From d996dfd768d724c65a1c630ffec322a4acb12058 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Mon, 8 Aug 2016 11:49:26 +0200 Subject: [PATCH 01/66] Revert "meta-digi-dey: trustfence: disable encryption for the ConnectCore 6UL" Encryption is now supported in the ConnectCore 6UL This reverts commit 454fff56ba42c72697b84c8d297804b0eb886a25. https://jira.digi.com/browse/DEL-2857 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-dey/classes/trustfence.bbclass | 1 - 1 file changed, 1 deletion(-) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index b174655e3..c933e34ed 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -22,7 +22,6 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0" TRUSTFENCE_SIGN ?= "1" TRUSTFENCE_SIGN_KEYS_PATH ?= "default" TRUSTFENCE_DEK_PATH ?= "default" -TRUSTFENCE_DEK_PATH_ccimx6ul = "0" TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1" # Trustfence initramfs image recipe From c4bf4c791a3cd01426f244fcc478aedba0eea3f7 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 9 Aug 2016 17:02:31 +0200 Subject: [PATCH 02/66] meta-digi-dey: trustfence: add Yocto macro to unlock key revocation By default, on closed devices you cannot revoke any key. To do so, it is required to compile a U-Boot which instructs the HAB not to set the sticky bit which write protects that field in the OCOTP controller. This patch introduces a Yocto macro which allows to configure U-Boot in that way. In the ConnectCore 6, the value of this settings is ignored, because HAB never sets the sticky bit which write protects that field. https://jira.digi.com/browse/DUB-665 Signed-off-by: Diaz de Grenu, Jose --- README.md | 4 ++++ meta-digi-dey/classes/trustfence.bbclass | 2 ++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 0ac39f12f..2fe767267 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,10 @@ Bluetooth Low Energy mode hang the processor when trying to authenticate an encrypted kernel image after a failed attempt. Hence the target needs to be reset after an authentication failure. +* NXP i.MX6 processor does not set the sticky bit which write protects the +SRK_REVOKE eFuse on closed devices. This means that in the ConnectCore 6, +key revocation is always possible, no matter the value of the Yocto macro +TRUSTFENCE_UNLOCK_KEY_REVOCATION. ## Digi ConnectCore 6 SBC diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index c933e34ed..49aa5459d 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -56,6 +56,8 @@ python () { d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_SIGN_IMAGE=y ") if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True): d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_SIGN_KEYS_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_SIGN_KEYS_PATH")) + if (d.getVar("TRUSTFENCE_UNLOCK_KEY_REVOCATION", True) == "1"): + d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_UNLOCK_SRK_REVOKE=y ") if d.getVar("TRUSTFENCE_KEY_INDEX", True): d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX")) if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in [None, "0"]): From 1a36cbee70204a1604e8dee1de90d8b624354296 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Thu, 18 Aug 2016 17:47:49 +0200 Subject: [PATCH 03/66] build-github.sh: define default bitbake targets per platform Instead of having one default image target for all platforms allow to define this per platform. This is needed because for example for the 'ccimx6ulstarter' we want to define a default command line image instead of a QT-based one. Signed-off-by: Javier Viguera --- sdk/build-github.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sdk/build-github.sh b/sdk/build-github.sh index bbe509e71..95aa7ef40 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -16,13 +16,13 @@ # Parameters set by Jenkins: # DY_PLATFORMS: Platforms to build # DY_REVISION: Revision of the manifest repository (for 'repo init') -# DY_TARGET: Target image (the default is 'dey-image-qt') +# DY_TARGET: Target image (the default is platform dependent) # #=============================================================================== set -e -AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc" +AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc ccimx6ulstarter" MANIFEST_URL="https://github.com/digi-embedded/dey-manifest.git" @@ -98,7 +98,16 @@ purge_sstate() { # Set default values if not provided by Jenkins [ -z "${DY_PLATFORMS}" ] && DY_PLATFORMS="$(echo ${AVAILABLE_PLATFORMS})" -[ -z "${DY_TARGET}" ] && DY_TARGET="dey-image-qt" + +# Per-platform data +while read _pl _tgt; do + [ -n "${DY_TARGET}" ] && _tgt="${DY_TARGET}" || true + eval "${_pl}_tgt=\"${_tgt}\"" +done<<-_EOF_ + ccardimx28js dey-image-qt + ccimx6sbc dey-image-qt + ccimx6ulstarter core-image-base +_EOF_ YOCTO_IMGS_DIR="${WORKSPACE}/images" YOCTO_INST_DIR="${WORKSPACE}/dey.$(echo ${DY_REVISION} | tr '/' '_')" @@ -133,6 +142,7 @@ fi # Create projects and build rm -rf ${YOCTO_IMGS_DIR} ${YOCTO_PROJ_DIR} for platform in ${DY_PLATFORMS}; do + eval platform_targets="\${${platform}_tgt}" _this_prj_dir="${YOCTO_PROJ_DIR}/${platform}" _this_img_dir="${YOCTO_IMGS_DIR}/${platform}" mkdir -p ${_this_img_dir} ${_this_prj_dir} @@ -151,8 +161,8 @@ for platform in ${DY_PLATFORMS}; do if [ "${DY_FB_IMAGE}" = "true" ]; then printf "${X11_REMOVAL_CFG}" >> conf/local.conf fi - for target in ${DY_TARGET}; do - printf "\n[INFO] Building the $target target.\n" + for target in ${platform_targets}; do + printf "\n[INFO] Building the ${target} target.\n" time bitbake ${target} done purge_sstate From a47838ddc86326c6a794d37af871ed580583193e Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Mon, 22 Aug 2016 15:11:53 +0200 Subject: [PATCH 04/66] meta-digi-arm: remove APM machine feature APM is an ancient power management API mainly for x86. There is an optional emulation layer for ARM, but none of our platforms is using it, so just remove the machine feature. https://jira.digi.com/browse/DEL-2745 Signed-off-by: Isaac Hermida --- meta-digi-arm/conf/machine/include/imx-digi-base.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-arm/conf/machine/include/imx-digi-base.inc b/meta-digi-arm/conf/machine/include/imx-digi-base.inc index ffc4f2104..8fe73b975 100644 --- a/meta-digi-arm/conf/machine/include/imx-digi-base.inc +++ b/meta-digi-arm/conf/machine/include/imx-digi-base.inc @@ -68,7 +68,7 @@ EXTRA_IMAGEDEPENDS = "u-boot" KERNEL_IMAGETYPE = "uImage" -MACHINE_FEATURES = "apm usbgadget usbhost vfat alsa touchscreen" +MACHINE_FEATURES = "usbgadget usbhost vfat alsa touchscreen" # Add the ability to specify _imx machines MACHINEOVERRIDES =. "imx:" From 1baa4c2b38f21964fb2dc8d91bf33a65fa6fa577 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 25 Aug 2016 10:58:30 +0200 Subject: [PATCH 05/66] ccimx6ul: defconfig: add bridge support for ccimx6ul https://jira.digi.com/browse/DEL-2923 Signed-off-by: Isaac Hermida --- .../recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig index ed1c6ddd4..8c6180d66 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig @@ -54,6 +54,7 @@ CONFIG_IP_PNP_DHCP=y # CONFIG_INET_XFRM_MODE_BEET is not set # CONFIG_INET_LRO is not set CONFIG_IPV6=y +CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y CONFIG_LLC2=y CONFIG_CAN=y From d3dbf9399ad3d9ee1c0e95eef0a371338882c45a Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 25 Aug 2016 12:09:18 +0200 Subject: [PATCH 06/66] conf: machine: add support for ccimx6ulsbc platform Add initial support for Digi's ConnectCore 6UL SBC. https://jira.digi.com/browse/DEL-2925 Signed-off-by: Isaac Hermida --- meta-digi-arm/conf/machine/ccimx6ulsbc.conf | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 meta-digi-arm/conf/machine/ccimx6ulsbc.conf diff --git a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf new file mode 100644 index 000000000..c3c7364a2 --- /dev/null +++ b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf @@ -0,0 +1,28 @@ +#@TYPE: Machine +#@NAME: SBC for ConnectCore for i.MX6UL +#@DESCRIPTION: Machine configuration for Digi's ConnectCore 6UL SBC. + +# Include the machine configuration for Digi's ConnectCore 6UL. +include conf/machine/include/ccimx6ul.inc + +# U-Boot configurations +# Last one is the default (the one the symlinks point at) +UBOOT_CONFIG ??= "ccimx6ulsbc" +UBOOT_CONFIG[ccimx6ulsbc] = "ccimx6ulsbc_defconfig" + +KERNEL_DEVICETREE ?= " \ + imx6ul-ccimx6ulsbc.dtb \ + imx6ul-ccimx6ulsbc-wb.dtb \ + imx6ul-ccimx6ulsbc-id135.dtb \ +" + +SERIAL_CONSOLES = "115200;ttymxc4" + +# Bluetooth tty +BT_TTY ?= "ttymxc0" + +# U-Boot script to be copied to the boot image +BOOT_SCRIPTS = "boot.scr:boot.scr" + +# Flash image types +IMAGE_FSTYPES ?= "tar.bz2 ubifs boot.ubifs" From b952cdce8ba72b8c27898c2554669eab69328ecd Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 25 Aug 2016 12:10:17 +0200 Subject: [PATCH 07/66] ccimx6ulsbc: add U-Boot scripts for deploying and booting the system - boot.txt Sets the device tree filename basing on the SOM variant read from the HWID and boots from NAND. - install_linux_fw_sd Deploys a full system (as generated by Digi Embedded Yocto) from a FAT formatted micro SD card into the NAND flash. https://jira.digi.com/browse/DEL-2925 Signed-off-by: Isaac Hermida --- .../u-boot-dey-2015.04/ccimx6ulsbc/boot.txt | 23 ++++ .../ccimx6ulsbc/install_linux_fw_sd.txt | 105 ++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt create mode 100644 meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt new file mode 100644 index 000000000..a69bc6c18 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt @@ -0,0 +1,23 @@ +# +# U-Boot bootscript for NAND images created by Yocto. +# + +# +# Set device tree filename depending on the board ID (if defined) +# +if test -n "${board_id}"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc-id${board_id}.dtb +else + # + # Set device tree filename depending on the hardware variant + # + if test "${module_variant}" = "0x02"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc-wb.dtb + elif test "${module_variant}" = "0x03"; then + setenv fdt_file zImage-imx6ul-ccimx6ulsbc.dtb + else + echo "------ Using default fdt_file: $fdt_file" + fi +fi + +dboot linux nand diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt new file mode 100644 index 000000000..4f21df3b1 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt @@ -0,0 +1,105 @@ +# +# U-Boot script for installing Linux images created by Yocto from the micro SD +# card into the NAND +# + +echo "############################################################" +echo "# Linux firmware install from micro SD #" +echo "############################################################" +echo "" +echo " This process will erase your NAND and will install a new" +echo " U-Boot and Linux firmware images on the NAND." +echo "" +echo " Press CTRL+C now if you wish to abort or wait 10 seconds" +echo " to continue." + +sleep 10 +if test $? -eq 1; then + echo "Aborted by user."; + exit; +fi + +setenv INSTALL_MMCDEV 0 +setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6ulsbc.imx +setenv INSTALL_LINUX_FILENAME core-image-base-ccimx6ulsbc.boot.ubifs +setenv INSTALL_ROOTFS_FILENAME core-image-base-ccimx6ulsbc.ubifs + +# Check for presence of firmware files on the SD card +for install_f in ${INSTALL_UBOOT_FILENAME} ${INSTALL_LINUX_FILENAME} ${INSTALL_ROOTFS_FILENAME}; do + if test ! -e mmc ${INSTALL_MMCDEV}:1 ${install_f}; then + echo "ERROR: Could not find file ${install_f}"; + install_abort=1; + fi; +done +if test -n "${install_abort}"; then + echo "Aborted."; + exit; +fi + +# Skip user confirmation for U-Boot update +setenv forced_update 1 + +# Set bootdelay to zero so that firmware update is run immediately after +# the first reset. +setenv bootdelay 0 + +# Update U-Boot +echo "" +echo "" +echo ">> Installing U-Boot boot loader (target will reset)" +echo "" +echo "" +update uboot mmc ${INSTALL_MMCDEV} fat ${INSTALL_UBOOT_FILENAME} +if test $? -eq 1; then + echo "[ERROR] Failed to update U-Boot boot loader!"; + echo ""; + echo "Aborted."; + exit; +fi + +# Set 'bootcmd' to the second part of the script that will +# - Reset environment to defaults +# - Save the environment +# - Update the 'linux' partition +# - Update the 'rootfs' partition +# - Reset the system and let it boot +setenv bootcmd " + env default -a; + saveenv; + echo \"\"; + echo \"\"; + echo \">> Installing Linux kernel and device tree files\"; + echo \"\"; + echo \"\"; + update linux mmc ${INSTALL_MMCDEV} fat ${INSTALL_LINUX_FILENAME}; + if test \$? -eq 1; then + echo \"[ERROR] Failed to update linux partition!\"; + echo \"\"; + echo \"Aborted.\"; + exit; + fi; + echo \"\"; + echo \"\"; + echo \">> Installing Linux root file system\"; + echo \"\"; + echo \"\"; + update rootfs mmc ${INSTALL_MMCDEV} fat ${INSTALL_ROOTFS_FILENAME}; + if test \$? -eq 1; then + echo \"[ERROR] Failed to update rootfs partition!\"; + echo \"\"; + echo \"Aborted.\"; + exit; + fi; + echo \"\"; + echo \"#######################\"; + echo \"# Install complete! #\"; + echo \"#######################\"; + echo \"\"; + sleep 1; + echo \">> Restarting the system\"; + sleep 1; + reset; +" + +saveenv +reset From b2d6231d88b2ab7737278e1b558071ef1e3d6b1b Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 25 Aug 2016 12:52:20 +0200 Subject: [PATCH 08/66] sdk: add ccimx6ulsbc support https://jira.digi.com/browse/DEL-2925 Signed-off-by: Isaac Hermida --- sdk/config/ccimx6ulsbc/bblayers.conf.sample | 25 ++ sdk/config/ccimx6ulsbc/conf-notes.txt | 6 + sdk/config/ccimx6ulsbc/local.conf.sample | 256 ++++++++++++++++++++ 3 files changed, 287 insertions(+) create mode 100644 sdk/config/ccimx6ulsbc/bblayers.conf.sample create mode 100644 sdk/config/ccimx6ulsbc/conf-notes.txt create mode 100644 sdk/config/ccimx6ulsbc/local.conf.sample diff --git a/sdk/config/ccimx6ulsbc/bblayers.conf.sample b/sdk/config/ccimx6ulsbc/bblayers.conf.sample new file mode 100644 index 000000000..0647c0d8d --- /dev/null +++ b/sdk/config/ccimx6ulsbc/bblayers.conf.sample @@ -0,0 +1,25 @@ +# LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf +# changes incompatibly +LCONF_VERSION = "6" + +BBPATH = "${TOPDIR}" +BBFILES ?= "" + +BBLAYERS ?= " \ + ##OEROOT##/meta \ + ##OEROOT##/meta-yocto \ + ##OEROOT##/meta-yocto-bsp \ + ##DIGIBASE##/meta-openembedded/meta-oe \ + ##DIGIBASE##/meta-openembedded/meta-python \ + ##DIGIBASE##/meta-openembedded/meta-networking \ + ##DIGIBASE##/meta-openembedded/meta-webserver \ + ##DIGIBASE##/meta-qt5 \ + ##DIGIBASE##/meta-fsl-arm \ + ##DIGIBASE##/meta-fsl-demos \ + ##DIGIBASE##/meta-digi/meta-digi-arm \ + ##DIGIBASE##/meta-digi/meta-digi-dey \ + " +BBLAYERS_NON_REMOVABLE ?= " \ + ##OEROOT##/meta \ + ##OEROOT##/meta-yocto \ + " diff --git a/sdk/config/ccimx6ulsbc/conf-notes.txt b/sdk/config/ccimx6ulsbc/conf-notes.txt new file mode 100644 index 000000000..6756fcb41 --- /dev/null +++ b/sdk/config/ccimx6ulsbc/conf-notes.txt @@ -0,0 +1,6 @@ +Digi Embedded Yocto provides the following image recipes: + + * core-image-base: A console-only image. + + Expansion of native core-image-base by including all the support for the + target device hardware like firmware files, rootfs customizations, etc. diff --git a/sdk/config/ccimx6ulsbc/local.conf.sample b/sdk/config/ccimx6ulsbc/local.conf.sample new file mode 100644 index 000000000..d8027ee34 --- /dev/null +++ b/sdk/config/ccimx6ulsbc/local.conf.sample @@ -0,0 +1,256 @@ +# +# This file is your local configuration file and is where all local user settings +# are placed. The comments in this file give some guide to the options a new user +# to the system might want to change but pretty much any configuration option can +# be set in this file. More adventurous users can look at local.conf.extended +# which contains other examples of configuration which can be placed in this file +# but new users likely won't need any of them initially. +# +# Lines starting with the '#' character are commented out and in some cases the +# default values are provided as comments to show people example syntax. Enabling +# the option is a question of removing the # character and making any change to the +# variable as required. + +# +# Machine Selection +# +# You need to select a specific machine to target the build with. There are a selection +# of emulated machines available which can boot and run in the QEMU emulator: +# +#MACHINE ?= "qemuarm" +#MACHINE ?= "qemuarm64" +#MACHINE ?= "qemumips" +#MACHINE ?= "qemuppc" +#MACHINE ?= "qemux86" +#MACHINE ?= "qemux86-64" +# +# There are also the following hardware board target machines included for +# demonstration purposes: +# +#MACHINE ?= "beaglebone" +#MACHINE ?= "genericx86" +#MACHINE ?= "genericx86-64" +#MACHINE ?= "mpc8315e-rdb" +#MACHINE ?= "edgerouter" +# +# This sets the default machine to be qemux86 if no other machine is selected: +#MACHINE ??= "qemux86" + +MACHINE = "ccimx6ulsbc" + +# +# Use Digi's internal git repositories +# +#DIGI_INTERNAL_GIT ?= "1" + +# +# Where to place downloads +# +# During a first build the system will download many different source code tarballs +# from various upstream projects. This can take a while, particularly if your network +# connection is slow. These are all stored in DL_DIR. When wiping and rebuilding you +# can preserve this directory to speed up this part of subsequent builds. This directory +# is safe to share between multiple builds on the same machine too. +# +# The default is a downloads directory under TOPDIR which is the build directory. +# +#DL_DIR ?= "${TOPDIR}/downloads" + +# +# Where to place shared-state files +# +# BitBake has the capability to accelerate builds based on previously built output. +# This is done using "shared state" files which can be thought of as cache objects +# and this option determines where those files are placed. +# +# You can wipe out TMPDIR leaving this directory intact and the build would regenerate +# from these files if no changes were made to the configuration. If changes were made +# to the configuration, only shared state files where the state was still valid would +# be used (done using checksums). +# +# The default is a sstate-cache directory under TOPDIR. +# +#SSTATE_DIR ?= "${TOPDIR}/sstate-cache" + +# +# Where to place the build output +# +# This option specifies where the bulk of the building work should be done and +# where BitBake should place its temporary files and output. Keep in mind that +# this includes the extraction and compilation of many applications and the toolchain +# which can use Gigabytes of hard disk space. +# +# The default is a tmp directory under TOPDIR. +# +#TMPDIR = "${TOPDIR}/tmp" + +# +# Default policy config +# +# The distribution setting controls which policy settings are used as defaults. +# The default value is fine for general Yocto project use, at least initially. +# Ultimately when creating custom policy, people will likely end up subclassing +# these defaults. +# +DISTRO ?= "dey" +# As an example of a subclass there is a "bleeding" edge policy configuration +# where many versions are set to the absolute latest code from the upstream +# source control systems. This is just mentioned here as an example, its not +# useful to most new users. +# DISTRO ?= "poky-bleeding" + +# +# Package Management configuration +# +# This variable lists which packaging formats to enable. Multiple package backends +# can be enabled at once and the first item listed in the variable will be used +# to generate the root filesystems. +# Options are: +# - 'package_deb' for debian style deb files +# - 'package_ipk' for ipk files are used by opkg (a debian style embedded package manager) +# - 'package_rpm' for rpm style packages +# E.g.: PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk" +# We default to rpm: +PACKAGE_CLASSES ?= "package_rpm" + +# +# SDK/ADT target architecture +# +# This variable specifies the architecture to build SDK/ADT items for and means +# you can build the SDK packages for architectures other than the machine you are +# running the build on (i.e. building i686 packages on an x86_64 host). +# Supported values are i686 and x86_64 +#SDKMACHINE ?= "i686" + +# +# Extra image configuration defaults +# +# The EXTRA_IMAGE_FEATURES variable allows extra packages to be added to the generated +# images. Some of these options are added to certain image types automatically. The +# variable can contain the following options: +# "dbg-pkgs" - add -dbg packages for all installed packages +# (adds symbol information for debugging/profiling) +# "dev-pkgs" - add -dev packages for all installed packages +# (useful if you want to develop against libs in the image) +# "ptest-pkgs" - add -ptest packages for all ptest-enabled packages +# (useful if you want to run the package test suites) +# "tools-sdk" - add development tools (gcc, make, pkgconfig etc.) +# "tools-debug" - add debugging tools (gdb, strace) +# "eclipse-debug" - add Eclipse remote debugging support +# "tools-profile" - add profiling tools (oprofile, exmap, lttng, valgrind) +# "tools-testapps" - add useful testing tools (ts_print, aplay, arecord etc.) +# "debug-tweaks" - make an image suitable for development +# e.g. ssh root access has a blank password +# There are other application targets that can be used here too, see +# meta/classes/image.bbclass and meta/classes/core-image.bbclass for more details. +# We default to enabling the debugging tweaks. +EXTRA_IMAGE_FEATURES = "debug-tweaks" + +# +# Additional image features +# +# The following is a list of additional classes to use when building images which +# enable extra features. Some available options which can be included in this variable +# are: +# - 'buildstats' collect build statistics +# - 'image-mklibs' to reduce shared library files size for an image +# - 'image-prelink' in order to prelink the filesystem image +# - 'image-swab' to perform host system intrusion detection +# NOTE: if listing mklibs & prelink both, then make sure mklibs is before prelink +# NOTE: mklibs also needs to be explicitly enabled for a given image, see local.conf.extended +# NOTE: image-prelink is currently broken due to problems with the prelinker. It is advised +# that you do NOT run the prelinker at this time. +USER_CLASSES ?= "buildstats image-mklibs" + +# +# Runtime testing of images +# +# The build system can test booting virtual machine images under qemu (an emulator) +# after any root filesystems are created and run tests against those images. To +# enable this uncomment this line. See classes/testimage(-auto).bbclass for +# further details. +#TEST_IMAGE = "1" +# +# Interactive shell configuration +# +# Under certain circumstances the system may need input from you and to do this it +# can launch an interactive shell. It needs to do this since the build is +# multithreaded and needs to be able to handle the case where more than one parallel +# process may require the user's attention. The default is iterate over the available +# terminal types to find one that works. +# +# Examples of the occasions this may happen are when resolving patches which cannot +# be applied, to use the devshell or the kernel menuconfig +# +# Supported values are auto, gnome, xfce, rxvt, screen, konsole (KDE 3.x only), none +# Note: currently, Konsole support only works for KDE 3.x due to the way +# newer Konsole versions behave +#OE_TERMINAL = "auto" +# By default disable interactive patch resolution (tasks will just fail instead): +PATCHRESOLVE = "noop" + +# +# Disk Space Monitoring during the build +# +# Monitor the disk space during the build. If there is less that 1GB of space or less +# than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully +# shutdown the build. If there is less that 100MB or 1K inodes, perform a hard abort +# of the build. The reason for this is that running completely out of space can corrupt +# files and damages the build in ways which may not be easily recoverable. +# It's necesary to monitor /tmp, if there is no space left the build will fail +# with very exotic errors. +BB_DISKMON_DIRS = "\ + STOPTASKS,${TMPDIR},1G,100K \ + STOPTASKS,${DL_DIR},1G,100K \ + STOPTASKS,${SSTATE_DIR},1G,100K \ + STOPTASKS,/tmp,100M,100K \ + ABORT,${TMPDIR},100M,1K \ + ABORT,${DL_DIR},100M,1K \ + ABORT,${SSTATE_DIR},100M,1K \ + ABORT,/tmp,10M,1K" + +# +# Shared-state files from other locations +# +# As mentioned above, shared state files are prebuilt cache data objects which can +# used to accelerate build time. This variable can be used to configure the system +# to search other mirror locations for these objects before it builds the data itself. +# +# This can be a filesystem directory, or a remote url such as http or ftp. These +# would contain the sstate-cache results from previous builds (possibly from other +# machines). This variable works like fetcher MIRRORS/PREMIRRORS and points to the +# cache locations to check for the shared objects. +# NOTE: if the mirror uses the same structure as SSTATE_DIR, you need to add PATH +# at the end as shown in the examples below. This will be substituted with the +# correct path within the directory structure. +#SSTATE_MIRRORS ?= "\ +#file://.* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \ +#file://.* file:///some/local/dir/sstate/PATH" + + +# +# Qemu configuration +# +# By default qemu will build with a builtin VNC server where graphical output can be +# seen. The two lines below enable the SDL backend too. By default libsdl-native will +# be built, if you want to use your host's libSDL instead of the minimal libsdl built +# by libsdl-native then uncomment the ASSUME_PROVIDED line below. +PACKAGECONFIG_append_pn-qemu-native = " sdl" +PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl" +#ASSUME_PROVIDED += "libsdl-native" + + +# CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to +# track the version of this file when it was generated. This can safely be ignored if +# this doesn't mean anything to you. +CONF_VERSION = "1" + +# +# Enable local PR server +# +PRSERV_HOST = "localhost:0" + +# +# Some libraries and packages are covered by Freescale EULA +# +#ACCEPT_FSL_EULA = "1" From 5444d3e8f82da5c3cb393baea294bfa916914a10 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 23 Aug 2016 10:35:56 +0200 Subject: [PATCH 09/66] recipes-connectivity: add hostapd functionality Do not autostart hostapd daemon on boot because because it will conflict with wpa-supplicant process and add a custom hostapd.conf file with WPA2-AES encryption. https://jira.digi.com/browse/DEL-2913 Signed-off-by: Isaac Hermida --- .../hostapd/hostapd-2.4/hostapd.conf | 17 +++++++++++++++++ .../hostapd/hostapd_2.4.bbappend | 9 +++++++++ 2 files changed, 26 insertions(+) create mode 100644 meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf new file mode 100644 index 000000000..69e69299f --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf @@ -0,0 +1,17 @@ +ctrl_interface=/var/run/hostapd +ctrl_interface_group=0 +interface=wlan0 +driver=nl80211 + +# WPA2-AES encryption +channel=5 +ssid=ap-wpa2aes +auth_algs=1 +wpa=2 +wpa_key_mgmt=WPA-PSK +wpa_pairwise=CCMP +wpa_passphrase=password-wpa2aes + +# OPEN encryption example, remove WPA2-AES setup +# channel=1 +# ssid=ap-open diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend index 8d98fa93c..b73ffc0cd 100644 --- a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend @@ -5,5 +5,14 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BP}:" # The recipe uses a different "$S" directory so point the patch to the hostapd # tarball directory. SRC_URI_append_ccimx6ul = " file://fix_num_probereq_cb_clearing.patch;patchdir=.." +SRC_URI += "file://hostapd.conf" + +do_install_append() { + # Overwrite the default hostapd.conf with our custom file + install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/hostapd.conf +} + +# Do not autostart hostapd daemon, it will conflict with wpa-supplicant. +INITSCRIPT_PARAMS = "remove" PACKAGE_ARCH = "${MACHINE_ARCH}" From d3f1b0b18a803cd9557dae96163e6503a8f40f02 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 23 Aug 2016 10:45:27 +0200 Subject: [PATCH 10/66] meta-digi-dey: init-ifupdown: add commented code for softAP example Add commented lines as example to configure and run the wlan0 interface in AP mode using hostapd daemon. https://jira.digi.com/browse/DEL-2913 Signed-off-by: Isaac Hermida --- .../init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp | 2 ++ .../init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static | 2 ++ 2 files changed, 4 insertions(+) diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp index 09dbf5468..f30df5d98 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp @@ -4,3 +4,5 @@ iface wlan0 inet dhcp udhcpc_opts -b wpa-driver ##WPA_DRIVER## wpa-conf /etc/wpa_supplicant.conf + # post-up /etc/init.d/hostapd start + # pre-down /etc/init.d/hostapd stop diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static index 7f7a11459..ddb10dd87 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static @@ -7,3 +7,5 @@ iface wlan0 inet static dns-nameservers ##WLAN0_STATIC_DNS## wpa-driver ##WPA_DRIVER## wpa-conf /etc/wpa_supplicant.conf + # post-up /etc/init.d/hostapd start + # pre-down /etc/init.d/hostapd stop From 51415b9e12ea4f5c59c5189a6076c66d7872c8af Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Mon, 22 Aug 2016 16:04:20 +0200 Subject: [PATCH 11/66] meta-digi: dey-wireless: add hostapd to the list of packages for ccimx6ul https://jira.digi.com/browse/DEL-2913 Signed-off-by: Isaac Hermida --- .../packagegroups/packagegroup-dey-wireless.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb b/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb index 0ab84684a..0ddf4d9b6 100644 --- a/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb +++ b/meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb @@ -16,3 +16,5 @@ RDEPENDS_${PN} = "\ wpa-supplicant-cli \ wpa-supplicant-passphrase \ " + +RDEPENDS_${PN}_append_ccimx6ul = " hostapd" From 3a2c35d85017aa38921604572cc26e945597f838 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 23 Aug 2016 17:53:58 +0200 Subject: [PATCH 12/66] meta-digi: meta-digi-arm: add environment encryption support to fw_* utils This patch adds the functionality to automatically detect if the enviroment is encrypted (through the device tree). If it is, the environment is encrypted and decrypted as required in a transparent way for the user. https://jira.digi.com/browse/DEL-2836 Signed-off-by: Diaz de Grenu, Jose --- ...ent-support-for-environment-encrypti.patch | 301 ++++++++++++++++++ ...upport-to-unlock-emmc-boot-partition.patch | 6 +- .../u-boot/u-boot-fw-utils_%.bbappend | 5 +- 3 files changed, 308 insertions(+), 4 deletions(-) create mode 100644 meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch new file mode 100644 index 000000000..922ca71d6 --- /dev/null +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch @@ -0,0 +1,301 @@ +From: "Diaz de Grenu, Jose" +Date: Tue, 23 Aug 2016 13:05:05 +0200 +Subject: [PATCH] tools: env: implement support for environment encryption by + CAAM + +https://jira.digi.com/browse/DEL-2836 + +Signed-off-by: Diaz de Grenu, Jose +--- + configs/sandbox_defconfig | 1 + + tools/env/Makefile | 2 +- + tools/env/caam_keyblob.h | 45 +++++++++++++++ + tools/env/fw_env.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 187 insertions(+), 1 deletion(-) + create mode 100644 tools/env/caam_keyblob.h + +diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig +index 598519dbb2fc..81dd4d445c0e 100644 +--- a/configs/sandbox_defconfig ++++ b/configs/sandbox_defconfig +@@ -44,3 +44,4 @@ CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y + CONFIG_UT_ENV=y ++CONFIG_MD5=y +diff --git a/tools/env/Makefile b/tools/env/Makefile +index 40164f7a35fa..de4766ddf8dd 100644 +--- a/tools/env/Makefile ++++ b/tools/env/Makefile +@@ -25,7 +25,7 @@ hostprogs-y := fw_printenv + + fw_printenv-objs := fw_env.o fw_env_main.o \ + crc32.o ctype.o linux_string.o \ +- env_attr.o env_flags.o aes.o ++ env_attr.o env_flags.o aes.o ../../lib/md5.o + + quiet_cmd_crosstools_strip = STRIP $^ + cmd_crosstools_strip = $(STRIP) $^; touch $@ +diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h +new file mode 100644 +index 000000000000..1e33b3f01a05 +--- /dev/null ++++ b/tools/env/caam_keyblob.h +@@ -0,0 +1,45 @@ ++/* ++ * CAAM public-level include definitions for the key blob ++ * ++ * Copyright (C) 2015 Freescale Semiconductor, Inc. ++ */ ++ ++#ifndef CAAM_KEYBLOB_H ++#define CAAM_KEYBLOB_H ++ ++ ++#include ++#include ++ ++struct caam_kb_data { ++ char *rawkey; ++ size_t rawkey_len; ++ char *keyblob; ++ size_t keyblob_len; ++ char *keymod; ++ size_t keymod_len; ++}; ++ ++ ++#define CAAM_KB_MAGIC 'I' ++ ++/** ++ * DOC: CAAM_KB_ENCRYPT - generate a key blob from raw key ++ * ++ * Takes an caam_kb_data struct and returns it with the key blob ++ */ ++#define CAAM_KB_ENCRYPT _IOWR(CAAM_KB_MAGIC, 0, \ ++ struct caam_kb_data) ++ ++/** ++ * DOC: CAAM_KB_DECRYPT - get keys from a key blob ++ * ++ * Takes an caam_kb_data struct and returns it with the raw key. ++ */ ++#define CAAM_KB_DECRYPT _IOWR(CAAM_KB_MAGIC, 1, struct caam_kb_data) ++ ++#ifndef GENMEM_KEYMOD_LEN ++#define GENMEM_KEYMOD_LEN 16 ++#endif ++ ++#endif /* CAAM_KEYBLOB_H */ +\ No newline at end of file +diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c +index daa02a760e37..09f06c874b17 100644 +--- a/tools/env/fw_env.c ++++ b/tools/env/fw_env.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + #include + + #ifdef MTD_OLD +@@ -31,10 +32,19 @@ + # include + #endif + ++#include "caam_keyblob.h" + #include "fw_env.h" + + #include + ++/* ++ * The BLOB includes a random AES-256 key (32 bytes) and a ++ * Message Authentication Code (MAC) (16 bytes) ++ */ ++#define BLOB_OVERHEAD 48 ++#define CAAM_KEY_DEV "/dev/caam_kb" ++ ++#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) + + #define WHITESPACE(c) ((c == '\t') || (c == ' ')) +@@ -109,6 +119,8 @@ static int aes_flag; + static uint8_t aes_key[AES_KEY_LENGTH] = { 0 }; + static int env_aes_cbc_crypt(char *data, const int enc); + ++static int caam_encryption_flag; ++ + static int HaveRedundEnv = 0; + + static unsigned char active_flag = 1; +@@ -236,6 +248,103 @@ static int parse_aes_key(char *key) + return 0; + } + ++static void check_caam_encryption(void) ++{ ++ const char *dt_prop = "/proc/device-tree/digi,uboot-env,encrypted"; ++ ++ if (access(dt_prop, F_OK) != -1) ++ caam_encryption_flag = 1; ++} ++ ++static int env_caam_get_keymod(unsigned char output[16]) ++{ ++ int i; ++ int len; ++ int fd; ++ char buff[32]; ++ uint32_t ocotp_hwid[2]; ++ const char *ocotp_hwid_file[2] = { ++ "/sys/fsl_otp/HW_OCOTP_MAC0", ++ "/sys/fsl_otp/HW_OCOTP_MAC1" ++ }; ++ ++ for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) { ++ fd = open(ocotp_hwid_file[i], O_RDONLY); ++ if (fd < 0) ++ return fd; ++ len = read(fd, buff, sizeof(buff)); ++ if (len < 0) { ++ close(fd); ++ return -1; ++ } ++ /* drop last character (new line) */ ++ buff[len - 1] = '\0'; ++ ocotp_hwid[i] = strtoul(buff, NULL, 0); ++ close(fd); ++ } ++ ++ md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output); ++ ++ return 0; ++} ++ ++static int env_caam_crypt(char *data, const int enc) ++{ ++ struct caam_kb_data enc_data; ++ int fd; ++ int ret = 0; ++ const int len = getenvsize(); ++ int ioctl_mode; ++ char *buffer; ++ unsigned char key_modifier[16]; ++ ++ ret = env_caam_get_keymod(key_modifier); ++ if (ret) ++ return ret; ++ ++ enc_data.keymod = (char *)key_modifier; ++ enc_data.keymod_len = sizeof(key_modifier); ++ ++ enc_data.keyblob_len = len; ++ enc_data.rawkey_len = len - BLOB_OVERHEAD; ++ ++ buffer = malloc(len); ++ if (!buffer) { ++ printf("Could not allocate memory\n"); ++ return -1; ++ } ++ ++ if (enc) { ++ enc_data.rawkey = data; ++ ioctl_mode = CAAM_KB_ENCRYPT; ++ enc_data.keyblob = buffer; ++ } else { ++ enc_data.keyblob = data; ++ ioctl_mode = CAAM_KB_DECRYPT; ++ enc_data.rawkey = buffer; ++ } ++ ++ if ((fd = open(CAAM_KEY_DEV, O_RDWR)) < 0) { ++ ret = fd; ++ goto free; ++ } ++ ++ ret = ioctl(fd, ioctl_mode, &enc_data); ++ if (ret) { ++ printf("CAAM_KEY_DEV ioctl failed: %d\n", ret); ++ goto out; ++ } ++ ++ memcpy(data, buffer, len); ++ ++out: ++ close(fd); ++free: ++ free(buffer); ++ ++ return ret; ++} ++ + /* + * Print the current definition of one, or more, or all + * environment variables +@@ -259,6 +368,8 @@ int fw_printenv (int argc, char *argv[]) + argc -= 2; + } + ++ check_caam_encryption(); ++ + if (fw_env_open()) + return -1; + +@@ -334,6 +445,15 @@ int fw_env_close(void) + } + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(environment.data, 1); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't encrypt env for flash\n"); ++ return ret; ++ } ++ } ++ + /* + * Update CRC + */ +@@ -504,6 +624,8 @@ int fw_setenv(int argc, char *argv[]) + argc -= 2; + } + ++ check_caam_encryption(); ++ + if (argc < 2) { + errno = EINVAL; + return -1; +@@ -1229,6 +1351,15 @@ int fw_env_open(void) + return ret; + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(environment.data, 0); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't decrypt environment\n"); ++ return ret; ++ } ++ } ++ + crc0_ok = (crc0 == *environment.crc); + if (!HaveRedundEnv) { + if (!crc0_ok) { +@@ -1286,6 +1417,15 @@ int fw_env_open(void) + return ret; + } + ++ if (caam_encryption_flag) { ++ ret = env_caam_crypt(redundant->data, 0); ++ if (ret) { ++ fprintf(stderr, ++ "Error: can't decrypt environment\n"); ++ return ret; ++ } ++ } ++ + crc1_ok = (crc1 == redundant->crc); + flag1 = redundant->flags; + diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch index e283118ee..f1c50aa56 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch @@ -8,10 +8,10 @@ Signed-off-by: Javier Viguera 1 file changed, 33 insertions(+) diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index 698fe5181bc0..d7e61a467e73 100644 +index 09f06c874b17..ae6c69eca0ad 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c -@@ -1097,6 +1097,27 @@ static int flash_read (int fd) +@@ -1218,6 +1218,27 @@ static int flash_read (int fd) return 0; } @@ -39,7 +39,7 @@ index 698fe5181bc0..d7e61a467e73 100644 static int flash_io (int mode) { int fd_current, fd_target, rc, dev_target; -@@ -1129,8 +1150,20 @@ static int flash_io (int mode) +@@ -1250,8 +1271,20 @@ static int flash_io (int mode) fd_target = fd_current; } diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend index 89240d47b..028c6f255 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend @@ -2,7 +2,10 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" -SRC_URI += "file://fw_env.config" +SRC_URI += " \ + file://fw_env.config \ + file://0001-tools-env-implement-support-for-environment-encrypti.patch \ +" SRC_URI_append_ccimx6 = " file://0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch" # We do not have a platform defconfig in this version of u-boot, so just use the generic From c59a5e6214be9573a5752aeddac6c43878ac5494 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 24 Aug 2016 12:50:23 +0200 Subject: [PATCH 13/66] Revert "meta-digi-arm: Exclude u-boot-fw-utils if U-Boot environment encryption is" This reverts commit b8f50680e540fc83c3c162cb81469956209bc408. The support to read and write to an encrypted environment has been added, so there is no need to exclude the u-boot-fw-utils anymore. https://jira.digi.com/browse/DEL-2836 Signed-off-by: Diaz de Grenu, Jose --- README.md | 3 --- meta-digi-arm/conf/machine/include/ccimx6.inc | 2 +- meta-digi-arm/conf/machine/include/ccimx6ul.inc | 2 +- .../recipes-core/packagegroups/packagegroup-dey-core.bb | 2 -- 4 files changed, 2 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ac8efaf71..a49edea04 100644 --- a/README.md +++ b/README.md @@ -93,9 +93,6 @@ Documentation is available online on the Digi documentation site: This is a list of known issues and limitations at the time of release. An updated list can be found on the online documentation. -* When using the TrustFence (TM) U-Boot environment encryption, access to the -U-Boot environment from the Linux OS is not supported. - ## Digi ConnectCore 6UL * In the Bluetooth interface, the UART hardware flow control doesn’t work diff --git a/meta-digi-arm/conf/machine/include/ccimx6.inc b/meta-digi-arm/conf/machine/include/ccimx6.inc index 2d73b7725..b0d4e2a7c 100644 --- a/meta-digi-arm/conf/machine/include/ccimx6.inc +++ b/meta-digi-arm/conf/machine/include/ccimx6.inc @@ -27,7 +27,7 @@ MACHINE_EXTRA_RDEPENDS += " \ e2fsprogs-mke2fs \ e2fsprogs-resize2fs \ parted \ - ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \ + u-boot-fw-utils \ " MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module rng-tools" diff --git a/meta-digi-arm/conf/machine/include/ccimx6ul.inc b/meta-digi-arm/conf/machine/include/ccimx6ul.inc index 1b4302fe7..e8aa9ce89 100644 --- a/meta-digi-arm/conf/machine/include/ccimx6ul.inc +++ b/meta-digi-arm/conf/machine/include/ccimx6ul.inc @@ -22,7 +22,7 @@ MACHINE_FIRMWARE ?= "" MACHINE_EXTRA_RDEPENDS += " \ imx-kobs \ mtd-utils-ubifs \ - ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \ + u-boot-fw-utils \ " MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module" diff --git a/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb b/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb index ecacb5581..7b6c6baa7 100644 --- a/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb +++ b/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb @@ -55,5 +55,3 @@ RRECOMMENDS_${PN} = "\ ${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \ ${MACHINE_EXTRA_RRECOMMENDS} \ " - -do_package[vardeps] = "TRUSTFENCE_ENCRYPT_ENVIRONMENT" From a63030f4fd3fcc531f2e16728ee4d07f345c14c6 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Wed, 24 Aug 2016 18:50:39 +0200 Subject: [PATCH 14/66] meta-digi-dey: bump distro version to 2.0-r4 Signed-off-by: Javier Viguera --- README.md | 6 +++++- meta-digi-dey/conf/distro/dey.conf | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a49edea04..903fd3653 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Digi Embedded Yocto (DEY) 2.0 -## Release 2.0-r3 +## Release 2.0-r4 This document provides information about Digi Embedded Yocto, Digi International's professional embedded Yocto development environment. @@ -59,6 +59,10 @@ Documentation is available online on the Digi documentation site: # Release Changelog +## 2.0-r4 + +* TBC + ## 2.0-r3 * Support for the new Digi ConnectCore 6UL System-On-Module and Starter Kit diff --git a/meta-digi-dey/conf/distro/dey.conf b/meta-digi-dey/conf/distro/dey.conf index 83b9a1377..a0ea01dd9 100644 --- a/meta-digi-dey/conf/distro/dey.conf +++ b/meta-digi-dey/conf/distro/dey.conf @@ -1,6 +1,6 @@ DISTRO = "dey" DISTRO_NAME = "Digi Embedded Yocto" -DISTRO_VERSION = "2.0-r3" +DISTRO_VERSION = "2.0-r4" DISTRO_CODENAME = "jethro" SDK_VENDOR = "-deysdk" SDK_VERSION := "${@'${DISTRO_VERSION}'}" From fb656a8ed10e6d8b1e2da3e8d1430af213abdb77 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Tue, 30 Aug 2016 17:46:00 +0200 Subject: [PATCH 15/66] build.sh: support 'ccimx6ulsbc' platform https://jira.digi.com/browse/DEL-2928 Signed-off-by: Javier Viguera --- sdk/build-github.sh | 3 ++- sdk/build.sh | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/sdk/build-github.sh b/sdk/build-github.sh index 95aa7ef40..e544b1cf3 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -22,7 +22,7 @@ set -e -AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc ccimx6ulstarter" +AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc ccimx6ulsbc ccimx6ulstarter" MANIFEST_URL="https://github.com/digi-embedded/dey-manifest.git" @@ -106,6 +106,7 @@ while read _pl _tgt; do done<<-_EOF_ ccardimx28js dey-image-qt ccimx6sbc dey-image-qt + ccimx6ulsbc core-image-base ccimx6ulstarter core-image-base _EOF_ diff --git a/sdk/build.sh b/sdk/build.sh index ba4533982..99c09da3f 100755 --- a/sdk/build.sh +++ b/sdk/build.sh @@ -152,6 +152,7 @@ while read _pl _var _tgt; do done<<-_EOF_ ccardimx28js - e w wb web web1 dey-image-qt ccimx6sbc DONTBUILDVARIANTS dey-image-qt + ccimx6ulsbc DONTBUILDVARIANTS core-image-base ccimx6ulstarter DONTBUILDVARIANTS core-image-base _EOF_ From ab5f50e16acfa0d2cd46cca920337a2b3bd769f4 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Mon, 29 Aug 2016 19:32:23 +0200 Subject: [PATCH 16/66] meta-digi: trailing whitespace cleanup Signed-off-by: Javier Viguera --- meta-digi-arm/conf/machine/ccardimx28js.conf | 2 +- .../firmware-qualcomm/wlan/qcom_cfg.ini | 10 +++++----- .../trustfence-cst/trustfence-cst-2.3.2/Makefile | 2 +- .../recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend | 2 +- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 4 ++-- meta-digi-arm/scripts/templates/sign_uimage | 2 +- meta-digi-arm/scripts/trustfence-sign-uimage.sh | 4 ++-- meta-digi-dey/classes/trustfence.bbclass | 2 +- meta-digi-dey/conf/distro/dey.conf | 4 ++-- .../modemmanager/modemmanager-1.4.12/cellularifupdown | 4 ++-- .../dey-examples/files/alsa_test/alsa_test.c | 8 ++++---- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/meta-digi-arm/conf/machine/ccardimx28js.conf b/meta-digi-arm/conf/machine/ccardimx28js.conf index 85bda517c..7f7582489 100644 --- a/meta-digi-arm/conf/machine/ccardimx28js.conf +++ b/meta-digi-arm/conf/machine/ccardimx28js.conf @@ -1,6 +1,6 @@ #@TYPE: Machine #@NAME: ConnectCore for MX28 JumpStart Kit. -#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK. +#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK. include conf/machine/include/ccardimx28.inc diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini index da41d3e05..fff4052f0 100644 --- a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini +++ b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini @@ -11,7 +11,7 @@ gEnableIdleScan=0 # Increase sleep duration (seconds) during IMPS -# 0 implies no periodic wake up from IMPS. Periodic wakeup is +# 0 implies no periodic wake up from IMPS. Periodic wakeup is # unnecessary if Idle Scan is disabled. gImpsModSleepTime=0 @@ -106,7 +106,7 @@ gNeighborLookupThreshold=76 gNeighborReassocThreshold=81 #Check if the AP to which we are roaming is better than current AP in terms of RSSI. -#Checking is disabled if set to Zero.Otherwise it will use this value as to how better +#Checking is disabled if set to Zero.Otherwise it will use this value as to how better #the RSSI of the new/roamable AP should be for roaming RoamRssiDiff=3 @@ -162,7 +162,7 @@ gApAutoChannelSelection=0 gEnablePhyAgcListenMode=128 -#SOFTAP Channel Range selection +#SOFTAP Channel Range selection gAPChannelSelectStartChannel=1 @@ -241,7 +241,7 @@ gVhtTxMCS2x2=2 gSetTxChainmask1x1=1 gSetRxChainmask1x1=1 -# 1=enable STBC; 0=disable STBC +# 1=enable STBC; 0=disable STBC gEnableRXSTBC=1 # 1=enable tx STBC; 0=disable @@ -250,7 +250,7 @@ gEnableTXSTBC=1 # 1=enable rx LDPC; 0=disable gEnableRXLDPC=1 -#Enable Scan Results Aging based on timer +#Enable Scan Results Aging based on timer #Timer value is in seconds #If Set to 0 it will not enable the feature gScanAgingTime=0 diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile index ed9df8301..194718797 100644 --- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile +++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile @@ -11,7 +11,7 @@ OBJECTS = code/back_end/src/*.c HEADERS = code/back_end/hdr LIBS_PATH = linux64/lib -%.o: %.c +%.o: %.c $(CC) $(CFLAGS) -c $< -o $@ .PRECIOUS: $(TARGET) $(OBJECTS) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend index 028c6f255..e06cfdfc9 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend @@ -4,7 +4,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" SRC_URI += " \ file://fw_env.config \ - file://0001-tools-env-implement-support-for-environment-encrypti.patch \ + file://0001-tools-env-implement-support-for-environment-encrypti.patch \ " SRC_URI_append_ccimx6 = " file://0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index a7717b203..da30d219e 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -27,7 +27,7 @@ KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}" # In order to sign and encrypt the uImage, we need to know the address # in which U-Boot loads the uImage. This is CONFIG_LOADADDR in U-Boot -# configuration file. +# configuration file. UBOOT_CONFIG_LOADADDR = "" UBOOT_CONFIG_LOADADDR_ccimx6 = "0x12000000" UBOOT_CONFIG_LOADADDR_ccimx6ul = "0x80800000" @@ -40,7 +40,7 @@ do_deploy_append() { [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" "${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" - fi + fi (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) } diff --git a/meta-digi-arm/scripts/templates/sign_uimage b/meta-digi-arm/scripts/templates/sign_uimage index c30420a9f..f3b198be2 100644 --- a/meta-digi-arm/scripts/templates/sign_uimage +++ b/meta-digi-arm/scripts/templates/sign_uimage @@ -11,7 +11,7 @@ File = "%srk_table%" Source index = %key_index% - + [Install CSFK] File = "%cert_csf%" diff --git a/meta-digi-arm/scripts/trustfence-sign-uimage.sh b/meta-digi-arm/scripts/trustfence-sign-uimage.sh index 12beb31b8..c7832afc3 100755 --- a/meta-digi-arm/scripts/trustfence-sign-uimage.sh +++ b/meta-digi-arm/scripts/trustfence-sign-uimage.sh @@ -18,7 +18,7 @@ # CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated. # CONFIG_UIMAGE_LOADADDR: (mandatory) memory address in which U-Boot loads the uImage # CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0. -# CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate +# CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate # encrypted images # #=============================================================================== @@ -44,7 +44,7 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then echo "DEK not found. Generating random 256 bit DEK." [ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH}) dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 - fi + fi dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))" if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then echo "Invalid DEK size: ${dek_size} bits. Valid sizes are 128, 192 and 256 bits" diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 113ca14ff..c31bb2daf 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -51,7 +51,7 @@ python () { if (d.getVar("TRUSTFENCE_DEK_PATH") == "default"): d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin"); - + if (d.getVar("TRUSTFENCE_SIGN", True) == "1"): d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_SIGN_IMAGE=y ") if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True): diff --git a/meta-digi-dey/conf/distro/dey.conf b/meta-digi-dey/conf/distro/dey.conf index a0ea01dd9..db74c7149 100644 --- a/meta-digi-dey/conf/distro/dey.conf +++ b/meta-digi-dey/conf/distro/dey.conf @@ -114,9 +114,9 @@ SANITY_TESTED_DISTROS ?= " \ # Default hash policy for distro BB_SIGNATURE_HANDLER ?= 'OEBasicHash' # -# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in +# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in # an incompatible way. Such changes should usually be detailed in the commit -# that breaks the format and have been previously discussed on the mailing list +# that breaks the format and have been previously discussed on the mailing list # with general agreement from the core team. # OELAYOUT_ABI = "11" diff --git a/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown b/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown index a13d78ffd..3c1c1d3c7 100644 --- a/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown +++ b/meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown @@ -27,9 +27,9 @@ background_connect() { [ -n "${IF_PIN}" ] && ARGS="${ARGS},pin=${IF_PIN}" [ -n "${IF_USER}" ] && ARGS="${ARGS},user=${IF_USER}" - [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}" + [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}" [ -n "${IF_PORT}" ] && ARGS="${ARGS},number=*99#" - + # Enable the modem and connect to provider mmcli -m 0 --simple-connect=${ARGS} > /dev/null 2>&1 diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c b/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c index 465c9a692..58952865c 100644 --- a/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c +++ b/meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c @@ -57,7 +57,7 @@ int main(void) printf("Could't open PCM '%s': %s\n", device, snd_strerror(err)); return EXIT_FAILURE; } - + if ((err = snd_pcm_set_params(handle, PCM_TEST_FORMAT, SND_PCM_ACCESS_RW_INTERLEAVED, @@ -81,16 +81,16 @@ int main(void) err = EXIT_FAILURE; goto exit_close_pcm; } - + if (frames > 0 && frames < total_frames) printf("Short write (expected %li, wrote %li)\n", total_frames, frames); } err = EXIT_SUCCESS; - + exit_close_pcm: snd_pcm_close(handle); - + return err; } From c164c462f19dcfe9befcf99be99af0709bd5d0b6 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 1 Sep 2016 09:20:59 +0200 Subject: [PATCH 17/66] recipes-connectivity: hostapd-2.4: removing machine dependency The current applied patch is a backport of hostapd-2.5 so it is not any machine dependency. Signed-off-by: Isaac Hermida --- .../{ccimx6ul => }/fix_num_probereq_cb_clearing.patch | 0 .../recipes-connectivity/hostapd/hostapd_2.4.bbappend | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/{ccimx6ul => }/fix_num_probereq_cb_clearing.patch (100%) diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/ccimx6ul/fix_num_probereq_cb_clearing.patch b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/fix_num_probereq_cb_clearing.patch similarity index 100% rename from meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/ccimx6ul/fix_num_probereq_cb_clearing.patch rename to meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/fix_num_probereq_cb_clearing.patch diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend index b73ffc0cd..5233799ab 100644 --- a/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend @@ -4,8 +4,10 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BP}:" # The recipe uses a different "$S" directory so point the patch to the hostapd # tarball directory. -SRC_URI_append_ccimx6ul = " file://fix_num_probereq_cb_clearing.patch;patchdir=.." -SRC_URI += "file://hostapd.conf" +SRC_URI += " \ + file://fix_num_probereq_cb_clearing.patch;patchdir=.. \ + file://hostapd.conf \ +" do_install_append() { # Overwrite the default hostapd.conf with our custom file @@ -14,5 +16,3 @@ do_install_append() { # Do not autostart hostapd daemon, it will conflict with wpa-supplicant. INITSCRIPT_PARAMS = "remove" - -PACKAGE_ARCH = "${MACHINE_ARCH}" From 2cad47099d8643c6496809e110c101eaf37edc6c Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 1 Sep 2016 09:27:44 +0200 Subject: [PATCH 18/66] recipes-connectivity: hostapd-2.4: add defconfig with custom setup Copy of the original defconfig in hostapd-2.4 and enabling next options: - CONFIG_LIBNL32 - CONFIG_EAP_PSK - CONFIG_EAP_PWD - CONFIG_WPS - CONFIG_WPS_NFC - CONFIG_RADIUS_SERVER - CONFIG_IEEE80211N - CONFIG_IEEE80211AC - CONFIG_DEBUG_FILE This means that the hostapd binary will have support for that features, but it does not imply that the wireless chip does support it. https://jira.digi.com/browse/DEL-2936 Signed-off-by: Isaac Hermida --- .../hostapd/hostapd-2.4/defconfig | 316 ++++++++++++++++++ 1 file changed, 316 insertions(+) create mode 100644 meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig new file mode 100644 index 000000000..5da684480 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig @@ -0,0 +1,316 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +#CONFIG_DRIVER_WIRED=y + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +CONFIG_IEEE80211W=y + +# Integrated EAP server +CONFIG_EAP=y + +# EAP Re-authentication Protocol (ERP) in integrated EAP server +CONFIG_ERP=y + +# EAP-MD5 for the integrated EAP server +CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +CONFIG_EAP_PSK=y + +# EAP-pwd for the integrated EAP server (secure authentication with a password) +CONFIG_EAP_PWD=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +CONFIG_DEBUG_FILE=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +#CONFIG_ACS=y From 7b170b58ac0c664c9734972563420e48d14f67cc Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Thu, 1 Sep 2016 17:37:10 +0200 Subject: [PATCH 19/66] meta-digi-dey: add static libraries for core-image-base based SDK https://jira.digi.com/browse/DEL-2881 Signed-off-by: Javier Viguera --- meta-digi-dey/recipes-core/images/core-image-base.bbappend | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-digi-dey/recipes-core/images/core-image-base.bbappend b/meta-digi-dey/recipes-core/images/core-image-base.bbappend index 6c8a0fe9c..3e3caad29 100644 --- a/meta-digi-dey/recipes-core/images/core-image-base.bbappend +++ b/meta-digi-dey/recipes-core/images/core-image-base.bbappend @@ -12,5 +12,8 @@ IMAGE_FEATURES += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \ " +# SDK features (for toolchains generated from an image with populate_sdk) +SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs" + # Add our dey-image tweaks to the final image (like /etc/build info) inherit dey-image From b80f00f14af39637fd59ac0c546d623665841dc5 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Wed, 7 Sep 2016 12:32:26 +0200 Subject: [PATCH 20/66] recipes-bsp: firmware-qualcomm: sync BDF files to latest QCA release https://jira.digi.com/browse/DEL-3007 Signed-off-by: Isaac Hermida --- .../firmware-qualcomm/bdwlan30_US.bin | Bin 8124 -> 8124 bytes .../firmware-qualcomm/bdwlan30_World.bin | Bin 8124 -> 8124 bytes 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_US.bin index a46e1986183fa504c6c9eefb65035c4b7221b3cb..0f583c7139dd78be1205a2cc4cad41010b310ac5 100644 GIT binary patch delta 2380 zcma)5T~HI}8r}u51_6nrX;$4rbWtO+Eozl~w!rce_Tw*EL`>*+z#u<~2O+p>fe@C6 zRS!MZY~wjZ2-eQ@s?&=)UhK>nFV30iLa*SWE7cX9<<3(=m!A5F5 zG9_c_Q1(%3WA2*VD|ueM(jPE+pi2@Stfw|2vvOYnSWm6TVse*Mo88QO1r-6M-m1u? zGO=m76QtHNkLIR>eTpTOeVqDhY)bY?HQ9%m&E=V3mvW3&WFKo3>5$ynOlE!g3Lu9q zt%s?Hu^Fnhk;yJk2fLLc1zQgzQvtsuWH)I$ED08{Z3~=lL}uh3>1aVJXG?}bvZ-t& zCi|s23V{8`zPVV?uheI=U^piC77TA>HoxOp*w#z1!qgf9W%wZ3Rvt%L--Q;qpIq0xLqeji;l=~=vHQAPnABw;nG=~s;fb7kA%D0R39 z4)5g!`}2ZVsbHJXC7z=bPpQ}F#P@m2-~j%Z8oXvC%-b}X^Jo}PkZJXXu0aa->BN0# z5RZ^abw-~vlIEXyO&0uO5M9I(5>w|O>Q(cL-^6+&A0dYLhtOy~{+qx{^F6|VIE=>e z6>>ve(r+7|n``uppfNl}u5X_W2t*u1)A$BiQg7?`jWzR2zL(Zcl+ogZ{;6@#{7d>@ zJHP1`4%XBZZm09-Z&!WaM85w0iv#}N^m01?xq8=kH*)LuFHe7ZODfiq@$dw0@z^{& z=NCg`Qm3cNz3bJh^cpk25T2CUJQbc@^YQRF0QNkPT#QDfj@)N5PAm3s46R7Uqm#g^ zbni?iC}1xDi{XeQgR*Tl9vb(yxGVC&d|V4nNIs8)V`dY0#M{p8=5|}%b7p*=svMw< z0#M487J!@?3gBUH8@H>_WH}T80HmTzc*5Js?cw%V6>;cp0SV=GU^cFdYmyAoCDDX3 z?(N{pxpHfgB(-IA4|`j;yU&6x_$=efqD#u8S9bGuYjyxGd8Hh0c1aoY`asGWBwta= z*{fJ93480gy`JJ+N&1H}*Z3L} zzUd|I23xVMIGI$28;-jx^K}$BVJor~%`UtN47*R+N^B*`Wo6D?)gapcLp?+_e8q#f zYWtq~IamzxaNK`sr`~ecKIoK?CfxP*3VX$TJT%cz=h<&{N^9jVb}jwn|NdonY^Hy# zXnMNr7-Kd5fKV%n=rnF3ovL5IV2qd%-YM|nVI<4*I5|5)(_(Rg6 z_Uh-2KbRA|LpUG`=s5m>e57{hy~dz940?yeI&>1BCGBdrK41`YjIR>*Q{E}^q1q0- z^T6YT8u1v?PGCe@)h@l?7&0#bai4ey)!~!mtlFmc7y~BZT|hjF8gL_NQDr?~gv?Ri z4!nct7(PLe+NyU`-aEp(;t?=?hBT|4U^)oAy>IZ&fu6;C&*Euxx-bZGuL*V;IieE; ze@&r}rcf!k#2R!IHxMs0?lSs;_x5kn>Vp(U_yX^J;I-)3P|P8!mosRkYVkDtYl0FG z`_0fBjji}!7qoaokk$dQ7S(UZpNq9pct?B}9memGGitLg8v)RBY{&o6cKqdnQ>;cu zH2gkk1cw$e7k_S_)}DIko+>ON6)f-yv7Ur|7S>cIyiFU64J%;3|VRgI+w50}@ttb0es&N45xgae+Xe}Bm~er;zf*|O%R NPh8)!>9XqY{s+EEP0IiP delta 2527 zcma)6Z%h+s9KHilaey3Db>hvoKp%R>CJWxw~m1Kiw)C4Jkszvub= zp6B;m+J_YnD@q?0|MX)TO{Ht~6z#oCQ56FeMU|8^QdBXO23MM9GMFS!Z`I#ypsBBt zAJXffN>Phca%bAMw0i}B6%^mQw*;@H#l^*?rJo7D`u5<#Vsa>r*CuAir$fE&qpq!2 zX2)kkeQvL-U*76rfz0A5$|mDFgerO#dM+F=2y@sthB0?_aFxdZ}CElhqC>GRge z&WV}HPeQ%kMtQFV%uUYq_j-}Mb83EaA=2Zmm3I?heqNiL?T@t}xeSmwK!9T-ld1k# zy-yaV?h?Q!JFQvslXv>#-eYnp7`z?oaaX#EEZ}3Zh>RB*ogubtzj(vAyNWDwyQLQv zvHVV?#%HQv0wDMbyCZu=Fmo5o_~mj?Ux@UA;d0B?9Qa+{1pBR)cVQs;G`*0%mHcM? zZyMJsw2LuGMMKIJbwZyq=FQJIztAY2k~&eZ@~%3fUo&o+GhCCJ-p+-C*okE>TkNS>2Vq7yn zPu?cu*mA(~Tg-|8dNzEvvMAUx$f-!226CR$2dFOS_xNhF$4hl!bYN-(^${Dps z)88?M&1)cB3&J5=c#H^p1X=V+4X9P=P-D7kB+RQEvNws6O)kSGQ=If4ylO~Bk>zw8nPKa$%7esv?qP|X|#+%f_Ca0CN_9i#DI-yw%NfFeq46390 z4HD~7!6zPC*6R7OsQ z&;A!MHXM#3pEHloAwU$5s$e$DMdJh13tOG>4VO9%S zW;+NM+w*{@*#lRJcwjvY46g`d*Vqge#=No>Va#i{&0vGFieMfV&J(tXrIKh1*MV@D z+YG|k^z%H;0Ru7dHRZ5crPmqFW(bHSD-M?jTEduDL3nr|j(;^RD;dnQ=HZPk;nlRT z!2lTS;21C{NP9H&s`7^VmR@T#fv`j1Ag8)zx{HZU!D0y1zExy+Qk)Eh)6lniNA*PqkqOd~SI3ly-m0(7AM0 zMZ9w_{b=dyzDM89{o`x{-Y)8|bx%Ix>EuB+i~R2{xae)U6jcOg`4is{LH)>@FCUZh t?dOk=*r!qiV8`xP|0JihEWD$%>`#0gP;XQAQEiIn`2#;65X&mQ_cylWcvJuY diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin old mode 100755 new mode 100644 index 7fe4abdd1e825d5a94f439a1ff696d03fd0a575c..c9d1071b2977034b48c457dcefb6050e983701fa GIT binary patch delta 2380 zcma)5O;8hO7|w!NLjj4zG+W(5bWtO+Eov?K+5*c@*pI)kh?vl?V3420A_P}05W*6* z)?(FcV@rh4+8Ixs9_o15nU05crpJ!cqel;&?X5F*I*g}I-~BeB)?T_Zo8A4M=Y8Ji zecs8##)pm74=dfV0>)OT_SzU5T#YmEQ&r`(*(z-X@X9cb!Xs%9vrB90V+!x5Z!$0a zWb!sP(gzB5Z@J?7&IPEm^3kJ>M{xfHkMEyun2dj}$B!SU;{_h|_F8H+GAUtkZ}!X7 z+U$9$Tl7AArroyXfDVzry_#B!%t$?XU^TTGi%A_~b#^`THB|J8+vy*-Jyp2? zKOme!5ga3PN>W?aKQq=iKi?w^pkX{grj-x1CHS9 zr$|JJX>B|%0ZJVMSW=d^ixhWKWo6CKBdj4G4b1%1)@nDTmo7ba24yKH>Q z)$>gPMlueO5#@}g=yBspPA>>NOV8pp3KHtYK@wJ?s&-DFH!g2F9H9;uz~POYU|&w~ z92IQgJA~tO;z{K^o%j}K8SKaJQG@68gmIN7a{>+FaWbV`)Ko~}7M-{U4d7uip-gMD zdeZoWQzbqi1kouRAu(kZqFy#W`&XQe-Mr2;=csEG}p!V3qxoOpCuQSMeVA7 z(^#Qr1dZZJa$)nVpC`g7n!*>!qHojwtmye@2RTF z-!9kh-!A*ViQN0|ixd9d^m4g=UcTnP7P<1@mj}PSBo?a4cz7H)dF|e;cp0SWneU?wh)siFkZMbU&j=4)e1*-~qg zB(-IA5Br)oyU&0v_$*;dqKoo`Px5dMYjyxm`$UsBvnY@H{2*lwlB+0Y?J$Vh18Qjx z0LDarjo0Zhlb`Uldfd55LYM0X*lK$bvk_g8!@gQ}hquryN&iyf9$T@6FZqb4&R%FQ zOeW=_xDWFu3yVQs zmi>!%>MnJ^3Y`+-xTn@p<|vzshsNt_yt}MUX|>eNtfcS%?_XxidivM0h6hW|QAXu< z^VNcYj^PHv5xe9(4CpQ0LE|(KUlsPE8hnJjt+Z%edcQ$9HxLh?I$Teh6iMsVL&gZ_0Nx&S5FaK; zY1TR^?-l+vVLzCDi!>_jU^)oA9WU^XgPz5E-QuZqx-bZ`&k1(uCea0g|D@1EQz+-% zLKQlI>xd5;cj$e<+xf4wdLV^iF3)=dcugACWn+-)nFg&?EuQLlPEZ75pAmYYu@(RG zf);NO(%LOlquR~*%~;F%SA^HlKKwd)OKH?3y%+SHoAJN98GkA75-QPt6~961!J$Po z<2Uzd?Wv3Ismvl$!8|V?>k-&zeoZC(PTE)?$CL)muLq1E#BZirL)X+o*YqA&$~y%P z4AxR!kzemIf)BP<)EDpBS6bz^?kyPyV|$_|obW9E;R#cJ&%u;4C5;d6yT4`9C6(X( E4W~^^MF0Q* delta 2527 zcma)6TTB#Z7@Yx8Q9uS(WU2#<4%QW&x?bAd(H2K3?!U0Gi>NG)xC?^2>~ib$BC;@m zH*BdgF32KyNz*2cNfR3%CTUD+lcq_NhW4?KJ~Y$kHVyGb)9?Rh055%Lvj6Ptch2{n z^PS1;qsm8><&R3A1u|$VQwvaZn4+l4KDd;XHBwY5l>xUj&15ktp5CY*Y@n%cQ`hKK zP^GAODzzBaPLx~a!q9Mp8%mC2q_PGQCOx~He8}0Gd%FglW zi7&$4-bQ(s17TPN=zz}%cRG1D7wLh@EXW&r_?jZCC_;{l&6 zOx`AdPj*_f<|c0SCcH=Faxi!^+~uxvl~}+%vWScq8J;G#Y`=KJgu9w7a?ZccN@g%KBc1bCL@PO=3ifp+4ojI;wwa+%Ru(ULhccqzLL%K2Xo=qsC`u z3VMTLv!u15xZV7@ImI0j>ctb%X%tm@)pPo=an;nhDxp?9CY?gC0XO*5MUZqei)=MW)Sc$5=`Z;6R93wnD5A#0JHRFnTo!c)Q7HgzNq$p?9E=~W) z7&I?~a2*JTZQ&6j>=9(qCpDmErA>|Ns*yA=amd~zMmD(sn@n=jfADG`8AUo{Cv(Zb z%VFW#MPbk#GOuu&UpOYVNF5OMClK`&5;fkW4mLThoV7Q(%GC=e#IO`ay-L42tY0Ou z9u|D!QRyT)qa@T1^`vph{G4kLn#ESB6RFC8dO;sIrp()1Ej&&I9%mPMoLD1Gcx_TV z2Z%{RoHXZBf3Lh>v$?FKWbqUg{qkv47^@zA{l?+2U(TYU`_T@eqq_C=n}>g{k~6hf zGL(=5>`Eu!HxP=;_0D3RdHOUpMfIHzb;@;Y7N6IjBtQ|LzX-%+zjFfyA~6{`89w(F zU}P{7Lq2B#pGSZg9#zk-0*!vsQONHhKx9ZmF;6|4&lW@mgK5G5C01g3K<<_*0LKSLojQ(BQyY-L1r}ob_Z+4 z2tVV%D`X2|$>3Q}Et_itv7unhQ(M92!HN(tY_gVJXNg>J9cRn4v*-nAiFkIh1pvH2_ef5beNL48xy5gQ(xBYI?_~0ry#9euhpWQ5(NaojxyAHU z>f8T)rB~ce{gLfL)bZ=UI&nR&>pQ)rDV7I?8j+Jg=#Rcfu?Xq+-T?AqR!Y8!+y zaXaw#D~Ht@;3;N1@LsPKk=kw~5#CY4vwCsu5cD23PC~E6(_SY!B^M$3fQUub3ne11 zd7#;+H$d|l&H=S;(k|py4ys-~XoSo*!rMl8GT}7?uTa<|zA3$h-cc&mBYMDSGFw5o z)Sd@C%^tW+!~+8`FtQ|!U1Kv?81uF+31eQXZ3Y{ZRRr^}aDniKST2dSa6Je|xD6nT zO~1&~954_Q-&WpJtMz*0gc$~6*^ftE1lRT3T^h~r;Q%Ss0Gta*52OL#dgY%mB0 z+c*Xc3ervu?Ni=W-`DGm;~?x1IEd@TSX+U}id&=|XfNUUfp;2`d68$OkiWz`pjPRA z Date: Thu, 8 Sep 2016 16:53:41 +0200 Subject: [PATCH 21/66] recipes-connectivity: crda: update wireless regulatory DDBB to 2016-06-10 https://jira.digi.com/browse/DEL-3010 Signed-off-by: Isaac Hermida --- .../recipes-connectivity/crda/crda_3.18.bbappend | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend diff --git a/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend b/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend new file mode 100644 index 000000000..02ca8ff93 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend @@ -0,0 +1,10 @@ +# Copyright (C) 2016 Digi International. + +SRC_URI += "https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2016.06.10.tar.xz;name=bin_2016_06_10" + +SRC_URI[bin_2016_06_10.md5sum] = "d282cce92b6e692e8673e2bd97adf33b" +SRC_URI[bin_2016_06_10.sha256sum] = "cfedf1c3521b3c8f32602f25ed796e96e687c3441a00e7c050fedf7fd4f1b8b7" + +do_install_append() { + install -m 0644 ${WORKDIR}/wireless-regdb-2016.06.10/regulatory.bin ${D}${libdir}/crda/regulatory.bin +} From c8ec33129d75d6142b72595f8b3f2b995badf8f4 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 6 Sep 2016 17:24:10 +0200 Subject: [PATCH 22/66] meta-digi-arm: trustfence-sign-tools: add sign tools recipe Add a recipe to include all signing and encryption tools for U-Boot and kernel images to the SDK. Move existing trustfence kernel scripts to this new recipe. This allows to use these scripts not only from the Yocto build system but also as standalone tools for image signing and encryption. https://jira.digi.com/browse/DEL-2688 Signed-off-by: Diaz de Grenu, Jose --- .../nativesdk-packagegroup-sdk-host.bbappend | 5 +++ .../trustfence-sign-tools}/encrypt_uimage | 0 .../trustfence-sign-tools}/sign_uimage | 0 .../trustfence-sign-kernel.sh} | 6 ++-- .../trustfence/trustfence-sign-tools_1.0.bb | 35 +++++++++++++++++++ .../recipes-kernel/linux/linux-dey.inc | 3 +- 6 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend rename meta-digi-arm/{scripts/templates => recipes-digi/trustfence/trustfence-sign-tools}/encrypt_uimage (100%) rename meta-digi-arm/{scripts/templates => recipes-digi/trustfence/trustfence-sign-tools}/sign_uimage (100%) rename meta-digi-arm/{scripts/trustfence-sign-uimage.sh => recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh} (98%) create mode 100644 meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb diff --git a/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend new file mode 100644 index 000000000..febf7cc7a --- /dev/null +++ b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend @@ -0,0 +1,5 @@ +# Copyright (C) 2016 Digi International. + +RDEPENDS_${PN} += " \ + nativesdk-trustfence-sign-tools \ +" diff --git a/meta-digi-arm/scripts/templates/encrypt_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage similarity index 100% rename from meta-digi-arm/scripts/templates/encrypt_uimage rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage diff --git a/meta-digi-arm/scripts/templates/sign_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage similarity index 100% rename from meta-digi-arm/scripts/templates/sign_uimage rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage diff --git a/meta-digi-arm/scripts/trustfence-sign-uimage.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh similarity index 98% rename from meta-digi-arm/scripts/trustfence-sign-uimage.sh rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index c7832afc3..380cebaea 100755 --- a/meta-digi-arm/scripts/trustfence-sign-uimage.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh #=============================================================================== # # trustfence_sign_uimage.sh @@ -144,7 +144,7 @@ if [ "${ENCRYPT}" = "true" ]; then -e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \ -e "s,%r2_ram_start%,${r2_ram_start},g" \ -e "s,%r2_size%,${r2_size},g" \ - "${SCRIPT_BASEDIR}/templates/encrypt_uimage" > csf_descriptor + "${SCRIPT_BASEDIR}/csf_templates/encrypt_uimage" > csf_descriptor else sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ -e "s,%srk_table%,${SRK_TABLE},g" \ @@ -154,7 +154,7 @@ else -e "s,%cert_img%,${CERT_IMG},g" \ -e "s,%uimage_path%,${TARGET},g" \ -e "s,%key_index%,${CONFIG_KEY_INDEX},g" \ - "${SCRIPT_BASEDIR}/templates/sign_uimage" > csf_descriptor + "${SCRIPT_BASEDIR}/csf_templates/sign_uimage" > csf_descriptor fi # Generate SRK tables diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb new file mode 100644 index 000000000..98f8a7a01 --- /dev/null +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb @@ -0,0 +1,35 @@ +SUMMARY = "TrustFence signing and encryption scripts" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRCBRANCH = "v2015.04/master" +SRCBRANCH_ccimx6ul = "v2015.04/master" +SRCREV = "${AUTOREV}" + +S = "${WORKDIR}" + +# Select internal or Github U-Boot repo +UBOOT_GIT_URI = "${@base_conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT}u-boot-denx.git', '${DIGI_GITHUB_GIT}/u-boot.git', d)}" + +SRC_URI = " \ + ${UBOOT_GIT_URI};branch=${SRCBRANCH} \ + file://trustfence-sign-kernel.sh;name=kernel-script \ + file://sign_uimage;name=kernel-sign \ + file://encrypt_uimage;name=kernel-encrypt \ +" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}${bindir}/csf_templates + install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/ + install -m 0755 sign_uimage ${D}${bindir}/csf_templates/ + install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/ + install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh + install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates + install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates +} + +FILES_${PN} = "${bindir}" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index da30d219e..ec9ebbcb8 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" DEPENDS += "lzop-native bc-native" DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}" +DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}" inherit kernel fsl-kernel-localversion @@ -38,7 +39,7 @@ do_deploy_append() { export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - "${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" fi (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) From c5df62cd053dfa8104647dd4c70300a9685ae1f3 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 6 Sep 2016 17:25:19 +0200 Subject: [PATCH 23/66] meta-digi-arm: trustfence-sign-tools: avoid using 'xxd' When writing the fake IVT table in raw, rely on tac (part of the core-utils package) instead of on xxd. https://jira.digi.com/browse/DEL-2688 Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-sign-kernel.sh | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 380cebaea..076af3df3 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -170,16 +170,18 @@ objcopy -I binary -O binary --pad-to "${pad_len}" --gap-fill="${GAP_FILLER}" "${ # Generate and attach IVT # Fields: header, jump location, reserved (0), DCD pointer (null) # boot data (null), self pointer, CSF pointer, reserved (0) +PRINTF="$(which printf)" IVT_HEADER="0x402000D1" -printf "0: %.8x" ${IVT_HEADER} | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 > ivt -printf "0: %.8x" "${entrypoint_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" "${ivt_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" "${csf_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt -cat ivt >> "${TARGET}" +{ + ${PRINTF} $(${PRINTF} "%08x" ${IVT_HEADER} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${entrypoint_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${ivt_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" ${csf_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') + ${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n') +} >> "${TARGET}" CURRENT_PATH="$(pwd)" cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" @@ -192,4 +194,4 @@ cat csf.bin >> "${TARGET}" objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}" echo "Signed uImage at ${TARGET}" -rm -f "${SRK_TABLE}" csf_descriptor csf.bin ivt 2> /dev/null +rm -f "${SRK_TABLE}" csf_descriptor csf.bin 2> /dev/null From 6b0fbddf3bd5353c82344d39e45b09bd3fcd6631 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 6 Sep 2016 17:29:40 +0200 Subject: [PATCH 24/66] meta-digi-arm: trustfence-sign-tools: simplify script usage outside Yocto * Check number of arguments * Add platform argument * Read user configuration from .config file * Remove unused variable (dek_blob_size) * Remove noise in output messages https://jira.digi.com/browse/DEL-2688 Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-sign-kernel.sh | 35 +++++++++++++------ .../recipes-kernel/linux/linux-dey.inc | 9 +---- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 076af3df3..cbc744aee 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -23,6 +23,14 @@ # #=============================================================================== +SCRIPT_NAME="$(basename ${0})" +SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" + +if [ "${#}" != "2" ]; then + echo "Usage: ${SCRIPT_NAME} input-unsigned-image output-signed-image" + exit 1 +fi + # Negative offset with respect to CONFIG_UIMAGE_LOADADDR in which U-Boot # copies the DEK blob. DEK_BLOB_OFFSET="0x100" @@ -30,9 +38,10 @@ CONFIG_CSF_SIZE="0x4000" UIMAGE_PATH="$(readlink -e ${1})" TARGET="$(readlink -m ${2})" -SCRIPT_BASEDIR="$(cd $(dirname ${0}) && pwd)" -# Check arguments +# Read user configuration file (if used) +[ -f .config ] && . ./.config + if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then echo "Undefined CONFIG_SIGN_KEYS_PATH"; exit 1 @@ -43,7 +52,7 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then if [ ! -f "${CONFIG_DEK_PATH}" ]; then echo "DEK not found. Generating random 256 bit DEK." [ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH}) - dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 + dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 >/dev/null 2>&1 fi dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))" if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then @@ -52,15 +61,19 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then fi ENCRYPT="true" fi + +[ "${CONFIG_PLATFORM}" = "ccimx6" ] && CONFIG_UIMAGE_LOADADDR="0x12000000" +[ "${CONFIG_PLATFORM}" = "ccimx6ul" ] && CONFIG_UIMAGE_LOADADDR="0x80800000" + if [ -z "${CONFIG_UIMAGE_LOADADDR}" ]; then echo "Undefined CONFIG_UIMAGE_LOADADDR" + echo "As an alternative, define CONFIG_PLATFORM. Supported platforms: ccimx6, ccimx6ul" exit 1 fi # Default values [ -z "${CONFIG_KEY_INDEX}" ] && CONFIG_KEY_INDEX="0" CONFIG_KEY_INDEX_1="$((CONFIG_KEY_INDEX + 1))" -[ -z "${CONFIG_DEK_SIZE}" ] && CONFIG_DEK_SIZE="128" SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)" CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)" @@ -88,9 +101,7 @@ SRK_TABLE="$(pwd)/SRK_table.bin" # Other constants GAP_FILLER="0x00" -# Compute dek blob size in bytes: -# header (8) + 256-bit AES key (32) + MAC (16) + custom key size in bytes -dek_blob_size="$((8 + 32 + 16 + CONFIG_DEK_SIZE/8))" +# The DEK blob is placed by U-Boot just before the kernel image dek_blob_offset="$((CONFIG_UIMAGE_LOADADDR - DEK_BLOB_OFFSET))" # Compute the layout: sizes and offsets. @@ -144,7 +155,7 @@ if [ "${ENCRYPT}" = "true" ]; then -e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \ -e "s,%r2_ram_start%,${r2_ram_start},g" \ -e "s,%r2_size%,${r2_size},g" \ - "${SCRIPT_BASEDIR}/csf_templates/encrypt_uimage" > csf_descriptor + "${SCRIPT_PATH}/csf_templates/encrypt_uimage" > csf_descriptor else sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ -e "s,%srk_table%,${SRK_TABLE},g" \ @@ -154,7 +165,7 @@ else -e "s,%cert_img%,${CERT_IMG},g" \ -e "s,%uimage_path%,${TARGET},g" \ -e "s,%key_index%,${CONFIG_KEY_INDEX},g" \ - "${SCRIPT_BASEDIR}/csf_templates/sign_uimage" > csf_descriptor + "${SCRIPT_PATH}/csf_templates/sign_uimage" > csf_descriptor fi # Generate SRK tables @@ -184,7 +195,7 @@ IVT_HEADER="0x402000D1" } >> "${TARGET}" CURRENT_PATH="$(pwd)" -cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" +cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null if [ $? -ne 0 ]; then echo "[ERROR] Could not generate CSF" exit 1 @@ -193,5 +204,7 @@ fi cat csf.bin >> "${TARGET}" objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}" -echo "Signed uImage at ${TARGET}" + +[ "${ENCRYPT}" = "true" ] && ENCRYPTED_MSG="and encrypted " +echo "Signed ${ENCRYPTED_MSG}image ready: ${TARGET}" rm -f "${SRK_TABLE}" csf_descriptor csf.bin 2> /dev/null diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index ec9ebbcb8..06e6ee603 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -26,17 +26,10 @@ S = "${WORKDIR}/git" # machine, with different entry points KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}" -# In order to sign and encrypt the uImage, we need to know the address -# in which U-Boot loads the uImage. This is CONFIG_LOADADDR in U-Boot -# configuration file. -UBOOT_CONFIG_LOADADDR = "" -UBOOT_CONFIG_LOADADDR_ccimx6 = "0x12000000" -UBOOT_CONFIG_LOADADDR_ccimx6ul = "0x80800000" - do_deploy_append() { if [ "${TRUSTFENCE_SIGN}" = "1" ]; then export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" - export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}" + export CONFIG_PLATFORM="${DIGI_FAMILY}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" From 412f1b1e555368b4cd158029713371b30df17fd4 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Fri, 9 Sep 2016 12:02:36 +0200 Subject: [PATCH 25/66] meta-digi: rename external ethernet references to second ethernet The name "ext-eth" seems to indicate "External Ethernet". Rename that variable and related ones to a more proper name like second ethernet. Signed-off-by: Isaac Hermida --- meta-digi-arm/conf/machine/include/ccardimx28.inc | 6 +++--- meta-digi-arm/conf/machine/include/digi-defaults.inc | 12 ++++++------ meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb | 2 +- .../init-ifupdown/init-ifupdown_1.0.bbappend | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/meta-digi-arm/conf/machine/include/ccardimx28.inc b/meta-digi-arm/conf/machine/include/ccardimx28.inc index e9a6af2fe..115fb2a86 100644 --- a/meta-digi-arm/conf/machine/include/ccardimx28.inc +++ b/meta-digi-arm/conf/machine/include/ccardimx28.inc @@ -40,8 +40,8 @@ MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}" # web1 Y Y Y Y # Per-variant machine features -MACHINE_FEATURES_append_e = " ext-eth" +MACHINE_FEATURES_append_e = " second-eth" MACHINE_FEATURES_append_w = " wifi" MACHINE_FEATURES_append_wb = " wifi bluetooth" -MACHINE_FEATURES_append_web = " wifi ext-eth bluetooth" -MACHINE_FEATURES_append_web1 = " wifi ext-eth bluetooth 1-wire" +MACHINE_FEATURES_append_web = " wifi second-eth bluetooth" +MACHINE_FEATURES_append_web1 = " wifi second-eth bluetooth 1-wire" diff --git a/meta-digi-arm/conf/machine/include/digi-defaults.inc b/meta-digi-arm/conf/machine/include/digi-defaults.inc index fd77702be..5fbfd1764 100644 --- a/meta-digi-arm/conf/machine/include/digi-defaults.inc +++ b/meta-digi-arm/conf/machine/include/digi-defaults.inc @@ -16,12 +16,12 @@ PREFERRED_PROVIDER_virtual/xserver = "xserver-xorg" # # Help variables used in recipes -HAVE_WIFI = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}" -HAVE_EXT_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'ext-eth', '1', '', d)}" -HAVE_BT = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}" -HAVE_1WIRE = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}" -HAVE_GUI = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}" -HAVE_EXAMPLE = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}" +HAVE_WIFI = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}" +HAVE_SECOND_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'second-eth', '1', '', d)}" +HAVE_BT = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}" +HAVE_1WIRE = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}" +HAVE_GUI = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}" +HAVE_EXAMPLE = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}" # # Ethernet configuration used in recipes diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb b/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb index bc82533ed..6d7e0ec69 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb @@ -22,7 +22,7 @@ do_update_dts() { else config_dts disable '_ssp2_mmc_wifi.dtsi' fi - if [ -n "${HAVE_EXT_ETH}" ]; then + if [ -n "${HAVE_SECOND_ETH}" ]; then config_dts enable '_ethernet1.dtsi' else config_dts disable '_ethernet1.dtsi' diff --git a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend index 35acc7e94..06cd4c152 100644 --- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend +++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend @@ -25,7 +25,7 @@ do_install_append() { # Create 'interfaces' file dynamically cat ${WORKDIR}/interfaces.eth0.${ETH0_MODE} >> ${D}${sysconfdir}/network/interfaces - [ -n "${HAVE_EXT_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces + [ -n "${HAVE_SECOND_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces [ -n "${HAVE_WIFI}" ] && cat ${WORKDIR}/interfaces.wlan0.${WLAN0_MODE} >> ${D}${sysconfdir}/network/interfaces cat ${WORKDIR}/interfaces.br0.example >> ${D}${sysconfdir}/network/interfaces From 05fd2e00b45d302833c038859b394b8db032bce0 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Fri, 9 Sep 2016 09:33:07 +0200 Subject: [PATCH 26/66] conf: machine: ccimx6ulsbc: include support for second ethernet https://jira.digi.com/browse/DEL-2952 Signed-off-by: Isaac Hermida --- meta-digi-arm/conf/machine/ccimx6ulsbc.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf index c3c7364a2..cefca191a 100644 --- a/meta-digi-arm/conf/machine/ccimx6ulsbc.conf +++ b/meta-digi-arm/conf/machine/ccimx6ulsbc.conf @@ -18,6 +18,8 @@ KERNEL_DEVICETREE ?= " \ SERIAL_CONSOLES = "115200;ttymxc4" +MACHINE_FEATURES += "second-eth" + # Bluetooth tty BT_TTY ?= "ttymxc0" From 387d1349e8c74225a184af797604ea65a8a7b11f Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Fri, 16 Sep 2016 14:22:56 +0200 Subject: [PATCH 27/66] recipes-bsp: firmware-qualcomm: fix missing World code Set of the World country code in the BDF file. It was lost after syncing to the latest QCA BDF files (commit b80f00f14af39637fd59ac0c546d623665841dc5). Signed-off-by: Isaac Hermida --- .../firmware-qualcomm/bdwlan30_World.bin | Bin 8124 -> 8124 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin b/meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/bdwlan30_World.bin index c9d1071b2977034b48c457dcefb6050e983701fa..4a3e0f66c27eea0a59b5ab79341677437cdba0cf 100644 GIT binary patch delta 22 dcmdmEzsH_;k9 Date: Tue, 20 Sep 2016 16:14:43 +0200 Subject: [PATCH 28/66] matchbox-session-sato: synchronize with matchbox 'session' file in poky This file has not been synchronized with the one in Poky since previous versions of DEY. Not much has changed, but sync it anyway. Also: * Get SHOWCURSOR from formfactor config files, but fallback to one value depending on HAVE_TOUCHSCREEN if it was not configured. * Rename the bbappend to the version generic '_%.bbappend' https://jira.digi.com/browse/DEL-3046 Signed-off-by: Javier Viguera --- .../matchbox-session-sato/session | 18 ++++++++++++------ ...append => matchbox-session-sato_%.bbappend} | 0 2 files changed, 12 insertions(+), 6 deletions(-) rename meta-digi-dey/recipes-sato/matchbox-sato/{matchbox-session-sato_0.1.bbappend => matchbox-session-sato_%.bbappend} (100%) diff --git a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session index 9b7c7a927..d85b82c28 100644 --- a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session +++ b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session @@ -2,12 +2,14 @@ . /etc/formfactor/config -## Use SHOWCURSOR from formfactor config files instaed of hardcoding it -# if [ "$HAVE_TOUCHSCREEN" = "1" ]; then -# SHOWCURSOR="no" -# else -# SHOWCURSOR="yes" -# fi +## Use first SHOWCURSOR from formfactor config files (fallback to set it depending on HAVE_TOUCHSCREEN) +if [ -z "${SHOWCURSOR}" ]; then + if [ "$HAVE_TOUCHSCREEN" = "1" ]; then + SHOWCURSOR="no" + else + SHOWCURSOR="yes" + fi +fi if [ "$HAVE_KEYBOARD" = "1" ]; then KEYBOARD_APPLET="" @@ -15,6 +17,10 @@ else KEYBOARD_APPLET="keyboard" fi +# Tell GTK+3 we really want server side decorations, even with +# GtkHeaderBar using applications: Without that mb-panel will render +# on top of the client side decorations. +export GTK_CSD=0 matchbox-desktop & diff --git a/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bbappend b/meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_%.bbappend similarity index 100% rename from meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bbappend rename to meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato_%.bbappend From e4e65538e89d56fbe7b14fdab3119c8c76c064d0 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Tue, 20 Sep 2016 16:21:34 +0200 Subject: [PATCH 29/66] pointercal.xinput: add empty calibration for ccimx6ul Add an empty calibration file to prevent the 'xinput_calibrator' tool being launched on X11 desktop start. The file does not have any calibration data because capacitive touch displays usually do not need calibration. https://jira.digi.com/browse/DEL-3046 Signed-off-by: Javier Viguera --- .../pointercal-xinput/ccimx6ul/pointercal.xinput | 1 + 1 file changed, 1 insertion(+) create mode 100644 meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput diff --git a/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput b/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput new file mode 100644 index 000000000..d184df50f --- /dev/null +++ b/meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput @@ -0,0 +1 @@ +# Empty calibration file to avoid re-calibration From b2ae79fb1ad42cb1ff942dedcfdd7e37a71420fa Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Tue, 20 Sep 2016 16:56:06 +0200 Subject: [PATCH 30/66] formfactor: move config files under machine directories Otherwise they are overridden with config files from other layers (for example meta-fsl-arm) that may not be valid for our platforms. https://jira.digi.com/browse/DEL-3046 Signed-off-by: Javier Viguera --- .../recipes-bsp/formfactor/formfactor/{ => ccimx6}/machconfig | 0 .../recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig | 4 ++++ 2 files changed, 4 insertions(+) rename meta-digi-arm/recipes-bsp/formfactor/formfactor/{ => ccimx6}/machconfig (100%) create mode 100644 meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig diff --git a/meta-digi-arm/recipes-bsp/formfactor/formfactor/machconfig b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6/machconfig similarity index 100% rename from meta-digi-arm/recipes-bsp/formfactor/formfactor/machconfig rename to meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6/machconfig diff --git a/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig new file mode 100644 index 000000000..12a9134ab --- /dev/null +++ b/meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig @@ -0,0 +1,4 @@ +# Display options +HAVE_TOUCHSCREEN=1 +HAVE_KEYBOARD=0 +SHOWCURSOR="yes" From 6e96f4ac7e1d970109a504f633554f068afd9e74 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Tue, 20 Sep 2016 19:03:15 +0200 Subject: [PATCH 31/66] qtbase: add i.MX6UL overrides This allows to build 'qtbase' for the CC6UL. It only fixes the broken build, as any QT application that uses OpenGL/ES will fail because there is no support for QT/OpenGL in modules without a GPU. Fix: arm-dey-linux-gnueabi-g++ -march=armv7-a -mfloat-abi=softfp -mfpu=neon --sysroot=/ssd/dey/jethro/fb/ccimx6ulsbc/tmp/sysroots/ccimx6ulsbc -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-O1 -o opengldesktop opengldesktop.o -lGL .../arm-dey-linux-gnueabi/5.2.0/ld: cannot find -lGL A similar commit was done in meta-fsl-arm.git (branch Krogoth). https://jira.digi.com/browse/DEL-2607 Signed-off-by: Javier Viguera --- meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend index 53dab262c..71fb9422d 100644 --- a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend +++ b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend @@ -4,6 +4,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" SRC_URI_append = " file://qt5.sh" +PACKAGECONFIG_GL_mx6ul = "gles2" +QT_CONFIG_FLAGS_append_mx6ul = "${@base_contains('DISTRO_FEATURES', 'x11', ' -no-eglfs', ' -eglfs', d)}" + PACKAGECONFIG_append = " accessibility examples icu sql-sqlite" do_install_append() { From 11ce6f30b73dd6d642b7ed7cd853d76fa65f3756 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Thu, 22 Sep 2016 12:13:49 +0200 Subject: [PATCH 32/66] qtbase: enable 'linuxfb' platform plugin This plugin uses directly the framebuffer, so it can be used in non X11-based systems, but it oly supports software rendered content, no opengl/es. https://jira.digi.com/browse/DEL-2607 Signed-off-by: Javier Viguera --- meta-digi-dey/recipes-qt/qt5/qtbase/{ => ccimx6}/qt5.sh | 0 meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh | 2 ++ meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend | 4 +++- 3 files changed, 5 insertions(+), 1 deletion(-) rename meta-digi-dey/recipes-qt/qt5/qtbase/{ => ccimx6}/qt5.sh (100%) create mode 100644 meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase/qt5.sh b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6/qt5.sh similarity index 100% rename from meta-digi-dey/recipes-qt/qt5/qtbase/qt5.sh rename to meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6/qt5.sh diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh new file mode 100644 index 000000000..e64709644 --- /dev/null +++ b/meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh @@ -0,0 +1,2 @@ +# Use LINUXFB platform plugin for images without X11 +[ -f "/etc/init.d/xserver-nodm" ] || export QT_QPA_PLATFORM="linuxfb" diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend index 71fb9422d..e24b6322b 100644 --- a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend +++ b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend @@ -7,9 +7,11 @@ SRC_URI_append = " file://qt5.sh" PACKAGECONFIG_GL_mx6ul = "gles2" QT_CONFIG_FLAGS_append_mx6ul = "${@base_contains('DISTRO_FEATURES', 'x11', ' -no-eglfs', ' -eglfs', d)}" -PACKAGECONFIG_append = " accessibility examples icu sql-sqlite" +PACKAGECONFIG_append = " accessibility examples icu linuxfb sql-sqlite" do_install_append() { install -d ${D}${sysconfdir}/profile.d install -m 0755 ${WORKDIR}/qt5.sh ${D}${sysconfdir}/profile.d/ } + +PACKAGE_ARCH = "${MACHINE_ARCH}" From a4c45ecd2d14aba83019d141e76411b4af65f78c Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Fri, 23 Sep 2016 15:59:28 +0200 Subject: [PATCH 33/66] gst-player: disable 'glimagesink' patch for ccimx6ul The ccimx6ul does not have a GPU, so opengl based gstreamer sink will not work. Thus apply the patch only for the CCIMX6. Signed-off-by: Javier Viguera --- .../recipes-multimedia/gstreamer/gst-player_git.bbappend | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend b/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend index 6cd905c3b..4a40eb92c 100644 --- a/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend +++ b/meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend @@ -2,4 +2,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" -SRC_URI_append = " file://0001-gstplayer-force-use-glimagesink.patch" +SRC_URI_append_ccimx6 = " file://0001-gstplayer-force-use-glimagesink.patch" + +PACKAGE_ARCH = "${MACHINE_ARCH}" From 3a39aacdd7a649b31d97461a83369381c0455c3f Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Fri, 23 Sep 2016 16:03:36 +0200 Subject: [PATCH 34/66] meta-digi-dey: rework installed packages for ccimx6ul CCIMX6UL's rootfs partition is not big enough for the default 'dey-image-qt' image. This commit reworks the QT5 and SATO installed packages for the ccimx6ul, so the image fits in the rootfs partition. https://jira.digi.com/browse/DEL-2607 Signed-off-by: Javier Viguera --- .../packagegroups/packagegroup-dey-qt.bb | 14 +++++++------- .../packagegroup-core-x11-sato.bbappend | 2 ++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb b/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb index 4e5e94a34..b4197ab64 100644 --- a/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb +++ b/meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb @@ -4,6 +4,7 @@ SUMMARY = "QT packagegroup for DEY image" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58" + PACKAGE_ARCH = "${MACHINE_ARCH}" inherit packagegroup @@ -11,21 +12,20 @@ inherit packagegroup MACHINE_QT5_EXTRA_INSTALL ?= "" MACHINE_QT5_EXTRA_INSTALL_ccimx6 ?= "qtwebengine-examples" -QT5_PKS = " \ - qtbase-fonts \ - qtdeclarative-tools \ -" +QT5_PKS = "qtbase-fonts qtserialport" +QT5_PKS_append_ccimx6 = " qtdeclarative-tools" -QT5_EXAMPLES = " \ +QT5_EXAMPLES = "qtbase-examples" +QT5_EXAMPLES_append_ccimx6 = " \ qt3d-examples \ - qtbase-examples \ qtconnectivity-examples \ qtdeclarative-examples \ qtmultimedia-examples \ qtsvg-examples \ " -QT5_DEMOS = " \ +QT5_DEMOS = "" +QT5_DEMOS_append_ccimx6 = " \ cinematicexperience \ qt5-demo-extrafiles \ qt5everywheredemo \ diff --git a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend index 171a8fee6..fdf38bf10 100644 --- a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend +++ b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend @@ -2,3 +2,5 @@ # Disable network manager NETWORK_MANAGER = "" + +RDEPENDS_${PN}-apps_remove_ccimx6ul = "gst-player-bin x11vnc" From c12afdf5631ef16bc3b9c4c15571bea85d936ccc Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Mon, 26 Sep 2016 17:37:23 +0200 Subject: [PATCH 35/66] recipes-kernel: sync ccimx6ul defconfig Signed-off-by: Hector Palacios --- .../recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig index 8c6180d66..5352fe152 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig @@ -150,6 +150,7 @@ CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_ADS7846=y +CONFIG_TOUCHSCREEN_FUSION_7_10=y CONFIG_TOUCHSCREEN_IMX6UL_TSC=y CONFIG_INPUT_MISC=y CONFIG_INPUT_MMA8450=y @@ -174,6 +175,7 @@ CONFIG_I2C_IMX=y CONFIG_SPI=y CONFIG_SPI_GPIO=y CONFIG_SPI_IMX=y +CONFIG_SPI_SPIDEV=y CONFIG_GPIO_SYSFS=y CONFIG_GPIO_MCA_CC6UL=y CONFIG_GPIO_MAX732X=y From aea7e88db657a1dfa67507c588e0a3baaa6567fd Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Tue, 27 Sep 2016 11:50:56 +0200 Subject: [PATCH 36/66] meta-digi: compile 'dey-image-qt' by default for ccimx6ulsbc Signed-off-by: Javier Viguera --- sdk/build-github.sh | 2 +- sdk/build.sh | 2 +- sdk/config/ccimx6ulsbc/conf-notes.txt | 13 ++++++++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/sdk/build-github.sh b/sdk/build-github.sh index e544b1cf3..a61e472ac 100755 --- a/sdk/build-github.sh +++ b/sdk/build-github.sh @@ -106,7 +106,7 @@ while read _pl _tgt; do done<<-_EOF_ ccardimx28js dey-image-qt ccimx6sbc dey-image-qt - ccimx6ulsbc core-image-base + ccimx6ulsbc dey-image-qt ccimx6ulstarter core-image-base _EOF_ diff --git a/sdk/build.sh b/sdk/build.sh index 99c09da3f..91109fc94 100755 --- a/sdk/build.sh +++ b/sdk/build.sh @@ -152,7 +152,7 @@ while read _pl _var _tgt; do done<<-_EOF_ ccardimx28js - e w wb web web1 dey-image-qt ccimx6sbc DONTBUILDVARIANTS dey-image-qt - ccimx6ulsbc DONTBUILDVARIANTS core-image-base + ccimx6ulsbc DONTBUILDVARIANTS dey-image-qt ccimx6ulstarter DONTBUILDVARIANTS core-image-base _EOF_ diff --git a/sdk/config/ccimx6ulsbc/conf-notes.txt b/sdk/config/ccimx6ulsbc/conf-notes.txt index 6756fcb41..c6c1bf9fb 100644 --- a/sdk/config/ccimx6ulsbc/conf-notes.txt +++ b/sdk/config/ccimx6ulsbc/conf-notes.txt @@ -1,6 +1,17 @@ Digi Embedded Yocto provides the following image recipes: - * core-image-base: A console-only image. + * dey-image-qt: graphical QT image + + By default the image is X11-based so it provides a full SATO theme + desktop environment. + + To compile the image for the framebuffer (instead of X11) add the + following line to the project's conf/local.conf: + + DISTRO_FEATURES_remove = "x11" + + * core-image-base: a console-only image Expansion of native core-image-base by including all the support for the target device hardware like firmware files, rootfs customizations, etc. + From ec8555f9364521bbd387fc0c87aff26c7eb4859f Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Mon, 3 Oct 2016 10:59:50 +0200 Subject: [PATCH 37/66] ccimx6ulsbc: update install script to match default recipe The default DEY image recipe for ccimx6ulsbc builds dey-image-qt. The graphical backend is determined dynamically. Signed-off-by: Hector Palacios --- .../u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt index 4f21df3b1..651a69723 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt @@ -21,8 +21,8 @@ fi setenv INSTALL_MMCDEV 0 setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6ulsbc.imx -setenv INSTALL_LINUX_FILENAME core-image-base-ccimx6ulsbc.boot.ubifs -setenv INSTALL_ROOTFS_FILENAME core-image-base-ccimx6ulsbc.ubifs +setenv INSTALL_LINUX_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.boot.ubifs +setenv INSTALL_ROOTFS_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.ubifs # Check for presence of firmware files on the SD card for install_f in ${INSTALL_UBOOT_FILENAME} ${INSTALL_LINUX_FILENAME} ${INSTALL_ROOTFS_FILENAME}; do From 702145661c0558e54f338e8424dceac6532ff67a Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Thu, 29 Sep 2016 13:09:52 +0200 Subject: [PATCH 38/66] bluez5: imx6ul: configure baudrate in the BT FW file Do not use hcitattach to reconfigure the baudrate but set it directly in the Bluetooth FW file; this work arounds some synchronization problems when not using HW flow control. https://jira.digi.com/browse/DEL-3052 https://jira.digi.com/browse/DEL-3057 Signed-off-by: Isaac Hermida --- .../bluez/bluez5-5.33/bluez-init | 11 ++++-- ...o-not-override-the-baudrate-in-the-N.patch | 36 +++++++++++++++++++ .../bluez/bluez5_5.33.bbappend | 1 + 3 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init index 7458716a2..96cf5a697 100755 --- a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init @@ -23,6 +23,7 @@ fi SCRIPTNAME="$(basename "${0}")" LOGFILE="/var/log/bluetoothd.log" +FIRMWARE_FILE="/lib/firmware/qca/nvm_tlv_3.2.bin" bt_init_qca6564() { MOD_VERSION="$(($(cat /proc/device-tree/digi,hwid,hv 2>/dev/null || true)))" @@ -32,8 +33,8 @@ bt_init_qca6564() { BT_EN_L="/sys/class/gpio/gpio${BT_EN_QCA_GPIO_NR}" [ -d "${BT_EN_L}" ] || printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/export printf out > ${BT_EN_L}/direction && sleep .1 - printf 0 > ${BT_EN_L}/value && sleep .1 - printf 1 > ${BT_EN_L}/value && sleep .1 + printf 0 > ${BT_EN_L}/value && sleep .2 + printf 1 > ${BT_EN_L}/value && sleep .2 [ -d "${BT_EN_L}" ] && printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/unexport # Module version older than revision 4 has swapped TX and RX lines @@ -47,7 +48,13 @@ bt_init_qca6564() { [ -d "${BT_CTS_L}" ] && printf "%s" ${BT_CTS_QCA_GPIO_NR} > /sys/class/gpio/unexport # Reduce the rate to avoid the need for HW flow control BT_RATE="115200" + BT_RATE_CODE="00" # 115200 bps BT_FLOW="noflow" + # Check the current FW file rate + if [ "$(hexdump -s 56 -n 1 -ve '1/1 "%.2x"' ${FIRMWARE_FILE})" != "${BT_RATE_CODE}" ]; then + # Modify the BT FW file rate + printf "\x${BT_RATE_CODE}" | dd of="${FIRMWARE_FILE}" bs=1 seek=56 count=1 conv=notrunc,fsync 2>/dev/null + fi fi if hciattach -t120 ttyBt qca ${BT_RATE:-3000000} ${BT_FLOW:-flow} 2>${LOGFILE}; then diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch new file mode 100644 index 000000000..87424fb5b --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch @@ -0,0 +1,36 @@ +From: Isaac Hermida +Date: Fri, 30 Sep 2016 12:46:17 +0200 +Subject: [PATCH] hciattach_rome: do not override the baudrate in the NVM file + +Do not use hcitattach to override the NMV baudrate because we are +setting it directly in the firmware file. + +https://jira.digi.com/browse/DEL-3057 + +Signed-off-by: Isaac Hermida +--- + tools/hciattach_rome.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +diff --git a/tools/hciattach_rome.c b/tools/hciattach_rome.c +index 59bdc16e4e8f..4f0f8c82fa8d 100644 +--- a/tools/hciattach_rome.c ++++ b/tools/hciattach_rome.c +@@ -1903,15 +1903,8 @@ download: + } + fprintf(stderr, "%s: Download TLV file successfully \n", __FUNCTION__); + +- /* +- * Overriding the baud rate value in NVM file with the user +- * requested baud rate, since default baud rate in NVM file is 3M. +- */ +- err = rome_set_baudrate_req(fd, local_baud_rate, controller_baud_rate); +- if (err < 0) { +- fprintf(stderr, "%s: Baud rate change failed!\n", __FUNCTION__); +- goto error; +- } ++ /* Do not override the baudrate in the TLV file */ ++ fprintf(stderr, "%s: Skipping Override of baud rate!\n", __FUNCTION__); + + /* Perform HCI reset here*/ + err = rome_hci_reset_req(fd, local_baud_rate); diff --git a/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend b/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend index ea0c71714..06497331d 100644 --- a/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend +++ b/meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend @@ -28,6 +28,7 @@ SRC_URI_append_ccimx6ul = " \ file://0017-bluetooth-Fix-flow-control-operation.patch \ file://0018-Adding-MDM-specific-code-under-_PLATFORM_MDM_.patch \ file://0019-Bluetooth-Fix-static-analysis-issues.patch \ + file://0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch \ " inherit update-rc.d From 2f275ca47b5cb8992c77ef173cb1d98a1aaa48ef Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 4 Oct 2016 15:53:53 +0200 Subject: [PATCH 39/66] dey-image-qt: do not include package-management for ccimx6ul The ccimx6ul has a small NAND flash rootfs partition, and removing package-management image feature saves around 10MB. https://jira.digi.com/browse/DEL-3058 Signed-off-by: Isaac Hermida --- meta-digi-dey/recipes-core/images/dey-image-qt.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-digi-dey/recipes-core/images/dey-image-qt.bb b/meta-digi-dey/recipes-core/images/dey-image-qt.bb index 56a646301..73b435b67 100644 --- a/meta-digi-dey/recipes-core/images/dey-image-qt.bb +++ b/meta-digi-dey/recipes-core/images/dey-image-qt.bb @@ -26,6 +26,9 @@ IMAGE_FEATURES += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \ " +# Remove some features to reduce the rootfs size to fit in the internal storage. +IMAGE_FEATURES_remove_ccimx6ul = "package-management" + # SDK features (for toolchains generated from an image with populate_sdk) SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs" From dabb7b02a7c659c61ef495ce94129d91da0a2dca Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 4 Oct 2016 16:24:39 +0200 Subject: [PATCH 40/66] meta-digi: qtbase: optimize recipe Including ICU increases the rootfs too much and is not needed unless we want to build qtwebkit, so only include it for platforms with enough size. Additionally, linuxfb support is not needed for ccimx6. https://jira.digi.com/browse/DEL-3058 Signed-off-by: Isaac Hermida --- meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend index e24b6322b..4962ed1d7 100644 --- a/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend +++ b/meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend @@ -7,7 +7,9 @@ SRC_URI_append = " file://qt5.sh" PACKAGECONFIG_GL_mx6ul = "gles2" QT_CONFIG_FLAGS_append_mx6ul = "${@base_contains('DISTRO_FEATURES', 'x11', ' -no-eglfs', ' -eglfs', d)}" -PACKAGECONFIG_append = " accessibility examples icu linuxfb sql-sqlite" +PACKAGECONFIG_append = " accessibility examples sql-sqlite" +PACKAGECONFIG_append_ccimx6 = " icu" +PACKAGECONFIG_append_ccimx6ul = " linuxfb" do_install_append() { install -d ${D}${sysconfdir}/profile.d From 69cf44fcb5768c3057eb85595fd163a097ccee7d Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 4 Oct 2016 17:24:08 +0200 Subject: [PATCH 41/66] meta-digi-dey: include x11vnc for ccimx6ul x11vnc is light in size so we can include it in the final rootfs after reworking the qtbase and packaga-management stuff. Signed-off-by: Isaac Hermida --- .../packagegroups/packagegroup-core-x11-sato.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend index fdf38bf10..3f933c772 100644 --- a/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend +++ b/meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend @@ -3,4 +3,4 @@ # Disable network manager NETWORK_MANAGER = "" -RDEPENDS_${PN}-apps_remove_ccimx6ul = "gst-player-bin x11vnc" +RDEPENDS_${PN}-apps_remove_ccimx6ul = "gst-player-bin" From 5c4df1ddfd18c3ae20d6561112c6be90b8f98885 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Fri, 16 Sep 2016 13:24:04 +0200 Subject: [PATCH 42/66] trustfence: add support for signing and encrypting DTBs and ramdisks This patch introduces some parameters which allow to select the type of image to be signed. Currently the supported types are: * linux kernel (-l) * DTB (-d) * initramfs (-i) This also moves the CONFIG_PLATFORM environment variable to a parameter, for consistency. https://jira.digi.com/browse/DUB-614 https://jira.digi.com/browse/DUB-615 Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-sign-kernel.sh | 72 ++++++++++++++----- .../recipes-kernel/linux/linux-dey.inc | 6 +- 2 files changed, 59 insertions(+), 19 deletions(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index cbc744aee..3af50288f 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -16,7 +16,6 @@ # # The following environment variables define the script behaviour: # CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated. -# CONFIG_UIMAGE_LOADADDR: (mandatory) memory address in which U-Boot loads the uImage # CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0. # CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate # encrypted images @@ -26,12 +25,37 @@ SCRIPT_NAME="$(basename ${0})" SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" +while getopts "dilp:" c; do + case "${c}" in + d) ARTIFACT_DTB="y";; + i) ARTIFACT_INITRAMFS="y";; + l) ARTIFACT_KERNEL="y";; + p) PLATFORM="${OPTARG}";; + esac +done +shift "$((OPTIND - 1))" + +usage() { + cat < select platform for the project + -d sign/encrypt initramfs + -i sign/encrypt DTB + -l sign/encrypt Linux image + +Supported platforms: ccimx6, ccimx6ul + +EOF +} + if [ "${#}" != "2" ]; then - echo "Usage: ${SCRIPT_NAME} input-unsigned-image output-signed-image" + usage exit 1 fi -# Negative offset with respect to CONFIG_UIMAGE_LOADADDR in which U-Boot +# Negative offset with respect to CONFIG_RAM_START in which U-Boot # copies the DEK blob. DEK_BLOB_OFFSET="0x100" CONFIG_CSF_SIZE="0x4000" @@ -62,15 +86,29 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then ENCRYPT="true" fi -[ "${CONFIG_PLATFORM}" = "ccimx6" ] && CONFIG_UIMAGE_LOADADDR="0x12000000" -[ "${CONFIG_PLATFORM}" = "ccimx6ul" ] && CONFIG_UIMAGE_LOADADDR="0x80800000" - -if [ -z "${CONFIG_UIMAGE_LOADADDR}" ]; then - echo "Undefined CONFIG_UIMAGE_LOADADDR" - echo "As an alternative, define CONFIG_PLATFORM. Supported platforms: ccimx6, ccimx6ul" +if [ "${PLATFORM}" = "ccimx6" ]; then + CONFIG_FDT_LOADADDR="0x18000000" + CONFIG_RAMDISK_LOADADDR="0x19000000" + CONFIG_KERNEL_LOADADDR="0x12000000" +elif [ "${PLATFORM}" = "ccimx6ul" ]; then + CONFIG_FDT_LOADADDR="0x83000000" + CONFIG_RAMDISK_LOADADDR="0x83800000" + CONFIG_KERNEL_LOADADDR="0x80800000" +else + echo "Invalid platform: ${PLATFORM}" + echo "Supported platforms: ccimx6, ccimx6ul" exit 1 fi +[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}" +[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}" +[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" + +if [ -z "${CONFIG_RAM_START}" ]; then + echo "Specify the type of image to process (-i, -d, or -l)" + exit 1 +fi + # Default values [ -z "${CONFIG_KEY_INDEX}" ] && CONFIG_KEY_INDEX="0" CONFIG_KEY_INDEX_1="$((CONFIG_KEY_INDEX + 1))" @@ -102,7 +140,7 @@ SRK_TABLE="$(pwd)/SRK_table.bin" GAP_FILLER="0x00" # The DEK blob is placed by U-Boot just before the kernel image -dek_blob_offset="$((CONFIG_UIMAGE_LOADADDR - DEK_BLOB_OFFSET))" +dek_blob_offset="$((CONFIG_KERNEL_LOADADDR - DEK_BLOB_OFFSET))" # Compute the layout: sizes and offsets. uimage_size="$(stat -L -c %s ${UIMAGE_PATH})" @@ -112,26 +150,26 @@ auth_len="$((pad_len + 0x20))" sig_len="$((auth_len + CONFIG_CSF_SIZE))" ivt_uimage_start="$((auth_len - 0x20))" -ivt_ram_start="$((CONFIG_UIMAGE_LOADADDR + ivt_uimage_start))" +ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))" ivt_size="0x20" csf_ram_start="$((ivt_ram_start + ivt_size))" entrypoint_uimage_offset="0x1000" -entrypoint_ram_start="$((CONFIG_UIMAGE_LOADADDR + entrypoint_uimage_offset))" +entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))" entrypoint_size="0x20" header_uimage_offset="0x0" -header_ram_start="${CONFIG_UIMAGE_LOADADDR}" +header_ram_start="${CONFIG_RAM_START}" header_size="0x40" r1_uimage_offset="${header_size}" -r1_ram_start="$((CONFIG_UIMAGE_LOADADDR + r1_uimage_offset))" +r1_ram_start="$((CONFIG_RAM_START + r1_uimage_offset))" r1_size="$((entrypoint_uimage_offset - header_size ))" r2_uimage_offset="$((entrypoint_uimage_offset + entrypoint_size))" -r2_ram_start="$((CONFIG_UIMAGE_LOADADDR + r2_uimage_offset))" +r2_ram_start="$((CONFIG_RAM_START + r2_uimage_offset))" r2_size="$((ivt_uimage_start - (entrypoint_uimage_offset + entrypoint_size)))" # Generate actual CSF descriptor file from template if [ "${ENCRYPT}" = "true" ]; then - sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ + sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \ -e "s,%srk_table%,${SRK_TABLE},g " \ -e "s,%cert_csf%,${CERT_CSF},g" \ -e "s,%cert_img%,${CERT_IMG},g" \ @@ -157,7 +195,7 @@ if [ "${ENCRYPT}" = "true" ]; then -e "s,%r2_size%,${r2_size},g" \ "${SCRIPT_PATH}/csf_templates/encrypt_uimage" > csf_descriptor else - sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \ + sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \ -e "s,%srk_table%,${SRK_TABLE},g" \ -e "s,%image_offset%,${uimage_offset},g" \ -e "s,%auth_len%,${auth_len},g" \ diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index 06e6ee603..02b2c4ae8 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -28,11 +28,13 @@ KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}" do_deploy_append() { if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + # Set environment variables for trustfence configuration export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" - export CONFIG_PLATFORM="${DIGI_FAMILY}" [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" - "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" + + # Sign/encrypt the kernel image + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -l "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" fi (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) From c1d2ee02f5e3298a053de53674a9128a59df6904 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Mon, 19 Sep 2016 18:34:24 +0200 Subject: [PATCH 43/66] trustfence: sign device tree blobs https://jira.digi.com/browse/DUB-614 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-arm/recipes-kernel/linux/linux-dey.inc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc index 02b2c4ae8..fc77b74c0 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc @@ -36,6 +36,15 @@ do_deploy_append() { # Sign/encrypt the kernel image "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -l "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" + + # Sign/encrypt the device tree blobs + if [ -n "${KERNEL_DEVICETREE}" ]; then + for DTB_NAME in ${KERNEL_DEVICETREE}; do + DTB="${B}/arch/${ARCH}/boot/dts/${DTB_NAME}" + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -d "${DTB}" "${DTB}-signed" + mv "${DTB}-signed" "${DTB}" + done + fi fi (cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME}) } From 7a02e1b00aed5295bbf26004b349476ff3aff209 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Mon, 19 Sep 2016 16:34:38 +0200 Subject: [PATCH 44/66] trustfence: define new type of image for signed/encrypted ramdisks Also change the image type of dey-image-trustfence-initramfs. https://jira.digi.com/browse/DUB-615 Signed-off-by: Diaz de Grenu, Jose --- .../classes/image_types_digi.bbclass | 22 +++++++++++++++++-- .../recipes-bsp/u-boot/u-boot-dey_2015.04.bb | 2 +- .../images/dey-image-trustfence-initramfs.bb | 2 +- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 9588d2d86..160cdd66c 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -29,8 +29,8 @@ IMAGE_CMD_boot.vfat() { # Add Trustfence initramfs if enabled if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then - BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot)" - BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot" + BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf)" + BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf" fi # Size of kernel and device tree + 10% extra space (in bytes) @@ -130,6 +130,24 @@ IMAGE_CMD_rootfs.initramfs() { } IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz" +IMAGE_CMD_cpio.gz.u-boot.tf() { + # + # Image generation code for image type 'cpio.gz.u-boot.tf' + # (signed/encrypted ramdisk) + # + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + # Set environment variables for trustfence configuration + export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" + [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" + [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" + + # Sign/encrypt the ramdisk + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf" + fi +} + +IMAGE_TYPEDEP_cpio.gz.u-boot.tf = "cpio.gz.u-boot" + # Set alignment to 4MB [in KiB] IMAGE_ROOTFS_ALIGNMENT = "4096" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index daf4509e3..f628729fb 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -101,7 +101,7 @@ TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}" def tf_bootscript_sedfilter(d): tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or "" - return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot" % tf_initramfs if tf_initramfs else "" + return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf" % tf_initramfs if tf_initramfs else "" do_deploy_append() { # Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form: diff --git a/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb b/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb index f5923ce55..24a4a75a1 100644 --- a/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb +++ b/meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb @@ -11,7 +11,7 @@ PACKAGE_INSTALL = " \ IMAGE_FEATURES = "" IMAGE_LINGUAS = "" -IMAGE_FSTYPES = "cpio.gz.u-boot" +IMAGE_FSTYPES = "cpio.gz.u-boot.tf" inherit core-image image_types_uboot IMAGE_ROOTFS_SIZE = "8192" From 934c819fd9cf6abba829b3838ca7f052303fd538 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Thu, 22 Sep 2016 11:58:38 +0200 Subject: [PATCH 45/66] meta-digi-arm: sign/encrypt bootscript https://jira.digi.com/browse/DUB-679 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb | 7 +++++++ .../trustfence-sign-tools/trustfence-sign-kernel.sh | 8 ++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index f628729fb..9759e9abc 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -150,6 +150,13 @@ do_deploy_append() { TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)" sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR} mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr + if [ "${TRUSTFENCE_SIGN}" = "1" ]; then + export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}" + [ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}" + [ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}" + "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${DEPLOYDIR}/boot-signed.scr" + mv ${DEPLOYDIR}/boot-signed.scr ${DEPLOYDIR}/boot.scr + fi rm -f ${TMP_BOOTSCR} } diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 3af50288f..2548fb0ed 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -25,8 +25,9 @@ SCRIPT_NAME="$(basename ${0})" SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" -while getopts "dilp:" c; do +while getopts "bdilp:" c; do case "${c}" in + b) ARTIFACT_BOOTSCRIPT="y";; d) ARTIFACT_DTB="y";; i) ARTIFACT_INITRAMFS="y";; l) ARTIFACT_KERNEL="y";; @@ -41,6 +42,7 @@ usage() { Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image -p select platform for the project + -b sign/encrypt bootscript -d sign/encrypt initramfs -i sign/encrypt DTB -l sign/encrypt Linux image @@ -103,9 +105,11 @@ fi [ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}" [ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}" [ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" +# bootscripts are loaded to $loadaddr, just like the kernel +[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}" if [ -z "${CONFIG_RAM_START}" ]; then - echo "Specify the type of image to process (-i, -d, or -l)" + echo "Specify the type of image to process (-b, -i, -d, or -l)" exit 1 fi From 86cb5b15ae89217edab5f7fd294ef05dc1826905 Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Fri, 7 Oct 2016 19:03:46 +0200 Subject: [PATCH 46/66] install script: do a saveenv before reset A corner case requires to save the environment so that the boot command works after reset. Signed-off-by: Hector Palacios https://jira.digi.com/browse/DUB-681 --- .../u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt | 1 + .../u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt index 651a69723..91eedbc14 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt @@ -90,6 +90,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; + saveenv; echo \"\"; echo \"#######################\"; echo \"# Install complete! #\"; diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt index 1729975f2..eaab7a62b 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt @@ -90,6 +90,7 @@ setenv bootcmd " echo \"Aborted.\"; exit; fi; + saveenv; echo \"\"; echo \"#######################\"; echo \"# Install complete! #\"; From f8c901b3766d46d7cf4c385e59e70bab6c0de083 Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Tue, 18 Oct 2016 13:39:28 +0200 Subject: [PATCH 47/66] kernel-module-qualcomm: fix concurrency and p2p support Fix support for concurrency and some P2P modes by initializing the interface with all the adapter completion variables. https://jira.digi.com/browse/DEL-3072 https://jira.digi.com/browse/DEL-3037 Signed-off-by: Isaac Hermida --- .../kernel-module-qualcomm.bb | 3 + ...dd_cfg80211-fix-missing-ifdef-clause.patch | 28 +++ .../0017-Add-.gitignore-rules.patch | 25 +++ ...itialize-all-adapter-completion-vari.patch | 206 ++++++++++++++++++ 4 files changed, 262 insertions(+) create mode 100644 meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch create mode 100644 meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch create mode 100644 meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb index c59fe3693..17a2bdfbe 100644 --- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb @@ -32,6 +32,9 @@ SRC_URI = " \ file://0013-Kbuild-do-not-create-an-auxiliar-p2p-on-init.patch \ file://0014-Kbuild-do-not-compile-the-DEBUG-version-inconditiona.patch \ file://0015-Kbuild-Group-most-of-the-relevant-DEBUG-options.patch \ + file://0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch \ + file://0017-Add-.gitignore-rules.patch \ + file://0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch \ " S = "${WORKDIR}/${PV}" diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch new file mode 100644 index 000000000..c5621575e --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch @@ -0,0 +1,28 @@ +From: Isaac Hermida +Date: Fri, 14 Oct 2016 10:28:29 +0200 +Subject: [PATCH] wlan_hdd_cfg80211: fix missing ifdef clause + +Fix the compilation for old kernels by defining a missing "ifdef" clause. + +Signed-off-by: Isaac Hermida +--- + CORE/HDD/inc/wlan_hdd_cfg80211.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h +index a40c55144bc5..95c1ddce7de4 100644 +--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h ++++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h +@@ -992,7 +992,12 @@ backported_cfg80211_vendor_event_alloc(struct wiphy *wiphy, + int approxlen, + int event_idx, gfp_t gfp) + { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0) + return cfg80211_vendor_event_alloc(wiphy, wdev, approxlen, event_idx, gfp); ++#else ++ return cfg80211_vendor_event_alloc(wiphy, approxlen, event_idx, gfp); ++#endif ++ + } + #define cfg80211_vendor_event_alloc backported_cfg80211_vendor_event_alloc + #endif diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch new file mode 100644 index 000000000..f29152d5c --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch @@ -0,0 +1,25 @@ +From: Isaac Hermida +Date: Mon, 17 Oct 2016 10:06:18 +0200 +Subject: [PATCH] Add .gitignore rules + +Signed-off-by: Isaac Hermida +--- + .gitignore | 9 +++++++++ + 1 file changed, 9 insertions(+) + create mode 100644 .gitignore + +diff --git a/.gitignore b/.gitignore +new file mode 100644 +index 000000000000..9886b5284c3f +--- /dev/null ++++ b/.gitignore +@@ -0,0 +1,9 @@ ++*.o ++*.o.cmd ++.tmp_versions ++.* ++Module.symvers ++modules.order ++*.mod.c ++cscope.* ++wlan.ko diff --git a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch new file mode 100644 index 000000000..501d36add --- /dev/null +++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch @@ -0,0 +1,206 @@ +From: Isaac Hermida +Date: Tue, 5 Jul 2016 14:55:15 +0530 +Subject: [PATCH] wlan_hdd_main: initialize all adapter completion variables + +In order to change the p2p device mode, delete and add virtual_iface +followed by change_iface will be invoked. But in this case device mode +is changed by invoking change_iface method without invoking delete and +add virtual_iface functions resulting in kernel panic. + +This is because, in latter case hdd_open_adapter will not be invoked +for the intended device mode. Hence uninitialized completion variables +will be used for further operations. + +To mitigate this issue, Initialize all completion variables of +hdd_adapter_t structure during open adapter irrespective of adapter's +device mode. + +https://jira.digi.com/browse/DEL-3072 +https://jira.digi.com/browse/DEL-3037 + +(cherry-picked from 20ed76a8e436042590aa25acb33a2ba3d6d34250) +Signed-off-by: Isaac Hermida +--- + CORE/HDD/inc/wlan_hdd_main.h | 1 + + CORE/HDD/src/wlan_hdd_hostapd.c | 10 ----- + CORE/HDD/src/wlan_hdd_main.c | 82 ++++++++++++++++++++++++----------------- + 3 files changed, 50 insertions(+), 43 deletions(-) + +diff --git a/CORE/HDD/inc/wlan_hdd_main.h b/CORE/HDD/inc/wlan_hdd_main.h +index f01b7f309dc2..3c5a51a57d6c 100644 +--- a/CORE/HDD/inc/wlan_hdd_main.h ++++ b/CORE/HDD/inc/wlan_hdd_main.h +@@ -1740,4 +1740,5 @@ static inline void wlan_hdd_stop_sap(hdd_adapter_t *ap_adapter) {} + static inline void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter) {} + #endif + bool wlan_hdd_get_fw_state(hdd_adapter_t *adapter); ++void hdd_initialize_adapter_common(hdd_adapter_t *adapter); + #endif // end #if !defined( WLAN_HDD_MAIN_H ) +diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c +index 8a80d26f355a..4bd6b844ac5a 100644 +--- a/CORE/HDD/src/wlan_hdd_hostapd.c ++++ b/CORE/HDD/src/wlan_hdd_hostapd.c +@@ -5389,9 +5389,6 @@ VOS_STATUS hdd_init_ap_mode( hdd_adapter_t *pAdapter ) + return status; + } + +- init_completion(&pAdapter->session_close_comp_var); +- init_completion(&pAdapter->session_open_comp_var); +- + sema_init(&(WLAN_HDD_GET_AP_CTX_PTR(pAdapter))->semWpsPBCOverlapInd, 1); + + // Register as a wireless device +@@ -5494,13 +5491,6 @@ hdd_adapter_t* hdd_wlan_create_ap_dev( hdd_context_t *pHddCtx, tSirMacAddr macAd + pWlanHostapdDev->ieee80211_ptr = &pHostapdAdapter->wdev ; + pHostapdAdapter->wdev.wiphy = pHddCtx->wiphy; + pHostapdAdapter->wdev.netdev = pWlanHostapdDev; +- init_completion(&pHostapdAdapter->tx_action_cnf_event); +- init_completion(&pHostapdAdapter->cancel_rem_on_chan_var); +- init_completion(&pHostapdAdapter->rem_on_chan_ready_event); +- init_completion(&pHostapdAdapter->ula_complete); +- init_completion(&pHostapdAdapter->offchannel_tx_event); +- init_completion(&pHostapdAdapter->scan_info.scan_req_completion_event); +- init_completion(&pHostapdAdapter->scan_info.abortscan_event_var); + vos_event_init(&pHostapdAdapter->scan_info.scan_finished_event); + pHostapdAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP; + +diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c +index a10da2a9b164..b447f0931d52 100755 +--- a/CORE/HDD/src/wlan_hdd_main.c ++++ b/CORE/HDD/src/wlan_hdd_main.c +@@ -8234,7 +8234,6 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac + + if(pWlanDev != NULL) + { +- + //Save the pointer to the net_device in the HDD adapter + pAdapter = (hdd_adapter_t*) netdev_priv( pWlanDev ); + +@@ -8244,43 +8243,11 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac + pAdapter->pHddCtx = pHddCtx; + pAdapter->magic = WLAN_HDD_ADAPTER_MAGIC; + +- init_completion(&pAdapter->session_open_comp_var); +- init_completion(&pAdapter->session_close_comp_var); +- init_completion(&pAdapter->disconnect_comp_var); +- init_completion(&pAdapter->linkup_event_var); +- init_completion(&pAdapter->cancel_rem_on_chan_var); +- init_completion(&pAdapter->rem_on_chan_ready_event); +- init_completion(&pAdapter->offchannel_tx_event); +- init_completion(&pAdapter->tx_action_cnf_event); +-#ifdef FEATURE_WLAN_TDLS +- init_completion(&pAdapter->tdls_add_station_comp); +- init_completion(&pAdapter->tdls_del_station_comp); +- init_completion(&pAdapter->tdls_mgmt_comp); +- init_completion(&pAdapter->tdls_link_establish_req_comp); +-#endif +- +- init_completion(&pHddCtx->mc_sus_event_var); +- init_completion(&pHddCtx->tx_sus_event_var); +- init_completion(&pHddCtx->rx_sus_event_var); +- init_completion(&pHddCtx->ready_to_suspend); +- init_completion(&pAdapter->ula_complete); +- init_completion(&pAdapter->change_country_code); +- +-#ifdef WLAN_FEATURE_EXTWOW_SUPPORT +- init_completion(&pHddCtx->ready_to_extwow); +-#endif +- +-#ifdef FEATURE_WLAN_BATCH_SCAN +- init_completion(&pAdapter->hdd_set_batch_scan_req_var); +- init_completion(&pAdapter->hdd_get_batch_scan_req_var); + pAdapter->pBatchScanRsp = NULL; + pAdapter->numScanList = 0; + pAdapter->batchScanState = eHDD_BATCH_SCAN_STATE_STOPPED; + pAdapter->prev_batch_id = 0; + mutex_init(&pAdapter->hdd_batch_scan_lock); +-#endif +- init_completion(&pAdapter->scan_info.scan_req_completion_event); +- init_completion(&pAdapter->scan_info.abortscan_event_var); + + vos_event_init(&pAdapter->scan_info.scan_finished_event); + pAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP; +@@ -9018,6 +8985,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + pAdapter->wdev.iftype = NL80211_IFTYPE_P2P_CLIENT; + + pAdapter->device_mode = session_type; ++ hdd_initialize_adapter_common(pAdapter); + + status = hdd_init_station_mode( pAdapter ); + if( VOS_STATUS_SUCCESS != status ) +@@ -9089,6 +9057,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + NL80211_IFTYPE_P2P_GO; + pAdapter->device_mode = session_type; + ++ hdd_initialize_adapter_common(pAdapter); + status = hdd_init_ap_mode(pAdapter); + if( VOS_STATUS_SUCCESS != status ) + goto err_free_netdev; +@@ -9163,6 +9132,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type, + pAdapter->device_mode = session_type; + status = hdd_register_interface( pAdapter, rtnl_held ); + ++ hdd_initialize_adapter_common(pAdapter); + hdd_init_tx_rx( pAdapter ); + + //Stop the Interface TX queue. +@@ -11735,6 +11705,13 @@ int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc) + init_completion(&pHddCtx->full_pwr_comp_var); + init_completion(&pHddCtx->standby_comp_var); + init_completion(&pHddCtx->req_bmps_comp_var); ++ init_completion(&pHddCtx->mc_sus_event_var); ++ init_completion(&pHddCtx->tx_sus_event_var); ++ init_completion(&pHddCtx->rx_sus_event_var); ++ init_completion(&pHddCtx->ready_to_suspend); ++#ifdef WLAN_FEATURE_EXTWOW_SUPPORT ++ init_completion(&pHddCtx->ready_to_extwow); ++#endif + + spin_lock_init(&pHddCtx->schedScan_lock); + +@@ -14494,6 +14471,45 @@ void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter) + } + #endif + ++/** ++ * hdd_initialize_adapter_common() - initialize completion variables ++ * @adapter: pointer to hdd_adapter_t ++ * ++ * Return: none ++ */ ++void hdd_initialize_adapter_common(hdd_adapter_t *adapter) ++{ ++ if (NULL == adapter) { ++ hddLog(VOS_TRACE_LEVEL_ERROR, "%s: adapter is NULL ", __func__); ++ return; ++ } ++ init_completion(&adapter->session_open_comp_var); ++ init_completion(&adapter->session_close_comp_var); ++ init_completion(&adapter->disconnect_comp_var); ++ init_completion(&adapter->linkup_event_var); ++ init_completion(&adapter->cancel_rem_on_chan_var); ++ init_completion(&adapter->rem_on_chan_ready_event); ++ init_completion(&adapter->offchannel_tx_event); ++ init_completion(&adapter->tx_action_cnf_event); ++#ifdef FEATURE_WLAN_TDLS ++ init_completion(&adapter->tdls_add_station_comp); ++ init_completion(&adapter->tdls_del_station_comp); ++ init_completion(&adapter->tdls_mgmt_comp); ++ init_completion(&adapter->tdls_link_establish_req_comp); ++#endif ++ init_completion(&adapter->ula_complete); ++ init_completion(&adapter->change_country_code); ++ init_completion(&adapter->scan_info.scan_req_completion_event); ++ init_completion(&adapter->scan_info.abortscan_event_var); ++ ++#ifdef FEATURE_WLAN_BATCH_SCAN ++ init_completion(&adapter->hdd_set_batch_scan_req_var); ++ init_completion(&adapter->hdd_get_batch_scan_req_var); ++#endif ++ ++ return; ++} ++ + //Register the module init/exit functions + module_init(hdd_module_init); + module_exit(hdd_module_exit); From 62362688dfdb1bf204c90a55e4ba3b91e1a33aff Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Wed, 19 Oct 2016 16:04:20 +0200 Subject: [PATCH 48/66] hostapd: update config file with default support for 802.11ac Optimize the provided config file with default support for 802.11ac. https://jira.digi.com/browse/DEL-3128 Signed-off-by: Isaac Hermida --- .../hostapd/hostapd-2.4/hostapd.conf | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf index 69e69299f..fee4882a0 100644 --- a/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf +++ b/meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf @@ -4,14 +4,30 @@ interface=wlan0 driver=nl80211 # WPA2-AES encryption -channel=5 -ssid=ap-wpa2aes +ssid=ap-wpa2aes_a auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP wpa_passphrase=password-wpa2aes -# OPEN encryption example, remove WPA2-AES setup +# OPEN encryption --- remove WPA2-AES setup # channel=1 # ssid=ap-open + + +# IEEE 802.11ac +hw_mode=a +channel=36 +ieee80211ac=1 +ieee80211n=1 + +# IEEE 802.11gn --- remove IEEE 802.11ac setup +# hw_mode=g +# channel=5 +# ieee80211n=1 + + +# IEEE 802.11d - Country Code +ieee80211d=1 +country_code=US From 6aff5b5524184117670d7fd66fba30dd9c87f3ee Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 19 Oct 2016 17:19:58 +0200 Subject: [PATCH 49/66] trustfence: fix sign/encryption for very small artifacts The HAB on the i.MX6/i.MX6UL expects an entrypoint which is used to pass execution to U-Boot in the ROM code. In later executions of HAB, U-Boot calls the HAB but ignores this value. A fixed value of 0x1000 was being used for the entrypoint, which is too big for really small artifacts, like bootscripts. This commit reduces the value to 0x100. This allows to sign and encrypt artifacts as small as 260 bytes. Signed-off-by: Diaz de Grenu, Jose --- .../trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 2548fb0ed..2c51850ec 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -157,7 +157,7 @@ ivt_uimage_start="$((auth_len - 0x20))" ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))" ivt_size="0x20" csf_ram_start="$((ivt_ram_start + ivt_size))" -entrypoint_uimage_offset="0x1000" +entrypoint_uimage_offset="0x100" entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))" entrypoint_size="0x20" header_uimage_offset="0x0" From 472e57312f7b5405bc20ede4961ffecf75125609 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Wed, 19 Oct 2016 18:01:48 +0200 Subject: [PATCH 50/66] meta-digi-arm: sync machine files with meta-fsl-arm This commit adds the proper DEFAULTTUNE and overrides for the ccimx6ul family of modules. https://jira.digi.com/browse/DEL-3102 Signed-off-by: Javier Viguera --- meta-digi-arm/conf/machine/include/imx-digi-base.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta-digi-arm/conf/machine/include/imx-digi-base.inc b/meta-digi-arm/conf/machine/include/imx-digi-base.inc index 8fe73b975..883273e87 100644 --- a/meta-digi-arm/conf/machine/include/imx-digi-base.inc +++ b/meta-digi-arm/conf/machine/include/imx-digi-base.inc @@ -19,11 +19,13 @@ MACHINE_EXTRA_RRECOMMENDS = "kernel-modules" # DEFAULTTUNE_mx6 ?= "cortexa9t-neon" # handled by hardware DEFAULTTUNE_mx6 ?= "cortexa9thf-neon" +DEFAULTTUNE_mx6ul ?= "cortexa7thf-neon" # Sub-architecture support MACHINE_SOCARCH_SUFFIX ?= "" MACHINE_SOCARCH_SUFFIX_mx6q = "-mx6qdl" MACHINE_SOCARCH_SUFFIX_mx6dl = "-mx6qdl" +MACHINE_SOCARCH_SUFFIX_mx6ul = "-mx6ul" MACHINE_ARCH_FILTER = "virtual/kernel imx-vpu" MACHINE_SOCARCH_FILTER_append_mx6 = " libfslcodec libfslvpuwrap libfslparser" @@ -52,17 +54,22 @@ MACHINE_HAS_VIVANTE_KERNEL_DRIVER_SUPPORT ?= "${SOC_HAS_VIVANTE_KERNEL_DRIVER_SU # mx6 GPU libraries PREFERRED_PROVIDER_virtual/egl_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/egl_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/egl_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgles1_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgles1_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgles1_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgles2_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgles2_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgles2_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libgl_mx6q ?= "imx-gpu-viv" PREFERRED_PROVIDER_virtual/libgl_mx6dl ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libgl_mx6ul ?= "mesa" PREFERRED_PROVIDER_virtual/libg2d_mx6 ?= "imx-gpu-viv" +PREFERRED_PROVIDER_virtual/libg2d_mx6ul = "" EXTRA_IMAGEDEPENDS = "u-boot" From 90b2b3ddc78345135a83241d4be35460946e7404 Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Fri, 21 Oct 2016 09:17:37 +0200 Subject: [PATCH 51/66] recipes-kernel: sync ccimx6ul defconfig Signed-off-by: Hector Palacios https://jira.digi.com/browse/DEL-3053 --- .../recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig index 5352fe152..682517403 100644 --- a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig +++ b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig @@ -75,6 +75,10 @@ CONFIG_CFG80211_DEBUGFS=y CONFIG_CFG80211_WEXT=y CONFIG_MAC80211=y CONFIG_MAC80211_DEBUGFS=y +CONFIG_RFKILL=y +CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_REGULATOR=y +CONFIG_RFKILL_GPIO=y CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y # CONFIG_STANDALONE is not set @@ -237,6 +241,10 @@ CONFIG_BACKLIGHT_PWM=y CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y CONFIG_LOGO=y +CONFIG_FB_LOGO_CENTERED=y +# CONFIG_LOGO_LINUX_MONO is not set +# CONFIG_LOGO_LINUX_VGA16 is not set +# CONFIG_LOGO_LINUX_CLUT224 is not set CONFIG_SOUND=y CONFIG_SND=y CONFIG_SND_USB_AUDIO=m From 796334fa9a3ccfb2f54305a2f01b29cb3020572e Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Mon, 24 Oct 2016 17:35:45 +0200 Subject: [PATCH 52/66] trustfence: fix initramfs name when signed images are disabled It is desirable to keep the name of the initramfs images the same regardless of the sign and encryption configuration. https://jira.digi.com/browse/DEL-3141 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-arm/classes/image_types_digi.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 160cdd66c..48d29b906 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -143,6 +143,9 @@ IMAGE_CMD_cpio.gz.u-boot.tf() { # Sign/encrypt the ramdisk "${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf" + else + # Rename image + mv "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf" fi } From 262ade8908d8d9a02177e7d5660a095e6dfa2041 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Thu, 20 Oct 2016 14:53:26 +0200 Subject: [PATCH 53/66] Revert "trustfence: disable SDCARD image generation when encryption is enabled" When encryption is enabled, the signed U-Boot image will be used for the uSD. This allows the uSD image to boot the device and recover it from the U-Boot console, which is its main purpose. Nevertheless, the uSD image will not be able to boot Linux. https://jira.digi.com/browse/DEL-2877 This reverts commit 2e13e194d9b86e709157cf11a9756616d8be1b6a. --- README.md | 4 ++-- meta-digi-dey/classes/trustfence.bbclass | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 903fd3653..b5b97bfb9 100644 --- a/README.md +++ b/README.md @@ -131,8 +131,8 @@ authentication failure. * The Micrel PHY KSZ9031 may take between five and six seconds to auto-negotiate with Gigabit switches -* Secure uSD booting only supports booting signed images. A uSD image is not -generated if TrustFence (TM) image encryption support is enabled. +* If TrustFence (TM) image encryption support is enabled, the uSD image will +boot a signed U-Boot only. # Support Contact Information diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index c31bb2daf..5ab4060a7 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -65,6 +65,3 @@ python () { if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"): d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y') } - -# SDCARD image is not supported when encryption is enabled, so disable it in such cases -IMAGE_FSTYPES_remove = "${@'' if d.getVar('TRUSTFENCE_DEK_PATH', True) == '0' else 'sdcard'}" From 2405428230230a0c27ccf2c13e14cd3eafedcd25 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Fri, 21 Oct 2016 13:54:24 +0200 Subject: [PATCH 54/66] README: remove limitation This was fixed in U-Boot: 4aad9fd041f11de66bf5eb0137c49dbd450c4388 Also move TrustFence (TM) limitation which affect all platforms to a common section. https://jira.digi.com/browse/DEL-3134 Signed-off-by: Diaz de Grenu, Jose --- README.md | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b5b97bfb9..cbcdef645 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,13 @@ Documentation is available online on the Digi documentation site: This is a list of known issues and limitations at the time of release. An updated list can be found on the online documentation. +* When using TrustFence (TM) encrypted images secure boot support, the CAAM +will hang the processor when trying to authenticate an encrypted firmware image +after a failed attempt. Hence the target needs to be reset after an +authentication failure. +* If TrustFence (TM) image encryption support is enabled, the uSD image will +boot a signed U-Boot only. + ## Digi ConnectCore 6UL * In the Bluetooth interface, the UART hardware flow control doesn’t work @@ -118,21 +125,11 @@ modes: softAP mode * A maximum of ten connected devices are supported when using Qualcomm's AR6233 Bluetooth Low Energy mode -* NXP i.MX6 processor does not set the sticky bit which write protects the -SRK_REVOKE eFuse on closed devices. This means that in the ConnectCore 6, -key revocation is always possible, no matter the value of the Yocto macro -TRUSTFENCE_UNLOCK_KEY_REVOCATION. -* When using TrustFence (TM) encrypted images secure boot support, the CAAM -will hang the processor when trying to authenticate an encrypted kernel image -after a failed attempt. Hence the target needs to be reset after an -authentication failure. ## Digi ConnectCore 6 SBC * The Micrel PHY KSZ9031 may take between five and six seconds to auto-negotiate with Gigabit switches -* If TrustFence (TM) image encryption support is enabled, the uSD image will -boot a signed U-Boot only. # Support Contact Information From 66728c99fd1d78580091e594021592d53043d854 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 25 Oct 2016 12:59:58 +0200 Subject: [PATCH 55/66] sysinfo: read U-Boot from the device tree This allows to correctly read the U-Boot version when using encrypted images. Leave the current implementation as a fallback, in case the system is using an old U-Boot which does not populate the device tree property. https://jira.digi.com/browse/DEL-3025 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 3a2c1b27e..1f024d502 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -188,9 +188,12 @@ make_report(){ DISTRO="$(sed -ne 's,DISTRO = \(.*\)$,\1,g;T;p' /etc/build)" DEY_VERSION="$(sed -ne 's,DISTRO_VERSION = \(.*\)$,\1,g;T;p' /etc/build)" -UBOOT_PARTITION="/dev/mmcblk0boot0" -[ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0" -UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)" +UBOOT_VERSION="$(cat /proc/device-tree/digi,uboot,version 2>/dev/null)" +if [ -z "${UBOOT_VERSION}" ]; then + UBOOT_PARTITION="/dev/mmcblk0boot0" + [ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0" + UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)" +fi MACHINE="$(cat /proc/device-tree/digi,machine,name)" BOARD_VARIANT="$(cat /proc/device-tree/digi,hwid,variant)" BOARD_SN="$(cat /proc/device-tree/digi,hwid,sn)" From 7a1f46175c758a059ddf261ae116a103c5c63b0e Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 25 Oct 2016 16:23:08 +0200 Subject: [PATCH 56/66] sysinfo: Add information about TrustFence (TM) https://jira.digi.com/browse/DEL-3025 Signed-off-by: Diaz de Grenu, Jose --- .../recipes-digi/sysinfo/sysinfo/sysinfo | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 1f024d502..7d34b65da 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -182,6 +182,25 @@ make_report(){ ip link show printf "\n" + echo "--------------------------------------" + echo "- -" + echo "- TrustFence -" + echo "- -" + echo "--------------------------------------" + echo "" + + if [ "$(($(cat /sys/fsl_otp/HW_OCOTP_LOCK) & 2))" != "0" ]; then + echo "Device status: [CLOSED]" + else + echo "Device status: [OPEN]" + fi + + if [ -f "/proc/device-tree/digi,uboot-env,encrypted" ]; then + echo "U-Boot environment is encrypted" + else + echo "U-Boot environment is NOT encrypted" + fi + echo "-------------End of report------------" } From 32a234b0d1daf0236dea4eecb56c5b17d5a2469d Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Thu, 3 Nov 2016 16:59:51 +0100 Subject: [PATCH 57/66] sysinfo: Add wireless configuration info Print the wireless configuration as well as supplicant and hostapd version info https://jira.digi.com/browse/DEL-3147 Signed-off-by: Gabriel Valcazar --- .../recipes-digi/sysinfo/sysinfo/sysinfo | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 7d34b65da..1f53019ef 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -182,6 +182,32 @@ make_report(){ ip link show printf "\n" + echo "--------------------------------------" + echo "- -" + echo "- Wireless configuration -" + echo "- -" + echo "--------------------------------------" + echo "" + wpa_supplicant -v 2>/dev/null + echo "" + if [ -f "/etc/wpa_supplicant.conf" ]; then + echo "wpa_supplicant.conf:" + cat "/etc/wpa_supplicant.conf" + else + echo "[NOT FOUND] /etc/wpa_supplicant.conf" + fi + + echo "" + hostapd -v 2>&1 + echo "" + if [ -f "/etc/hostapd.conf" ]; then + echo "hostapd.conf:" + cat "/etc/hostapd.conf" + else + echo "[NOT FOUND] hostapd.conf" + fi + printf "\n\n" + echo "--------------------------------------" echo "- -" echo "- TrustFence -" From e0b7905d672627f1e88971735d262b86ba4bda7e Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Tue, 8 Nov 2016 14:51:52 +0100 Subject: [PATCH 58/66] sysinfo: fix device status report The OTP word read was incorrect. HW_OCOTP_CFG5 corresponds to bank 0 word 6. https://jira.digi.com/browse/ADK4A-1129 Signed-off-by: Diaz de Grenu, Jose --- meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo index 1f53019ef..541f3b574 100755 --- a/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo +++ b/meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo @@ -215,7 +215,7 @@ make_report(){ echo "--------------------------------------" echo "" - if [ "$(($(cat /sys/fsl_otp/HW_OCOTP_LOCK) & 2))" != "0" ]; then + if [ "$(($(cat /sys/fsl_otp/HW_OCOTP_CFG5) & 2))" != "0" ]; then echo "Device status: [CLOSED]" else echo "Device status: [OPEN]" From ed227892246e52e07ca6805a061565025ecf0bfe Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 9 Nov 2016 16:59:44 +0100 Subject: [PATCH 59/66] trustfence: make sign script threadsafe Ensure that the signing script is not executed in parallel. This is required in order to avoid problems during PKI generation and CST usage when building with Yocto or the Android build system. https://jira.digi.com/browse/DEL-2849 Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-sign-tools/trustfence-sign-kernel.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 2c51850ec..26ae7ea89 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -22,6 +22,13 @@ # #=============================================================================== +# Avoid parallel execution of this script +SINGLE_PROCESS_LOCK="/tmp/sign_script.lock.d" +trap 'rm -rf "${SINGLE_PROCESS_LOCK}"' INT TERM EXIT +while ! mkdir "${SINGLE_PROCESS_LOCK}" > /dev/null 2>&1; do + sleep 1 +done + SCRIPT_NAME="$(basename ${0})" SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)" From af3f883f09eda3d400a5da8afbc04e5beb43bec7 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Wed, 9 Nov 2016 17:00:27 +0100 Subject: [PATCH 60/66] trustfence: [cosmetic] fix usage help Signed-off-by: Diaz de Grenu, Jose --- .../trustfence-sign-tools/trustfence-sign-kernel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh index 26ae7ea89..c4c5129ee 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh @@ -50,8 +50,8 @@ Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image -p select platform for the project -b sign/encrypt bootscript - -d sign/encrypt initramfs - -i sign/encrypt DTB + -d sign/encrypt DTB + -i sign/encrypt initramfs -l sign/encrypt Linux image Supported platforms: ccimx6, ccimx6ul From b3e5837cf44a37caac7fa41326e88726de2044f1 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Tue, 8 Nov 2016 14:07:10 +0100 Subject: [PATCH 61/66] trustfence-initramfs: Extend for the ccimx6ul https://jira.digi.com/browse/DEL-3173 Signed-off-by: Alex Gonzalez --- .../classes/image_types_digi.bbclass | 6 ++ .../recipes-bsp/u-boot/u-boot-dey_2015.04.bb | 1 + .../trustfence/trustfence-initramfs.bb | 12 ++- .../{ => ccimx6sbc}/trustfence-initramfs-init | 0 .../{ => ccimx6sbc}/trustfence-install.sh | 0 .../ccimx6ul/trustfence-initramfs-init | 98 +++++++++++++++++++ .../ccimx6ul/trustfence-install.sh | 94 ++++++++++++++++++ ...nce-tool_1.0.bb => trustfence-tool_2.0.bb} | 4 +- 8 files changed, 211 insertions(+), 4 deletions(-) rename meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/{ => ccimx6sbc}/trustfence-initramfs-init (100%) rename meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/{ => ccimx6sbc}/trustfence-install.sh (100%) create mode 100644 meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init create mode 100644 meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh rename meta-digi-dey/recipes-core/trustfence/{trustfence-tool_1.0.bb => trustfence-tool_2.0.bb} (57%) diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass index 48d29b906..03dfd64e7 100644 --- a/meta-digi-arm/classes/image_types_digi.bbclass +++ b/meta-digi-arm/classes/image_types_digi.bbclass @@ -75,6 +75,7 @@ IMAGE_DEPENDS_boot.ubifs = " \ mtd-utils-native:do_populate_sysroot \ u-boot:do_deploy \ virtual/kernel:do_deploy \ + ${@TRUSTFENCE_BOOTIMAGE_DEPENDS(d)} \ " IMAGE_CMD_boot.ubifs() { @@ -90,6 +91,11 @@ IMAGE_CMD_boot.ubifs() { done fi + # Add Trustfence initramfs if enabled + if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then + BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf" + fi + # Create temporary folder TMP_BOOTDIR="$(mktemp -d ${DEPLOY_DIR_IMAGE}/boot.XXXXXX)" diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb index 9759e9abc..25e32c53e 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb @@ -98,6 +98,7 @@ do_compile () { TF_BOOTSCRIPT_SEDFILTER = "" TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}" +TF_BOOTSCRIPT_SEDFILTER_ccimx6ul = "${@tf_bootscript_sedfilter(d)}" def tf_bootscript_sedfilter(d): tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or "" diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb index 7fb2bdc45..278301b5d 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb @@ -24,9 +24,17 @@ FILES_${PN} = "/" # Runtime packages used in 'trustfence-initramfs-init' RDEPENDS_${PN} = " \ - cryptsetup \ - rng-tools \ trustfence-tool \ util-linux-findfs \ wipe \ + u-boot-fw-utils \ +" + +RDEPENDS_${PN}_append_ccimx6sbc = " \ + cryptsetup \ + rng-tools \ +" + +RDEPENDS_${PN}_append_ccimx6ul = " \ + mtd-utils-ubifs \ " diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init similarity index 100% rename from meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init rename to meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-install.sh similarity index 100% rename from meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh rename to meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-install.sh diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init new file mode 100644 index 000000000..86fa165e3 --- /dev/null +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init @@ -0,0 +1,98 @@ +#!/bin/sh +#=============================================================================== +# +# trustfence-initramfs-init +# +# Copyright (C) 2016 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# !Description: Init script for Trustfence initramfs +# +#=============================================================================== + +export PATH=/bin:/sbin:/usr/bin:/usr/sbin + +mkdir -p /proc /sys /dev +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev + +# Set kernel console loglevel +LOGLEVEL="$(sysctl -n kernel.printk)" +sysctl -q -w kernel.printk=4 + +for arg in $(cat /proc/cmdline); do + case "${arg}" in + init=*|rescue=1|root=*|trustfence_install=*) eval ${arg};; + trustfence_fskey*) + tf_fskey_bool=true; + eval ${arg};; + esac +done + +# Translate "PARTUUID=..." to real device +root="/dev/$(findfs ${root})" + +rescue_shell () { + # Expand console and respawn if exited + while true; do + setsid cttyhack sh -l + sleep 1 + done +} + +# Jump to a rescue shell if requested +if [ -n "${rescue}" ]; then + rescue_shell +fi + +if [ -n "${tf_fskey_bool}" ]; then + # Program key if trustfence_fskey kernel parameter exists + if [ -n "${trustfence_fskey}" ]; then + # trustfence_fskey not empty - use provided key + printf "\nUsing provided key\n" + trustfence-tool --newkey=${trustfence_fskey} + if [ "${?}" != "0" ]; then + error "trustfence-tool: key generation" + fi + else + # trustfence_fskey empty - use random key + printf "\nGenerating new random key\n" + trustfence-tool --newkey + if [ "${?}" != "0" ]; then + error "trustfence-tool: key generation" + fi + fi + echo "\nFile system encryption key changed.\n" + echo "A system reboot is needed for the kernel to use it.\n" + rescue_shell +fi + +# Run install script if "trustfence_install" kernel parameter exists +if [ -n "${trustfence_install}" ]; then + trustfence-install.sh ${trustfence_install} + sleep 1 + echo ">> Rebooting the system" + sleep 1 + sync && reboot -f +fi + +# Mount device +mkdir -p /newroot +mount -t "ubifs" ${root} /newroot + +# +# Clean-up and do the switch_root to the final rootfs +# +# - restore previous kernel console loglevel +# - umount virtual filesystems +# +[ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}" +mount --move /dev /newroot/dev +umount /sys /proc +exec switch_root /newroot ${init:-/sbin/init} diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh new file mode 100644 index 000000000..e87f01e6c --- /dev/null +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh @@ -0,0 +1,94 @@ +#!/bin/sh +#=============================================================================== +# +# trustfence-install.sh +# +# Copyright (C) 2016 by Digi International Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 as published by +# the Free Software Foundation. +# +# +# !Description: Wrapper script for initial deployment of encrypted filesystems +# +# The script gathers the needed information from the 'trustfence_install' +# kernel command line parameter with following syntax: +# +# trustfence_install="source:serverip:filename:partname" +# source -> 'tftp' | +# serverip -> | '' (serverip or empty if local) +# filename -> (path relative to 'source') +# partname -> (should match an entry on the +# partition table) +# +# For 'tftp' mode the kernel IP autoconfig may be used to bring the network +# interface up, with 'ip' kernel parameter. Examples: +# +# ip=:::::eth0:off +# ip=dhcp +# +# This script is meant for testing purposes. It's NOT a stable API and may +# be subject to change. +# +#=============================================================================== + +set -o pipefail + +TF_INSTALL_INFO="${1}" + +error() { + [ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}" + exit 1 +} + +# Parse trustfence_install kernel parameter +IFS=":" read SOURCE SERVERIP FILENAME PARTNAME <<_EOF_ +${TF_INSTALL_INFO} +_EOF_ + +# Validate command line arguments +if [ -z "${SOURCE}" ] || [ -z "${FILENAME}" ] || [ -z "${PARTNAME}" ] || { [ "${SOURCE}" = "tftp" ] && [ -z "${SERVERIP}" ]; }; then + error "wrong 'trustfence_install' parameter: ${TF_INSTALL_INFO}" +fi + +# Format partition +mtdindex="$(sed -ne "/\"${PARTNAME}\"$/s,^mtd\([0-9]\):.*,\1,g;T;p" /proc/mtd)" +ubidetach -p /dev/mtd${mtdindex} >/dev/null 2>&1 +ubiformat -y /dev/mtd${mtdindex} +UBI_DEVICE="$(ubiattach -p /dev/mtd${mtdindex} | sed -ne 's,.*device number \([0-9]\).*,\1,g;T;p')" +ubimkvol /dev/ubi${UBI_DEVICE} -N "${PARTNAME}" -m + +# Install image to the encrypted mapped device +if [ "${SOURCE}" = "tftp" ]; then + printf "\nInstalling ${FILENAME} from TFTP\n\n" + FILE=$(basename "$FILENAME") + tftp -g -l - -r "${FILENAME}" "${SERVERIP}" > ${FILE} || { error "tftp failed"; } + FILESIZE=$(stat -c%s "$FILE") + pv -tprebW ${FILE} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null + rm -f ${FILE} + if [ "${?}" != "0" ]; then + error "write ${FILENAME}" + fi +elif [ -b "${SOURCE}" ]; then + printf "\nInstalling ${FILENAME} from local media\n\n" + MOUNTPOINT="/media/$(basename ${SOURCE})" + FSTYPE="$(blkid ${SOURCE} | sed -e 's,.*TYPE="\([^"]\+\)".*,\1,g')" + mkdir -p ${MOUNTPOINT} + mount -r ${FSTYPE:+-t ${FSTYPE}} ${SOURCE} ${MOUNTPOINT} + FILESIZE=$(stat -c%s "${MOUNTPOINT}/${FILENAME}") + pv -tprebW ${MOUNTPOINT}/${FILENAME} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null + if [ "${?}" != "0" ]; then + error "write ${FILENAME}" + fi + umount ${SOURCE} +else + error "${SOURCE} is neither a block device nor 'tftp'" +fi + +echo "" +echo "#######################" +echo "# Install completed #" +echo "#######################" +echo "" diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb similarity index 57% rename from meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb rename to meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb index 7d42d034e..6786d116c 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb @@ -6,7 +6,7 @@ LICENSE = "CLOSED" SRC_URI = "${DIGI_PKG_SRC}/${BP}.tar.gz" -SRC_URI[md5sum] = "eea4efe8b8e7527a0ffeea16fd238ba3" -SRC_URI[sha256sum] = "aefeb08f2db59c891cf1162488499448bf9d80d64b2778d4fda11343793373e7" +SRC_URI[md5sum] = "413084cc2045d345883189cd0d68ca76" +SRC_URI[sha256sum] = "dff702f2838a7802103469c1ba07daead206652774e02a0a855b08d94aafe5fe" inherit bin_package From 22fe619976974bb181c460b266b53886e7937819 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Thu, 17 Nov 2016 11:50:02 +0100 Subject: [PATCH 62/66] meta-digi-dey: trustfence-initramfs-init: Use printf instead of echos This is a cosmetic change so that the newline characters are actually used. Signed-off-by: Alex Gonzalez --- .../trustfence-initramfs/ccimx6ul/trustfence-initramfs-init | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init index 86fa165e3..2c30dbf84 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init @@ -68,8 +68,8 @@ if [ -n "${tf_fskey_bool}" ]; then error "trustfence-tool: key generation" fi fi - echo "\nFile system encryption key changed.\n" - echo "A system reboot is needed for the kernel to use it.\n" + printf "\nFile system encryption key changed.\n" + printf "A system reboot is needed for the kernel to use it.\n" rescue_shell fi From 55c291e3409455e0dc999c69f8e9d902269cdd48 Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Fri, 18 Nov 2016 11:07:59 +0100 Subject: [PATCH 63/66] trustfence-tool: update checksums Version: 2.0-g49bafeb Signed-off-by: Javier Viguera --- meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb index 6786d116c..30d7fdf99 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb @@ -6,7 +6,7 @@ LICENSE = "CLOSED" SRC_URI = "${DIGI_PKG_SRC}/${BP}.tar.gz" -SRC_URI[md5sum] = "413084cc2045d345883189cd0d68ca76" -SRC_URI[sha256sum] = "dff702f2838a7802103469c1ba07daead206652774e02a0a855b08d94aafe5fe" +SRC_URI[md5sum] = "9556aec9c9b0ef7e38606040e4f059d0" +SRC_URI[sha256sum] = "21f013616393883a5c3e0e9d7332e5d169af515f83b3a7dbf365e9ffbde1c593" inherit bin_package From a81f72b99f06820441baf1e6d59f9bf9dbcd1dca Mon Sep 17 00:00:00 2001 From: Hector Palacios Date: Mon, 14 Nov 2016 16:33:08 +0100 Subject: [PATCH 64/66] mca-tool: add application to manage the CC6UL MCA firmware Signed-off-by: Hector Palacios https://jira.digi.com/browse/DEL-3093 --- meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb diff --git a/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb b/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb new file mode 100644 index 000000000..d3d92684c --- /dev/null +++ b/meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Digi International. + +SUMMARY = "MCA firmware management tool" +SECTION = "console/tools" +LICENSE = "CLOSED" + +PKGNAME = "mca_tool" +SRC_URI = "${DIGI_PKG_SRC}/${PKGNAME}-${PV}.tar.gz" + +SRC_URI[md5sum] = "ea869665e49f5c964bfb4ebc08c0f123" +SRC_URI[sha256sum] = "d0fecdeac90b94b4399418a2e64e44f4ac2786abf66aeed8d3dab953e74d1ae4" + +S = "${WORKDIR}/${PKGNAME}-${PV}" + +inherit bin_package + +COMPATIBLE_MACHINE = "(ccimx6ul)" From 26905d8cfb235a0811e3a02e57d04f6df19a4de7 Mon Sep 17 00:00:00 2001 From: "Diaz de Grenu, Jose" Date: Thu, 17 Nov 2016 15:33:06 +0100 Subject: [PATCH 65/66] README: add known limitation about MIPI and CSI1 https://jira.digi.com/browse/DEL-3175 Signed-off-by: Diaz de Grenu, Jose --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cbcdef645..860fe4478 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,7 @@ modes: softAP mode * A maximum of ten connected devices are supported when using Qualcomm's AR6233 Bluetooth Low Energy mode +* The MIPI and CSI1 camera connectors cannot be used simultaneously. ## Digi ConnectCore 6 SBC From f57007a322a1383777d9216cb47c0bae9c275d62 Mon Sep 17 00:00:00 2001 From: Pedro Perez de Heredia Date: Fri, 18 Nov 2016 11:23:36 +0100 Subject: [PATCH 66/66] dey-examples: add tamper_sample application for ccimx6ul https://jira.digi.com/browse/DEL-3195 Signed-off-by: Pedro Perez de Heredia Signed-off-by: Javier Viguera --- .../dey-examples/dey-examples-tamper.bb | 13 + .../dey-examples/files/tamper_sample/Makefile | 11 + .../files/tamper_sample/iio_utils.c | 669 ++++++++++++++++++ .../files/tamper_sample/iio_utils.h | 71 ++ .../files/tamper_sample/tamper_sample.c | 215 ++++++ .../packagegroup-dey-examples.bb | 1 + 6 files changed, 980 insertions(+) create mode 100644 meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb create mode 100644 meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile create mode 100644 meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c create mode 100644 meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h create mode 100644 meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c diff --git a/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb new file mode 100644 index 000000000..8f04f8c73 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb @@ -0,0 +1,13 @@ +SUMMARY = "DEY examples: Tamper test application" +SECTION = "examples" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "file://tamper_sample" + +S = "${WORKDIR}/tamper_sample" + +do_install() { + install -d ${D}${bindir} + install -m 0755 tamper_sample ${D}${bindir} +} diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile new file mode 100644 index 000000000..863688334 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile @@ -0,0 +1,11 @@ +CFLAGS = -Wall -g -D_GNU_SOURCE + +all: tamper_sample + +tamper_sample: tamper_sample.o iio_utils.o + +%.o: %.c iio_utils.h + +.PHONY: clean +clean: + rm -f *.o tamper_sample diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c new file mode 100644 index 000000000..6f6452167 --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c @@ -0,0 +1,669 @@ +/* IIO - useful set of util functionality + * + * Copyright (c) 2008 Jonathan Cameron + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ +#ifndef _IIO_UTILS_H +#define _IIO_UTILS_H + +#include +#include +#include +#include +#include +#include +#include +#include "iio_utils.h" + +const char *iio_dir = "/sys/bus/iio/devices/"; + +static char * const iio_direction[] = { + "in", + "out", +}; + +/** + * iioutils_break_up_name() - extract generic name from full channel name + * @full_name: the full channel name + * @generic_name: the output generic channel name + **/ +int iioutils_break_up_name(const char *full_name, + char **generic_name) +{ + char *current; + char *w, *r; + char *working, *prefix = ""; + int i; + + for (i = 0; i < sizeof(iio_direction) / sizeof(iio_direction[0]); i++) + if (!strncmp(full_name, iio_direction[i], + strlen(iio_direction[i]))) { + prefix = iio_direction[i]; + break; + } + + current = strdup(full_name + strlen(prefix) + 1); + working = strtok(current, "_\0"); + + w = working; + r = working; + + while (*r != '\0') { + if (!isdigit(*r)) { + *w = *r; + w++; + } + r++; + } + *w = '\0'; + asprintf(generic_name, "%s_%s", prefix, working); + free(current); + + return 0; +} + +/** + * iioutils_get_type() - find and process _type attribute data + * @is_signed: output whether channel is signed + * @bytes: output how many bytes the channel storage occupies + * @mask: output a bit mask for the raw data + * @be: big endian + * @device_dir: the iio device directory + * @name: the channel name + * @generic_name: the channel type name + **/ +int iioutils_get_type(unsigned *is_signed, + unsigned *bytes, + unsigned *bits_used, + unsigned *shift, + uint64_t *mask, + unsigned *be, + const char *device_dir, + const char *name, + const char *generic_name) +{ + FILE *sysfsfp; + int ret; + DIR *dp; + char *scan_el_dir, *builtname, *builtname_generic, *filename = 0; + char signchar, endianchar; + unsigned padint; + const struct dirent *ent; + + ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + ret = asprintf(&builtname, FORMAT_TYPE_FILE, name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_scan_el_dir; + } + ret = asprintf(&builtname_generic, FORMAT_TYPE_FILE, generic_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_builtname; + } + + dp = opendir(scan_el_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_builtname_generic; + } + while (ent = readdir(dp), ent != NULL) + /* + * Do we allow devices to override a generic name with + * a specific one? + */ + if ((strcmp(builtname, ent->d_name) == 0) || + (strcmp(builtname_generic, ent->d_name) == 0)) { + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_closedir; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", filename); + ret = -errno; + goto error_free_filename; + } + + ret = fscanf(sysfsfp, + "%ce:%c%u/%u>>%u", + &endianchar, + &signchar, + bits_used, + &padint, shift); + if (ret < 0) { + printf("failed to pass scan type description\n"); + ret = -errno; + goto error_close_sysfsfp; + } + *be = (endianchar == 'b'); + *bytes = padint / 8; + if (*bits_used == 64) + *mask = ~0; + else + *mask = (1 << *bits_used) - 1; + if (signchar == 's') + *is_signed = 1; + else + *is_signed = 0; + fclose(sysfsfp); + free(filename); + + filename = 0; + sysfsfp = 0; + } +error_close_sysfsfp: + if (sysfsfp) + fclose(sysfsfp); +error_free_filename: + if (filename) + free(filename); +error_closedir: + closedir(dp); +error_free_builtname_generic: + free(builtname_generic); +error_free_builtname: + free(builtname); +error_free_scan_el_dir: + free(scan_el_dir); +error_ret: + return ret; +} + +int iioutils_get_param_float(float *output, + const char *param_name, + const char *device_dir, + const char *name, + const char *generic_name) +{ + FILE *sysfsfp; + int ret; + DIR *dp; + char *builtname, *builtname_generic; + char *filename = NULL; + const struct dirent *ent; + + ret = asprintf(&builtname, "%s_%s", name, param_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + ret = asprintf(&builtname_generic, + "%s_%s", generic_name, param_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_free_builtname; + } + dp = opendir(device_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_builtname_generic; + } + while (ent = readdir(dp), ent != NULL) + if ((strcmp(builtname, ent->d_name) == 0) || + (strcmp(builtname_generic, ent->d_name) == 0)) { + ret = asprintf(&filename, + "%s/%s", device_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_closedir; + } + sysfsfp = fopen(filename, "r"); + if (!sysfsfp) { + ret = -errno; + goto error_free_filename; + } + fscanf(sysfsfp, "%f", output); + break; + } +error_free_filename: + if (filename) + free(filename); +error_closedir: + closedir(dp); +error_free_builtname_generic: + free(builtname_generic); +error_free_builtname: + free(builtname); +error_ret: + return ret; +} + +/** + * bsort_channel_array_by_index() - reorder so that the array is in index order + * + **/ + +void bsort_channel_array_by_index(struct iio_channel_info **ci_array, + int cnt) +{ + + struct iio_channel_info temp; + int x, y; + + for (x = 0; x < cnt; x++) + for (y = 0; y < (cnt - 1); y++) + if ((*ci_array)[y].index > (*ci_array)[y+1].index) { + temp = (*ci_array)[y + 1]; + (*ci_array)[y + 1] = (*ci_array)[y]; + (*ci_array)[y] = temp; + } +} + +/** + * build_channel_array() - function to figure out what channels are present + * @device_dir: the IIO device directory in sysfs + * @ + **/ +int build_channel_array(const char *device_dir, + struct iio_channel_info **ci_array, + int *counter) +{ + DIR *dp; + FILE *sysfsfp; + int count, i; + struct iio_channel_info *current; + int ret; + const struct dirent *ent; + char *scan_el_dir; + char *filename; + + *counter = 0; + ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir); + if (ret < 0) { + ret = -ENOMEM; + goto error_ret; + } + dp = opendir(scan_el_dir); + if (dp == NULL) { + ret = -errno; + goto error_free_name; + } + while (ent = readdir(dp), ent != NULL) + if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), + "_en") == 0) { + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + goto error_close_dir; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + ret = -errno; + free(filename); + goto error_close_dir; + } + fscanf(sysfsfp, "%i", &ret); + if (ret == 1) + (*counter)++; + fclose(sysfsfp); + free(filename); + } + *ci_array = malloc(sizeof(**ci_array) * (*counter)); + if (*ci_array == NULL) { + ret = -ENOMEM; + goto error_close_dir; + } + seekdir(dp, 0); + count = 0; + while (ent = readdir(dp), ent != NULL) { + if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), + "_en") == 0) { + int current_enabled = 0; + + current = &(*ci_array)[count++]; + ret = asprintf(&filename, + "%s/%s", scan_el_dir, ent->d_name); + if (ret < 0) { + ret = -ENOMEM; + /* decrement count to avoid freeing name */ + count--; + goto error_cleanup_array; + } + sysfsfp = fopen(filename, "r"); + if (sysfsfp == NULL) { + free(filename); + ret = -errno; + goto error_cleanup_array; + } + fscanf(sysfsfp, "%i", ¤t_enabled); + fclose(sysfsfp); + + if (!current_enabled) { + free(filename); + count--; + continue; + } + + current->scale = 1.0; + current->offset = 0; + current->name = strndup(ent->d_name, + strlen(ent->d_name) - + strlen("_en")); + if (current->name == NULL) { + free(filename); + ret = -ENOMEM; + goto error_cleanup_array; + } + /* Get the generic and specific name elements */ + ret = iioutils_break_up_name(current->name, + ¤t->generic_name); + if (ret) { + free(filename); + goto error_cleanup_array; + } + ret = asprintf(&filename, + "%s/%s_index", + scan_el_dir, + current->name); + if (ret < 0) { + free(filename); + ret = -ENOMEM; + goto error_cleanup_array; + } + sysfsfp = fopen(filename, "r"); + fscanf(sysfsfp, "%u", ¤t->index); + fclose(sysfsfp); + free(filename); + /* Find the scale */ + ret = iioutils_get_param_float(¤t->scale, + "scale", + device_dir, + current->name, + current->generic_name); + if (ret < 0) + goto error_cleanup_array; + ret = iioutils_get_param_float(¤t->offset, + "offset", + device_dir, + current->name, + current->generic_name); + if (ret < 0) + goto error_cleanup_array; + ret = iioutils_get_type(¤t->is_signed, + ¤t->bytes, + ¤t->bits_used, + ¤t->shift, + ¤t->mask, + ¤t->be, + device_dir, + current->name, + current->generic_name); + } + } + + closedir(dp); + /* reorder so that the array is in index order */ + bsort_channel_array_by_index(ci_array, *counter); + + return 0; + +error_cleanup_array: + for (i = count - 1; i >= 0; i--) + free((*ci_array)[i].name); + free(*ci_array); +error_close_dir: + closedir(dp); +error_free_name: + free(scan_el_dir); +error_ret: + return ret; +} + +/** + * find_type_by_name() - function to match top level types by name + * @name: top level type instance name + * @type: the type of top level instance being sort + * + * Typical types this is used for are device and trigger. + **/ +int find_type_by_name(const char *name, const char *type) +{ + const struct dirent *ent; + int number, numstrlen; + + FILE *nameFile; + DIR *dp; + char thisname[IIO_MAX_NAME_LENGTH]; + char *filename; + + dp = opendir(iio_dir); + if (dp == NULL) { + printf("No industrialio devices available\n"); + return -ENODEV; + } + + while (ent = readdir(dp), ent != NULL) { + if (strcmp(ent->d_name, ".") != 0 && + strcmp(ent->d_name, "..") != 0 && + strlen(ent->d_name) > strlen(type) && + strncmp(ent->d_name, type, strlen(type)) == 0) { + numstrlen = sscanf(ent->d_name + strlen(type), + "%d", + &number); + /* verify the next character is not a colon */ + if (strncmp(ent->d_name + strlen(type) + numstrlen, + ":", + 1) != 0) { + filename = malloc(strlen(iio_dir) + + strlen(type) + + numstrlen + + 6); + if (filename == NULL) { + closedir(dp); + return -ENOMEM; + } + sprintf(filename, "%s%s%d/name", + iio_dir, + type, + number); + nameFile = fopen(filename, "r"); + if (!nameFile) { + free(filename); + continue; + } + free(filename); + fscanf(nameFile, "%s", thisname); + fclose(nameFile); + if (strcmp(name, thisname) == 0) { + closedir(dp); + return number; + } + } + } + } + closedir(dp); + return -ENODEV; +} + +int _write_sysfs_int(char *filename, char *basedir, int val, int verify) +{ + int ret = 0; + FILE *sysfsfp; + int test; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) + return -ENOMEM; + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "w"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", temp); + ret = -errno; + goto error_free; + } + fprintf(sysfsfp, "%d", val); + fclose(sysfsfp); + if (verify) { + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + printf("failed to open %s\n", temp); + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%d", &test); + fclose(sysfsfp); + if (test != val) { + printf("Possible failure in int write %d to %s%s\n", + val, + basedir, + filename); + ret = -1; + } + } +error_free: + free(temp); + return ret; +} + +int write_sysfs_int(char *filename, char *basedir, int val) +{ + return _write_sysfs_int(filename, basedir, val, 0); +} + +int write_sysfs_int_and_verify(char *filename, char *basedir, int val) +{ + return _write_sysfs_int(filename, basedir, val, 1); +} + +int _write_sysfs_string(char *filename, char *basedir, char *val, int verify) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed\n"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "w"); + if (sysfsfp == NULL) { + printf("Could not open %s\n", temp); + ret = -errno; + goto error_free; + } + fprintf(sysfsfp, "%s", val); + fclose(sysfsfp); + if (verify) { + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + printf("could not open file to verify\n"); + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%s", temp); + fclose(sysfsfp); + if (strcmp(temp, val) != 0) { + printf("Possible failure in string write of %s " + "Should be %s " + "written to %s\%s\n", + temp, + val, + basedir, + filename); + ret = -1; + } + } +error_free: + free(temp); + + return ret; +} + +/** + * write_sysfs_string_and_verify() - string write, readback and verify + * @filename: name of file to write to + * @basedir: the sysfs directory in which the file is to be found + * @val: the string to write + **/ +int write_sysfs_string_and_verify(char *filename, char *basedir, char *val) +{ + return _write_sysfs_string(filename, basedir, val, 1); +} + +int write_sysfs_string(char *filename, char *basedir, char *val) +{ + return _write_sysfs_string(filename, basedir, val, 0); +} + +int read_sysfs_posint(char *filename, char *basedir) +{ + int ret; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%d\n", &ret); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +int read_sysfs_float(char *filename, char *basedir, float *val) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%f\n", val); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +int read_sysfs_string(const char *filename, const char *basedir, char *str) +{ + int ret = 0; + FILE *sysfsfp; + char *temp = malloc(strlen(basedir) + strlen(filename) + 2); + + if (temp == NULL) { + printf("Memory allocation failed"); + return -ENOMEM; + } + sprintf(temp, "%s/%s", basedir, filename); + sysfsfp = fopen(temp, "r"); + if (sysfsfp == NULL) { + ret = -errno; + goto error_free; + } + fscanf(sysfsfp, "%s\n", str); + fclose(sysfsfp); +error_free: + free(temp); + return ret; +} + +#endif /* _IIO_UTILS_H */ diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h new file mode 100644 index 000000000..1bc837b2d --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h @@ -0,0 +1,71 @@ +#ifndef _IIO_UTILS_H_ +#define _IIO_UTILS_H_ + +/* IIO - useful set of util functionality + * + * Copyright (c) 2008 Jonathan Cameron + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ + +#include + +/* Made up value to limit allocation sizes */ +#define IIO_MAX_NAME_LENGTH 30 + +#define FORMAT_SCAN_ELEMENTS_DIR "%s/scan_elements" +#define FORMAT_TYPE_FILE "%s_type" + +extern const char *iio_dir; + +/** + * struct iio_channel_info - information about a given channel + * @name: channel name + * @generic_name: general name for channel type + * @scale: scale factor to be applied for conversion to si units + * @offset: offset to be applied for conversion to si units + * @index: the channel index in the buffer output + * @bytes: number of bytes occupied in buffer output + * @mask: a bit mask for the raw output + * @is_signed: is the raw value stored signed + * @enabled: is this channel enabled + **/ +struct iio_channel_info { + char *name; + char *generic_name; + float scale; + float offset; + unsigned index; + unsigned bytes; + unsigned bits_used; + unsigned shift; + uint64_t mask; + unsigned be; + unsigned is_signed; + unsigned location; +}; + +int iioutils_break_up_name(const char *full_name, char **generic_name); +int iioutils_get_type(unsigned *is_signed, unsigned *bytes, + unsigned *bits_used, unsigned *shift, + uint64_t *mask, unsigned *be, + const char *device_dir, const char *name, + const char *generic_name); +int iioutils_get_param_float(float *output, const char *param_name, + const char *device_dir, const char *name, + const char *generic_name); +void bsort_channel_array_by_index(struct iio_channel_info **ci_array, int cnt); +int build_channel_array(const char *device_dir, + struct iio_channel_info **ci_array, int *counter); +int find_type_by_name(const char *name, const char *type); +int write_sysfs_int(char *filename, char *basedir, int val); +int write_sysfs_int_and_verify(char *filename, char *basedir, int val); +int write_sysfs_string_and_verify(char *filename, char *basedir, char *val); +int write_sysfs_string(char *filename, char *basedir, char *val); +int read_sysfs_posint(char *filename, char *basedir); +int read_sysfs_float(char *filename, char *basedir, float *val); +int read_sysfs_string(const char *filename, const char *basedir, char *str); + +#endif /* _IIO_UTILS_H_ */ diff --git a/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c new file mode 100644 index 000000000..d3e2dc17d --- /dev/null +++ b/meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c @@ -0,0 +1,215 @@ +/* + * ConnectCore 6UL tamper sample application. + * + * Copyright (c) 2016 Digi International Inc. + * All rights reserved. + * + * Based on iio_event_monitor.c from the tools/iio directory, of the linux + * kernel. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "iio_utils.h" + +#define TAMPER_SAMPLE_USAGE \ + "Usage:\n" \ + "tamper_sample -i tamper_iface\n\n" + +#define TAMPER_SAMPLE_FULL_USAGE \ + "Usage:\n" \ + "tamper_sample [options]\n\n" \ + "Options:\n" \ + " -i : tamper interface to be used\n" \ + " -h : help\n\n" + +typedef struct mca_tamper { + struct iio_event_data event; + char *dev_name; + char *chrdev_name; + int iface; + int dev_num; + int event_fd; +} mca_tamper_t; + +mca_tamper_t tamper_data; + +static void show_usage(int full) +{ + fprintf(stdout, "%s", full ? + TAMPER_SAMPLE_FULL_USAGE : TAMPER_SAMPLE_USAGE); +} + +static bool event_is_tamper(struct iio_event_data *event) +{ + enum iio_chan_type type = IIO_EVENT_CODE_EXTRACT_CHAN_TYPE(event->id); + enum iio_event_type ev_type = IIO_EVENT_CODE_EXTRACT_TYPE(event->id); + enum iio_event_direction dir = IIO_EVENT_CODE_EXTRACT_DIR(event->id); + bool ret = true; + + if (type != IIO_ACTIVITY) + ret = false; + else if (ev_type != IIO_EV_TYPE_CHANGE) + ret = false; + else if (dir != IIO_EV_DIR_NONE) + ret = false; + + return ret; +} + +static void tamper_event_log(mca_tamper_t *tdata) +{ + /* Log the event in the system log, if any */ + fprintf(stdout, "tamper%d event! time: %lld\n", + tdata->iface, tdata->event.timestamp); +} + +static void tamper_event_actions(mca_tamper_t *tdata) +{ + /* Take the necessary defensive actions after a tamper event */ + fprintf(stdout, "tamper%d: taking actions!\n", tdata->iface); +} + +static void tamper_event_ack(mca_tamper_t *tdata) +{ + int ret; + char *tamper_sysfs_dir; + + ret = asprintf(&tamper_sysfs_dir, + "/sys/bus/iio/devices/iio:device%d", + tdata->dev_num); + if (ret < 0) { + fprintf(stdout, "Failed to build event ack file name\n"); + return; + } + + /* Finally, acknowledge the event */ + ret = write_sysfs_int("tamper_events", tamper_sysfs_dir, 2); + if (ret < 0) { + fprintf(stdout, "Failed to acknowledge tamper%d event\n", + tdata->iface); + } +} + +static void process_tamper_event(mca_tamper_t *tdata) +{ + if (!event_is_tamper(&tdata->event)) { + fprintf(stdout, "Unknown event: time: %lld, id: %llx\n", + tdata->event.timestamp, tdata->event.id); + return; + } + + tamper_event_log(tdata); + tamper_event_actions(tdata); + tamper_event_ack(tdata); +} + +int main(int argc, char **argv) +{ + mca_tamper_t *tdata = &tamper_data; + int ret; + int opt; + int fd; + + memset(tdata, 0, sizeof(mca_tamper_t)); + + if (argc <= 1) { + show_usage(0); + return EXIT_FAILURE; + } + + while ((opt = getopt(argc, argv, "i:h")) > 0) { + switch (opt) { + case 'i': + tdata->iface = atoi(optarg); + break; + + case 'h': + show_usage(1); + return EXIT_SUCCESS; + + default: + show_usage(0); + return EXIT_FAILURE; + } + } + + ret = asprintf(&tdata->dev_name, "TAMPER%d", tdata->iface); + if (ret < 0) { + fprintf(stdout, "Failed to find interface, device name too long?\n"); + ret = -ENOMEM; + goto error_ret; + } + + tdata->dev_num = find_type_by_name(tdata->dev_name, "iio:device"); + if (tdata->dev_num < 0) { + fprintf(stdout, "Failed to find iio:device for TAMPER%d\n", + tdata->iface); + ret = -ENODEV; + goto error_ret2; + } + + ret = asprintf(&tdata->chrdev_name, "/dev/iio:device%d", tdata->dev_num); + if (ret < 0) { + fprintf(stdout, "Failed to allocate memory\n"); + ret = -ENOMEM; + goto error_ret2; + } + + fd = open(tdata->chrdev_name, 0); + if (fd < 0) { + fprintf(stdout, "Failed to open %s\n", tdata->chrdev_name); + ret = -errno; + goto error_ret3; + } + + ret = ioctl(fd, IIO_GET_EVENT_FD_IOCTL, &tdata->event_fd); + + close(fd); + + if (ret < 0 || tdata->event_fd < 0) { + fprintf(stdout, "Failed to retrieve event fd\n"); + ret = -errno; + goto error_ret3; + } + + fprintf(stdout, "Waiting for tamper events:\n"); + + while (true) { + ret = read(tdata->event_fd, &tdata->event, sizeof(struct iio_event_data)); + if (ret < 0) { + if (errno == EAGAIN) { + fprintf(stdout, "No events... continue\n"); + continue; + } else { + perror("Failed to read event from device"); + ret = -errno; + break; + } + } + + process_tamper_event(tdata); + } + + close(tdata->event_fd); + +error_ret3: + free(tdata->chrdev_name); +error_ret2: + free(tdata->dev_name); +error_ret: + return ret; +} diff --git a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb index 5aed8fd83..51e45b619 100644 --- a/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb +++ b/meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb @@ -40,6 +40,7 @@ RDEPENDS_${PN}_append_ccimx6ul = "\ ${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-btconfig", "", d)} \ dey-examples-can \ ${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-hdp", "", d)} \ + dey-examples-tamper \ " COMPATIBLE_MACHINE = "(ccardimx28|ccimx6$|ccimx6ul)"