTALL_ROOTFS_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.ubifs + +# Check for presence of firmware files on the SD card +for install_f in ${INSTALL_UBOOT_FILENAME} ${INSTALL_LINUX_FILENAME} ${INSTALL_ROOTFS_FILENAME}; do + if test ! -e mmc ${INSTALL_MMCDEV}:1 ${install_f}; then + echo "ERROR: Could not find file ${install_f}"; + install_abort=1; + fi; +done +if test -n "${install_abort}"; then + echo "Aborted."; + exit; +fi + +# Skip user confirmation for U-Boot update +setenv forced_update 1 + +# Set bootdelay to zero so that firmware update is run immediately after +# the first reset. +setenv bootdelay 0 + +# Update U-Boot +echo "" +echo "" +echo ">> Installing U-Boot boot loader (target will reset)" +echo "" +echo "" +update uboot mmc ${INSTALL_MMCDEV} fat ${INSTALL_UBOOT_FILENAME} +if test $? -eq 1; then + echo "[ERROR] Failed to update U-Boot boot loader!"; + echo ""; + echo "Aborted."; + exit; +fi + +# Set 'bootcmd' to the second part of the script that will +# - Reset environment to defaults +# - Save the environment +# - Update the 'linux' partition +# - Update the 'rootfs' partition +# - Reset the system and let it boot +setenv bootcmd " + env default -a; + saveenv; + echo \"\"; + echo \"\"; + echo \">> Installing Linux kernel and device tree files\"; + echo \"\"; + echo \"\"; + update linux mmc ${INSTALL_MMCDEV} fat ${INSTALL_LINUX_FILENAME}; + if test \$? -eq 1; then + echo \"[ERROR] Failed to update linux partition!\"; + echo \"\"; + echo \"Aborted.\"; + exit; + fi; + echo \"\"; + echo \"\"; + echo \">> Installing Linux root file system\"; + echo \"\"; + echo \"\"; + update rootfs mmc ${INSTALL_MMCDEV} fat ${INSTALL_ROOTFS_FILENAME}; + if test \$? -eq 1; then + echo \"[ERROR] Failed to update rootfs partition!\"; + echo \"\"; + echo \"Aborted.\"; + exit; + fi; + saveenv; + echo \"\"; + echo \"#######################\"; + echo \"# Install complete! #\"; + echo \"#######################\"; + echo \"\"; + sleep 1; + echo \">> Restarting the system\"; + sleep 1; + reset; +" + +saveenv +reset diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt index 1729975f2..eaab7a62b 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt @@ -90,6 +90,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; + saveenv; echo \"\"; echo \"#######################\"; echo \"# Install complete! #\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index 2e23c8b91..bf1909201 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -97,10 +97,11 @@ do_compile () { TF_BOOTSCRIPT_SEDFILTER = "" TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}" +TF_BOOTSCRIPT_SEDFILTER_ccimx6ul = "${@tf_bootscript_sedfilter(d)}" def tf_bootscript_sedfilter(d): tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or "" - return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot" % tf_initramfs if tf_initramfs else "" + return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf" % tf_initramfs if tf_initramfs else "" do_deploy_append() { # Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form: @@ -149,6 +150,13 @@ do_deploy_append() { TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)" sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR} mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" + [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" + [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${DEPLOYDIR}/boot-signed.scr" + mv ${DEPLOYDIR}/boot-signed.scr ${DEPLOYDIR}/boot.scr + fi rm -f ${TMP_BOOTSCR} } diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch new file mode 100644 index 000000000..922ca71d6 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch @@ -0,0 +1,301 @@ +From: "Diaz de Grenu, Jose" +Date: Tue, 23 Aug 2016 13:05:05 +0200 +Subject: [PATCH] tools: env: implement support for environment encryption by + CAAM + +https://jira.digi.com/browse/DEL-2836 + +Signed-off-by: Diaz de Grenu, Jose +--- + configs/sandbox_defconfig | 1 + + tools/env/Makefile | 2 +- + tools/env/caam_keyblob.h | 45 +++++++++++++++ + tools/env/fw_env.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 187 insertions(+), 1 deletion(-) + create mode 100644 tools/env/caam_keyblob.h + +diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig +index 598519dbb2fc..81dd4d445c0e 100644 +--- a/configs/sandbox_defconfig ++++ b/configs/sandbox_defconfig +@@ -44,3 +44,4 @@ CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y + CONFIG_UT_ENV=y ++CONFIG_MD5=y +diff --git a/tools/env/Makefile b/tools/env/Makefile +index 40164f7a35fa..de4766ddf8dd 100644 +--- a/tools/env/Makefile ++++ b/tools/env/Makefile +@@ -25,7 +25,7 @@ hostprogs-y := fw_printenv + + fw_printenv-objs := fw_env.o fw_env_main.o \ + crc32.o ctype.o linux_string.o \ +- env_attr.o env_flags.o aes.o ++ env_attr.o env_flags.o aes.o ../../lib/md5.o + + quiet_cmd_crosstools_strip = STRIP $^ + cmd_crosstools_strip = $(STRIP) $^; touch $@ +diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h +new file mode 100644 +index 000000000000..1e33b3f01a05 +--- /dev/null ++++ b/tools/env/caam_keyblob.h +@@ -0,0 +1,45 @@ ++/* ++ * CAAM public-level include definitions for the key blob ++ * ++ * Copyright (C) 2015 Freescale Semiconductor, Inc. ++ */ ++ ++#ifndef CAAM_KEYBLOB_H ++#define CAAM_KEYBLOB_H ++ ++ ++#include ++#include ++ ++struct caam_kb_data { ++ char *rawkey; ++ size_t rawkey_len; ++ char *keyblob; ++ size_t keyblob_len; ++ char *keymod; ++ size_t keymod_len; ++}; ++ ++ ++#define CAAM_KB_MAGIC 'I' ++ ++/** ++ * DOC: CAAM_KB_ENCRYPT - generate a key blob from raw key ++ * ++ * Takes an caam_kb_data struct and returns it with the key blob ++ */ ++#define CAAM_KB_ENCRYPT _IOWR(CAAM_KB_MAGIC, 0, \ ++ struct caam_kb_data) ++ ++/** ++ * DOC: CAAM_KB_DECRYPT - get keys from a key blob ++ * ++ * Takes an caam_kb_data struct and returns it with the raw key. ++ */ ++#define CAAM_KB_DECRYPT _IOWR(CAAM_KB_MAGIC, 1, struct caam_kb_data) ++ ++#ifndef GENMEM_KEYMOD_LEN ++#define GENMEM_KEYMOD_LEN 16 ++#endif ++ ++#endif /* CAAM_KEYBLOB_H */ +\ No newline at end of file +diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c +index daa02a760e37..09f06c874b17 100644 +--- a/tools/env/fw_env.c ++++ b/tools/env/fw_env.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + #include + + #ifdef MTD_OLD +@@ -31,10 +32,19 @@ + # include + #endif + ++#include "caam_keyblob.h" + #include "fw_env.h" + + #include + ++/* ++ * The BLOB includes a random AES-256 key (32 bytes) and a ++ * Message Authentication Code (MAC) (16 bytes) ++ */ ++#define BLOB_OVERHEAD 48 ++#define CAAM_KEY_DEV "/dev/caam_kb" ++ ++#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) + + #define WHITESPACE(c) ((c == '\t') || (c == ' ')) +@@ -109,6 +119,8 @@ static int aes_flag; + static uint8_t aes_key[AES_KEY_LENGTH] = { 0 }; + static int env_aes_cbc_crypt(char *data, const int enc); + ++static int caam_encryption_flag; ++ + static int HaveRedundEnv = 0; + + static unsigned char active_flag = 1; +@@ -236,6 +248,103 @@ static int parse_aes_key(char *key) + return 0; + } + ++static void check_caam_encryption(void) ++{ ++ const char *dt_prop = "/proc/device-tree/digi,uboot-env,encrypted"; ++ ++ if (access(dt_prop, F_OK) != -1) ++ caam_encryption_flag = 1; ++} ++ ++static int env_caam_get_keymod(unsigned char output[16]) ++{ ++ int i; ++ int len; ++ int fd; ++ char buff[32]; ++ uint32_t ocotp_hwid[2]; ++ const char *ocotp_hwid_file[2] = { ++ "/sys/fsl_otp/HW_OCOTP_MAC0", ++ "/sys/fsl_otp/HW_OCOTP_MAC1" ++ }; ++ ++ for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) { ++ fd = open(ocotp_hwid_file[i], O_RDONLY); ++ if (fd < 0) ++ return fd; ++ len = read(fd, buff, sizeof(buff)); ++ if (len < 0) { ++ close(fd); ++ return -1; ++ } ++ /* drop last character (new line) */ ++ buff[len - 1] = '\0'; ++ ocotp_hwid[i] = strtoul(buff, NULL, 0); ++ close(fd); ++ } ++ ++ md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output); ++ ++ return 0; ++} ++ ++static int env_caam_crypt(char *data, const int enc) ++{ ++ struct caam_kb_data enc_data; ++ int fd; ++ int ret = 0; ++ const int len = getenvsize(); ++ int ioctl_mode; ++ char *buffer; ++ unsigned char key_modifier[16]; ++ ++ ret = env_caam_get_keymod(key_modifier); ++ if (ret) ++ return ret; ++ ++ enc_data.keymod = (char *)key_modifier; ++ enc_data.keymod_len = sizeof(key_modifier); ++ ++ enc_data.keyblob_len = len; ++ enc_data.rawkey_len = len - BLOB_OVERHEAD; ++ ++ buffer = malloc(len); ++ if (!buffer) { ++ printf("Could not allocate memory\n"); ++ return -1; ++ } ++ ++ if (enc) { ++ enc_data.rawkey = data; ++ ioctl_mode = CAAM_KB_ENCRYPT; ++ enc_data.keyblob = buffer; ++ } else { ++ enc_data.keyblob = data; ++ ioctl_mode = CAAM_KB_DECRYPT; ++ enc_data.rawkey = buffer; ++ } ++ ++ if ((fd = open(CAAM_KEY_DEV, O_RDWR)) < 0) { ++ ret = fd; ++ goto free; ++ } ++ ++ ret = ioctl(fd, ioctl_mode, &enc_data); ++ if (ret) { ++ printf("CAAM_KEY_DEV ioctl failed: %d\n", ret); ++ goto out; ++ } ++ ++ memcpy(data, buffer, len); ++ ++out: ++ close(fd); ++free: ++ free(buffer); ++ ++ return ret; ++} ++ + /* + * Print the current definition of one, or more, or all + * environment variables +@@ -259,6 +368,8 @@ int fw_printenv (int argc, char *argv[]) + argc -= 2; + } + ++ check_caam_encryption(); ++ + if (fw_env_open()) + return -1; + +@@ -334,6 +445,15 @@ int fw_env_close(void) + } + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(environment.data, 1); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't encrypt env for flash\n"); ++ return ret; ++ } ++ } ++ + /* + * Update CRC + */ +@@ -504,6 +624,8 @@ int fw_setenv(int argc, char *argv[]) + argc -= 2; + } + ++ check_caam_encryption(); ++ + if (argc < 2) { + errno = EINVAL; + return -1; +@@ -1229,6 +1351,15 @@ int fw_env_open(void) + return ret; + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(environment.data, 0); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't decrypt environment\n"); ++ return ret; ++ } ++ } ++ + crc0_ok = (crc0 == *environment.crc); + if (!HaveRedundEnv) { + if (!crc0_ok) { +@@ -1286,6 +1417,15 @@ int fw_env_open(void) + return ret; + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(redundant->data, 0); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't decrypt environment\n"); ++ return ret; ++ } ++ } ++ + crc1_ok = (crc1 == redundant->crc); + flag1 = redundant->flags; + diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch index e283118ee..f1c50aa56 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch @@ -8,10 +8,10 @@ Signed-off-by: Javier Viguera 1 file changed, 33 insertions(+) diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index 698fe5181bc0..d7e61a467e73 100644 +index 09f06c874b17..ae6c69eca0ad 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c -@@ -1097,6 +1097,27 @@ static int flash_read (int fd) +@@ -1218,6 +1218,27 @@ static int flash_read (int fd) return 0; } @@ -39,7 +39,7 @@ index 698fe5181bc0..d7e61a467e73 100644 static int flash_io (int mode) { int fd_current, fd_target, rc, dev_target; -@@ -1129,8 +1150,20 @@ static int flash_io (int mode) +@@ -1250,8 +1271,20 @@ static int flash_io (int mode) fd_target = fd_current; } diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend index 89240d47b..e06cfdfc9 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend @@ -2,7 +2,10 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" -SRC_URI += "file://fw_env.config" +SRC_URI += " \ + file://fw_env.config \ + file://0001-tools-env-implement-support-for-environment-encrypti.patch \ +" SRC_URI_append_ccimx6 = " file://0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch" # We do not have a platform defconfig in this version of u-boot, so just use the generic diff --git a/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend new file mode 100644 index 000000000..febf7cc7a --- /dev/null +++ b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend @@ -0,0 +1,5 @@ +# Copyright (C) 2016 Digi International. + +RDEPENDS_${PN} += " \ + nativesdk-trustfence-sign-tools \ +" diff --git a/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb b/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb new file mode 100644 index 000000000..d3d92684c --- /dev/null +++ b/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Digi International. + +SUMMARY = "MCA firmware management tool" +SECTION = "console/tools" +LICENSE = "CLOSED" + +PKGNAME = "mca_tool" +SRC_URI = "${DIGI_PKG_SRC}/${PKGNAME}-${PV}.tar.gz" + +SRC_URI[md5sum] = "ea869665e49f5c964bfb4ebc08c0f123" +SRC_URI[sha256sum] = "d0fecdeac90b94b4399418a2e64e44f4ac2786abf66aeed8d3dab953e74d1ae4" + +S = "${WORKDIR}/${PKGNAME}-${PV}" + +inherit bin_package + +COMPATIBLE_MACHINE = "(ccimx6ul)" diff --git a/meta-digi-arm/scripts/templates/encrypt_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage similarity index 100% rename from meta-digi-arm/scripts/templates/encrypt_uimage rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage diff --git a/meta-digi-arm/scripts/templates/sign_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage similarity index 99% rename from meta-digi-arm/scripts/templates/sign_uimage rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage index c30420a9f..f3b198be2 100644 --- a/meta-digi-arm/scripts/templates/sign_uimage +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage @@ -11,7 +11,7 @@ File = "%srk_table%" Source index = %key_index% - + [Install CSFK] File = "%cert_csf%" diff --git a/meta-digi-arm/scripts/trustfence-sign-uimage.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh similarity index 60% rename from meta-digi-arm/scripts/trustfence-sign-uimage.sh rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 12beb31b8..c4c5129ee 100755 --- a/meta-digi-arm/scripts/trustfence-sign-uimage.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh #=============================================================================== # # trustfence_sign_uimage.sh @@ -16,23 +16,65 @@ # # The following environment variables define the script behaviour: # CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated. -# CONFIG_UIMAGE_LOADADDR: (mandatory) memory address in which U-Boot loads the uImage # CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0. -# CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate +# CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate # encrypted images # #=============================================================================== -# Negative offset with respect to CONFIG_UIMAGE_LOADADDR in which U-Boot +# Avoid parallel execution of this script +SINGLE_PROCESS_LOCK="/tmp/sign_script.lock.d" +trap 'rm -rf "${SINGLE_PROCESS_LOCK}"' INT TERM EXIT +while ! mkdir "${SINGLE_PROCESS_LOCK}" > /dev/null 2>&1; do + sleep 1 +done + +SCRIPT_NAME="$(basename ${0})" +SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" + +while getopts "bdilp:" c; do + case "${c}" in + b) ARTIFACT_BOOTSCRIPT="y";; + d) ARTIFACT_DTB="y";; + i) ARTIFACT_INITRAMFS="y";; + l) ARTIFACT_KERNEL="y";; + p) PLATFORM="${OPTARG}";; + esac +done +shift "$((OPTIND - 1))" + +usage() { + cat < select platform for the project + -b sign/encrypt bootscript + -d sign/encrypt DTB + -i sign/encrypt initramfs + -l sign/encrypt Linux image + +Supported platforms: ccimx6, ccimx6ul + +EOF +} + +if [ "${#}" != "2" ]; then + usage + exit 1 +fi + +# Negative offset with respect to CONFIG_RAM_START in which U-Boot # copies the DEK blob. DEK_BLOB_OFFSET="0x100" CONFIG_CSF_SIZE="0x4000" UIMAGE_PATH="$(readlink -e ${1})" TARGET="$(readlink -m ${2})" -SCRIPT_BASEDIR="$(cd $(dirname ${0}) && pwd)" -# Check arguments +# Read user configuration file (if used) +[ -f .config ] && . ./.config + if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then echo "Undefined CONFIG_SIGN_KEYS_PATH"; exit 1 @@ -43,8 +85,8 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then if [ ! -f "${CONFIG_DEK_PATH}" ]; then echo "DEK not found. Generating random 256 bit DEK." [ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH}) - dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 - fi + dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 >/dev/null 2>&1 + fi dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))" if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then echo "Invalid DEK size: ${dek_size} bits. Valid sizes are 128, 192 and 256 bits" @@ -52,15 +94,35 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then fi ENCRYPT="true" fi -if [ -z "${CONFIG_UIMAGE_LOADADDR}" ]; then - echo "Undefined CONFIG_UIMAGE_LOADADDR" + +if [ "${PLATFORM}" = "ccimx6" ]; then + CONFIG_FDT_LOADADDR="0x18000000" + CONFIG_RAMDISK_LOADADDR="0x19000000" + CONFIG_KERNEL_LOADADDR="0x12000000" +elif [ "${PLATFORM}" = "ccimx6ul" ]; then + CONFIG_FDT_LOADADDR="0x83000000" + CONFIG_RAMDISK_LOADADDR="0x83800000" + CONFIG_KERNEL_LOADADDR="0x80800000" +else + echo "Invalid platform: ${PLATFORM}" + echo "Supported platforms: ccimx6, ccimx6ul" exit 1 fi +[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}" +[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}" +[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" +# bootscripts are loaded to $loadaddr, just like the kernel +[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" + +if [ -z "${CONFIG_RAM_START}" ]; then + echo "Specify the type of image to process (-b, -i, -d, or -l)" + exit 1 +fi + # Default values [ -z "${CONFIG_KEY_INDEX}" ] && CONFIG_KEY_INDEX="0" CONFIG_KEY_INDEX_1="$((CONFIG_KEY_INDEX + 1))" -[ -z "${CONFIG_DEK_SIZE}" ] && CONFIG_DEK_SIZE="128" SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)" CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)" @@ -88,10 +150,8 @@ SRK_TABLE="$(pwd)/SRK_table.bin" # Other constants GAP_FILLER="0x00" -# Compute dek blob size in bytes: -# header (8) + 256-bit AES key (32) + MAC (16) + custom key size in bytes -dek_blob_size="$((8 + 32 + 16 + CONFIG_DEK_SIZE/8))" -dek_blob_offset="$((CONFIG_UIMAGE_LOADADDR - DEK_BLOB_OFFSET))" +# The DEK blob is placed by U-Boot just before the kernel image +dek_blob_offset="$((CONFIG_KERNEL_LOADADDR - DEK_BLOB_OFFSET))" # Compute the layout: sizes and offsets. uimage_size="$(stat -L -c %s ${UIMAGE_PATH})" @@ -101,26 +161,26 @@ auth_len="$((pad_len + 0x20))" sig_len="$((auth_len + CONFIG_CSF_SIZE))" ivt_uimage_start="$((auth_len - 0x20))" -ivt_ram_start="$((CONFIG_UIMAGE_LOADADDR + ivt_uimage_start))" +ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))" ivt_size="0x20" csf_ram_start="$((ivt_ram_start + ivt_size))" -entrypoint_uimage_offset="0x1000" -entrypoint_ram_start="$((CONFIG_UIMAGE_LOADADDR + entrypoint_uimage_offset))" +entrypoint_uimage_offset="0x100" +entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))" entrypoint_size="0x20" header_uimage_offset="0x0" -header_ram_start="${CONFIG_UIMAGE_LOADADDR}" +header_ram_start="${CONFIG_RAM_START}" header_size="0x40" r1_uimage_offset="${header_size}" -r1_ram_start="$((CONFIG_UIMAGE_LOADADDR + r1_uimage_offset))" +r1_ram_start="$((CONFIG_RAM_START + r1_uimage_offset))" r1_size="$((entrypoint_uimage_offset - header_size ))" r2_uimage_offset="$((entrypoint_uimage_offset + entrypoint_size))" -r2_ram_start="$((CONFIG_UIMAGE_LOADADDR + r2_uimage_offset))" +r2_ram_start="$((CONFIG_RAM_START + r2_uimage_offset))" r2_size="$((ivt_uimage_start - (entrypoint_uimage_offset + entrypoint_size)))" # Generate actual CSF descriptor file from template if [ "${ENCRYPT}" = "true" ]; then - sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ + sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \ -e "s,%srk_table%,${SRK_TABLE},g " \ -e "s,%cert_csf%,${CERT_CSF},g" \ -e "s,%cert_img%,${CERT_IMG},g" \ @@ -144,9 +204,9 @@ if [ "${ENCRYPT}" = "true" ]; then -e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \ -e "s,%r2_ram_start%,${r2_ram_start},g" \ -e "s,%r2_size%,${r2_size},g" \ - "${SCRIPT_BASEDIR}/templates/encrypt_uimage" > csf_descriptor + "${SCRIPT_PATH}/csf_templates/encrypt_uimage" > csf_descriptor else - sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ + sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \ -e "s,%srk_table%,${SRK_TABLE},g" \ -e "s,%image_offset%,${uimage_offset},g" \ -e "s,%auth_len%,${auth_len},g" \ @@ -154,7 +214,7 @@ else -e "s,%cert_img%,${CERT_IMG},g" \ -e "s,%uimage_path%,${TARGET},g" \ -e "s,%key_index%,${CONFIG_KEY_INDEX},g" \ - "${SCRIPT_BASEDIR}/templates/sign_uimage" > csf_descriptor + "${SCRIPT_PATH}/csf_templates/sign_uimage" > csf_descriptor fi # Generate SRK tables @@ -170,19 +230,21 @@ objcopy -I binary -O binary --pad-to "${pad_len}" --gap-fill="${GAP_FILLER}" "${ # Generate and attach IVT # Fields: header, jump location, reserved (0), DCD pointer (null) # boot data (null), self pointer, CSF pointer, reserved (0) +PRINTF="$(which printf)" IVT_HEADER="0x402000D1" -printf "0: %.8x" ${IVT_HEADER} | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 > ivt -printf "0: %.8x" "${entrypoint_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" "${ivt_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" "${csf_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -cat ivt >> "${TARGET}" +{ + ${PRINTF} $(${PRINTF} "%08x" ${IVT_HEADER} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${entrypoint_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${ivt_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${csf_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') +} >> "${TARGET}" CURRENT_PATH="$(pwd)" -cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" +cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null if [ $? -ne 0 ]; then echo "[ERROR] Could not generate CSF" exit 1 @@ -191,5 +253,7 @@ fi cat csf.bin >> "${TARGET}" objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}" -echo "Signed uImage at ${TARGET}" -rm -f "${SRK_TABLE}" csf_descriptor csf.bin ivt 2> /dev/null + +[ "${ENCRYPT}" = "true" ] && ENCRYPTED_MSG="and encrypted " +echo "Signed ${ENCRYPTED_MSG}image ready: ${TARGET}" +rm -f "${SRK_TABLE}" csf_descriptor csf.bin 2> /dev/null diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb new file mode 100644 index 000000000..98f8a7a01 --- /dev/null +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb @@ -0,0 +1,35 @@ +SUMMARY = "TrustFence signing and encryption scripts" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRCBRANCH = "v2015.04/master" +SRCBRANCH_ccimx6ul = "v2015.04/master" +SRCREV = "${AUTOREV}" + +S = "${WORKDIR}" + +# Select internal or Github U-Boot repo +UBOOT_GIT_URI = "${@base_conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT}u-boot-denx.git', '${DIGI_GITHUB_GIT}/u-boot.git', d)}" + +SRC_URI = " \ + ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ + file://trustfence-sign-kernel.sh;name=kernel-script \ + file://sign_uimage;name=kernel-sign \ + file://encrypt_uimage;name=kernel-encrypt \ +" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}${bindir}/csf_templates + install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/ + install -m 0755 sign_uimage ${D}${bindir}/csf_templates/ + install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/ + install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh + install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates + install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates +} + +FILES_${PN} = "${bindir}" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb index c59fe3693..17a2bdfbe 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb @@ -32,6 +32,9 @@ SRC_URI = " \ file://0013-Kbuild-do-not-create-an-auxiliar-p2p-on-init.patch \ file://0014-Kbuild-do-not-compile-the-DEBUG-version-inconditiona.patch \ file://0015-Kbuild-Group-most-of-the-relevant-DEBUG-options.patch \ + file://0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch \ + file://0017-Add-.gitignore-rules.patch \ + file://0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch \ " S = "${WORKDIR}/${PV}" diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch new file mode 100644 index 000000000..c5621575e --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch @@ -0,0 +1,28 @@ +From: Isaac Hermida +Date: Fri, 14 Oct 2016 10:28:29 +0200 +Subject: [PATCH] wlan_hdd_cfg80211: fix missing ifdef clause + +Fix the compilation for old kernels by defining a missing "ifdef" clause. + +Signed-off-by: Isaac Hermida +--- + CORE/HDD/inc/wlan_hdd_cfg80211.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h +index a40c55144bc5..95c1ddce7de4 100644 +--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h ++++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h +@@ -992,7 +992,12 @@ backported_cfg80211_vendor_event_alloc(struct wiphy *wiphy, + int approxlen, + int event_idx, gfp_t gfp) + { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0) + return cfg80211_vendor_event_alloc(wiphy, wdev, approxlen, event_idx, gfp); ++#else ++ return cfg80211_vendor_event_alloc(wiphy, approxlen, event_idx, gfp); ++#endif ++ + } + #define cfg80211_vendor_event_alloc backported_cfg80211_vendor_event_alloc + #endif diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch new file mode 100644 index 000000000..f29152d5c --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch @@ -0,0 +1,25 @@ +From: Isaac Hermida +Date: Mon, 17 Oct 2016 10:06:18 +0200 +Subject: [PATCH] Add .gitignore rules + +Signed-off-by: Isaac Hermida +--- + .gitignore | 9 +++++++++ + 1 file changed, 9 insertions(+) + create mode 100644 .gitignore + +diff --git a/.gitignore b/.gitignore +new file mode 100644 +index 000000000000..9886b5284c3f +--- /dev/null ++++ b/.gitignore +@@ -0,0 +1,9 @@ ++*.o ++*.o.cmd ++.tmp_versions ++.* ++Module.symvers ++modules.order ++*.mod.c ++cscope.* ++wlan.ko diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch new file mode 100644 index 000000000..501d36add --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch @@ -0,0 +1,206 @@ +From: Isaac Hermida +Date: Tue, 5 Jul 2016 14:55:15 +0530 +Subject: [PATCH] wlan_hdd_main: initialize all adapter completion variables + +In order to change the p2p device mode, delete and add virtual_iface +followed by change_iface will be invoked. But in this case device mode +is changed by invoking change_iface method without invoking delete and +add virtual_iface functions resulting in kernel panic. + +This is because, in latter case hdd_open_adapter will not be invoked +for the intended device mode. Hence uninitialized completion variables +will be used for further operations. + +To mitigate this issue, Initialize all completion variables of +hdd_adapter_t structure during open adapter irrespective of adapter's +device mode. + +https://jira.digi.com/browse/DEL-3072 +https://jira.digi.com/browse/DEL-3037 + +(cherry-picked from 20ed76a8e436042590aa25acb33a2ba3d6d34250) +Signed-off-by: Isaac Hermida +--- + CORE/HDD/inc/wlan_hdd_main.h | 1 + + CORE/HDD/src/wlan_hdd_hostapd.c | 10 ----- + CORE/HDD/src/wlan_hdd_main.c | 82 ++++++++++++++++++++++++----------------- + 3 files changed, 50 insertions(+), 43 deletions(-) + +diff --git a/CORE/HDD/inc/wlan_hdd_main.h b/CORE/HDD/inc/wlan_hdd_main.h +index f01b7f309dc2..3c5a51a57d6c 100644 +--- a/CORE/HDD/inc/wlan_hdd_main.h ++++ b/CORE/HDD/inc/wlan_hdd_main.h +@@ -1740,4 +1740,5 @@ static inline void wlan_hdd_stop_sap(hdd_adapter_t *ap_adapter) {} + static inline void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter) {} + #endif + bool wlan_hdd_get_fw_state(hdd_adapter_t *adapter); ++void hdd_initialize_adapter_common(hdd_adapter_t *adapter); + #endif // end #if !defined( WLAN_HDD_MAIN_H ) +diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c +index 8a80d26f355a..4bd6b844ac5a 100644 +--- a/CORE/HDD/src/wlan_hdd_hostapd.c ++++ b/CORE/HDD/src/wlan_hdd_hostapd.c +@@ -5389,9 +5389,6 @@ VOS_STATUS hdd_init_ap_mode( hdd_adapter_t *pAdapter ) + return status; + } + +- init_completion(&pAdapter->session_close_comp_var); +- init_completion(&pAdapter->session_open_comp_var); +- + sema_init(&(WLAN_HDD_GET_AP_CTX_PTR(pAdapter))->semWpsPBCOverlapInd, 1); + + // Register as a wireless device +@@ -5494,13 +5491,6 @@ hdd_adapter_t* hdd_wlan_create_ap_dev( hdd_context_t *pHddCtx, tSirMacAddr macAd + pWlanHostapdDev->ieee80211_ptr = &pHostapdAdapter->wdev ; + pHostapdAdapter->wdev.wiphy = pHddCtx->wiphy; + pHostapdAdapter->wdev.netdev = pWlanHostapdDev; +- init_completion(&pHostapdAdapter->tx_action_cnf_event); +- init_completion(&pHostapdAdapter->cancel_rem_on_chan_var); +- init_completion(&pHostapdAdapter->rem_on_chan_ready_event); +- init_completion(&pHostapdAdapter->ula_complete); +- init_completion(&pHostapdAdapter->offchannel_tx_event); +- init_completion(&pHostapdAdapter->scan_info.scan_req_completion_event); +- init_completion(&pHostapdAdapter->scan_info.abortscan_event_var); + vos_event_init(&pHostapdAdapter->scan_info.scan_finished_event); + pHostapdAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP; + +diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c +index a10da2a9b164..b447f0931d52 100755 +--- a/CORE/HDD/src/wlan_hdd_main.c ++++ b/CORE/HDD/src/wlan_hdd_main.c +@@ -8234,7 +8234,6 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac + + if(pWlanDev != NULL) + { +- + //Save the pointer to the net_device in the HDD adapter + pAdapter = (hdd_adapter_t*) netdev_priv( pWlanDev ); + +@@ -8244,43 +8243,11 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac + pAdapter->pHddCtx = pHddCtx; + pAdapter->magic = WLAN_HDD_ADAPTER_MAGIC; + +- init_completion(&pAdapter->session_open_comp_var); +- init_completion(&pAdapter->session_close_comp_var); +- init_completion(&pAdapter->disconnect_comp_var); +- init_completion(&pAdapter->linkup_event_var); +- init_completion(&pAdapter->cancel_rem_on_chan_var); +- init_completion(&pAdapter->rem_on_chan_ready_event); +- init_completion(&pAdapter->offchannel_tx_event); +- init_completion(&pAdapter->tx_action_cnf_event); +-#ifdef FEATURE_WLAN_TDLS +- init_completion(&pAdapter->tdls_add_station_comp); +- init_completion(&pAdapter->tdls_del_station_comp); +- init_completion(&pAdapter->tdls_mgmt_comp); +- init_completion(&pAdapter->tdls_link_establish_req_comp); +-#endif +- +- init_completion(&pHddCtx->mc_sus_event_var); +- init_completion(&pHddCtx->tx_sus_event_var); +- init_completion(&pHddCtx->rx_sus_event_var); +- init_completion(&pHddCtx->ready_to_suspend); +- init_completion(&pAdapter->ula_complete); +- init_completion(&pAdapter->change_country_code); +- +-#ifdef WLAN_FEATURE_EXTWOW_SUPPORT +- init_completion(&pHddCtx->ready_to_extwow); +-#endif +- +-#ifdef FEATURE_WLAN_BATCH_SCAN +- init_completion(&pAdapter->hdd_set_batch_scan_req_var); +- init_completion(&pAdapter->hdd_get_batch_scan_req_var); + pAdapter->pBatchScanRsp = NULL; + pAdapter->numScanList = 0; + pAdapter->batchScanState = eHDD_BATCH_SCAN_STATE_STOPPED; + pAdapter->prev_batch_id = 0; + mutex_init(&pAdapter->hdd_batch_scan_lock); +-#endif +- init_completion(&pAdapter->scan_info.scan_req_completion_event); +- init_completion(&pAdapter->scan_info.abortscan_event_var); + + vos_event_init(&pAdapter->scan_info.scan_finished_event); + pAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP; +@@ -9018,6 +8985,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + pAdapter->wdev.iftype = NL80211_IFTYPE_P2P_CLIENT; + + pAdapter->device_mode = session_type; ++ hdd_initialize_adapter_common(pAdapter); + + status = hdd_init_station_mode( pAdapter ); + if( VOS_STATUS_SUCCESS != status ) +@@ -9089,6 +9057,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + NL80211_IFTYPE_P2P_GO; + pAdapter->device_mode = session_type; + ++ hdd_initialize_adapter_common(pAdapter); + status = hdd_init_ap_mode(pAdapter); + if( VOS_STATUS_SUCCESS != status ) + goto err_free_netdev; +@@ -9163,6 +9132,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + pAdapter->device_mode = session_type; + status = hdd_register_interface( pAdapter, rtnl_held ); + ++ hdd_initialize_adapter_common(pAdapter); + hdd_init_tx_rx( pAdapter ); + + //Stop the Interface TX queue. +@@ -11735,6 +11705,13 @@ int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc) + init_completion(&pHddCtx->full_pwr_comp_var); + init_completion(&pHddCtx->standby_comp_var); + init_completion(&pHddCtx->req_bmps_comp_var); ++ init_completion(&pHddCtx->mc_sus_event_var); ++ init_completion(&pHddCtx->tx_sus_event_var); ++ init_completion(&pHddCtx->rx_sus_event_var); ++ init_completion(&pHddCtx->ready_to_suspend); ++#ifdef WLAN_FEATURE_EXTWOW_SUPPORT ++ init_completion(&pHddCtx->ready_to_extwow); ++#endif + + spin_lock_init(&pHddCtx->schedScan_lock); + +@@ -14494,6 +14471,45 @@ void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter) + } + #endif + ++/** ++ * hdd_initialize_adapter_common() - initialize completion variables ++ * @adapter: pointer to hdd_adapter_t ++ * ++ * Return: none ++ */ ++void hdd_initialize_adapter_common(hdd_adapter_t *adapter) ++{ ++ if (NULL == adapter) { ++ hddLog(VOS_TRACE_LEVEL_ERROR, "%s: adapter is NULL ", __func__); ++ return; ++ } ++ init_completion(&adapter->session_open_comp_var); ++ init_completion(&adapter->session_close_comp_var); ++ init_completion(&adapter->disconnect_comp_var); ++ init_completion(&adapter->linkup_event_var); ++ init_completion(&adapter->cancel_rem_on_chan_var); ++ init_completion(&adapter->rem_on_chan_ready_event); ++ init_completion(&adapter->offchannel_tx_event); ++ init_completion(&adapter->tx_action_cnf_event); ++#ifdef FEATURE_WLAN_TDLS ++ init_completion(&adapter->tdls_add_station_comp); ++ init_completion(&adapter->tdls_del_station_comp); ++ init_completion(&adapter->tdls_mgmt_comp); ++ init_completion(&adapter->tdls_link_establish_req_comp); ++#endif ++ init_completion(&adapter->ula_complete); ++ init_completion(&adapter->change_country_code); ++ init_completion(&adapter->scan_info.scan_req_completion_event); ++ init_completion(&adapter->scan_info.abortscan_event_var); ++ ++#ifdef FEATURE_WLAN_BATCH_SCAN ++ init_completion(&adapter->hdd_set_batch_scan_req_var); ++ init_completion(&adapter->hdd_get_batch_scan_req_var); ++#endif ++ ++ return; ++} ++ + //Register the module init/exit functions + module_init(hdd_module_init); + module_exit(hdd_module_exit); diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig index ed1c6ddd4..682517403 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig @@ -54,6 +54,7 @@ CONFIG_IP_PNP_DHCP=y # CONFIG_INET_XFRM_MODE_BEET is not set # CONFIG_INET_LRO is not set CONFIG_IPV6=y +CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y CONFIG_LLC2=y CONFIG_CAN=y @@ -74,6 +75,10 @@ CONFIG_CFG80211_DEBUGFS=y CONFIG_CFG80211_WEXT=y CONFIG_MAC80211=y CONFIG_MAC80211_DEBUGFS=y +CONFIG_RFKILL=y +CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_REGULATOR=y +CONFIG_RFKILL_GPIO=y CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y # CONFIG_STANDALONE is not set @@ -149,6 +154,7 @@ CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_ADS7846=y +CONFIG_TOUCHSCREEN_FUSION_7_10=y CONFIG_TOUCHSCREEN_IMX6UL_TSC=y CONFIG_INPUT_MISC=y CONFIG_INPUT_MMA8450=y @@ -173,6 +179,7 @@ CONFIG_I2C_IMX=y CONFIG_SPI=y CONFIG_SPI_GPIO=y CONFIG_SPI_IMX=y +CONFIG_SPI_SPIDEV=y CONFIG_GPIO_SYSFS=y CONFIG_GPIO_MCA_CC6UL=y CONFIG_GPIO_MAX732X=y @@ -234,6 +241,10 @@ CONFIG_BACKLIGHT_PWM=y CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y CONFIG_LOGO=y +CONFIG_FB_LOGO_CENTERED=y +# CONFIG_LOGO_LINUX_MONO is not set +# CONFIG_LOGO_LINUX_VGA16 is not set +# CONFIG_LOGO_LINUX_CLUT224 is not set CONFIG_SOUND=y CONFIG_SND=y CONFIG_SND_USB_AUDIO=m diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index a7717b203..fc77b74c0 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" DEPENDS += "lzop-native bc-native" DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}" +DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}" inherit kernel fsl-kernel-localversion @@ -25,22 +26,26 @@ S = "${WORKDIR}/git" # machine, with different entry points KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}" -# In order to sign and encrypt the uImage, we need to know the address -# in which U-Boot loads the uImage. This is CONFIG_LOADADDR in U-Boot -# configuration file. -UBOOT_CONFIG_LOADADDR = "" -UBOOT_CONFIG_LOADADDR_ccimx6 = "0x12000000" -UBOOT_CONFIG_LOADADDR_ccimx6ul = "0x80800000" - do_deploy_append() { if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + # Set environment variables for trustfence configuration export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" - export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - "${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" + + # Sign/encrypt the kernel image + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -l "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" - fi + + # Sign/encrypt the device tree blobs + if [ -n "${KERNEL_DEVICETREE}" ]; then + for DTB_NAME in ${KERNEL_DEVICETREE}; do + DTB="${B}/arch/${ARCH}/boot/dts/${DTB_NAME}" + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -d "${DTB}" "${DTB}-signed" + mv "${DTB}-signed" "${DTB}" + done + fi + fi (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) } diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb index bc82533ed..6d7e0ec69 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb @@ -22,7 +22,7 @@ do_update_dts() { else config_dts disable '_ssp2_mmc_wifi.dtsi' fi - if [ -n "${HAVE_EXT_ETH}" ]; then + if [ -n "${HAVE_SECOND_ETH}" ]; then config_dts enable '_ethernet1.dtsi' else config_dts disable '_ethernet1.dtsi' diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 113ca14ff..5ab4060a7 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -51,7 +51,7 @@ python () { if (d.getVar("TRUSTFENCE_DEK_PATH") == "default"): d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin"); - + if (d.getVar("TRUSTFENCE_SIGN", True) == "1"): d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_SIGN_IMAGE=y ") if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True): @@ -65,6 +65,3 @@ python () { if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"): d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y') } - -# SDCARD image is not supported when encryption is enabled, so disable it in such cases -IMAGE_FSTYPES_remove = "${@'' if d.getVar('TRUSTFENCE_DEK_PATH', True) == '0' else 'sdcard'}" diff --git a/meta-digi-dey/conf/distro/dey.conf b/meta-digi-dey/conf/distro/dey.conf index 83b9a1377..db74c7149 100644 --- a/meta-digi-dey/conf/distro/dey.conf +++ b/meta-digi-dey/conf/distro/dey.conf @@ -1,6 +1,6 @@ DISTRO = "dey" DISTRO_NAME = "Digi Embedded Yocto" -DISTRO_VERSION = "2.0-r3" +DISTRO_VERSION = "2.0-r4" DISTRO_CODENAME = "jethro" SDK_VENDOR = "-deysdk" SDK_VERSION := "${@'${DISTRO_VERSION}'}" @@ -114,9 +114,9 @@ SANITY_TESTED_DISTROS ?= " \ # Default hash policy for distro BB_SIGNATURE_HANDLER ?= 'OEBasicHash' # -# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in +# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in # an incompatible way. Such changes should usually be detailed in the commit -# that breaks the format and have been previously discussed on the mailing list +# that breaks the format and have been previously discussed on the mailing list # with general agreement from the core team. # OELAYOUT_ABI = "11" diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init index 7458716a2..96cf5a697 100755 --- a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init @@ -23,6 +23,7 @@ fi SCRIPTNAME="$(basename "${0}")" LOGFILE="/var/log/bluetoothd.log" +FIRMWARE_FILE="/lib/firmware/qca/nvm_tlv_3.2.bin" bt_init_qca6564() { MOD_VERSION="$(($(cat /proc/device-tree/digi,hwid,hv 2>/dev/null || true)))" @@ -32,8 +33,8 @@ bt_init_qca6564() { BT_EN_L="/sys/class/gpio/gpio${BT_EN_QCA_GPIO_NR}" [ -d "${BT_EN_L}" ] || printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/export printf out > ${BT_EN_L}/direction && sleep .1 - printf 0 > ${BT_EN_L}/value && sleep .1 - printf 1 > ${BT_EN_L}/value && sleep .1 + printf 0 > ${BT_EN_L}/value && sleep .2 + printf 1 > ${BT_EN_L}/value && sleep .2 [ -d "${BT_EN_L}" ] && printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/unexport # Module version older than revision 4 has swapped TX and RX lines @@ -47,7 +48,13 @@ bt_init_qca6564() { [ -d "${BT_CTS_L}" ] && printf "%s" ${BT_CTS_QCA_GPIO_NR} > /sys/class/gpio/unexport # Reduce the rate to avoid the need for HW flow control BT_RATE="115200" + BT_RATE_CODE="00" # 115200 bps BT_FLOW="noflow" + # Check the current FW file rate + if [ "$(hexdump -s 56 -n 1 -ve '1/1 "%.2x"' ${FIRMWARE_FILE})" != "${BT_RATE_CODE}" ]; then + # Modify the BT FW file rate + printf "\x${BT_RATE_CODE}" | dd of="${FIRMWARE_FILE}" bs=1 seek=56 count=1 conv=notrunc,fsync 2>/dev/null + fi fi if hciattach -t120 ttyBt qca ${BT_RATE:-3000000} ${BT_FLOW:-flow} 2>${LOGFILE}; then diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch new file mode 100644 index 000000000..87424fb5b --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch @@ -0,0 +1,36 @@ +From: Isaac Hermida +Date: Fri, 30 Sep 2016 12:46:17 +0200 +Subject: [PATCH] hciattach_rome: do not override the baudrate in the NVM file + +Do not use hcitattach to override the NMV baudrate because we are +setting it directly in the firmware file. + +https://jira.digi.com/browse/DEL-3057 + +Signed-off-by: Isaac Hermida +--- + tools/hciattach_rome.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +diff --git a/tools/hciattach_rome.c b/tools/hciattach_rome.c +index 59bdc16e4e8f..4f0f8c82fa8d 100644 +--- a/tools/hciattach_rome.c ++++ b/tools/hciattach_rome.c +@@ -1903,15 +1903,8 @@ download: + } + fprintf(stderr, "%s: Download TLV file successfully \n", __FUNCTION__); + +- /* +- * Overriding the baud rate value in NVM file with the user +- * requested baud rate, since default baud rate in NVM file is 3M. +- */ +- err = rome_set_baudrate_req(fd, local_baud_rate, controller_baud_rate); +- if (err < 0) { +- fprintf(stderr, "%s: Baud rate change failed!\n", __FUNCTION__); +- goto error; +- } ++ /* Do not override the baudrate in the TLV file */ ++ fprintf(stderr, "%s: Skipping Override of baud rate!\n", __FUNCTION__); + + /* Perform HCI reset here*/ + err = rome_hci_reset_req(fd, local_baud_rate); diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend b/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend index ea0c71714..06497331d 100644 --- a/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend @@ -28,6 +28,7 @@ SRC_URI_append_ccimx6ul = " \ file://0017-bluetooth-Fix-flow-control-operation.patch \ file://0018-Adding-MDM-specific-code-under-_PLATFORM_MDM_.patch \ file://0019-Bluetooth-Fix-static-analysis-issues.patch \ + file://0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch \ " inherit update-rc.d diff --git a/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend b/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend new file mode 100644 index 000000000..02ca8ff93 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend @@ -0,0 +1,10 @@ +# Copyright (C) 2016 Digi International. + +SRC_URI += "https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2016.06.10.tar.xz;name=bin_2016_06_10" + +SRC_URI[bin_2016_06_10.md5sum] = "d282cce92b6e692e8673e2bd97adf33b" +SRC_URI[bin_2016_06_10.sha256sum] = "cfedf1c3521b3c8f32602f25ed796e96e687c3441a00e7c050fedf7fd4f1b8b7" + +do_install_append() { + install -m 0644 ${WORKDIR}/wireless-regdb-2016.06.10/regulatory.bin ${D}${libdir}/crda/regulatory.bin +} diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig new file mode 100644 index 000000000..5da684480 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig @@ -0,0 +1,316 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +#CONFIG_DRIVER_WIRED=y + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +CONFIG_IEEE80211W=y + +# Integrated EAP server +CONFIG_EAP=y + +# EAP Re-authentication Protocol (ERP) in integrated EAP server +CONFIG_ERP=y + +# EAP-MD5 for the integrated EAP server +CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +CONFIG_EAP_PSK=y + +# EAP-pwd for the integrated EAP server (secure authentication with a password) +CONFIG_EAP_PWD=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +CONFIG_DEBUG_FILE=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +#CONFIG_ACS=y diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/ccimx6ul/fix_num_probereq_cb_clearing.patch b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/fix_num_probereq_cb_clearing.patch similarity index 100% rename from meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/ccimx6ul/fix_num_probereq_cb_clearing.patch rename to meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/fix_num_probereq_cb_clearing.patch diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf new file mode 100644 index 000000000..fee4882a0 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf @@ -0,0 +1,33 @@ +ctrl_interface=/var/run/hostapd +ctrl_interface_group=0 +interface=wlan0 +driver=nl80211 + +# WPA2-AES encryption +ssid=ap-wpa2aes_a +auth_algs=1 +wpa=2 +wpa_key_mgmt=WPA-PSK +wpa_pairwise=CCMP +wpa_passphrase=password-wpa2aes + +# OPEN encryption --- remove WPA2-AES setup +# channel=1 +# ssid=ap-open + + +# IEEE 802.11ac +hw_mode=a +channel=36 +ieee80211ac=1 +ieee80211n=1 + +# IEEE 802.11gn --- remove IEEE 802.11ac setup +# hw_mode=g +# channel=5 +# ieee80211n=1 + + +# IEEE 802.11d - Country Code +ieee80211d=1 +country_code=US diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend index 8d98fa93c..5233799ab 100644 --- a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend @@ -4,6 +4,15 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BP}:" # The recipe uses a different "$S" directory so point the patch to the hostapd # tarball directory. -SRC_URI_append_ccimx6ul = " file://fix_num_probereq_cb_clearing.patch;patchdir=.." +SRC_URI += " \ + file://fix_num_probereq_cb_clearing.patch;patchdir=.. \ + file://hostapd.conf \ +" -PACKAGE_ARCH = "${MACHINE_ARCH}" +do_install_append() { + # Overwrite the default hostapd.conf with our custom file + install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/hostapd.conf +} + +# Do not autostart hostapd daemon, it will conflict with wpa-supplicant. +INITSCRIPT_PARAMS = "remove" diff --git a/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown b/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown index a13d78ffd..3c1c1d3c7 100644 --- a/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown +++ b/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown @@ -27,9 +27,9 @@ background_connect() { [ -n "${IF_PIN}" ] && ARGS="${ARGS},pin=${IF_PIN}" [ -n "${IF_USER}" ] && ARGS="${ARGS},user=${IF_USER}" - [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}" + [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}" [ -n "${IF_PORT}" ] && ARGS="${ARGS},number=*99#" - + # Enable the modem and connect to provider mmcli -m 0 --simple-connect=${ARGS} > /dev/null 2>&1 diff --git a/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb b/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb index 0ab84684a..0ddf4d9b6 100644 --- a/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb +++ b/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb @@ -16,3 +16,5 @@ RDEPENDS_${PN} = "\ wpa-supplicant-cli \ wpa-supplicant-passphrase \ " + +RDEPENDS_${PN}_append_ccimx6ul = " hostapd" diff --git a/meta-digi-dey/recipes-core/images/core-image-base.bbappend b/meta-digi-dey/recipes-core/images/core-image-base.bbappend index 6c8a0fe9c..3e3caad29 100644 --- a/meta-digi-dey/recipes-core/images/core-image-base.bbappend +++ b/meta-digi-dey/recipes-core/images/core-image-base.bbappend @@ -12,5 +12,8 @@ IMAGE_FEATURES += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \ " +# SDK features (for toolchains generated from an image with populate_sdk) +SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs" + # Add our dey-image tweaks to the final image (like /etc/build info) inherit dey-image diff --git a/meta-digi-dey/recipes-core/images/dey-image-qt.bb b/meta-digi-dey/recipes-core/images/dey-image-qt.bb index 56a646301..73b435b67 100644 --- a/meta-digi-dey/recipes-core/images/dey-image-qt.bb +++ b/meta-digi-dey/recipes-core/images/dey-image-qt.bb @@ -26,6 +26,9 @@ IMAGE_FEATURES += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \ " +# Remove some features to reduce the rootfs size to fit in the internal storage. +IMAGE_FEATURES_remove_ccimx6ul = "package-management" + # SDK features (for toolchains generated from an image with populate_sdk) SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs" diff --git a/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb b/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb index f5923ce55..24a4a75a1 100644 --- a/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb +++ b/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb @@ -11,7 +11,7 @@ PACKAGE_INSTALL = " \ IMAGE_FEATURES = "" IMAGE_LINGUAS = "" -IMAGE_FSTYPES = "cpio.gz.u-boot" +IMAGE_FSTYPES = "cpio.gz.u-boot.tf" inherit core-image image_types_uboot IMAGE_ROOTFS_SIZE = "8192" diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp index 09dbf5468..f30df5d98 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp @@ -4,3 +4,5 @@ iface wlan0 inet dhcp udhcpc_opts -b wpa-driver ##WPA_DRIVER## wpa-conf /etc/wpa_supplicant.conf + # post-up /etc/init.d/hostapd start + # pre-down /etc/init.d/hostapd stop diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static index 7f7a11459..ddb10dd87 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static @@ -7,3 +7,5 @@ iface wlan0 inet static dns-nameservers ##WLAN0_STATIC_DNS## wpa-driver ##WPA_DRIVER## wpa-conf /etc/wpa_supplicant.conf + # post-up /etc/init.d/hostapd start + # pre-down /etc/init.d/hostapd stop diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend index 35acc7e94..06cd4c152 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend @@ -25,7 +25,7 @@ do_install_append() { # Create 'interfaces' file dynamically cat ${WORKDIR}/interfaces.eth0.${ETH0_MODE} >> ${D}${sysconfdir}/network/interfaces - [ -n "${HAVE_EXT_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces + [ -n "${HAVE_SECOND_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces [ -n "${HAVE_WIFI}" ] && cat ${WORKDIR}/interfaces.wlan0.${WLAN0_MODE} >> ${D}${sysconfdir}/network/interfaces cat ${WORKDIR}/interfaces.br0.example >> ${D}${sysconfdir}/network/interfaces diff --git a/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb b/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb index ecacb5581..7b6c6baa7 100644 --- a/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb +++ b/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb @@ -55,5 +55,3 @@ RRECOMMENDS_${PN} = "\ ${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \ ${MACHINE_EXTRA_RRECOMMENDS} \ " - -do_package[vardeps] = "TRUSTFENCE_ENCRYPT_ENVIRONMENT" diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb index 7fb2bdc45..278301b5d 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb @@ -24,9 +24,17 @@ FILES_${PN} = "/" # Runtime packages used in 'trustfence-initramfs-init' RDEPENDS_${PN} = " \ - cryptsetup \ - rng-tools \ trustfence-tool \ util-linux-findfs \ wipe \ + u-boot-fw-utils \ +" + +RDEPENDS_${PN}_append_ccimx6sbc = " \ + cryptsetup \ + rng-tools \ +" + +RDEPENDS_${PN}_append_ccimx6ul = " \ + mtd-utils-ubifs \ " diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init similarity index 100% rename from meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init rename to meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-install.sh similarity index 100% rename from meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh rename to meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-install.sh diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init new file mode 100644 index 000000000..2c30dbf84 --- /dev/null +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init @@ -0,0 +1,98 @@ +#!/bin/sh +#=============================================================================== +# +# trustfence-initramfs-init +# +# Copyright (C) 2016 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# !Description: Init script for Trustfence initramfs +# +#=============================================================================== + +export PATH=/bin:/sbin:/usr/bin:/usr/sbin + +mkdir -p /proc /sys /dev +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev + +# Set kernel console loglevel +LOGLEVEL="$(sysctl -n kernel.printk)" +sysctl -q -w kernel.printk=4 + +for arg in $(cat /proc/cmdline); do + case "${arg}" in + init=*|rescue=1|root=*|trustfence_install=*) eval ${arg};; + trustfence_fskey*) + tf_fskey_bool=true; + eval ${arg};; + esac +done + +# Translate "PARTUUID=..." to real device +root="/dev/$(findfs ${root})" + +rescue_shell () { + # Expand console and respawn if exited + while true; do + setsid cttyhack sh -l + sleep 1 + done +} + +# Jump to a rescue shell if requested +if [ -n "${rescue}" ]; then + rescue_shell +fi + +if [ -n "${tf_fskey_bool}" ]; then + # Program key if trustfence_fskey kernel parameter exists + if [ -n "${trustfence_fskey}" ]; then + # trustfence_fskey not empty - use provided key + printf "\nUsing provided key\n" + trustfence-tool --newkey=${trustfence_fskey} + if [ "${?}" != "0" ]; then + error "trustfence-tool: key generation" + fi + else + # trustfence_fskey empty - use random key + printf "\nGenerating new random key\n" + trustfence-tool --newkey + if [ "${?}" != "0" ]; then + error "trustfence-tool: key generation" + fi + fi + printf "\nFile system encryption key changed.\n" + printf "A system reboot is needed for the kernel to use it.\n" + rescue_shell +fi + +# Run install script if "trustfence_install" kernel parameter exists +if [ -n "${trustfence_install}" ]; then + trustfence-install.sh ${trustfence_install} + sleep 1 + echo ">> Rebooting the system" + sleep 1 + sync && reboot -f +fi + +# Mount device +mkdir -p /newroot +mount -t "ubifs" ${root} /newroot + +# +# Clean-up and do the switch_root to the final rootfs +# +# - restore previous kernel console loglevel +# - umount virtual filesystems +# +[ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}" +mount --move /dev /newroot/dev +umount /sys /proc +exec switch_root /newroot ${init:-/sbin/init} diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh new file mode 100644 index 000000000..e87f01e6c --- /dev/null +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh @@ -0,0 +1,94 @@ +#!/bin/sh +#=============================================================================== +# +# trustfence-install.sh +# +# Copyright (C) 2016 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# !Description: Wrapper script for initial deployment of encrypted filesystems +# +# The script gathers the needed information from the 'trustfence_install' +# kernel command line parameter with following syntax: +# +# trustfence_install="source:serverip:filename:partname" +# source -> 'tftp' | +# serverip -> | '' (serverip or empty if local) +# filename -> (path relative to 'source') +# partname -> (should match an entry on the +# partition table) +# +# For 'tftp' mode the kernel IP autoconfig may be used to bring the network +# interface up, with 'ip' kernel parameter. Examples: +# +# ip=:::::eth0:off +# ip=dhcp +# +# This script is meant for testing purposes. It's NOT a stable API and may +# be subject to change. +# +#=============================================================================== + +set -o pipefail + +TF_INSTALL_INFO="${1}" + +error() { + [ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}" + exit 1 +} + +# Parse trustfence_install kernel parameter +IFS=":" read SOURCE SERVERIP FILENAME PARTNAME <<_EOF_ +${TF_INSTALL_INFO} +_EOF_ + +# Validate command line arguments +if [ -z "${SOURCE}" ] || [ -z "${FILENAME}" ] || [ -z "${PARTNAME}" ] || { [ "${SOURCE}" = "tftp" ] && [ -z "${SERVERIP}" ]; }; then + error "wrong 'trustfence_install' parameter: ${TF_INSTALL_INFO}" +fi + +# Format partition +mtdindex="$(sed -ne "/\"${PARTNAME}\"$/s,^mtd\([0-9]\):.*,\1,g;T;p" /proc/mtd)" +ubidetach -p /dev/mtd${mtdindex} >/dev/null 2>&1 +ubiformat -y /dev/mtd${mtdindex} +UBI_DEVICE="$(ubiattach -p /dev/mtd${mtdindex} | sed -ne 's,.*device number \([0-9]\).*,\1,g;T;p')" +ubimkvol /dev/ubi${UBI_DEVICE} -N "${PARTNAME}" -m + +# Install image to the encrypted mapped device +if [ "${SOURCE}" = "tftp" ]; then + printf "\nInstalling ${FILENAME} from TFTP\n\n" + FILE=$(basename "$FILENAME") + tftp -g -l - -r "${FILENAME}" "${SERVERIP}" > ${FILE} || { error "tftp failed"; } + FILESIZE=$(stat -c%s "$FILE") + pv -tprebW ${FILE} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null + rm -f ${FILE} + if [ "${?}" != "0" ]; then + error "write ${FILENAME}" + fi +elif [ -b "${SOURCE}" ]; then + printf "\nInstalling ${FILENAME} from local media\n\n" + MOUNTPOINT="/media/$(basename ${SOURCE})" + FSTYPE="$(blkid ${SOURCE} | sed -e 's,.*TYPE="\([^"]\+\)".*,\1,g')" + mkdir -p ${MOUNTPOINT} + mount -r ${FSTYPE:+-t ${FSTYPE}} ${SOURCE} ${MOUNTPOINT} + FILESIZE=$(stat -c%s "${MOUNTPOINT}/${FILENAME}") + pv -tprebW ${MOUNTPOINT}/${FILENAME} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null + if [ "${?}" != "0" ]; then + error "write ${FILENAME}" + fi + umount ${SOURCE} +else + error "${SOURCE} is neither a block device nor 'tftp'" +fi + +echo "" +echo "#######################" +echo "# Install completed #" +echo "#######################" +echo "" diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb similarity index 57% rename from meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb rename to meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb index 7d42d034e..30d7fdf99 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb @@ -6,7 +6,7 @@ LICENSE = "CLOSED" SRC_URI = "${DIGI_PKG_SRC}/${BP}.tar.gz" -SRC_URI[md5sum] = "eea4efe8b8e7527a0ffeea16fd238ba3" -SRC_URI[sha256sum] = "aefeb08f2db59c891cf1162488499448bf9d80d64b2778d4fda11343793373e7" +SRC_URI[md5sum] = "9556aec9c9b0ef7e38606040e4f059d0" +SRC_URI[sha256sum] = "21f013616393883a5c3e0e9d7332e5d169af515f83b3a7dbf365e9ffbde1c593" inherit bin_package diff --git a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb new file mode 100644 index 000000000..8f04f8c73 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb @@ -0,0 +1,13 @@ +SUMMARY = "DEY examples: Tamper test application" +SECTION = "examples" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "file://tamper_sample" + +S = "${WORKDIR}/tamper_sample" + +do_install() { + install -d ${D}${bindir} + install -m 0755 tamper_sample ${D}${bindir} +} diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c b/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c index 465c9a692..58952865c 100644 --- a/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c +++ b/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c @@ -57,7 +57,7 @@ int main(void) printf("Could't open PCM '%s': %s\n", device, snd_strerror(err)); return EXIT_FAILURE; } - + if ((err = snd_pcm_set_params(handle, PCM_TEST_FORMAT, SND_PCM_ACCESS_RW_INTERLEAVED, @@ -81,16 +81,16 @@ int main(void) err = EXIT_FAILURE; goto exit_close_pcm; } - + if (frames > 0 && frames < total_frames) printf("Short write (expected %li, wrote %li)\n", total_frames, frames); } err = EXIT_SUCCESS; - + exit_close_pcm: snd_pcm_close(handle); - + return err; } diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile new file mode 100644 index 000000000..863688334 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile @@ -0,0 +1,11 @@ +CFLAGS = -Wall -g -D_GNU_SOURCE + +all: tamper_sample + +tamper_sample: tamper_sample.o iio_utils.o + +%.o: %.c iio_utils.h + +.PHONY: clean +clean: + rm -f *.o tamper_sample diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c new file mode 100644 index 000000000..6f6452167 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c @@ -0,0 +1,669 @@ +/* IIO - useful set of util functionality + * + * Copyright (c) 2008 Jonathan Cameron + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ +#ifndef _IIO_UTILS_H +#define _IIO_UTILS_H + +#include +#include +#include +#include +#include +#include +#include +#include "iio_utils.h" + +const char *iio_dir = "/sys/bus/iio/devices/"; + +static char * const iio_direction[] = { + "in", + "out", +}; + +/** + * iioutils_break_up_name() - extract generic name from full channel name + * @full_name: the full channel name + * @generic_name: the output generic channel name + **/ +int iioutils_break_up_name(const char *full_name, + char **generic_name) +{ + char *current; + char *w, *r; + char *working, *prefix = ""; + int i; + + for (i = 0; i < sizeof(iio_direction) / sizeof(iio_direction[0]); i++) + if (!strncmp(full_name, iio_direction[i], + strlen(iio_direction[i]))) { + prefix = iio_direction[i]; + break; + } + + current = strdup(full_name + strlen(prefix) + 1); + working = strtok(current, "_\0"); + + w = working; + r = working; + + while (*r != '\0') { + if (!isdigit(*r)) { + *w = *r; + w++; + } + r++; + } + *w = '\0'; + asprintf(generic_name, "%s_%s", prefix, working); + free(current); + + return 0; +} + +/** + * iioutils_get_type() - find and process _type attribute data + * @is_signed: output whether channel is signed + * @bytes: output how many bytes the channel storage occupies + * @mask: output a bit mask for the raw data + * @be: big endian + * @device_dir: the iio device directory + * @name: the channel name + * @generic_name: the channel type name + **/ +int iioutils_get_type(unsigned *is_signed, + unsigned *bytes, + unsigned *bits_used, + unsigned *shift, + uint64_t *mask, + unsigned *be, + const char *device_dir, + const char *name, + const char *generic_name) +{ + FILE *sysfsfp; + int ret; + DIR *dp; + char *scan_el_dir, *builtname, *builtname_generic, *filename = 0; + char signchar, endianchar; + unsigned padint; + const struct dirent *ent; + + ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + ret = asprintf(&builtname, FORMAT_TYPE_FILE, name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_scan_el_dir; + } + ret = asprintf(&builtname_generic, FORMAT_TYPE_FILE, generic_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_builtname; + } + + dp = opendir(scan_el_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_builtname_generic; + } + while (ent = readdir(dp), ent != NULL) + /* + * Do we allow devices to override a generic name with + * a specific one? + */ + if ((strcmp(builtname, ent->d_name) == 0) || + (strcmp(builtname_generic, ent->d_name) == 0)) { + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_closedir; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", filename); + ret = -errno; + goto error_free_filename; + } + + ret = fscanf(sysfsfp, + "%ce:%c%u/%u>>%u", + &endianchar, + &signchar, + bits_used, + &padint, shift); + if (ret < 0) { + printf("failed to pass scan type description\n"); + ret = -errno; + goto error_close_sysfsfp; + } + *be = (endianchar == 'b'); + *bytes = padint / 8; + if (*bits_used == 64) + *mask = ~0; + else + *mask = (1 << *bits_used) - 1; + if (signchar == 's') + *is_signed = 1; + else + *is_signed = 0; + fclose(sysfsfp); + free(filename); + + filename = 0; + sysfsfp = 0; + } +error_close_sysfsfp: + if (sysfsfp) + fclose(sysfsfp); +error_free_filename: + if (filename) + free(filename); +error_closedir: + closedir(dp); +error_free_builtname_generic: + free(builtname_generic); +error_free_builtname: + free(builtname); +error_free_scan_el_dir: + free(scan_el_dir); +error_ret: + return ret; +} + +int iioutils_get_param_float(float *output, + const char *param_name, + const char *device_dir, + const char *name, + const char *generic_name) +{ + FILE *sysfsfp; + int ret; + DIR *dp; + char *builtname, *builtname_generic; + char *filename = NULL; + const struct dirent *ent; + + ret = asprintf(&builtname, "%s_%s", name, param_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + ret = asprintf(&builtname_generic, + "%s_%s", generic_name, param_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_builtname; + } + dp = opendir(device_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_builtname_generic; + } + while (ent = readdir(dp), ent != NULL) + if ((strcmp(builtname, ent->d_name) == 0) || + (strcmp(builtname_generic, ent->d_name) == 0)) { + ret = asprintf(&filename, + "%s/%s", device_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_closedir; + } + sysfsfp = fopen(filename, "r"); + if (!sysfsfp) { + ret = -errno; + goto error_free_filename; + } + fscanf(sysfsfp, "%f", output); + break; + } +error_free_filename: + if (filename) + free(filename); +error_closedir: + closedir(dp); +error_free_builtname_generic: + free(builtname_generic); +error_free_builtname: + free(builtname); +error_ret: + return ret; +} + +/** + * bsort_channel_array_by_index() - reorder so that the array is in index order + * + **/ + +void bsort_channel_array_by_index(struct iio_channel_info **ci_array, + int cnt) +{ + + struct iio_channel_info temp; + int x, y; + + for (x = 0; x < cnt; x++) + for (y = 0; y < (cnt - 1); y++) + if ((*ci_array)[y].index > (*ci_array)[y+1].index) { + temp = (*ci_array)[y + 1]; + (*ci_array)[y + 1] = (*ci_array)[y]; + (*ci_array)[y] = temp; + } +} + +/** + * build_channel_array() - function to figure out what channels are present + * @device_dir: the IIO device directory in sysfs + * @ + **/ +int build_channel_array(const char *device_dir, + struct iio_channel_info **ci_array, + int *counter) +{ + DIR *dp; + FILE *sysfsfp; + int count, i; + struct iio_channel_info *current; + int ret; + const struct dirent *ent; + char *scan_el_dir; + char *filename; + + *counter = 0; + ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + dp = opendir(scan_el_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_name; + } + while (ent = readdir(dp), ent != NULL) + if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), + "_en") == 0) { + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_close_dir; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + ret = -errno; + free(filename); + goto error_close_dir; + } + fscanf(sysfsfp, "%i", &ret); + if (ret == 1) + (*counter)++; + fclose(sysfsfp); + free(filename); + } + *ci_array = malloc(sizeof(**ci_array) * (*counter)); + if (*ci_array == NULL) { + ret = -ENOMEM; + goto error_close_dir; + } + seekdir(dp, 0); + count = 0; + while (ent = readdir(dp), ent != NULL) { + if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), + "_en") == 0) { + int current_enabled = 0; + + current = &(*ci_array)[count++]; + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + /* decrement count to avoid freeing name */ + count--; + goto error_cleanup_array; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + free(filename); + ret = -errno; + goto error_cleanup_array; + } + fscanf(sysfsfp, "%i", ¤t_enabled); + fclose(sysfsfp); + + if (!current_enabled) { + free(filename); + count--; + continue; + } + + current->scale = 1.0; + current->offset = 0; + current->name = strndup(ent->d_name, + strlen(ent->d_name) - + strlen("_en")); + if (current->name == NULL) { + free(filename); + ret = -ENOMEM; + goto error_cleanup_array; + } + /* Get the generic and specific name elements */ + ret = iioutils_break_up_name(current->name, + ¤t->generic_name); + if (ret) { + free(filename); + goto error_cleanup_array; + } + ret = asprintf(&filename, + "%s/%s_index", + scan_el_dir, + current->name); + if (ret < 0) { + free(filename); + ret = -ENOMEM; + goto error_cleanup_array; + } + sysfsfp = fopen(filename, "r"); + fscanf(sysfsfp, "%u", ¤t->index); + fclose(sysfsfp); + free(filename); + /* Find the scale */ + ret = iioutils_get_param_float(¤t->scale, + "scale", + device_dir, + current->name, + current->generic_name); + if (ret < 0) + goto error_cleanup_array; + ret = iioutils_get_param_float(¤t->offset, + "offset", + device_dir, + current->name, + current->generic_name); + if (ret < 0) + goto error_cleanup_array; + ret = iioutils_get_type(¤t->is_signed, + ¤t->bytes, + ¤t->bits_used, + ¤t->shift, + ¤t->mask, + ¤t->be, + device_dir, + current->name, + current->generic_name); + } + } + + closedir(dp); + /* reorder so that the array is in index order */ + bsort_channel_array_by_index(ci_array, *counter); + + return 0; + +error_cleanup_array: + for (i = count - 1; i >= 0; i--) + free((*ci_array)[i].name); + free(*ci_array); +error_close_dir: + closedir(dp); +error_free_name: + free(scan_el_dir); +error_ret: + return ret; +} + +/** + * find_type_by_name() - function to match top level types by name + * @name: top level type instance name + * @type: the type of top level instance being sort + * + * Typical types this is used for are device and trigger. + **/ +int find_type_by_name(const char *name, const char *type) +{ + const struct dirent *ent; + int number, numstrlen; + + FILE *nameFile; + DIR *dp; + char thisname[IIO_MAX_NAME_LENGTH]; + char *filename; + + dp = opendir(iio_dir); + if (dp == NULL) { + printf("No industrialio devices available\n"); + return -ENODEV; + } + + while (ent = readdir(dp), ent != NULL) { + if (strcmp(ent->d_name, ".") != 0 && + strcmp(ent->d_name, "..") != 0 && + strlen(ent->d_name) > strlen(type) && + strncmp(ent->d_name, type, strlen(type)) == 0) { + numstrlen = sscanf(ent->d_name + strlen(type), + "%d", + &number); + /* verify the next character is not a colon */ + if (strncmp(ent->d_name + strlen(type) + numstrlen, + ":", + 1) != 0) { + filename = malloc(strlen(iio_dir) + + strlen(type) + + numstrlen + + 6); + if (filename == NULL) { + closedir(dp); + return -ENOMEM; + } + sprintf(filename, "%s%s%d/name", + iio_dir, + type, + number); + nameFile = fopen(filename, "r"); + if (!nameFile) { + free(filename); + continue; + } + free(filename); + fscanf(nameFile, "%s", thisname); + fclose(nameFile); + if (strcmp(name, thisname) == 0) { + closedir(dp); + return number; + } + } + } + } + closedir(dp); + return -ENODEV; +} + +int _write_sysfs_int(char *filename, char *basedir, int val, int verify) +{ + int ret = 0; + FILE *sysfsfp; + int test; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) + return -ENOMEM; + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "w"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", temp); + ret = -errno; + goto error_free; + } + fprintf(sysfsfp, "%d", val); + fclose(sysfsfp); + if (verify) { + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", temp); + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%d", &test); + fclose(sysfsfp); + if (test != val) { + printf("Possible failure in int write %d to %s%s\n", + val, + basedir, + filename); + ret = -1; + } + } +error_free: + free(temp); + return ret; +} + +int write_sysfs_int(char *filename, char *basedir, int val) +{ + return _write_sysfs_int(filename, basedir, val, 0); +} + +int write_sysfs_int_and_verify(char *filename, char *basedir, int val) +{ + return _write_sysfs_int(filename, basedir, val, 1); +} + +int _write_sysfs_string(char *filename, char *basedir, char *val, int verify) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed\n"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "w"); + if (sysfsfp == NULL) { + printf("Could not open %s\n", temp); + ret = -errno; + goto error_free; + } + fprintf(sysfsfp, "%s", val); + fclose(sysfsfp); + if (verify) { + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + printf("could not open file to verify\n"); + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%s", temp); + fclose(sysfsfp); + if (strcmp(temp, val) != 0) { + printf("Possible failure in string write of %s " + "Should be %s " + "written to %s\%s\n", + temp, + val, + basedir, + filename); + ret = -1; + } + } +error_free: + free(temp); + + return ret; +} + +/** + * write_sysfs_string_and_verify() - string write, readback and verify + * @filename: name of file to write to + * @basedir: the sysfs directory in which the file is to be found + * @val: the string to write + **/ +int write_sysfs_string_and_verify(char *filename, char *basedir, char *val) +{ + return _write_sysfs_string(filename, basedir, val, 1); +} + +int write_sysfs_string(char *filename, char *basedir, char *val) +{ + return _write_sysfs_string(filename, basedir, val, 0); +} + +int read_sysfs_posint(char *filename, char *basedir) +{ + int ret; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%d\n", &ret); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +int read_sysfs_float(char *filename, char *basedir, float *val) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%f\n", val); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +int read_sysfs_string(const char *filename, const char *basedir, char *str) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%s\n", str); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +#endif /* _IIO_UTILS_H */ diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h new file mode 100644 index 000000000..1bc837b2d --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h @@ -0,0 +1,71 @@ +#ifndef _IIO_UTILS_H_ +#define _IIO_UTILS_H_ + +/* IIO - useful set of util functionality + * + * Copyright (c) 2008 Jonathan Cameron + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ + +#include + +/* Made up value to limit allocation sizes */ +#define IIO_MAX_NAME_LENGTH 30 + +#define FORMAT_SCAN_ELEMENTS_DIR "%s/scan_elements" +#define FORMAT_TYPE_FILE "%s_type" + +extern const char *iio_dir; + +/** + * struct iio_channel_info - information about a given channel + * @name: channel name + * @generic_name: general name for channel type + * @scale: scale factor to be applied for conversion to si units + * @offset: offset to be applied for conversion to si units + * @index: the channel index in the buffer output + * @bytes: number of bytes occupied in buffer output + * @mask: a bit mask for the raw output + * @is_signed: is the raw value stored signed + * @enabled: is this channel enabled + **/ +struct iio_channel_info { + char *name; + char *generic_name; + float scale; + float offset; + unsigned index; + unsigned bytes; + unsigned bits_used; + unsigned shift; + uint64_t mask; + unsigned be; + unsigned is_signed; + unsigned location; +}; + +int iioutils_break_up_name(const char *full_name, char **generic_name); +int iioutils_get_type(unsigned *is_signed, unsigned *bytes, + unsigned *bits_used, unsigned *shift, + uint64_t *mask, unsigned *be, + const char *device_dir, const char *name, + const char *generic_name); +int iioutils_get_param_float(float *output, const char *param_name, + const char *device_dir, const char *name, + const char *generic_name); +void bsort_channel_array_by_index(struct iio_channel_info **ci_array, int cnt); +int build_channel_array(const char *device_dir, + struct iio_channel_info **ci_array, int *counter); +int find_type_by_name(const char *name, const char *type); +int write_sysfs_int(char *filename, char *basedir, int val); +int write_sysfs_int_and_verify(char *filename, char *basedir, int val); +int write_sysfs_string_and_verify(char *filename, char *basedir, char *val); +int write_sysfs_string(char *filename, char *basedir, char *val); +int read_sysfs_posint(char *filename, char *basedir); +int read_sysfs_float(char *filename, char *basedir, float *val); +int read_sysfs_string(const char *filename, const char *basedir, char *str); + +#endif /* _IIO_UTILS_H_ */ diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c new file mode 100644 index 000000000..d3e2dc17d --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c @@ -0,0 +1,215 @@ +/* + * ConnectCore 6UL tamper sample application. + * + * Copyright (c) 2016 Digi International Inc. + * All rights reserved. + * + * Based on iio_event_monitor.c from the tools/iio directory, of the linux + * kernel. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "iio_utils.h" + +#define TAMPER_SAMPLE_USAGE \ + "Usage:\n" \ + "tamper_sample -i tamper_iface\n\n" + +#define TAMPER_SAMPLE_FULL_USAGE \ + "Usage:\n" \ + "tamper_sample [options]\n\n" \ + "Options:\n" \ + " -i : tamper interface to be used\n" \ + " -h : help\n\n" + +typedef struct mca_tamper { + struct iio_event_data event; + char *dev_name; + char *chrdev_name; + int iface; + int dev_num; + int event_fd; +} mca_tamper_t; + +mca_tamper_t tamper_data; + +static void show_usage(int full) +{ + fprintf(stdout, "%s", full ? + TAMPER_SAMPLE_FULL_USAGE : TAMPER_SAMPLE_USAGE); +} + +static bool event_is_tamper(struct iio_event_data *event) +{ + enum iio_chan_type type = IIO_EVENT_CODE_EXTRACT_CHAN_TYPE(event->id); + enum iio_event_type ev_type = IIO_EVENT_CODE_EXTRACT_TYPE(event->id); + enum iio_event_direction dir = IIO_EVENT_CODE_EXTRACT_DIR(event->id); + bool ret = true; + + if (type != IIO_ACTIVITY) + ret = false; + else if (ev_type != IIO_EV_TYPE_CHANGE) + ret = false; + else if (dir != IIO_EV_DIR_NONE) + ret = false; + + return ret; +} + +static void tamper_event_log(mca_tamper_t *tdata) +{ + /* Log the event in the system log, if any */ + fprintf(stdout, "tamper%d event! time: %lld\n", + tdata->iface, tdata->event.timestamp); +} + +static void tamper_event_actions(mca_tamper_t *tdata) +{ + /* Take the necessary defensive actions after a tamper event */ + fprintf(stdout, "tamper%d: taking actions!\n", tdata->iface); +} + +static void tamper_event_ack(mca_tamper_t *tdata) +{ + int ret; + char *tamper_sysfs_dir; + + ret = asprintf(&tamper_sysfs_dir, + "/sys/bus/iio/devices/iio:device%d", + tdata->dev_num); + if (ret < 0) { + fprintf(stdout, "Failed to build event ack file name\n"); + return; + } + + /* Finally, acknowledge the event */ + ret = write_sysfs_int("tamper_events", tamper_sysfs_dir, 2); + if (ret < 0) { + fprintf(stdout, "Failed to acknowledge tamper%d event\n", + tdata->iface); + } +} + +static void process_tamper_event(mca_tamper_t *tdata) +{ + if (!event_is_tamper(&tdata->event)) { + fprintf(stdout, "Unknown event: time: %lld, id: %llx\n", + tdata->event.timestamp, tdata->event.id); + return; + } + + tamper_event_log(tdata); + tamper_event_actions(tdata); + tamper_event_ack(tdata); +} + +int main(int argc, char **argv) +{ + mca_tamper_t *tdata = &tamper_data; + int ret; + int opt; + int fd; + + memset(tdata, 0, sizeof(mca_tamper_t)); + + if (argc <= 1) { + show_usage(0); + return EXIT_FAILURE; + } + + while ((opt = getopt(argc, argv, "i:h")) > 0) { + switch (opt) { + case 'i': + tdata->iface = atoi(optarg); + break; + + case 'h': + show_usage(1); + return EXIT_SUCCESS; + + default: + show_usage(0); + return EXIT_FAILURE; + } + } + + ret = asprintf(&tdata->dev_name, "TAMPER%d", tdata->iface); + if (ret < 0) { + fprintf(stdout, "Failed to find interface, device name too long?\n"); + ret = -ENOMEM; + goto error_ret; + } + + tdata->dev_num = find_type_by_name(tdata->dev_name, "iio:device"); + if (tdata->dev_num < 0) { + fprintf(stdout, "Failed to find iio:device for TAMPER%d\n", + tdata->iface); + ret = -ENODEV; + goto error_ret2; + } + + ret = asprintf(&tdata->chrdev_name, "/dev/iio:device%d", tdata->dev_num); + if (ret < 0) { + fprintf(stdout, "Failed to allocate memory\n"); + ret = -ENOMEM; + goto error_ret2; + } + + fd = open(tdata->chrdev_name, 0); + if (fd < 0) { + fprintf(stdout, "Failed to open %s\n", tdata->chrdev_name); + ret = -errno; + goto error_ret3; + } + + ret = ioctl(fd, IIO_GET_EVENT_FD_IOCTL, &tdata->event_fd); + + close(fd); + + if (ret < 0 || tdata->event_fd < 0) { + fprintf(stdout, "Failed to retrieve event fd\n"); + ret = -errno; + goto error_ret3; + } + + fprintf(stdout, "Waiting for tamper events:\n"); + + while (true) { + ret = read(tdata->event_fd, &tdata->event, sizeof(struct iio_event_data)); + if (ret < 0) { + if (errno == EAGAIN) { + fprintf(stdout, "No events... continue\n"); + continue; + } else { + perror("Failed to read event from device"); + ret = -errno; + break; + } + } + + process_tamper_event(tdata); + } + + close(tdata->event_fd); + +error_ret3: + free(tdata->chrdev_name); +error_ret2: + free(tdata->dev_name); +error_ret: + return ret; +} diff --git a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb index 5aed8fd83..51e45b619 100644 --- a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb +++ b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb @@ -40,6 +40,7 @@ RDEPENDS_${PN}_append_ccimx6ul = "\ ${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-btconfig", "", d)} \ dey-examples-can \ ${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-hdp", "", d)} \ + dey-examples-tamper \ " COMPATIBLE_MACHINE = "(ccardimx28|ccimx6$|ccimx6ul)" diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 3a2c1b27e..541f3b574 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -182,15 +182,63 @@ make_report(){ ip link show printf "\n" + echo "--------------------------------------" + echo "- -" + echo "- Wireless configuration -" + echo "- -" + echo "--------------------------------------" + echo "" + wpa_supplicant -v 2>/dev/null + echo "" + if [ -f "/etc/wpa_supplicant.conf" ]; then + echo "wpa_supplicant.conf:" + cat "/etc/wpa_supplicant.conf" + else + echo "[NOT FOUND] /etc/wpa_supplicant.conf" + fi + + echo "" + hostapd -v 2>&1 + echo "" + if [ -f "/etc/hostapd.conf" ]; then + echo "hostapd.conf:" + cat "/etc/hostapd.conf" + else + echo "[NOT FOUND] hostapd.conf" + fi + printf "\n\n" + + echo "--------------------------------------" + echo "- -" + echo "- TrustFence -" + echo "- -" + echo "--------------------------------------" + echo "" + + if [ "$(($(cat /sys/fsl_otp/HW_OCOTP_CFG5) & 2))" != "0" ]; then + echo "Device status: [CLOSED]" + else + echo "Device status: [OPEN]" + fi + + if [ -f "/proc/device-tree/digi,uboot-env,encrypted" ]; then + echo "U-Boot environment is encrypted" + else + echo "U-Boot environment is NOT encrypted" + fi + echo "-------------End of report------------" } DISTRO="$(sed -ne 's,DISTRO = \(.*\)$,\1,g;T;p' /etc/build)" DEY_VERSION="$(sed -ne 's,DISTRO_VERSION = \(.*\)$,\1,g;T;p' /etc/build)" -UBOOT_PARTITION="/dev/mmcblk0boot0" -[ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0" -UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)" +UBOOT_VERSION="$(cat /proc/device-tree/digi,uboot,version 2>/dev/null)" +if [ -z "${UBOOT_VERSION}" ]; then + UBOOT_PARTITION="/dev/mmcblk0boot0" + [ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0" + UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)" +fi MACHINE="$(cat /proc/device-tree/digi,machine,name)" BOARD_VARIANT="$(cat /proc/device-tree/digi,hwid,variant)" BOARD_SN="$(cat /proc/device-tree/digi,hwid,sn)" diff --git a/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb b/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb index 4e5e94a34..b4197ab64 100644 --- a/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb +++ b/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb @@ -4,6 +4,7 @@ SUMMARY = "QT packagegroup for DEY image" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58" + PACKAGE_ARCH = "${MACHINE_ARCH}" inherit packagegroup @@ -11,21 +12,20 @@ inherit packagegroup MACHINE_QT5_EXTRA_INSTALL ?= "" MACHINE_QT5_EXTRA_INSTALL_ccimx6 ?= "qtwebengine-examples" -QT5_PKS = " \ - qtbase-fonts \ - qtdeclarative-tools \ -" +QT5_PKS = "qtbase-fonts qtserialport" +QT5_PKS_append_ccimx6 = " qtdeclarative-tools" -QT5_EXAMPLES = " \ +QT5_EXAMPLES = "qtbase-examples" +QT5_EXAMPLES_append_ccimx6 = " \ qt3d-examples \ - qtbase-examples \ qtconnectivity-examples \ qtdeclarative-examples \ qtmultimedia-examples \ qtsvg-examples \ " -QT5_DEMOS = " \ +QT5_DEMOS = "" +QT5_DEMOS_append_ccimx6 = " \ cinematicexperience \ qt5-demo-extrafiles \ qt5everywheredemo \ diff --git a/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput b/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput new file mode 100644 index 000000000..d184df50f --- /dev/null +++ b/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput @@ -0,0 +1 @@ +# Empty calibration file to avoid re-calibration diff --git a/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend b/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend index 6cd905c3b..4a40eb92c 100644 --- a/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend +++ b/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend @@ -2,4 +2,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" -SRC_URI_append = " file://0001-gstplayer-force-use-glimagesink.patch" +SRC_URI_append_ccimx6 = " file://0001-gstplayer-force-use-glimagesink.patch" + +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase/qt5.sh b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6/qt5.sh similarity index 100% rename from meta-digi-dey/recipes-qt/qt5/qtbase/qt5.sh rename to meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6/qt5.sh diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh new file mode 100644 index 000000000..e64709644 --- /dev/null +++ b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh @@ -0,0 +1,2 @@ +# Use LINUXFB platform plugin for images without X11 +[ -f "/etc/init.d/xserver-nodm" ] || export QT_QPA_PLATFORM="linuxfb" diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend index 53dab262c..4962ed1d7 100644 --- a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend +++ b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend @@ -4,9 +4,16 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" SRC_URI_append = " file://qt5.sh" -PACKAGECONFIG_append = " accessibility examples icu sql-sqlite" +PACKAGECONFIG_GL_mx6ul = "gles2" +QT_CONFIG_FLAGS_append_mx6ul = "${@base_contains('DISTRO_FEATURES', 'x11', ' -no-eglfs', ' -eglfs', d)}" + +PACKAGECONFIG_append = " accessibility examples sql-sqlite" +PACKAGECONFIG_append_ccimx6 = " icu" +PACKAGECONFIG_append_ccimx6ul = " linuxfb" do_install_append() { install -d ${D}${sysconfdir}/profile.d install -m 0755 ${WORKDIR}/qt5.sh ${D}${sysconfdir}/profile.d/ } + +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session index 9b7c7a927..d85b82c28 100644 --- a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session +++ b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session @@ -2,12 +2,14 @@ . /etc/formfactor/config -## Use SHOWCURSOR from formfactor config files instaed of hardcoding it -# if [ "$HAVE_TOUCHSCREEN" = "1" ]; then -# SHOWCURSOR="no" -# else -# SHOWCURSOR="yes" -# fi +## Use first SHOWCURSOR from formfactor config files (fallback to set it depending on HAVE_TOUCHSCREEN) +if [ -z "${SHOWCURSOR}" ]; then + if [ "$HAVE_TOUCHSCREEN" = "1" ]; then + SHOWCURSOR="no" + else + SHOWCURSOR="yes" + fi +fi if [ "$HAVE_KEYBOARD" = "1" ]; then KEYBOARD_APPLET="" @@ -15,6 +17,10 @@ else KEYBOARD_APPLET="keyboard" fi +# Tell GTK+3 we really want server side decorations, even with +# GtkHeaderBar using applications: Without that mb-panel will render +# on top of the client side decorations. +export GTK_CSD=0 matchbox-desktop & diff --git a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bbappend b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_%.bbappend similarity index 100% rename from meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bbappend rename to meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_%.bbappend diff --git a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend index 171a8fee6..3f933c772 100644 --- a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend +++ b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend @@ -2,3 +2,5 @@ # Disable network manager NETWORK_MANAGER = "" + +RDEPENDS_${PN}-apps_remove_ccimx6ul = "gst-player-bin" diff --git a/sdk/build-github.sh b/sdk/build-github.sh index bbe509e71..a61e472ac 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -16,13 +16,13 @@ # Parameters set by Jenkins: # DY_PLATFORMS: Platforms to build # DY_REVISION: Revision of the manifest repository (for 'repo init') -# DY_TARGET: Target image (the default is 'dey-image-qt') +# DY_TARGET: Target image (the default is platform dependent) # #=============================================================================== set -e -AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc" +AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc ccimx6ulsbc ccimx6ulstarter" MANIFEST_URL="https://github.com/digi-embedded/dey-manifest.git" @@ -98,7 +98,17 @@ purge_sstate() { # Set default values if not provided by Jenkins [ -z "${DY_PLATFORMS}" ] && DY_PLATFORMS="$(echo ${AVAILABLE_PLATFORMS})" -[ -z "${DY_TARGET}" ] && DY_TARGET="dey-image-qt" + +# Per-platform data +while read _pl _tgt; do + [ -n "${DY_TARGET}" ] && _tgt="${DY_TARGET}" || true + eval "${_pl}_tgt=\"${_tgt}\"" +done<<-_EOF_ + ccardimx28js dey-image-qt + ccimx6sbc dey-image-qt + ccimx6ulsbc dey-image-qt + ccimx6ulstarter core-image-base +_EOF_ YOCTO_IMGS_DIR="${WORKSPACE}/images" YOCTO_INST_DIR="${WORKSPACE}/dey.$(echo ${DY_REVISION} | tr '/' '_')" @@ -133,6 +143,7 @@ fi # Create projects and build rm -rf ${YOCTO_IMGS_DIR} ${YOCTO_PROJ_DIR} for platform in ${DY_PLATFORMS}; do + eval platform_targets="\${${platform}_tgt}" _this_prj_dir="${YOCTO_PROJ_DIR}/${platform}" _this_img_dir="${YOCTO_IMGS_DIR}/${platform}" mkdir -p ${_this_img_dir} ${_this_prj_dir} @@ -151,8 +162,8 @@ for platform in ${DY_PLATFORMS}; do if [ "${DY_FB_IMAGE}" = "true" ]; then printf "${X11_REMOVAL_CFG}" >> conf/local.conf fi - for target in ${DY_TARGET}; do - printf "\n[INFO] Building the $target target.\n" + for target in ${platform_targets}; do + printf "\n[INFO] Building the ${target} target.\n" time bitbake ${target} done purge_sstate diff --git a/sdk/build.sh b/sdk/build.sh index ba4533982..91109fc94 100755 --- a/sdk/build.sh +++ b/sdk/build.sh @@ -152,6 +152,7 @@ while read _pl _var _tgt; do done<<-_EOF_ ccardimx28js - e w wb web web1 dey-image-qt ccimx6sbc DONTBUILDVARIANTS dey-image-qt + ccimx6ulsbc DONTBUILDVARIANTS dey-image-qt ccimx6ulstarter DONTBUILDVARIANTS core-image-base _EOF_ diff --git a/sdk/config/ccimx6ulsbc/bblayers.conf.sample b/sdk/config/ccimx6ulsbc/bblayers.conf.sample new file mode 100644 index 000000000..0647c0d8d --- /dev/null +++ b/sdk/config/ccimx6ulsbc/bblayers.conf.sample @@ -0,0 +1,25 @@ +# LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf +# changes incompatibly +LCONF_VERSION = "6" + +BBPATH = "${TOPDIR}" +BBFILES ?= "" + +BBLAYERS ?= " \ + ##OEROOT##/meta \ + ##OEROOT##/meta-yocto \ + ##OEROOT##/meta-yocto-bsp \ + ##DIGIBASE##/meta-openembedded/meta-oe \ + ##DIGIBASE##/meta-openembedded/meta-python \ + ##DIGIBASE##/meta-openembedded/meta-networking \ + ##DIGIBASE##/meta-openembedded/meta-webserver \ + ##DIGIBASE##/meta-qt5 \ + ##DIGIBASE##/meta-fsl-arm \ + ##DIGIBASE##/meta-fsl-demos \ + ##DIGIBASE##/meta-digi/meta-digi-arm \ + ##DIGIBASE##/meta-digi/meta-digi-dey \ + " +BBLAYERS_NON_REMOVABLE ?= " \ + ##OEROOT##/meta \ + ##OEROOT##/meta-yocto \ + " diff --git a/sdk/config/ccimx6ulsbc/conf-notes.txt b/sdk/config/ccimx6ulsbc/conf-notes.txt new file mode 100644 index 000000000..c6c1bf9fb --- /dev/null +++ b/sdk/config/ccimx6ulsbc/conf-notes.txt @@ -0,0 +1,17 @@ +Digi Embedded Yocto provides the following image recipes: + + * dey-image-qt: graphical QT image + + By default the image is X11-based so it provides a full SATO theme + desktop environment. + + To compile the image for the framebuffer (instead of X11) add the + following line to the project's conf/local.conf: + + DISTRO_FEATURES_remove = "x11" + + * core-image-base: a console-only image + + Expansion of native core-image-base by including all the support for the + target device hardware like firmware files, rootfs customizations, etc. + diff --git a/sdk/config/ccimx6ulsbc/local.conf.sample b/sdk/config/ccimx6ulsbc/local.conf.sample new file mode 100644 index 000000000..d8027ee34 --- /dev/null +++ b/sdk/config/ccimx6ulsbc/local.conf.sample @@ -0,0 +1,256 @@ +# +# This file is your local configuration file and is where all local user settings +# are placed. The comments in this file give some guide to the options a new user +# to the system might want to change but pretty much any configuration option can +# be set in this file. More adventurous users can look at local.conf.extended +# which contains other examples of configuration which can be placed in this file +# but new users likely won't need any of them initially. +# +# Lines starting with the '#' character are commented out and in some cases the +# default values are provided as comments to show people example syntax. Enabling +# the option is a question of removing the # character and making any change to the +# variable as required. + +# +# Machine Selection +# +# You need to select a specific machine to target the build with. There are a selection +# of emulated machines available which can boot and run in the QEMU emulator: +# +#MACHINE ?= "qemuarm" +#MACHINE ?= "qemuarm64" +#MACHINE ?= "qemumips" +#MACHINE ?= "qemuppc" +#MACHINE ?= "qemux86" +#MACHINE ?= "qemux86-64" +# +# There are also the following hardware board target machines included for +# demonstration purposes: +# +#MACHINE ?= "beaglebone" +#MACHINE ?= "genericx86" +#MACHINE ?= "genericx86-64" +#MACHINE ?= "mpc8315e-rdb" +#MACHINE ?= "edgerouter" +# +# This sets the default machine to be qemux86 if no other machine is selected: +#MACHINE ??= "qemux86" + +MACHINE = "ccimx6ulsbc" + +# +# Use Digi's internal git repositories +# +#DIGI_INTERNAL_GIT ?= "1" + +# +# Where to place downloads +# +# During a first build the system will download many different source code tarballs +# from various upstream projects. This can take a while, particularly if your network +# connection is slow. These are all stored in DL_DIR. When wiping and rebuilding you +# can preserve this directory to speed up this part of subsequent builds. This directory +# is safe to share between multiple builds on the same machine too. +# +# The default is a downloads directory under TOPDIR which is the build directory. +# +#DL_DIR ?= "${TOPDIR}/downloads" + +# +# Where to place shared-state files +# +# BitBake has the capability to accelerate builds based on previously built output. +# This is done using "shared state" files which can be thought of as cache objects +# and this option determines where those files are placed. +# +# You can wipe out TMPDIR leaving this directory intact and the build would regenerate +# from these files if no changes were made to the configuration. If changes were made +# to the configuration, only shared state files where the state was still valid would +# be used (done using checksums). +# +# The default is a sstate-cache directory under TOPDIR. +# +#SSTATE_DIR ?= "${TOPDIR}/sstate-cache" + +# +# Where to place the build output +# +# This option specifies where the bulk of the building work should be done and +# where BitBake should place its temporary files and output. Keep in mind that +# this includes the extraction and compilation of many applications and the toolchain +# which can use Gigabytes of hard disk space. +# +# The default is a tmp directory under TOPDIR. +# +#TMPDIR = "${TOPDIR}/tmp" + +# +# Default policy config +# +# The distribution setting controls which policy settings are used as defaults. +# The default value is fine for general Yocto project use, at least initially. +# Ultimately when creating custom policy, people will likely end up subclassing +# these defaults. +# +DISTRO ?= "dey" +# As an example of a subclass there is a "bleeding" edge policy configuration +# where many versions are set to the absolute latest code from the upstream +# source control systems. This is just mentioned here as an example, its not +# useful to most new users. +# DISTRO ?= "poky-bleeding" + +# +# Package Management configuration +# +# This variable lists which packaging formats to enable. Multiple package backends +# can be enabled at once and the first item listed in the variable will be used +# to generate the root filesystems. +# Options are: +# - 'package_deb' for debian style deb files +# - 'package_ipk' for ipk files are used by opkg (a debian style embedded package manager) +# - 'package_rpm' for rpm style packages +# E.g.: PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk" +# We default to rpm: +PACKAGE_CLASSES ?= "package_rpm" + +# +# SDK/ADT target architecture +# +# This variable specifies the architecture to build SDK/ADT items for and means +# you can build the SDK packages for architectures other than the machine you are +# running the build on (i.e. building i686 packages on an x86_64 host). +# Supported values are i686 and x86_64 +#SDKMACHINE ?= "i686" + +# +# Extra image configuration defaults +# +# The EXTRA_IMAGE_FEATURES variable allows extra packages to be added to the generated +# images. Some of these options are added to certain image types automatically. The +# variable can contain the following options: +# "dbg-pkgs" - add -dbg packages for all installed packages +# (adds symbol information for debugging/profiling) +# "dev-pkgs" - add -dev packages for all installed packages +# (useful if you want to develop against libs in the image) +# "ptest-pkgs" - add -ptest packages for all ptest-enabled packages +# (useful if you want to run the package test suites) +# "tools-sdk" - add development tools (gcc, make, pkgconfig etc.) +# "tools-debug" - add debugging tools (gdb, strace) +# "eclipse-debug" - add Eclipse remote debugging support +# "tools-profile" - add profiling tools (oprofile, exmap, lttng, valgrind) +# "tools-testapps" - add useful testing tools (ts_print, aplay, arecord etc.) +# "debug-tweaks" - make an image suitable for development +# e.g. ssh root access has a blank password +# There are other application targets that can be used here too, see +# meta/classes/image.bbclass and meta/classes/core-image.bbclass for more details. +# We default to enabling the debugging tweaks. +EXTRA_IMAGE_FEATURES = "debug-tweaks" + +# +# Additional image features +# +# The following is a list of additional classes to use when building images which +# enable extra features. Some available options which can be included in this variable +# are: +# - 'buildstats' collect build statistics +# - 'image-mklibs' to reduce shared library files size for an image +# - 'image-prelink' in order to prelink the filesystem image +# - 'image-swab' to perform host system intrusion detection +# NOTE: if listing mklibs & prelink both, then make sure mklibs is before prelink +# NOTE: mklibs also needs to be explicitly enabled for a given image, see local.conf.extended +# NOTE: image-prelink is currently broken due to problems with the prelinker. It is advised +# that you do NOT run the prelinker at this time. +USER_CLASSES ?= "buildstats image-mklibs" + +# +# Runtime testing of images +# +# The build system can test booting virtual machine images under qemu (an emulator) +# after any root filesystems are created and run tests against those images. To +# enable this uncomment this line. See classes/testimage(-auto).bbclass for +# further details. +#TEST_IMAGE = "1" +# +# Interactive shell configuration +# +# Under certain circumstances the system may need input from you and to do this it +# can launch an interactive shell. It needs to do this since the build is +# multithreaded and needs to be able to handle the case where more than one parallel +# process may require the user's attention. The default is iterate over the available +# terminal types to find one that works. +# +# Examples of the occasions this may happen are when resolving patches which cannot +# be applied, to use the devshell or the kernel menuconfig +# +# Supported values are auto, gnome, xfce, rxvt, screen, konsole (KDE 3.x only), none +# Note: currently, Konsole support only works for KDE 3.x due to the way +# newer Konsole versions behave +#OE_TERMINAL = "auto" +# By default disable interactive patch resolution (tasks will just fail instead): +PATCHRESOLVE = "noop" + +# +# Disk Space Monitoring during the build +# +# Monitor the disk space during the build. If there is less that 1GB of space or less +# than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully +# shutdown the build. If there is less that 100MB or 1K inodes, perform a hard abort +# of the build. The reason for this is that running completely out of space can corrupt +# files and damages the build in ways which may not be easily recoverable. +# It's necesary to monitor /tmp, if there is no space left the build will fail +# with very exotic errors. +BB_DISKMON_DIRS = "\ + STOPTASKS,${TMPDIR},1G,100K \ + STOPTASKS,${DL_DIR},1G,100K \ + STOPTASKS,${SSTATE_DIR},1G,100K \ + STOPTASKS,/tmp,100M,100K \ + ABORT,${TMPDIR},100M,1K \ + ABORT,${DL_DIR},100M,1K \ + ABORT,${SSTATE_DIR},100M,1K \ + ABORT,/tmp,10M,1K" + +# +# Shared-state files from other locations +# +# As mentioned above, shared state files are prebuilt cache data objects which can +# used to accelerate build time. This variable can be used to configure the system +# to search other mirror locations for these objects before it builds the data itself. +# +# This can be a filesystem directory, or a remote url such as http or ftp. These +# would contain the sstate-cache results from previous builds (possibly from other +# machines). This variable works like fetcher MIRRORS/PREMIRRORS and points to the +# cache locations to check for the shared objects. +# NOTE: if the mirror uses the same structure as SSTATE_DIR, you need to add PATH +# at the end as shown in the examples below. This will be substituted with the +# correct path within the directory structure. +#SSTATE_MIRRORS ?= "\ +#file://.* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \ +#file://.* file:///some/local/dir/sstate/PATH" + + +# +# Qemu configuration +# +# By default qemu will build with a builtin VNC server where graphical output can be +# seen. The two lines below enable the SDL backend too. By default libsdl-native will +# be built, if you want to use your host's libSDL instead of the minimal libsdl built +# by libsdl-native then uncomment the ASSUME_PROVIDED line below. +PACKAGECONFIG_append_pn-qemu-native = " sdl" +PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl" +#ASSUME_PROVIDED += "libsdl-native" + + +# CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to +# track the version of this file when it was generated. This can safely be ignored if +# this doesn't mean anything to you. +CONF_VERSION = "1" + +# +# Enable local PR server +# +PRSERV_HOST = "localhost:0" + +# +# Some libraries and packages are covered by Freescale EULA +# +#ACCEPT_FSL_EULA = "1"