Merge branch 'dey-2.0/master' into dey-2.0/maint

Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>

README.md

@@ -1,5 +1,5 @@
 # Digi Embedded Yocto (DEY) 2.0
-## Release 2.0-r3
+## Release 2.0-r4
 
 This document provides information about Digi Embedded Yocto,
 Digi International's professional embedded Yocto development environment.
@@ -59,6 +59,10 @@ Documentation is available online on the Digi documentation site:
 
 # Release Changelog
 
+## 2.0-r4
+
+* TBC
+
 ## 2.0-r3
 
 * Support for the new Digi ConnectCore 6UL System-On-Module and Starter Kit
@@ -93,8 +97,12 @@ Documentation is available online on the Digi documentation site:
 This is a list of known issues and limitations at the time of release. An
 updated list can be found on the online documentation.
 
-* When using the TrustFence (TM) U-Boot environment encryption, access to the
+* When using TrustFence (TM)  encrypted images secure boot support, the CAAM
-U-Boot environment from the Linux OS is not supported.
+will hang the processor when trying to authenticate an encrypted firmware image
+after a failed attempt. Hence the target needs to be reset after an
+authentication failure.
+* If TrustFence (TM) image encryption support is enabled, the uSD image will
+boot a signed U-Boot only.
 
 ## Digi ConnectCore 6UL
 
@@ -121,21 +129,12 @@ modes:
 softAP mode
 * A maximum of ten connected devices are supported when using Qualcomm's AR6233
 Bluetooth Low Energy mode
-* NXP i.MX6 processor does not set the sticky bit which write protects the
+* The MIPI and CSI1 camera connectors cannot be used simultaneously.
-SRK_REVOKE eFuse on closed devices. This means that in the ConnectCore 6,
-key revocation is always possible, no matter the value of the Yocto macro
-TRUSTFENCE_UNLOCK_KEY_REVOCATION.
-* When using TrustFence (TM)  encrypted images secure boot support, the CAAM
-will hang the processor when trying to authenticate an encrypted kernel image
-after a failed attempt. Hence the target needs to be reset after an
-authentication failure.
 
 ## Digi ConnectCore 6 SBC
 
 * The Micrel PHY KSZ9031 may take between five and six seconds to
 auto-negotiate with Gigabit switches
-* Secure uSD booting only supports booting signed images. A uSD image is not
-generated if TrustFence (TM) image encryption support is enabled.
 
 # Support Contact Information
 

meta-digi-arm/classes/image_types_digi.bbclass

@@ -29,8 +29,8 @@ IMAGE_CMD_boot.vfat() {
 
 	# Add Trustfence initramfs if enabled
 	if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then
-		BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot)"
+		BOOTIMG_FILES="${BOOTIMG_FILES} $(readlink -e ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf)"
-		BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot"
+		BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf"
 	fi
 
 	# Size of kernel and device tree + 10% extra space (in bytes)
@@ -75,6 +75,7 @@ IMAGE_DEPENDS_boot.ubifs = " \
     mtd-utils-native:do_populate_sysroot \
     u-boot:do_deploy \
     virtual/kernel:do_deploy \
+    ${@TRUSTFENCE_BOOTIMAGE_DEPENDS(d)} \
 "
 
 IMAGE_CMD_boot.ubifs() {
@@ -90,6 +91,11 @@ IMAGE_CMD_boot.ubifs() {
 		done
 	fi
 
+	# Add Trustfence initramfs if enabled
+	if [ -n "${TRUSTFENCE_INITRAMFS_IMAGE}" ]; then
+		BOOTIMG_FILES_SYMLINK="${BOOTIMG_FILES_SYMLINK} ${DEPLOY_DIR_IMAGE}/${TRUSTFENCE_INITRAMFS_IMAGE}-${MACHINE}.cpio.gz.u-boot.tf"
+	fi
+
 	# Create temporary folder
 	TMP_BOOTDIR="$(mktemp -d ${DEPLOY_DIR_IMAGE}/boot.XXXXXX)"
 
@@ -130,6 +136,27 @@ IMAGE_CMD_rootfs.initramfs() {
 }
 IMAGE_TYPEDEP_rootfs.initramfs = "cpio.gz"
 
+IMAGE_CMD_cpio.gz.u-boot.tf() {
+	#
+	# Image generation code for image type 'cpio.gz.u-boot.tf'
+	# (signed/encrypted ramdisk)
+	#
+	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		# Set environment variables for trustfence configuration
+		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
+		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
+		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
+
+		# Sign/encrypt the ramdisk
+		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -i "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf"
+	else
+		# Rename image
+		mv "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot" "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio.gz.u-boot.tf"
+	fi
+}
+
+IMAGE_TYPEDEP_cpio.gz.u-boot.tf = "cpio.gz.u-boot"
+
 # Set alignment to 4MB [in KiB]
 IMAGE_ROOTFS_ALIGNMENT = "4096"
 

meta-digi-arm/conf/machine/ccardimx28js.conf

@@ -1,6 +1,6 @@
 #@TYPE: Machine
 #@NAME: ConnectCore for MX28 JumpStart Kit.
-#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK. 
+#@DESCRIPTION: Machine configuration for Digi's ConnectCore for MX28 JSK.
 
 include conf/machine/include/ccardimx28.inc
 

meta-digi-arm/conf/machine/ccimx6ulsbc.conf

@@ -0,0 +1,30 @@
+#@TYPE: Machine
+#@NAME: SBC for ConnectCore for i.MX6UL
+#@DESCRIPTION: Machine configuration for Digi's ConnectCore 6UL SBC.
+
+# Include the machine configuration for Digi's ConnectCore 6UL.
+include conf/machine/include/ccimx6ul.inc
+
+# U-Boot configurations
+# Last one is the default (the one the symlinks point at)
+UBOOT_CONFIG ??= "ccimx6ulsbc"
+UBOOT_CONFIG[ccimx6ulsbc] = "ccimx6ulsbc_defconfig"
+
+KERNEL_DEVICETREE ?= " \
+    imx6ul-ccimx6ulsbc.dtb \
+    imx6ul-ccimx6ulsbc-wb.dtb \
+    imx6ul-ccimx6ulsbc-id135.dtb \
+"
+
+SERIAL_CONSOLES = "115200;ttymxc4"
+
+MACHINE_FEATURES += "second-eth"
+
+# Bluetooth tty
+BT_TTY ?= "ttymxc0"
+
+# U-Boot script to be copied to the boot image
+BOOT_SCRIPTS = "boot.scr:boot.scr"
+
+# Flash image types
+IMAGE_FSTYPES ?= "tar.bz2 ubifs boot.ubifs"

meta-digi-arm/conf/machine/include/ccardimx28.inc

@@ -40,8 +40,8 @@ MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}"
 # web1          Y       Y       Y       Y
 
 # Per-variant machine features
-MACHINE_FEATURES_append_e = " ext-eth"
+MACHINE_FEATURES_append_e = " second-eth"
 MACHINE_FEATURES_append_w = " wifi"
 MACHINE_FEATURES_append_wb = " wifi bluetooth"
-MACHINE_FEATURES_append_web = " wifi ext-eth bluetooth"
+MACHINE_FEATURES_append_web = " wifi second-eth bluetooth"
-MACHINE_FEATURES_append_web1 = " wifi ext-eth bluetooth 1-wire"
+MACHINE_FEATURES_append_web1 = " wifi second-eth bluetooth 1-wire"

meta-digi-arm/conf/machine/include/ccimx6.inc

@@ -27,7 +27,7 @@ MACHINE_EXTRA_RDEPENDS += " \
     e2fsprogs-mke2fs \
     e2fsprogs-resize2fs \
     parted \
-    ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \
+    u-boot-fw-utils \
 "
 MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}"
 MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module rng-tools"

meta-digi-arm/conf/machine/include/ccimx6ul.inc

@@ -22,7 +22,7 @@ MACHINE_FIRMWARE ?= ""
 MACHINE_EXTRA_RDEPENDS += " \
     imx-kobs \
     mtd-utils-ubifs \
-    ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \
+    u-boot-fw-utils \
 "
 MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}"
 MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module"

meta-digi-arm/conf/machine/include/digi-defaults.inc

@@ -16,12 +16,12 @@ PREFERRED_PROVIDER_virtual/xserver = "xserver-xorg"
 #
 
 # Help variables used in recipes
-HAVE_WIFI    = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}"
+HAVE_WIFI       = "${@bb.utils.contains('MACHINE_FEATURES', 'wifi', '1', '', d)}"
-HAVE_EXT_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'ext-eth', '1', '', d)}"
+HAVE_SECOND_ETH = "${@bb.utils.contains('MACHINE_FEATURES', 'second-eth', '1', '', d)}"
-HAVE_BT      = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}"
+HAVE_BT         = "${@bb.utils.contains('MACHINE_FEATURES', 'bluetooth', '1', '', d)}"
-HAVE_1WIRE   = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}"
+HAVE_1WIRE      = "${@bb.utils.contains('MACHINE_FEATURES', '1-wire', '1', '', d)}"
-HAVE_GUI     = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}"
+HAVE_GUI        = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '1', '', d)}"
-HAVE_EXAMPLE = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}"
+HAVE_EXAMPLE    = "${@bb.utils.contains('IMAGE_FEATURES', 'dey-examples', '1', '', d)}"
 
 #
 # Ethernet configuration used in recipes

meta-digi-arm/conf/machine/include/imx-digi-base.inc

@@ -19,11 +19,13 @@ MACHINE_EXTRA_RRECOMMENDS = "kernel-modules"
 # DEFAULTTUNE_mx6 ?= "cortexa9t-neon"
 # handled by hardware
 DEFAULTTUNE_mx6 ?= "cortexa9thf-neon"
+DEFAULTTUNE_mx6ul ?= "cortexa7thf-neon"
 
 # Sub-architecture support
 MACHINE_SOCARCH_SUFFIX ?= ""
 MACHINE_SOCARCH_SUFFIX_mx6q = "-mx6qdl"
 MACHINE_SOCARCH_SUFFIX_mx6dl = "-mx6qdl"
+MACHINE_SOCARCH_SUFFIX_mx6ul = "-mx6ul"
 
 MACHINE_ARCH_FILTER = "virtual/kernel imx-vpu"
 MACHINE_SOCARCH_FILTER_append_mx6 = " libfslcodec libfslvpuwrap libfslparser"
@@ -52,23 +54,28 @@ MACHINE_HAS_VIVANTE_KERNEL_DRIVER_SUPPORT ?= "${SOC_HAS_VIVANTE_KERNEL_DRIVER_SU
 # mx6 GPU libraries
 PREFERRED_PROVIDER_virtual/egl_mx6q ?= "imx-gpu-viv"
 PREFERRED_PROVIDER_virtual/egl_mx6dl ?= "imx-gpu-viv"
+PREFERRED_PROVIDER_virtual/egl_mx6ul ?= "mesa"
 
 PREFERRED_PROVIDER_virtual/libgles1_mx6q ?= "imx-gpu-viv"
 PREFERRED_PROVIDER_virtual/libgles1_mx6dl ?= "imx-gpu-viv"
+PREFERRED_PROVIDER_virtual/libgles1_mx6ul ?= "mesa"
 
 PREFERRED_PROVIDER_virtual/libgles2_mx6q ?= "imx-gpu-viv"
 PREFERRED_PROVIDER_virtual/libgles2_mx6dl ?= "imx-gpu-viv"
+PREFERRED_PROVIDER_virtual/libgles2_mx6ul ?= "mesa"
 
 PREFERRED_PROVIDER_virtual/libgl_mx6q ?= "imx-gpu-viv"
 PREFERRED_PROVIDER_virtual/libgl_mx6dl ?= "imx-gpu-viv"
+PREFERRED_PROVIDER_virtual/libgl_mx6ul ?= "mesa"
 
 PREFERRED_PROVIDER_virtual/libg2d_mx6 ?= "imx-gpu-viv"
+PREFERRED_PROVIDER_virtual/libg2d_mx6ul = ""
 
 EXTRA_IMAGEDEPENDS = "u-boot"
 
 KERNEL_IMAGETYPE = "uImage"
 
-MACHINE_FEATURES = "apm usbgadget usbhost vfat alsa touchscreen"
+MACHINE_FEATURES = "usbgadget usbhost vfat alsa touchscreen"
 
 # Add the ability to specify _imx machines
 MACHINEOVERRIDES =. "imx:"

meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/wlan/qcom_cfg.ini

@@ -11,7 +11,7 @@ gEnableIdleScan=0
 
 
 # Increase sleep duration (seconds) during IMPS
-# 0 implies no periodic wake up from IMPS. Periodic wakeup is 
+# 0 implies no periodic wake up from IMPS. Periodic wakeup is
 # unnecessary if Idle Scan is disabled.
 gImpsModSleepTime=0
 
@@ -106,7 +106,7 @@ gNeighborLookupThreshold=76
 gNeighborReassocThreshold=81
 
 #Check if the AP to which we are roaming is better than current AP in terms of RSSI.
-#Checking is disabled if set to Zero.Otherwise it will use this value as to how better 
+#Checking is disabled if set to Zero.Otherwise it will use this value as to how better
 #the RSSI of the new/roamable AP should be for roaming
 RoamRssiDiff=3
 
@@ -162,7 +162,7 @@ gApAutoChannelSelection=0
 gEnablePhyAgcListenMode=128
 
 
-#SOFTAP Channel Range selection 
+#SOFTAP Channel Range selection
 
 gAPChannelSelectStartChannel=1
 
@@ -241,7 +241,7 @@ gVhtTxMCS2x2=2
 gSetTxChainmask1x1=1
 gSetRxChainmask1x1=1
 
-# 1=enable STBC; 0=disable STBC 
+# 1=enable STBC; 0=disable STBC
 gEnableRXSTBC=1
 
 # 1=enable tx STBC; 0=disable
@@ -250,7 +250,7 @@ gEnableTXSTBC=1
 # 1=enable rx LDPC; 0=disable
 gEnableRXLDPC=1
 
-#Enable Scan Results Aging based on timer 
+#Enable Scan Results Aging based on timer
 #Timer value is in seconds
 #If Set to 0 it will not enable the feature
 gScanAgingTime=0

meta-digi-arm/recipes-bsp/formfactor/formfactor/ccimx6ul/machconfig

@@ -0,0 +1,4 @@
+# Display options
+HAVE_TOUCHSCREEN=1
+HAVE_KEYBOARD=0
+SHOWCURSOR="yes"

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile

@@ -11,7 +11,7 @@ OBJECTS = code/back_end/src/*.c
 HEADERS = code/back_end/hdr
 LIBS_PATH = linux64/lib
 
-%.o: %.c 
+%.o: %.c
 	$(CC) $(CFLAGS) -c $< -o $@
 
 .PRECIOUS: $(TARGET) $(OBJECTS)

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/boot.txt

@@ -0,0 +1,23 @@
+#
+# U-Boot bootscript for NAND images created by Yocto.
+#
+
+#
+# Set device tree filename depending on the board ID (if defined)
+#
+if test -n "${board_id}"; then
+	setenv fdt_file zImage-imx6ul-ccimx6ulsbc-id${board_id}.dtb
+else
+	#
+	# Set device tree filename depending on the hardware variant
+	#
+	if test "${module_variant}" = "0x02"; then
+		setenv fdt_file zImage-imx6ul-ccimx6ulsbc-wb.dtb
+	elif test "${module_variant}" = "0x03"; then
+		setenv fdt_file zImage-imx6ul-ccimx6ulsbc.dtb
+	else
+		echo "------ Using default fdt_file: $fdt_file"
+	fi
+fi
+
+dboot linux nand

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulsbc/install_linux_fw_sd.txt

@@ -0,0 +1,106 @@
+#
+# U-Boot script for installing Linux images created by Yocto from the micro SD
+# card into the NAND
+#
+
+echo "############################################################"
+echo "#           Linux firmware install from micro SD           #"
+echo "############################################################"
+echo ""
+echo " This process will erase your NAND and will install a new"
+echo " U-Boot and Linux firmware images on the NAND."
+echo ""
+echo " Press CTRL+C now if you wish to abort or wait 10 seconds"
+echo " to continue."
+
+sleep 10
+if test $? -eq 1; then
+	echo "Aborted by user.";
+	exit;
+fi
+
+setenv INSTALL_MMCDEV 0
+setenv INSTALL_UBOOT_FILENAME u-boot-ccimx6ulsbc.imx
+setenv INSTALL_LINUX_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.boot.ubifs
+setenv INSTALL_ROOTFS_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx6ulsbc.ubifs
+
+# Check for presence of firmware files on the SD card
+for install_f in ${INSTALL_UBOOT_FILENAME} ${INSTALL_LINUX_FILENAME} ${INSTALL_ROOTFS_FILENAME}; do
+	if test ! -e mmc ${INSTALL_MMCDEV}:1 ${install_f}; then
+		echo "ERROR: Could not find file ${install_f}";
+		install_abort=1;
+	fi;
+done
+if test -n "${install_abort}"; then
+	echo "Aborted.";
+	exit;
+fi
+
+# Skip user confirmation for U-Boot update
+setenv forced_update 1
+
+# Set bootdelay to zero so that firmware update is run immediately after
+# the first reset.
+setenv bootdelay 0
+
+# Update U-Boot
+echo ""
+echo ""
+echo ">> Installing U-Boot boot loader (target will reset)"
+echo ""
+echo ""
+update uboot mmc ${INSTALL_MMCDEV} fat ${INSTALL_UBOOT_FILENAME}
+if test $? -eq 1; then
+	echo "[ERROR] Failed to update U-Boot boot loader!";
+	echo "";
+	echo "Aborted.";
+	exit;
+fi
+
+# Set 'bootcmd' to the second part of the script that will
+#  - Reset environment to defaults
+#  - Save the environment
+#  - Update the 'linux' partition
+#  - Update the 'rootfs' partition
+#  - Reset the system and let it boot
+setenv bootcmd "
+	env default -a;
+	saveenv;
+	echo \"\";
+	echo \"\";
+	echo \">> Installing Linux kernel and device tree files\";
+	echo \"\";
+	echo \"\";
+	update linux mmc ${INSTALL_MMCDEV} fat ${INSTALL_LINUX_FILENAME};
+	if test \$? -eq 1; then
+		echo \"[ERROR] Failed to update linux partition!\";
+		echo \"\";
+		echo \"Aborted.\";
+		exit;
+	fi;
+	echo \"\";
+	echo \"\";
+	echo \">> Installing Linux root file system\";
+	echo \"\";
+	echo \"\";
+	update rootfs mmc ${INSTALL_MMCDEV} fat ${INSTALL_ROOTFS_FILENAME};
+	if test \$? -eq 1; then
+		echo \"[ERROR] Failed to update rootfs partition!\";
+		echo \"\";
+		echo \"Aborted.\";
+		exit;
+	fi;
+	saveenv;
+	echo \"\";
+	echo \"#######################\";
+	echo \"#  Install complete!  #\";
+	echo \"#######################\";
+	echo \"\";
+	sleep 1;
+	echo \">> Restarting the system\";
+	sleep 1;
+	reset;
+"
+
+saveenv
+reset

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey-2015.04/ccimx6ulstarter/install_linux_fw_sd.txt

@@ -90,6 +90,7 @@ setenv bootcmd "
 		echo \"Aborted.\";
 		exit;
 	fi;
+	saveenv;
 	echo \"\";
 	echo \"#######################\";
 	echo \"#  Install complete!  #\";

meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb

@@ -97,10 +97,11 @@ do_compile () {
 
 TF_BOOTSCRIPT_SEDFILTER = ""
 TF_BOOTSCRIPT_SEDFILTER_ccimx6 = "${@tf_bootscript_sedfilter(d)}"
+TF_BOOTSCRIPT_SEDFILTER_ccimx6ul = "${@tf_bootscript_sedfilter(d)}"
 
 def tf_bootscript_sedfilter(d):
     tf_initramfs = d.getVar('TRUSTFENCE_INITRAMFS_IMAGE',True) or ""
-    return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot" % tf_initramfs if tf_initramfs else ""
+    return "/^dboot linux/i\setenv boot_initrd true\\nsetenv initrd_file %s-${MACHINE}.cpio.gz.u-boot.tf" % tf_initramfs if tf_initramfs else ""
 
 do_deploy_append() {
 	# Remove canonical U-Boot symlinks for ${UBOOT_CONFIG} currently in the form:
@@ -149,6 +150,13 @@ do_deploy_append() {
 	TMP_BOOTSCR="$(mktemp ${WORKDIR}/bootscr.XXXXXX)"
 	sed -e "${TF_BOOTSCRIPT_SEDFILTER}" ${WORKDIR}/boot.txt > ${TMP_BOOTSCR}
 	mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr
+	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
+		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
+		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
+		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${DEPLOYDIR}/boot-signed.scr"
+		mv ${DEPLOYDIR}/boot-signed.scr ${DEPLOYDIR}/boot.scr
+	fi
 	rm -f ${TMP_BOOTSCR}
 }
 

meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch

@@ -0,0 +1,301 @@
+From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
+Date: Tue, 23 Aug 2016 13:05:05 +0200
+Subject: [PATCH] tools: env: implement support for environment encryption by
+ CAAM
+
+https://jira.digi.com/browse/DEL-2836
+
+Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
+---
+ configs/sandbox_defconfig |   1 +
+ tools/env/Makefile        |   2 +-
+ tools/env/caam_keyblob.h  |  45 +++++++++++++++
+ tools/env/fw_env.c        | 140 ++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 187 insertions(+), 1 deletion(-)
+ create mode 100644 tools/env/caam_keyblob.h
+
+diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
+index 598519dbb2fc..81dd4d445c0e 100644
+--- a/configs/sandbox_defconfig
++++ b/configs/sandbox_defconfig
+@@ -44,3 +44,4 @@ CONFIG_UNIT_TEST=y
+ CONFIG_UT_TIME=y
+ CONFIG_UT_DM=y
+ CONFIG_UT_ENV=y
++CONFIG_MD5=y
+diff --git a/tools/env/Makefile b/tools/env/Makefile
+index 40164f7a35fa..de4766ddf8dd 100644
+--- a/tools/env/Makefile
++++ b/tools/env/Makefile
+@@ -25,7 +25,7 @@ hostprogs-y := fw_printenv
+ 
+ fw_printenv-objs := fw_env.o fw_env_main.o \
+ 	crc32.o ctype.o linux_string.o \
+-	env_attr.o env_flags.o aes.o
++	env_attr.o env_flags.o aes.o ../../lib/md5.o
+ 
+ quiet_cmd_crosstools_strip = STRIP   $^
+       cmd_crosstools_strip = $(STRIP) $^; touch $@
+diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h
+new file mode 100644
+index 000000000000..1e33b3f01a05
+--- /dev/null
++++ b/tools/env/caam_keyblob.h
+@@ -0,0 +1,45 @@
++/*
++ * CAAM public-level include definitions for the key blob
++ *
++ * Copyright (C) 2015 Freescale Semiconductor, Inc.
++ */
++
++#ifndef CAAM_KEYBLOB_H
++#define CAAM_KEYBLOB_H
++
++
++#include <linux/ioctl.h>
++#include <linux/types.h>
++
++struct caam_kb_data {
++	char *rawkey;
++	size_t rawkey_len;
++	char *keyblob;
++	size_t keyblob_len;
++	char *keymod;
++	size_t keymod_len;
++};
++
++
++#define CAAM_KB_MAGIC		'I'
++
++/**
++ * DOC: CAAM_KB_ENCRYPT - generate a key blob from raw key
++ *
++ * Takes an caam_kb_data struct and returns it with the key blob
++ */
++#define CAAM_KB_ENCRYPT		_IOWR(CAAM_KB_MAGIC, 0, \
++				      struct caam_kb_data)
++
++/**
++ * DOC: CAAM_KB_DECRYPT - get keys from a key blob
++ *
++ * Takes an caam_kb_data struct and returns it with the raw key.
++ */
++#define CAAM_KB_DECRYPT		_IOWR(CAAM_KB_MAGIC, 1, struct caam_kb_data)
++
++#ifndef GENMEM_KEYMOD_LEN
++#define GENMEM_KEYMOD_LEN 16
++#endif
++
++#endif /* CAAM_KEYBLOB_H */
+\ No newline at end of file
+diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
+index daa02a760e37..09f06c874b17 100644
+--- a/tools/env/fw_env.c
++++ b/tools/env/fw_env.c
+@@ -21,6 +21,7 @@
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <u-boot/md5.h>
+ #include <unistd.h>
+ 
+ #ifdef MTD_OLD
+@@ -31,10 +32,19 @@
+ # include <mtd/mtd-user.h>
+ #endif
+ 
++#include "caam_keyblob.h"
+ #include "fw_env.h"
+ 
+ #include <aes.h>
+ 
++/*
++ * The BLOB includes a random AES-256 key (32 bytes) and a
++ * Message Authentication Code (MAC) (16 bytes)
++ */
++#define BLOB_OVERHEAD	48
++#define CAAM_KEY_DEV	"/dev/caam_kb"
++
++#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
+ #define DIV_ROUND_UP(n, d)	(((n) + (d) - 1) / (d))
+ 
+ #define WHITESPACE(c) ((c == '\t') || (c == ' '))
+@@ -109,6 +119,8 @@ static int aes_flag;
+ static uint8_t aes_key[AES_KEY_LENGTH] = { 0 };
+ static int env_aes_cbc_crypt(char *data, const int enc);
+ 
++static int caam_encryption_flag;
++
+ static int HaveRedundEnv = 0;
+ 
+ static unsigned char active_flag = 1;
+@@ -236,6 +248,103 @@ static int parse_aes_key(char *key)
+ 	return 0;
+ }
+ 
++static void check_caam_encryption(void)
++{
++	const char *dt_prop = "/proc/device-tree/digi,uboot-env,encrypted";
++
++	if (access(dt_prop, F_OK) != -1)
++		caam_encryption_flag = 1;
++}
++
++static int env_caam_get_keymod(unsigned char output[16])
++{
++	int i;
++	int len;
++	int fd;
++	char buff[32];
++	uint32_t ocotp_hwid[2];
++	const char *ocotp_hwid_file[2] = {
++		"/sys/fsl_otp/HW_OCOTP_MAC0",
++		"/sys/fsl_otp/HW_OCOTP_MAC1"
++	};
++
++	for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) {
++		fd = open(ocotp_hwid_file[i], O_RDONLY);
++		if (fd < 0)
++			return fd;
++		len = read(fd, buff, sizeof(buff));
++		if (len < 0) {
++			close(fd);
++			return -1;
++		}
++		/* drop last character (new line) */
++		buff[len - 1] = '\0';
++		ocotp_hwid[i] = strtoul(buff, NULL, 0);
++		close(fd);
++	}
++
++	md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output);
++
++	return 0;
++}
++
++static int env_caam_crypt(char *data, const int enc)
++{
++	struct caam_kb_data enc_data;
++	int fd;
++	int ret = 0;
++	const int len = getenvsize();
++	int ioctl_mode;
++	char *buffer;
++	unsigned char key_modifier[16];
++
++	ret = env_caam_get_keymod(key_modifier);
++	if (ret)
++		return ret;
++
++	enc_data.keymod = (char *)key_modifier;
++	enc_data.keymod_len = sizeof(key_modifier);
++
++	enc_data.keyblob_len = len;
++	enc_data.rawkey_len = len - BLOB_OVERHEAD;
++
++	buffer = malloc(len);
++	if (!buffer) {
++		printf("Could not allocate memory\n");
++		return -1;
++	}
++
++	if (enc) {
++		enc_data.rawkey = data;
++		ioctl_mode = CAAM_KB_ENCRYPT;
++		enc_data.keyblob = buffer;
++	} else {
++		enc_data.keyblob = data;
++		ioctl_mode = CAAM_KB_DECRYPT;
++		enc_data.rawkey = buffer;
++	}
++
++	if ((fd = open(CAAM_KEY_DEV, O_RDWR)) < 0) {
++		ret = fd;
++		goto free;
++	}
++
++	ret = ioctl(fd, ioctl_mode, &enc_data);
++	if (ret) {
++		printf("CAAM_KEY_DEV ioctl failed: %d\n", ret);
++		goto out;
++	}
++
++	memcpy(data, buffer, len);
++
++out:
++	close(fd);
++free:
++	free(buffer);
++
++	return ret;
++}
++
+ /*
+  * Print the current definition of one, or more, or all
+  * environment variables
+@@ -259,6 +368,8 @@ int fw_printenv (int argc, char *argv[])
+ 		argc -= 2;
+ 	}
+ 
++	check_caam_encryption();
++
+ 	if (fw_env_open())
+ 		return -1;
+ 
+@@ -334,6 +445,15 @@ int fw_env_close(void)
+ 		}
+ 	}
+ 
++	if (caam_encryption_flag) {
++		ret = env_caam_crypt(environment.data, 1);
++		if (ret) {
++			fprintf(stderr,
++				"Error: can't encrypt env for flash\n");
++			return ret;
++		}
++	}
++
+ 	/*
+ 	 * Update CRC
+ 	 */
+@@ -504,6 +624,8 @@ int fw_setenv(int argc, char *argv[])
+ 		argc -= 2;
+ 	}
+ 
++	check_caam_encryption();
++
+ 	if (argc < 2) {
+ 		errno = EINVAL;
+ 		return -1;
+@@ -1229,6 +1351,15 @@ int fw_env_open(void)
+ 			return ret;
+ 	}
+ 
++	if (caam_encryption_flag) {
++		ret = env_caam_crypt(environment.data, 0);
++		if (ret) {
++			fprintf(stderr,
++				"Error: can't decrypt environment\n");
++			return ret;
++		}
++	}
++
+ 	crc0_ok = (crc0 == *environment.crc);
+ 	if (!HaveRedundEnv) {
+ 		if (!crc0_ok) {
+@@ -1286,6 +1417,15 @@ int fw_env_open(void)
+ 				return ret;
+ 		}
+ 
++		if (caam_encryption_flag) {
++			ret = env_caam_crypt(redundant->data, 0);
++			if (ret) {
++				fprintf(stderr,
++					"Error: can't decrypt environment\n");
++				return ret;
++			}
++		}
++
+ 		crc1_ok = (crc1 == redundant->crc);
+ 		flag1 = redundant->flags;
+ 

meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch

@@ -8,10 +8,10 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
  1 file changed, 33 insertions(+)
 
 diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
-index 698fe5181bc0..d7e61a467e73 100644
+index 09f06c874b17..ae6c69eca0ad 100644
 --- a/tools/env/fw_env.c
 +++ b/tools/env/fw_env.c
-@@ -1097,6 +1097,27 @@ static int flash_read (int fd)
+@@ -1218,6 +1218,27 @@ static int flash_read (int fd)
  	return 0;
  }
  
@@ -39,7 +39,7 @@ index 698fe5181bc0..d7e61a467e73 100644
  static int flash_io (int mode)
  {
  	int fd_current, fd_target, rc, dev_target;
-@@ -1129,8 +1150,20 @@ static int flash_io (int mode)
+@@ -1250,8 +1271,20 @@ static int flash_io (int mode)
  			fd_target = fd_current;
  		}
  

meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend

@@ -2,7 +2,10 @@
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 
-SRC_URI += "file://fw_env.config"
+SRC_URI += " \
+	file://fw_env.config \
+	file://0001-tools-env-implement-support-for-environment-encrypti.patch \
+"
 SRC_URI_append_ccimx6 = " file://0002-fw_env-add-support-to-unlock-emmc-boot-partition.patch"
 
 # We do not have a platform defconfig in this version of u-boot, so just use the generic

meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend

@@ -0,0 +1,5 @@
+# Copyright (C) 2016 Digi International.
+
+RDEPENDS_${PN} += " \
+    nativesdk-trustfence-sign-tools \
+"

meta-digi-arm/recipes-digi/mca/mca-tool_1.0.bb

@@ -0,0 +1,17 @@
+# Copyright (C) 2016 Digi International.
+
+SUMMARY = "MCA firmware management tool"
+SECTION = "console/tools"
+LICENSE = "CLOSED"
+
+PKGNAME = "mca_tool"
+SRC_URI = "${DIGI_PKG_SRC}/${PKGNAME}-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "ea869665e49f5c964bfb4ebc08c0f123"
+SRC_URI[sha256sum] = "d0fecdeac90b94b4399418a2e64e44f4ac2786abf66aeed8d3dab953e74d1ae4"
+
+S = "${WORKDIR}/${PKGNAME}-${PV}"
+
+inherit bin_package
+
+COMPATIBLE_MACHINE = "(ccimx6ul)"

meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage

@@ -11,7 +11,7 @@
     File = "%srk_table%"
     Source index = %key_index%
 
- 
+
 [Install CSFK]
     File = "%cert_csf%"
 

meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #===============================================================================
 #
 #  trustfence_sign_uimage.sh
@@ -16,23 +16,65 @@
 #
 #    The following environment variables define the script behaviour:
 #      CONFIG_SIGN_KEYS_PATH: (mandatory) path to the CST folder by NXP with keys generated.
-#      CONFIG_UIMAGE_LOADADDR: (mandatory) memory address in which U-Boot loads the uImage
 #      CONFIG_KEY_INDEX: (optional) key index to use for signing. Default is 0.
-#      CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate 
+#      CONFIG_DEK_PATH: (optional) Path to keyfile. Define it to generate
 #			encrypted images
 #
 #===============================================================================
 
-# Negative offset with respect to CONFIG_UIMAGE_LOADADDR in which U-Boot
+# Avoid parallel execution of this script
+SINGLE_PROCESS_LOCK="/tmp/sign_script.lock.d"
+trap 'rm -rf "${SINGLE_PROCESS_LOCK}"' INT TERM EXIT
+while ! mkdir "${SINGLE_PROCESS_LOCK}" > /dev/null 2>&1; do
+        sleep 1
+done
+
+SCRIPT_NAME="$(basename ${0})"
+SCRIPT_PATH="$(cd $(dirname ${0}) && pwd)"
+
+while getopts "bdilp:" c; do
+	case "${c}" in
+		b) ARTIFACT_BOOTSCRIPT="y";;
+		d) ARTIFACT_DTB="y";;
+		i) ARTIFACT_INITRAMFS="y";;
+		l) ARTIFACT_KERNEL="y";;
+		p) PLATFORM="${OPTARG}";;
+	esac
+done
+shift "$((OPTIND - 1))"
+
+usage() {
+        cat <<EOF
+
+Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image
+
+    -p <platform>    select platform for the project
+    -b               sign/encrypt bootscript
+    -d               sign/encrypt DTB
+    -i               sign/encrypt initramfs
+    -l               sign/encrypt Linux image
+
+Supported platforms: ccimx6, ccimx6ul
+
+EOF
+}
+
+if [ "${#}" != "2" ]; then
+	usage
+	exit 1
+fi
+
+# Negative offset with respect to CONFIG_RAM_START in which U-Boot
 # copies the DEK blob.
 DEK_BLOB_OFFSET="0x100"
 CONFIG_CSF_SIZE="0x4000"
 
 UIMAGE_PATH="$(readlink -e ${1})"
 TARGET="$(readlink -m ${2})"
-SCRIPT_BASEDIR="$(cd $(dirname ${0}) && pwd)"
 
-# Check arguments
+# Read user configuration file (if used)
+[ -f .config ] && . ./.config
+
 if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then
 	echo "Undefined CONFIG_SIGN_KEYS_PATH";
 	exit 1
@@ -43,8 +85,8 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then
 	if [ ! -f "${CONFIG_DEK_PATH}" ]; then
 		echo "DEK not found. Generating random 256 bit DEK."
 		[ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH})
-		dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1
+		dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 >/dev/null 2>&1
-	fi 
+	fi
 	dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))"
 	if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then
 		echo "Invalid DEK size: ${dek_size} bits. Valid sizes are 128, 192 and 256 bits"
@@ -52,15 +94,35 @@ if [ -n "${CONFIG_DEK_PATH}" ]; then
 	fi
 	ENCRYPT="true"
 fi
-if [ -z "${CONFIG_UIMAGE_LOADADDR}" ]; then
+
-	echo "Undefined CONFIG_UIMAGE_LOADADDR"
+if [ "${PLATFORM}" = "ccimx6" ]; then
+	CONFIG_FDT_LOADADDR="0x18000000"
+	CONFIG_RAMDISK_LOADADDR="0x19000000"
+	CONFIG_KERNEL_LOADADDR="0x12000000"
+elif [ "${PLATFORM}" = "ccimx6ul" ]; then
+	CONFIG_FDT_LOADADDR="0x83000000"
+	CONFIG_RAMDISK_LOADADDR="0x83800000"
+	CONFIG_KERNEL_LOADADDR="0x80800000"
+else
+	echo "Invalid platform: ${PLATFORM}"
+	echo "Supported platforms: ccimx6, ccimx6ul"
 	exit 1
 fi
 
+[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}"
+[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}"
+[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
+# bootscripts are loaded to $loadaddr, just like the kernel
+[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
+
+if [ -z "${CONFIG_RAM_START}" ]; then
+        echo "Specify the type of image to process (-b, -i, -d, or -l)"
+        exit 1
+fi
+
 # Default values
 [ -z "${CONFIG_KEY_INDEX}" ] && CONFIG_KEY_INDEX="0"
 CONFIG_KEY_INDEX_1="$((CONFIG_KEY_INDEX + 1))"
-[ -z "${CONFIG_DEK_SIZE}" ] && CONFIG_DEK_SIZE="128"
 
 SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)"
 CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)"
@@ -88,10 +150,8 @@ SRK_TABLE="$(pwd)/SRK_table.bin"
 # Other constants
 GAP_FILLER="0x00"
 
-# Compute dek blob size in bytes:
+# The DEK blob is placed by U-Boot just before the kernel image
-# header (8) + 256-bit AES key (32) + MAC (16) + custom key size in bytes
+dek_blob_offset="$((CONFIG_KERNEL_LOADADDR - DEK_BLOB_OFFSET))"
-dek_blob_size="$((8 + 32 + 16 + CONFIG_DEK_SIZE/8))"
-dek_blob_offset="$((CONFIG_UIMAGE_LOADADDR - DEK_BLOB_OFFSET))"
 
 # Compute the layout: sizes and offsets.
 uimage_size="$(stat -L -c %s ${UIMAGE_PATH})"
@@ -101,26 +161,26 @@ auth_len="$((pad_len + 0x20))"
 sig_len="$((auth_len + CONFIG_CSF_SIZE))"
 
 ivt_uimage_start="$((auth_len - 0x20))"
-ivt_ram_start="$((CONFIG_UIMAGE_LOADADDR + ivt_uimage_start))"
+ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))"
 ivt_size="0x20"
 csf_ram_start="$((ivt_ram_start + ivt_size))"
-entrypoint_uimage_offset="0x1000"
+entrypoint_uimage_offset="0x100"
-entrypoint_ram_start="$((CONFIG_UIMAGE_LOADADDR + entrypoint_uimage_offset))"
+entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))"
 entrypoint_size="0x20"
 header_uimage_offset="0x0"
-header_ram_start="${CONFIG_UIMAGE_LOADADDR}"
+header_ram_start="${CONFIG_RAM_START}"
 header_size="0x40"
 
 r1_uimage_offset="${header_size}"
-r1_ram_start="$((CONFIG_UIMAGE_LOADADDR + r1_uimage_offset))"
+r1_ram_start="$((CONFIG_RAM_START + r1_uimage_offset))"
 r1_size="$((entrypoint_uimage_offset - header_size ))"
 r2_uimage_offset="$((entrypoint_uimage_offset + entrypoint_size))"
-r2_ram_start="$((CONFIG_UIMAGE_LOADADDR + r2_uimage_offset))"
+r2_ram_start="$((CONFIG_RAM_START + r2_uimage_offset))"
 r2_size="$((ivt_uimage_start - (entrypoint_uimage_offset + entrypoint_size)))"
 
 # Generate actual CSF descriptor file from template
 if [ "${ENCRYPT}" = "true" ]; then
-	sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g"		    \
+	sed -e "s,%ram_start%,${CONFIG_RAM_START},g"		    \
 	    -e "s,%srk_table%,${SRK_TABLE},g "				    \
 	    -e "s,%cert_csf%,${CERT_CSF},g"				    \
 	    -e "s,%cert_img%,${CERT_IMG},g"				    \
@@ -144,9 +204,9 @@ if [ "${ENCRYPT}" = "true" ]; then
 	    -e "s,%r2_uimage_offset%,${r2_uimage_offset},g"		    \
 	    -e "s,%r2_ram_start%,${r2_ram_start},g"			    \
 	    -e "s,%r2_size%,${r2_size},g"				    \
-	"${SCRIPT_BASEDIR}/templates/encrypt_uimage" > csf_descriptor
+	"${SCRIPT_PATH}/csf_templates/encrypt_uimage" > csf_descriptor
 else
-	sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \
+	sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \
 	    -e "s,%srk_table%,${SRK_TABLE},g"		   \
 	    -e "s,%image_offset%,${uimage_offset},g"	   \
 	    -e "s,%auth_len%,${auth_len},g"		   \
@@ -154,7 +214,7 @@ else
 	    -e "s,%cert_img%,${CERT_IMG},g"		   \
 	    -e "s,%uimage_path%,${TARGET},g"		   \
 	    -e "s,%key_index%,${CONFIG_KEY_INDEX},g"	   \
-	"${SCRIPT_BASEDIR}/templates/sign_uimage" > csf_descriptor
+	"${SCRIPT_PATH}/csf_templates/sign_uimage" > csf_descriptor
 fi
 
 # Generate SRK tables
@@ -170,19 +230,21 @@ objcopy -I binary -O binary --pad-to "${pad_len}" --gap-fill="${GAP_FILLER}" "${
 # Generate and attach IVT
 # Fields: header, jump location, reserved (0), DCD pointer (null)
 #	  boot data (null), self pointer, CSF pointer, reserved (0)
+PRINTF="$(which printf)"
 IVT_HEADER="0x402000D1"
-printf "0: %.8x" ${IVT_HEADER} | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 > ivt
+{
-printf "0: %.8x" "${entrypoint_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" ${IVT_HEADER} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" ${entrypoint_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" "${ivt_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" "${csf_ram_start}" | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" ${ivt_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-printf "0: %.8x" 0 | sed -E 's/0: (..)(..)(..)(..)/0: \4\3\2\1/' | xxd -r -g0 >> ivt
+	${PRINTF} $(${PRINTF} "%08x" ${csf_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
-cat ivt >> "${TARGET}"
+	${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
+} >> "${TARGET}"
 
 CURRENT_PATH="$(pwd)"
-cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor"
+cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null
 if [ $? -ne 0 ]; then
 	echo "[ERROR] Could not generate CSF"
 	exit 1
@@ -191,5 +253,7 @@ fi
 cat csf.bin >> "${TARGET}"
 
 objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}"
-echo "Signed uImage at ${TARGET}"
+
-rm -f "${SRK_TABLE}" csf_descriptor csf.bin ivt 2> /dev/null
+[ "${ENCRYPT}" = "true" ] && ENCRYPTED_MSG="and encrypted "
+echo "Signed ${ENCRYPTED_MSG}image ready: ${TARGET}"
+rm -f "${SRK_TABLE}" csf_descriptor csf.bin 2> /dev/null

meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb

@@ -0,0 +1,35 @@
+SUMMARY = "TrustFence signing and encryption scripts"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRCBRANCH = "v2015.04/master"
+SRCBRANCH_ccimx6ul = "v2015.04/master"
+SRCREV = "${AUTOREV}"
+
+S = "${WORKDIR}"
+
+# Select internal or Github U-Boot repo
+UBOOT_GIT_URI = "${@base_conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT}u-boot-denx.git', '${DIGI_GITHUB_GIT}/u-boot.git', d)}"
+
+SRC_URI = " \
+    ${UBOOT_GIT_URI};branch=${SRCBRANCH} \
+    file://trustfence-sign-kernel.sh;name=kernel-script \
+    file://sign_uimage;name=kernel-sign \
+    file://encrypt_uimage;name=kernel-encrypt \
+"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+	install -d ${D}${bindir}/csf_templates
+	install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/
+	install -m 0755 sign_uimage ${D}${bindir}/csf_templates/
+	install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/
+	install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
+	install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates
+	install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates
+}
+
+FILES_${PN} = "${bindir}"
+BBCLASSEXTEND = "native nativesdk"

meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb

@@ -32,6 +32,9 @@ SRC_URI = " \
     file://0013-Kbuild-do-not-create-an-auxiliar-p2p-on-init.patch \
     file://0014-Kbuild-do-not-compile-the-DEBUG-version-inconditiona.patch \
     file://0015-Kbuild-Group-most-of-the-relevant-DEBUG-options.patch \
+    file://0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch \
+    file://0017-Add-.gitignore-rules.patch \
+    file://0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch \
 "
 
 S = "${WORKDIR}/${PV}"

meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0016-wlan_hdd_cfg80211-fix-missing-ifdef-clause.patch

@@ -0,0 +1,28 @@
+From: Isaac Hermida <isaac.hermida@digi.com>
+Date: Fri, 14 Oct 2016 10:28:29 +0200
+Subject: [PATCH] wlan_hdd_cfg80211: fix missing ifdef clause
+
+Fix the compilation for old kernels by defining a missing "ifdef" clause.
+
+Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
+---
+ CORE/HDD/inc/wlan_hdd_cfg80211.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
+index a40c55144bc5..95c1ddce7de4 100644
+--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
++++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
+@@ -992,7 +992,12 @@ backported_cfg80211_vendor_event_alloc(struct wiphy *wiphy,
+ 					int approxlen,
+ 					int event_idx, gfp_t gfp)
+ {
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0)
+ 	return cfg80211_vendor_event_alloc(wiphy, wdev, approxlen, event_idx, gfp);
++#else
++	return cfg80211_vendor_event_alloc(wiphy, approxlen, event_idx, gfp);
++#endif
++
+ }
+ #define cfg80211_vendor_event_alloc backported_cfg80211_vendor_event_alloc
+ #endif

meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0017-Add-.gitignore-rules.patch

@@ -0,0 +1,25 @@
+From: Isaac Hermida <isaac.hermida@digi.com>
+Date: Mon, 17 Oct 2016 10:06:18 +0200
+Subject: [PATCH] Add .gitignore rules
+
+Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
+---
+ .gitignore | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+ create mode 100644 .gitignore
+
+diff --git a/.gitignore b/.gitignore
+new file mode 100644
+index 000000000000..9886b5284c3f
+--- /dev/null
++++ b/.gitignore
+@@ -0,0 +1,9 @@
++*.o
++*.o.cmd
++.tmp_versions
++.*
++Module.symvers
++modules.order
++*.mod.c
++cscope.*
++wlan.ko

meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/0018-wlan_hdd_main-initialize-all-adapter-completion-vari.patch

@@ -0,0 +1,206 @@
+From: Isaac Hermida <isaac.hermida@digi.com>
+Date: Tue, 5 Jul 2016 14:55:15 +0530
+Subject: [PATCH] wlan_hdd_main: initialize all adapter completion variables
+
+In order to change the p2p device mode, delete and add virtual_iface
+followed by change_iface will be invoked. But in this case device mode
+is changed by invoking change_iface method without invoking delete and
+add virtual_iface functions resulting in kernel panic.
+
+This is because, in latter case hdd_open_adapter will not be invoked
+for the intended device mode. Hence uninitialized completion variables
+will be used for further operations.
+
+To mitigate this issue, Initialize all completion variables of
+hdd_adapter_t structure during open adapter irrespective of adapter's
+device mode.
+
+https://jira.digi.com/browse/DEL-3072
+https://jira.digi.com/browse/DEL-3037
+
+(cherry-picked from 20ed76a8e436042590aa25acb33a2ba3d6d34250)
+Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
+---
+ CORE/HDD/inc/wlan_hdd_main.h    |  1 +
+ CORE/HDD/src/wlan_hdd_hostapd.c | 10 -----
+ CORE/HDD/src/wlan_hdd_main.c    | 82 ++++++++++++++++++++++++-----------------
+ 3 files changed, 50 insertions(+), 43 deletions(-)
+
+diff --git a/CORE/HDD/inc/wlan_hdd_main.h b/CORE/HDD/inc/wlan_hdd_main.h
+index f01b7f309dc2..3c5a51a57d6c 100644
+--- a/CORE/HDD/inc/wlan_hdd_main.h
++++ b/CORE/HDD/inc/wlan_hdd_main.h
+@@ -1740,4 +1740,5 @@ static inline void wlan_hdd_stop_sap(hdd_adapter_t *ap_adapter) {}
+ static inline void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter) {}
+ #endif
+ bool wlan_hdd_get_fw_state(hdd_adapter_t *adapter);
++void hdd_initialize_adapter_common(hdd_adapter_t *adapter);
+ #endif    // end #if !defined( WLAN_HDD_MAIN_H )
+diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
+index 8a80d26f355a..4bd6b844ac5a 100644
+--- a/CORE/HDD/src/wlan_hdd_hostapd.c
++++ b/CORE/HDD/src/wlan_hdd_hostapd.c
+@@ -5389,9 +5389,6 @@ VOS_STATUS hdd_init_ap_mode( hdd_adapter_t *pAdapter )
+          return status;
+     }
+
+-    init_completion(&pAdapter->session_close_comp_var);
+-    init_completion(&pAdapter->session_open_comp_var);
+-
+     sema_init(&(WLAN_HDD_GET_AP_CTX_PTR(pAdapter))->semWpsPBCOverlapInd, 1);
+
+      // Register as a wireless device
+@@ -5494,13 +5491,6 @@ hdd_adapter_t* hdd_wlan_create_ap_dev( hdd_context_t *pHddCtx, tSirMacAddr macAd
+         pWlanHostapdDev->ieee80211_ptr = &pHostapdAdapter->wdev ;
+         pHostapdAdapter->wdev.wiphy = pHddCtx->wiphy;
+         pHostapdAdapter->wdev.netdev =  pWlanHostapdDev;
+-        init_completion(&pHostapdAdapter->tx_action_cnf_event);
+-        init_completion(&pHostapdAdapter->cancel_rem_on_chan_var);
+-        init_completion(&pHostapdAdapter->rem_on_chan_ready_event);
+-        init_completion(&pHostapdAdapter->ula_complete);
+-        init_completion(&pHostapdAdapter->offchannel_tx_event);
+-        init_completion(&pHostapdAdapter->scan_info.scan_req_completion_event);
+-        init_completion(&pHostapdAdapter->scan_info.abortscan_event_var);
+         vos_event_init(&pHostapdAdapter->scan_info.scan_finished_event);
+         pHostapdAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP;
+
+diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
+index a10da2a9b164..b447f0931d52 100755
+--- a/CORE/HDD/src/wlan_hdd_main.c
++++ b/CORE/HDD/src/wlan_hdd_main.c
+@@ -8234,7 +8234,6 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac
+
+    if(pWlanDev != NULL)
+    {
+-
+       //Save the pointer to the net_device in the HDD adapter
+       pAdapter = (hdd_adapter_t*) netdev_priv( pWlanDev );
+
+@@ -8244,43 +8243,11 @@ static hdd_adapter_t* hdd_alloc_station_adapter( hdd_context_t *pHddCtx, tSirMac
+       pAdapter->pHddCtx = pHddCtx;
+       pAdapter->magic = WLAN_HDD_ADAPTER_MAGIC;
+
+-      init_completion(&pAdapter->session_open_comp_var);
+-      init_completion(&pAdapter->session_close_comp_var);
+-      init_completion(&pAdapter->disconnect_comp_var);
+-      init_completion(&pAdapter->linkup_event_var);
+-      init_completion(&pAdapter->cancel_rem_on_chan_var);
+-      init_completion(&pAdapter->rem_on_chan_ready_event);
+-      init_completion(&pAdapter->offchannel_tx_event);
+-      init_completion(&pAdapter->tx_action_cnf_event);
+-#ifdef FEATURE_WLAN_TDLS
+-      init_completion(&pAdapter->tdls_add_station_comp);
+-      init_completion(&pAdapter->tdls_del_station_comp);
+-      init_completion(&pAdapter->tdls_mgmt_comp);
+-      init_completion(&pAdapter->tdls_link_establish_req_comp);
+-#endif
+-
+-      init_completion(&pHddCtx->mc_sus_event_var);
+-      init_completion(&pHddCtx->tx_sus_event_var);
+-      init_completion(&pHddCtx->rx_sus_event_var);
+-      init_completion(&pHddCtx->ready_to_suspend);
+-      init_completion(&pAdapter->ula_complete);
+-      init_completion(&pAdapter->change_country_code);
+-
+-#ifdef WLAN_FEATURE_EXTWOW_SUPPORT
+-      init_completion(&pHddCtx->ready_to_extwow);
+-#endif
+-
+-#ifdef FEATURE_WLAN_BATCH_SCAN
+-      init_completion(&pAdapter->hdd_set_batch_scan_req_var);
+-      init_completion(&pAdapter->hdd_get_batch_scan_req_var);
+       pAdapter->pBatchScanRsp = NULL;
+       pAdapter->numScanList = 0;
+       pAdapter->batchScanState = eHDD_BATCH_SCAN_STATE_STOPPED;
+       pAdapter->prev_batch_id = 0;
+       mutex_init(&pAdapter->hdd_batch_scan_lock);
+-#endif
+-      init_completion(&pAdapter->scan_info.scan_req_completion_event);
+-      init_completion(&pAdapter->scan_info.abortscan_event_var);
+
+       vos_event_init(&pAdapter->scan_info.scan_finished_event);
+       pAdapter->scan_info.scan_pending_option = WEXT_SCAN_PENDING_GIVEUP;
+@@ -9018,6 +8985,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type,
+             pAdapter->wdev.iftype = NL80211_IFTYPE_P2P_CLIENT;
+
+          pAdapter->device_mode = session_type;
++         hdd_initialize_adapter_common(pAdapter);
+
+          status = hdd_init_station_mode( pAdapter );
+          if( VOS_STATUS_SUCCESS != status )
+@@ -9089,6 +9057,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type,
+                                   NL80211_IFTYPE_P2P_GO;
+          pAdapter->device_mode = session_type;
+
++         hdd_initialize_adapter_common(pAdapter);
+          status = hdd_init_ap_mode(pAdapter);
+          if( VOS_STATUS_SUCCESS != status )
+             goto err_free_netdev;
+@@ -9163,6 +9132,7 @@ hdd_adapter_t* hdd_open_adapter( hdd_context_t *pHddCtx, tANI_U8 session_type,
+          pAdapter->device_mode = session_type;
+          status = hdd_register_interface( pAdapter, rtnl_held );
+
++         hdd_initialize_adapter_common(pAdapter);
+          hdd_init_tx_rx( pAdapter );
+
+          //Stop the Interface TX queue.
+@@ -11735,6 +11705,13 @@ int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc)
+    init_completion(&pHddCtx->full_pwr_comp_var);
+    init_completion(&pHddCtx->standby_comp_var);
+    init_completion(&pHddCtx->req_bmps_comp_var);
++   init_completion(&pHddCtx->mc_sus_event_var);
++   init_completion(&pHddCtx->tx_sus_event_var);
++   init_completion(&pHddCtx->rx_sus_event_var);
++   init_completion(&pHddCtx->ready_to_suspend);
++#ifdef WLAN_FEATURE_EXTWOW_SUPPORT
++   init_completion(&pHddCtx->ready_to_extwow);
++#endif
+
+    spin_lock_init(&pHddCtx->schedScan_lock);
+
+@@ -14494,6 +14471,45 @@ void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter)
+ }
+ #endif
+
++/**
++ * hdd_initialize_adapter_common() - initialize completion variables
++ * @adapter: pointer to hdd_adapter_t
++ *
++ * Return: none
++ */
++void hdd_initialize_adapter_common(hdd_adapter_t *adapter)
++{
++	if (NULL == adapter) {
++		hddLog(VOS_TRACE_LEVEL_ERROR, "%s: adapter is NULL ", __func__);
++		return;
++	}
++	init_completion(&adapter->session_open_comp_var);
++	init_completion(&adapter->session_close_comp_var);
++	init_completion(&adapter->disconnect_comp_var);
++	init_completion(&adapter->linkup_event_var);
++	init_completion(&adapter->cancel_rem_on_chan_var);
++	init_completion(&adapter->rem_on_chan_ready_event);
++	init_completion(&adapter->offchannel_tx_event);
++	init_completion(&adapter->tx_action_cnf_event);
++#ifdef FEATURE_WLAN_TDLS
++	init_completion(&adapter->tdls_add_station_comp);
++	init_completion(&adapter->tdls_del_station_comp);
++	init_completion(&adapter->tdls_mgmt_comp);
++	init_completion(&adapter->tdls_link_establish_req_comp);
++#endif
++	init_completion(&adapter->ula_complete);
++	init_completion(&adapter->change_country_code);
++	init_completion(&adapter->scan_info.scan_req_completion_event);
++	init_completion(&adapter->scan_info.abortscan_event_var);
++
++#ifdef FEATURE_WLAN_BATCH_SCAN
++	init_completion(&adapter->hdd_set_batch_scan_req_var);
++	init_completion(&adapter->hdd_get_batch_scan_req_var);
++#endif
++
++	return;
++}
++
+ //Register the module init/exit functions
+ module_init(hdd_module_init);
+ module_exit(hdd_module_exit);

meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig

@@ -54,6 +54,7 @@ CONFIG_IP_PNP_DHCP=y
 # CONFIG_INET_XFRM_MODE_BEET is not set
 # CONFIG_INET_LRO is not set
 CONFIG_IPV6=y
+CONFIG_BRIDGE=y
 CONFIG_VLAN_8021Q=y
 CONFIG_LLC2=y
 CONFIG_CAN=y
@@ -74,6 +75,10 @@ CONFIG_CFG80211_DEBUGFS=y
 CONFIG_CFG80211_WEXT=y
 CONFIG_MAC80211=y
 CONFIG_MAC80211_DEBUGFS=y
+CONFIG_RFKILL=y
+CONFIG_RFKILL_INPUT=y
+CONFIG_RFKILL_REGULATOR=y
+CONFIG_RFKILL_GPIO=y
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 # CONFIG_STANDALONE is not set
@@ -149,6 +154,7 @@ CONFIG_MOUSE_PS2=m
 CONFIG_MOUSE_PS2_ELANTECH=y
 CONFIG_INPUT_TOUCHSCREEN=y
 CONFIG_TOUCHSCREEN_ADS7846=y
+CONFIG_TOUCHSCREEN_FUSION_7_10=y
 CONFIG_TOUCHSCREEN_IMX6UL_TSC=y
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_MMA8450=y
@@ -173,6 +179,7 @@ CONFIG_I2C_IMX=y
 CONFIG_SPI=y
 CONFIG_SPI_GPIO=y
 CONFIG_SPI_IMX=y
+CONFIG_SPI_SPIDEV=y
 CONFIG_GPIO_SYSFS=y
 CONFIG_GPIO_MCA_CC6UL=y
 CONFIG_GPIO_MAX732X=y
@@ -234,6 +241,10 @@ CONFIG_BACKLIGHT_PWM=y
 CONFIG_FRAMEBUFFER_CONSOLE=y
 CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
 CONFIG_LOGO=y
+CONFIG_FB_LOGO_CENTERED=y
+# CONFIG_LOGO_LINUX_MONO is not set
+# CONFIG_LOGO_LINUX_VGA16 is not set
+# CONFIG_LOGO_LINUX_CLUT224 is not set
 CONFIG_SOUND=y
 CONFIG_SND=y
 CONFIG_SND_USB_AUDIO=m

meta-digi-arm/recipes-kernel/linux/linux-dey.inc

@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
 
 DEPENDS += "lzop-native bc-native"
 DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}"
+DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
 
 inherit kernel fsl-kernel-localversion
 
@@ -25,22 +26,26 @@ S = "${WORKDIR}/git"
 # machine, with different entry points
 KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}"
 
-# In order to sign and encrypt the uImage, we need to know the address
-# in which U-Boot loads the uImage. This is CONFIG_LOADADDR in U-Boot
-# configuration file. 
-UBOOT_CONFIG_LOADADDR = ""
-UBOOT_CONFIG_LOADADDR_ccimx6 = "0x12000000"
-UBOOT_CONFIG_LOADADDR_ccimx6ul = "0x80800000"
-
 do_deploy_append() {
 	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+		# Set environment variables for trustfence configuration
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
-		export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
-		"${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
+
+		# Sign/encrypt the kernel image
+		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -l "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
 		mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin"
-	fi	
+
+		# Sign/encrypt the device tree blobs
+		if [ -n "${KERNEL_DEVICETREE}" ]; then
+			for DTB_NAME in ${KERNEL_DEVICETREE}; do
+				DTB="${B}/arch/${ARCH}/boot/dts/${DTB_NAME}"
+				"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" -p "${DIGI_FAMILY}" -d "${DTB}" "${DTB}-signed"
+				mv "${DTB}-signed" "${DTB}"
+			done
+		fi
+	fi
 	(cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME})
 }
 

meta-digi-arm/recipes-kernel/linux/linux-dey_3.10.bb

@@ -22,7 +22,7 @@ do_update_dts() {
 	else
 		config_dts disable '_ssp2_mmc_wifi.dtsi'
 	fi
-	if [ -n "${HAVE_EXT_ETH}" ]; then
+	if [ -n "${HAVE_SECOND_ETH}" ]; then
 		config_dts enable  '_ethernet1.dtsi'
 	else
 		config_dts disable '_ethernet1.dtsi'

meta-digi-dey/classes/trustfence.bbclass

@@ -51,7 +51,7 @@ python () {
 
     if (d.getVar("TRUSTFENCE_DEK_PATH") == "default"):
         d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin");
-    
+
     if (d.getVar("TRUSTFENCE_SIGN", True) == "1"):
         d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_SIGN_IMAGE=y ")
         if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH", True):
@@ -65,6 +65,3 @@ python () {
     if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"):
         d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y')
 }
-
-# SDCARD image is not supported when encryption is enabled, so disable it in such cases
-IMAGE_FSTYPES_remove = "${@'' if d.getVar('TRUSTFENCE_DEK_PATH', True) == '0' else 'sdcard'}"

meta-digi-dey/conf/distro/dey.conf

@@ -1,6 +1,6 @@
 DISTRO = "dey"
 DISTRO_NAME = "Digi Embedded Yocto"
-DISTRO_VERSION = "2.0-r3"
+DISTRO_VERSION = "2.0-r4"
 DISTRO_CODENAME = "jethro"
 SDK_VENDOR = "-deysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'}"
@@ -114,9 +114,9 @@ SANITY_TESTED_DISTROS ?= " \
 # Default hash policy for distro
 BB_SIGNATURE_HANDLER ?= 'OEBasicHash'
 #
-# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in 
+# OELAYOUT_ABI allows us to notify users when the format of TMPDIR changes in
 # an incompatible way. Such changes should usually be detailed in the commit
-# that breaks the format and have been previously discussed on the mailing list 
+# that breaks the format and have been previously discussed on the mailing list
 # with general agreement from the core team.
 #
 OELAYOUT_ABI = "11"

meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/bluez-init

@@ -23,6 +23,7 @@ fi
 
 SCRIPTNAME="$(basename "${0}")"
 LOGFILE="/var/log/bluetoothd.log"
+FIRMWARE_FILE="/lib/firmware/qca/nvm_tlv_3.2.bin"
 
 bt_init_qca6564() {
 	MOD_VERSION="$(($(cat /proc/device-tree/digi,hwid,hv 2>/dev/null || true)))"
@@ -32,8 +33,8 @@ bt_init_qca6564() {
 	BT_EN_L="/sys/class/gpio/gpio${BT_EN_QCA_GPIO_NR}"
 	[ -d "${BT_EN_L}" ] || printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/export
 	printf out > ${BT_EN_L}/direction && sleep .1
-	printf 0 > ${BT_EN_L}/value && sleep .1
+	printf 0 > ${BT_EN_L}/value && sleep .2
-	printf 1 > ${BT_EN_L}/value && sleep .1
+	printf 1 > ${BT_EN_L}/value && sleep .2
 	[ -d "${BT_EN_L}" ] && printf "%s" ${BT_EN_QCA_GPIO_NR} > /sys/class/gpio/unexport
 
 	# Module version older than revision 4 has swapped TX and RX lines
@@ -47,7 +48,13 @@ bt_init_qca6564() {
 		[ -d "${BT_CTS_L}" ] && printf "%s" ${BT_CTS_QCA_GPIO_NR} > /sys/class/gpio/unexport
 		# Reduce the rate to avoid the need for HW flow control
 		BT_RATE="115200"
+		BT_RATE_CODE="00" # 115200 bps
 		BT_FLOW="noflow"
+		# Check the current FW file rate
+		if [ "$(hexdump -s 56 -n 1 -ve '1/1 "%.2x"' ${FIRMWARE_FILE})" != "${BT_RATE_CODE}" ]; then
+			# Modify the BT FW file rate
+			printf "\x${BT_RATE_CODE}" | dd of="${FIRMWARE_FILE}" bs=1 seek=56 count=1 conv=notrunc,fsync 2>/dev/null
+		fi
 	fi
 
 	if hciattach -t120 ttyBt qca ${BT_RATE:-3000000} ${BT_FLOW:-flow} 2>${LOGFILE}; then

meta-digi-dey/recipes-connectivity/bluez/bluez5-5.33/ccimx6ul/0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch

@@ -0,0 +1,36 @@
+From: Isaac Hermida <isaac.hermida@digi.com>
+Date: Fri, 30 Sep 2016 12:46:17 +0200
+Subject: [PATCH] hciattach_rome: do not override the baudrate in the NVM file
+
+Do not use hcitattach to override the NMV baudrate because we are
+setting it directly in the firmware file.
+
+https://jira.digi.com/browse/DEL-3057
+
+Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
+---
+ tools/hciattach_rome.c | 11 ++---------
+ 1 file changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/tools/hciattach_rome.c b/tools/hciattach_rome.c
+index 59bdc16e4e8f..4f0f8c82fa8d 100644
+--- a/tools/hciattach_rome.c
++++ b/tools/hciattach_rome.c
+@@ -1903,15 +1903,8 @@ download:
+             }
+             fprintf(stderr, "%s: Download TLV file successfully \n", __FUNCTION__);
+
+-            /*
+-             * Overriding the baud rate value in NVM file with the user
+-             * requested baud rate, since default baud rate in NVM file is 3M.
+-             */
+-            err = rome_set_baudrate_req(fd, local_baud_rate, controller_baud_rate);
+-            if (err < 0) {
+-                fprintf(stderr, "%s: Baud rate change failed!\n", __FUNCTION__);
+-                goto error;
+-            }
++            /* Do not override the baudrate in the TLV file */
++            fprintf(stderr, "%s: Skipping Override of baud rate!\n", __FUNCTION__);
+
+             /* Perform HCI reset here*/
+             err = rome_hci_reset_req(fd, local_baud_rate);

meta-digi-dey/recipes-connectivity/bluez/bluez5_5.33.bbappend

@@ -28,6 +28,7 @@ SRC_URI_append_ccimx6ul = " \
     file://0017-bluetooth-Fix-flow-control-operation.patch \
     file://0018-Adding-MDM-specific-code-under-_PLATFORM_MDM_.patch \
     file://0019-Bluetooth-Fix-static-analysis-issues.patch \
+    file://0023-hciattach_rome-do-not-override-the-baudrate-in-the-N.patch \
 "
 
 inherit update-rc.d

meta-digi-dey/recipes-connectivity/crda/crda_3.18.bbappend

@@ -0,0 +1,10 @@
+# Copyright (C) 2016 Digi International.
+
+SRC_URI += "https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2016.06.10.tar.xz;name=bin_2016_06_10"
+
+SRC_URI[bin_2016_06_10.md5sum] = "d282cce92b6e692e8673e2bd97adf33b"
+SRC_URI[bin_2016_06_10.sha256sum] = "cfedf1c3521b3c8f32602f25ed796e96e687c3441a00e7c050fedf7fd4f1b8b7"
+
+do_install_append() {
+	install -m 0644 ${WORKDIR}/wireless-regdb-2016.06.10/regulatory.bin ${D}${libdir}/crda/regulatory.bin
+}

meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/defconfig

@@ -0,0 +1,316 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+CONFIG_DEBUG_FILE=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y

meta-digi-dey/recipes-connectivity/hostapd/hostapd-2.4/hostapd.conf

@@ -0,0 +1,33 @@
+ctrl_interface=/var/run/hostapd
+ctrl_interface_group=0
+interface=wlan0
+driver=nl80211
+
+# WPA2-AES encryption
+ssid=ap-wpa2aes_a
+auth_algs=1
+wpa=2
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=CCMP
+wpa_passphrase=password-wpa2aes
+
+# OPEN encryption --- remove WPA2-AES setup
+# channel=1
+# ssid=ap-open
+
+
+# IEEE 802.11ac
+hw_mode=a
+channel=36
+ieee80211ac=1
+ieee80211n=1
+
+# IEEE 802.11gn  --- remove IEEE 802.11ac setup
+# hw_mode=g
+# channel=5
+# ieee80211n=1
+
+
+# IEEE 802.11d - Country Code
+ieee80211d=1
+country_code=US

meta-digi-dey/recipes-connectivity/hostapd/hostapd_2.4.bbappend

@@ -4,6 +4,15 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BP}:"
 
 # The recipe uses a different "$S" directory so point the patch to the hostapd
 # tarball directory.
-SRC_URI_append_ccimx6ul = " file://fix_num_probereq_cb_clearing.patch;patchdir=.."
+SRC_URI += " \
+	file://fix_num_probereq_cb_clearing.patch;patchdir=.. \
+	file://hostapd.conf \
+"
 
-PACKAGE_ARCH = "${MACHINE_ARCH}"
+do_install_append() {
+	# Overwrite the default hostapd.conf with our custom file
+	install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/hostapd.conf
+}
+
+# Do not autostart hostapd daemon, it will conflict with wpa-supplicant.
+INITSCRIPT_PARAMS = "remove"

meta-digi-dey/recipes-connectivity/modemmanager/modemmanager-1.4.12/cellularifupdown

@@ -27,9 +27,9 @@ background_connect() {
         [ -n "${IF_PIN}" ] && ARGS="${ARGS},pin=${IF_PIN}"
 
         [ -n "${IF_USER}" ] && ARGS="${ARGS},user=${IF_USER}"
-        [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}"  
+        [ -n "${IF_PASSWORD}" ] && ARGS="${ARGS},password=${IF_PASSWORD}"
         [ -n "${IF_PORT}" ] && ARGS="${ARGS},number=*99#"
- 
+
         # Enable the modem and connect to provider
         mmcli -m 0 --simple-connect=${ARGS} > /dev/null 2>&1
 

meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb

@@ -16,3 +16,5 @@ RDEPENDS_${PN} = "\
     wpa-supplicant-cli \
     wpa-supplicant-passphrase \
 "
+
+RDEPENDS_${PN}_append_ccimx6ul = " hostapd"

meta-digi-dey/recipes-core/images/core-image-base.bbappend

@@ -12,5 +12,8 @@ IMAGE_FEATURES += " \
     ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \
 "
 
+# SDK features (for toolchains generated from an image with populate_sdk)
+SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs"
+
 # Add our dey-image tweaks to the final image (like /etc/build info)
 inherit dey-image

meta-digi-dey/recipes-core/images/dey-image-qt.bb

@@ -26,6 +26,9 @@ IMAGE_FEATURES += " \
     ${@bb.utils.contains('MACHINE_FEATURES', 'wifi', 'dey-wireless', '', d)} \
 "
 
+# Remove some features to reduce the rootfs size to fit in the internal storage.
+IMAGE_FEATURES_remove_ccimx6ul = "package-management"
+
 # SDK features (for toolchains generated from an image with populate_sdk)
 SDKIMAGE_FEATURES ?= "dev-pkgs dbg-pkgs staticdev-pkgs"
 

meta-digi-dey/recipes-core/images/dey-image-trustfence-initramfs.bb

@@ -11,7 +11,7 @@ PACKAGE_INSTALL = " \
 IMAGE_FEATURES = ""
 IMAGE_LINGUAS = ""
 
-IMAGE_FSTYPES = "cpio.gz.u-boot"
+IMAGE_FSTYPES = "cpio.gz.u-boot.tf"
 inherit core-image image_types_uboot
 
 IMAGE_ROOTFS_SIZE = "8192"

meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.dhcp

@@ -4,3 +4,5 @@ iface wlan0 inet dhcp
        udhcpc_opts -b
        wpa-driver ##WPA_DRIVER##
        wpa-conf /etc/wpa_supplicant.conf
+       # post-up /etc/init.d/hostapd start
+       # pre-down /etc/init.d/hostapd stop

meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces.wlan0.static

@@ -7,3 +7,5 @@ iface wlan0 inet static
         dns-nameservers ##WLAN0_STATIC_DNS##
         wpa-driver ##WPA_DRIVER##
         wpa-conf /etc/wpa_supplicant.conf
+        # post-up /etc/init.d/hostapd start
+        # pre-down /etc/init.d/hostapd stop

meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend

@@ -25,7 +25,7 @@ do_install_append() {
 
 	# Create 'interfaces' file dynamically
 	cat ${WORKDIR}/interfaces.eth0.${ETH0_MODE} >> ${D}${sysconfdir}/network/interfaces
-	[ -n "${HAVE_EXT_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces
+	[ -n "${HAVE_SECOND_ETH}" ] && cat ${WORKDIR}/interfaces.eth1.${ETH1_MODE} >> ${D}${sysconfdir}/network/interfaces
 	[ -n "${HAVE_WIFI}" ] && cat ${WORKDIR}/interfaces.wlan0.${WLAN0_MODE} >> ${D}${sysconfdir}/network/interfaces
 	cat ${WORKDIR}/interfaces.br0.example >> ${D}${sysconfdir}/network/interfaces
 

meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb

@@ -55,5 +55,3 @@ RRECOMMENDS_${PN} = "\
     ${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \
     ${MACHINE_EXTRA_RRECOMMENDS} \
 "
-
-do_package[vardeps] = "TRUSTFENCE_ENCRYPT_ENVIRONMENT"

meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb

@@ -24,9 +24,17 @@ FILES_${PN} = "/"
 
 # Runtime packages used in 'trustfence-initramfs-init'
 RDEPENDS_${PN} = " \
-    cryptsetup \
-    rng-tools \
     trustfence-tool \
     util-linux-findfs \
     wipe \
+    u-boot-fw-utils \
+"
+
+RDEPENDS_${PN}_append_ccimx6sbc = " \
+    cryptsetup \
+    rng-tools \
+"
+
+RDEPENDS_${PN}_append_ccimx6ul = " \
+    mtd-utils-ubifs \
 "

meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-initramfs-init

@@ -0,0 +1,98 @@
+#!/bin/sh
+#===============================================================================
+#
+#  trustfence-initramfs-init
+#
+#  Copyright (C) 2016 by Digi International Inc.
+#  All rights reserved.
+#
+#  This program is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU General Public License version 2 as published by
+#  the Free Software Foundation.
+#
+#
+#  !Description: Init script for Trustfence initramfs
+#
+#===============================================================================
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+
+mkdir -p /proc /sys /dev
+mount -t proc proc /proc
+mount -t sysfs sysfs /sys
+mount -t devtmpfs devtmpfs /dev
+
+# Set kernel console loglevel
+LOGLEVEL="$(sysctl -n kernel.printk)"
+sysctl -q -w kernel.printk=4
+
+for arg in $(cat /proc/cmdline); do
+	case "${arg}" in
+		init=*|rescue=1|root=*|trustfence_install=*) eval ${arg};;
+		trustfence_fskey*)
+			tf_fskey_bool=true;
+			eval ${arg};;
+	esac
+done
+
+# Translate "PARTUUID=..." to real device
+root="/dev/$(findfs ${root})"
+
+rescue_shell () {
+	# Expand console and respawn if exited
+	while true; do
+		setsid cttyhack sh -l
+		sleep 1
+	done
+}
+
+# Jump to a rescue shell if requested
+if [ -n "${rescue}" ]; then
+	rescue_shell
+fi
+
+if [ -n "${tf_fskey_bool}" ]; then
+	# Program key if trustfence_fskey kernel parameter exists
+	if [ -n "${trustfence_fskey}" ]; then
+		# trustfence_fskey not empty - use provided key
+		printf "\nUsing provided key\n"
+		trustfence-tool --newkey=${trustfence_fskey}
+		if [ "${?}" != "0" ]; then
+			error "trustfence-tool: key generation"
+		fi
+	else
+		# trustfence_fskey empty - use random key
+		printf "\nGenerating new random key\n"
+		trustfence-tool --newkey
+		if [ "${?}" != "0" ]; then
+			error "trustfence-tool: key generation"
+		fi
+	fi
+	printf "\nFile system encryption key changed.\n"
+	printf "A system reboot is needed for the kernel to use it.\n"
+	rescue_shell
+fi
+
+# Run install script if "trustfence_install" kernel parameter exists
+if [ -n "${trustfence_install}" ]; then
+	trustfence-install.sh ${trustfence_install}
+	sleep 1
+	echo ">> Rebooting the system"
+	sleep 1
+	sync && reboot -f
+fi
+
+# Mount device
+mkdir -p /newroot
+mount -t "ubifs" ${root} /newroot
+
+#
+# Clean-up and do the switch_root to the final rootfs
+#
+# - restore previous kernel console loglevel
+# - umount virtual filesystems
+#
+[ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}"
+mount --move /dev /newroot/dev
+umount /sys /proc
+exec switch_root /newroot ${init:-/sbin/init}

meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6ul/trustfence-install.sh

@@ -0,0 +1,94 @@
+#!/bin/sh
+#===============================================================================
+#
+#  trustfence-install.sh
+#
+#  Copyright (C) 2016 by Digi International Inc.
+#  All rights reserved.
+#
+#  This program is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU General Public License version 2 as published by
+#  the Free Software Foundation.
+#
+#
+#  !Description: Wrapper script for initial deployment of encrypted filesystems
+#
+#  The script gathers the needed information from the 'trustfence_install'
+#  kernel command line parameter with following syntax:
+#
+#    trustfence_install="source:serverip:filename:partname"
+#      source   -> 'tftp' | <block-device>
+#      serverip -> <tftp-ip> | ''               (serverip or empty if local)
+#      filename -> <image-filename>             (path relative to 'source')
+#      partname -> <partition name>             (should match an entry on the
+#						 partition table)
+#
+#  For 'tftp' mode the kernel IP autoconfig may be used to bring the network
+#  interface up, with 'ip' kernel parameter. Examples:
+#
+#    ip=<static-ip>:::<netmask>::eth0:off
+#    ip=dhcp
+#
+#  This script is meant for testing purposes. It's NOT a stable API and may
+#  be subject to change.
+#
+#===============================================================================
+
+set -o pipefail
+
+TF_INSTALL_INFO="${1}"
+
+error() {
+	[ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}"
+	exit 1
+}
+
+# Parse trustfence_install kernel parameter
+IFS=":" read SOURCE SERVERIP FILENAME PARTNAME <<_EOF_
+${TF_INSTALL_INFO}
+_EOF_
+
+# Validate command line arguments
+if [ -z "${SOURCE}" ] || [ -z "${FILENAME}" ] || [ -z "${PARTNAME}" ] || { [ "${SOURCE}" = "tftp" ] && [ -z "${SERVERIP}" ]; }; then
+	error "wrong 'trustfence_install' parameter: ${TF_INSTALL_INFO}"
+fi
+
+# Format partition
+mtdindex="$(sed -ne "/\"${PARTNAME}\"$/s,^mtd\([0-9]\):.*,\1,g;T;p" /proc/mtd)"
+ubidetach -p /dev/mtd${mtdindex} >/dev/null 2>&1
+ubiformat -y /dev/mtd${mtdindex}
+UBI_DEVICE="$(ubiattach -p /dev/mtd${mtdindex} | sed -ne 's,.*device number \([0-9]\).*,\1,g;T;p')"
+ubimkvol /dev/ubi${UBI_DEVICE} -N "${PARTNAME}" -m
+
+# Install image to the encrypted mapped device
+if [ "${SOURCE}" = "tftp" ]; then
+	printf "\nInstalling ${FILENAME} from TFTP\n\n"
+	FILE=$(basename "$FILENAME")
+	tftp -g -l - -r "${FILENAME}" "${SERVERIP}" > ${FILE} || { error "tftp failed"; }
+	FILESIZE=$(stat -c%s "$FILE")
+	pv -tprebW ${FILE} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null
+	rm -f ${FILE}
+	if [ "${?}" != "0" ]; then
+		error "write ${FILENAME}"
+	fi
+elif [ -b "${SOURCE}" ]; then
+	printf "\nInstalling ${FILENAME} from local media\n\n"
+	MOUNTPOINT="/media/$(basename ${SOURCE})"
+	FSTYPE="$(blkid ${SOURCE} | sed -e 's,.*TYPE="\([^"]\+\)".*,\1,g')"
+	mkdir -p ${MOUNTPOINT}
+	mount -r ${FSTYPE:+-t ${FSTYPE}} ${SOURCE} ${MOUNTPOINT}
+	FILESIZE=$(stat -c%s "${MOUNTPOINT}/${FILENAME}")
+	pv -tprebW ${MOUNTPOINT}/${FILENAME} | ubiupdatevol /dev/ubi${UBI_DEVICE}_0 -s ${FILESIZE} - 2>/dev/null
+	if [ "${?}" != "0" ]; then
+		error "write ${FILENAME}"
+	fi
+	umount ${SOURCE}
+else
+	error "${SOURCE} is neither a block device nor 'tftp'"
+fi
+
+echo ""
+echo "#######################"
+echo "#  Install completed  #"
+echo "#######################"
+echo ""

meta-digi-dey/recipes-core/trustfence/trustfence-tool_2.0.bb

@@ -6,7 +6,7 @@ LICENSE = "CLOSED"
 
 SRC_URI = "${DIGI_PKG_SRC}/${BP}.tar.gz"
 
-SRC_URI[md5sum] = "eea4efe8b8e7527a0ffeea16fd238ba3"
+SRC_URI[md5sum] = "9556aec9c9b0ef7e38606040e4f059d0"
-SRC_URI[sha256sum] = "aefeb08f2db59c891cf1162488499448bf9d80d64b2778d4fda11343793373e7"
+SRC_URI[sha256sum] = "21f013616393883a5c3e0e9d7332e5d169af515f83b3a7dbf365e9ffbde1c593"
 
 inherit bin_package

meta-digi-dey/recipes-digi/dey-examples/dey-examples-tamper.bb

@@ -0,0 +1,13 @@
+SUMMARY = "DEY examples: Tamper test application"
+SECTION = "examples"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRC_URI = "file://tamper_sample"
+
+S = "${WORKDIR}/tamper_sample"
+
+do_install() {
+	install -d ${D}${bindir}
+	install -m 0755 tamper_sample ${D}${bindir}
+}

meta-digi-dey/recipes-digi/dey-examples/files/alsa_test/alsa_test.c

@@ -57,7 +57,7 @@ int main(void)
                 printf("Could't open PCM '%s': %s\n", device, snd_strerror(err));
                 return EXIT_FAILURE;
         }
-	
+
         if ((err = snd_pcm_set_params(handle,
                                       PCM_TEST_FORMAT,
                                       SND_PCM_ACCESS_RW_INTERLEAVED,
@@ -81,16 +81,16 @@ int main(void)
                         err = EXIT_FAILURE;
 			goto exit_close_pcm;
                 }
-		
+
                 if (frames > 0 && frames < total_frames)
                         printf("Short write (expected %li, wrote %li)\n",
 			       total_frames, frames);
         }
 
 	err = EXIT_SUCCESS;
-	
+
  exit_close_pcm:
         snd_pcm_close(handle);
-	
+
         return err;
 }

meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/Makefile

@@ -0,0 +1,11 @@
+CFLAGS = -Wall -g -D_GNU_SOURCE
+
+all: tamper_sample
+
+tamper_sample: tamper_sample.o iio_utils.o
+
+%.o: %.c iio_utils.h
+
+.PHONY: clean
+clean:
+	rm -f *.o tamper_sample

meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.c

@@ -0,0 +1,669 @@
+/* IIO - useful set of util functionality
+ *
+ * Copyright (c) 2008 Jonathan Cameron
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+#ifndef _IIO_UTILS_H
+#define _IIO_UTILS_H
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <dirent.h>
+#include <errno.h>
+#include <ctype.h>
+#include "iio_utils.h"
+
+const char *iio_dir = "/sys/bus/iio/devices/";
+
+static char * const iio_direction[] = {
+	"in",
+	"out",
+};
+
+/**
+ * iioutils_break_up_name() - extract generic name from full channel name
+ * @full_name: the full channel name
+ * @generic_name: the output generic channel name
+ **/
+int iioutils_break_up_name(const char *full_name,
+				  char **generic_name)
+{
+	char *current;
+	char *w, *r;
+	char *working, *prefix = "";
+	int i;
+
+	for (i = 0; i < sizeof(iio_direction) / sizeof(iio_direction[0]); i++)
+		if (!strncmp(full_name, iio_direction[i],
+			     strlen(iio_direction[i]))) {
+			prefix = iio_direction[i];
+			break;
+		}
+
+	current = strdup(full_name + strlen(prefix) + 1);
+	working = strtok(current, "_\0");
+
+	w = working;
+	r = working;
+
+	while (*r != '\0') {
+		if (!isdigit(*r)) {
+			*w = *r;
+			w++;
+		}
+		r++;
+	}
+	*w = '\0';
+	asprintf(generic_name, "%s_%s", prefix, working);
+	free(current);
+
+	return 0;
+}
+
+/**
+ * iioutils_get_type() - find and process _type attribute data
+ * @is_signed: output whether channel is signed
+ * @bytes: output how many bytes the channel storage occupies
+ * @mask: output a bit mask for the raw data
+ * @be: big endian
+ * @device_dir: the iio device directory
+ * @name: the channel name
+ * @generic_name: the channel type name
+ **/
+int iioutils_get_type(unsigned *is_signed,
+			     unsigned *bytes,
+			     unsigned *bits_used,
+			     unsigned *shift,
+			     uint64_t *mask,
+			     unsigned *be,
+			     const char *device_dir,
+			     const char *name,
+			     const char *generic_name)
+{
+	FILE *sysfsfp;
+	int ret;
+	DIR *dp;
+	char *scan_el_dir, *builtname, *builtname_generic, *filename = 0;
+	char signchar, endianchar;
+	unsigned padint;
+	const struct dirent *ent;
+
+	ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_ret;
+	}
+	ret = asprintf(&builtname, FORMAT_TYPE_FILE, name);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_free_scan_el_dir;
+	}
+	ret = asprintf(&builtname_generic, FORMAT_TYPE_FILE, generic_name);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_free_builtname;
+	}
+
+	dp = opendir(scan_el_dir);
+	if (dp == NULL) {
+		ret = -errno;
+		goto error_free_builtname_generic;
+	}
+	while (ent = readdir(dp), ent != NULL)
+		/*
+		 * Do we allow devices to override a generic name with
+		 * a specific one?
+		 */
+		if ((strcmp(builtname, ent->d_name) == 0) ||
+		    (strcmp(builtname_generic, ent->d_name) == 0)) {
+			ret = asprintf(&filename,
+				       "%s/%s", scan_el_dir, ent->d_name);
+			if (ret < 0) {
+				ret = -ENOMEM;
+				goto error_closedir;
+			}
+			sysfsfp = fopen(filename, "r");
+			if (sysfsfp == NULL) {
+				printf("failed to open %s\n", filename);
+				ret = -errno;
+				goto error_free_filename;
+			}
+
+			ret = fscanf(sysfsfp,
+				     "%ce:%c%u/%u>>%u",
+				     &endianchar,
+				     &signchar,
+				     bits_used,
+				     &padint, shift);
+			if (ret < 0) {
+				printf("failed to pass scan type description\n");
+				ret = -errno;
+				goto error_close_sysfsfp;
+			}
+			*be = (endianchar == 'b');
+			*bytes = padint / 8;
+			if (*bits_used == 64)
+				*mask = ~0;
+			else
+				*mask = (1 << *bits_used) - 1;
+			if (signchar == 's')
+				*is_signed = 1;
+			else
+				*is_signed = 0;
+			fclose(sysfsfp);
+			free(filename);
+
+			filename = 0;
+			sysfsfp = 0;
+		}
+error_close_sysfsfp:
+	if (sysfsfp)
+		fclose(sysfsfp);
+error_free_filename:
+	if (filename)
+		free(filename);
+error_closedir:
+	closedir(dp);
+error_free_builtname_generic:
+	free(builtname_generic);
+error_free_builtname:
+	free(builtname);
+error_free_scan_el_dir:
+	free(scan_el_dir);
+error_ret:
+	return ret;
+}
+
+int iioutils_get_param_float(float *output,
+				    const char *param_name,
+				    const char *device_dir,
+				    const char *name,
+				    const char *generic_name)
+{
+	FILE *sysfsfp;
+	int ret;
+	DIR *dp;
+	char *builtname, *builtname_generic;
+	char *filename = NULL;
+	const struct dirent *ent;
+
+	ret = asprintf(&builtname, "%s_%s", name, param_name);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_ret;
+	}
+	ret = asprintf(&builtname_generic,
+		       "%s_%s", generic_name, param_name);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_free_builtname;
+	}
+	dp = opendir(device_dir);
+	if (dp == NULL) {
+		ret = -errno;
+		goto error_free_builtname_generic;
+	}
+	while (ent = readdir(dp), ent != NULL)
+		if ((strcmp(builtname, ent->d_name) == 0) ||
+		    (strcmp(builtname_generic, ent->d_name) == 0)) {
+			ret = asprintf(&filename,
+				       "%s/%s", device_dir, ent->d_name);
+			if (ret < 0) {
+				ret = -ENOMEM;
+				goto error_closedir;
+			}
+			sysfsfp = fopen(filename, "r");
+			if (!sysfsfp) {
+				ret = -errno;
+				goto error_free_filename;
+			}
+			fscanf(sysfsfp, "%f", output);
+			break;
+		}
+error_free_filename:
+	if (filename)
+		free(filename);
+error_closedir:
+	closedir(dp);
+error_free_builtname_generic:
+	free(builtname_generic);
+error_free_builtname:
+	free(builtname);
+error_ret:
+	return ret;
+}
+
+/**
+ * bsort_channel_array_by_index() - reorder so that the array is in index order
+ *
+ **/
+
+void bsort_channel_array_by_index(struct iio_channel_info **ci_array,
+					 int cnt)
+{
+
+	struct iio_channel_info temp;
+	int x, y;
+
+	for (x = 0; x < cnt; x++)
+		for (y = 0; y < (cnt - 1); y++)
+			if ((*ci_array)[y].index > (*ci_array)[y+1].index) {
+				temp = (*ci_array)[y + 1];
+				(*ci_array)[y + 1] = (*ci_array)[y];
+				(*ci_array)[y] = temp;
+			}
+}
+
+/**
+ * build_channel_array() - function to figure out what channels are present
+ * @device_dir: the IIO device directory in sysfs
+ * @
+ **/
+int build_channel_array(const char *device_dir,
+			      struct iio_channel_info **ci_array,
+			      int *counter)
+{
+	DIR *dp;
+	FILE *sysfsfp;
+	int count, i;
+	struct iio_channel_info *current;
+	int ret;
+	const struct dirent *ent;
+	char *scan_el_dir;
+	char *filename;
+
+	*counter = 0;
+	ret = asprintf(&scan_el_dir, FORMAT_SCAN_ELEMENTS_DIR, device_dir);
+	if (ret < 0) {
+		ret = -ENOMEM;
+		goto error_ret;
+	}
+	dp = opendir(scan_el_dir);
+	if (dp == NULL) {
+		ret = -errno;
+		goto error_free_name;
+	}
+	while (ent = readdir(dp), ent != NULL)
+		if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
+			   "_en") == 0) {
+			ret = asprintf(&filename,
+				       "%s/%s", scan_el_dir, ent->d_name);
+			if (ret < 0) {
+				ret = -ENOMEM;
+				goto error_close_dir;
+			}
+			sysfsfp = fopen(filename, "r");
+			if (sysfsfp == NULL) {
+				ret = -errno;
+				free(filename);
+				goto error_close_dir;
+			}
+			fscanf(sysfsfp, "%i", &ret);
+			if (ret == 1)
+				(*counter)++;
+			fclose(sysfsfp);
+			free(filename);
+		}
+	*ci_array = malloc(sizeof(**ci_array) * (*counter));
+	if (*ci_array == NULL) {
+		ret = -ENOMEM;
+		goto error_close_dir;
+	}
+	seekdir(dp, 0);
+	count = 0;
+	while (ent = readdir(dp), ent != NULL) {
+		if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
+			   "_en") == 0) {
+			int current_enabled = 0;
+
+			current = &(*ci_array)[count++];
+			ret = asprintf(&filename,
+				       "%s/%s", scan_el_dir, ent->d_name);
+			if (ret < 0) {
+				ret = -ENOMEM;
+				/* decrement count to avoid freeing name */
+				count--;
+				goto error_cleanup_array;
+			}
+			sysfsfp = fopen(filename, "r");
+			if (sysfsfp == NULL) {
+				free(filename);
+				ret = -errno;
+				goto error_cleanup_array;
+			}
+			fscanf(sysfsfp, "%i", &current_enabled);
+			fclose(sysfsfp);
+
+			if (!current_enabled) {
+				free(filename);
+				count--;
+				continue;
+			}
+
+			current->scale = 1.0;
+			current->offset = 0;
+			current->name = strndup(ent->d_name,
+						strlen(ent->d_name) -
+						strlen("_en"));
+			if (current->name == NULL) {
+				free(filename);
+				ret = -ENOMEM;
+				goto error_cleanup_array;
+			}
+			/* Get the generic and specific name elements */
+			ret = iioutils_break_up_name(current->name,
+						     &current->generic_name);
+			if (ret) {
+				free(filename);
+				goto error_cleanup_array;
+			}
+			ret = asprintf(&filename,
+				       "%s/%s_index",
+				       scan_el_dir,
+				       current->name);
+			if (ret < 0) {
+				free(filename);
+				ret = -ENOMEM;
+				goto error_cleanup_array;
+			}
+			sysfsfp = fopen(filename, "r");
+			fscanf(sysfsfp, "%u", &current->index);
+			fclose(sysfsfp);
+			free(filename);
+			/* Find the scale */
+			ret = iioutils_get_param_float(&current->scale,
+						       "scale",
+						       device_dir,
+						       current->name,
+						       current->generic_name);
+			if (ret < 0)
+				goto error_cleanup_array;
+			ret = iioutils_get_param_float(&current->offset,
+						       "offset",
+						       device_dir,
+						       current->name,
+						       current->generic_name);
+			if (ret < 0)
+				goto error_cleanup_array;
+			ret = iioutils_get_type(&current->is_signed,
+						&current->bytes,
+						&current->bits_used,
+						&current->shift,
+						&current->mask,
+						&current->be,
+						device_dir,
+						current->name,
+						current->generic_name);
+		}
+	}
+
+	closedir(dp);
+	/* reorder so that the array is in index order */
+	bsort_channel_array_by_index(ci_array, *counter);
+
+	return 0;
+
+error_cleanup_array:
+	for (i = count - 1;  i >= 0; i--)
+		free((*ci_array)[i].name);
+	free(*ci_array);
+error_close_dir:
+	closedir(dp);
+error_free_name:
+	free(scan_el_dir);
+error_ret:
+	return ret;
+}
+
+/**
+ * find_type_by_name() - function to match top level types by name
+ * @name: top level type instance name
+ * @type: the type of top level instance being sort
+ *
+ * Typical types this is used for are device and trigger.
+ **/
+int find_type_by_name(const char *name, const char *type)
+{
+	const struct dirent *ent;
+	int number, numstrlen;
+
+	FILE *nameFile;
+	DIR *dp;
+	char thisname[IIO_MAX_NAME_LENGTH];
+	char *filename;
+
+	dp = opendir(iio_dir);
+	if (dp == NULL) {
+		printf("No industrialio devices available\n");
+		return -ENODEV;
+	}
+
+	while (ent = readdir(dp), ent != NULL) {
+		if (strcmp(ent->d_name, ".") != 0 &&
+			strcmp(ent->d_name, "..") != 0 &&
+			strlen(ent->d_name) > strlen(type) &&
+			strncmp(ent->d_name, type, strlen(type)) == 0) {
+			numstrlen = sscanf(ent->d_name + strlen(type),
+					   "%d",
+					   &number);
+			/* verify the next character is not a colon */
+			if (strncmp(ent->d_name + strlen(type) + numstrlen,
+					":",
+					1) != 0) {
+				filename = malloc(strlen(iio_dir)
+						+ strlen(type)
+						+ numstrlen
+						+ 6);
+				if (filename == NULL) {
+					closedir(dp);
+					return -ENOMEM;
+				}
+				sprintf(filename, "%s%s%d/name",
+					iio_dir,
+					type,
+					number);
+				nameFile = fopen(filename, "r");
+				if (!nameFile) {
+					free(filename);
+					continue;
+				}
+				free(filename);
+				fscanf(nameFile, "%s", thisname);
+				fclose(nameFile);
+				if (strcmp(name, thisname) == 0) {
+					closedir(dp);
+					return number;
+				}
+			}
+		}
+	}
+	closedir(dp);
+	return -ENODEV;
+}
+
+int _write_sysfs_int(char *filename, char *basedir, int val, int verify)
+{
+	int ret = 0;
+	FILE *sysfsfp;
+	int test;
+	char *temp = malloc(strlen(basedir) + strlen(filename) + 2);
+
+	if (temp == NULL)
+		return -ENOMEM;
+	sprintf(temp, "%s/%s", basedir, filename);
+	sysfsfp = fopen(temp, "w");
+	if (sysfsfp == NULL) {
+		printf("failed to open %s\n", temp);
+		ret = -errno;
+		goto error_free;
+	}
+	fprintf(sysfsfp, "%d", val);
+	fclose(sysfsfp);
+	if (verify) {
+		sysfsfp = fopen(temp, "r");
+		if (sysfsfp == NULL) {
+			printf("failed to open %s\n", temp);
+			ret = -errno;
+			goto error_free;
+		}
+		fscanf(sysfsfp, "%d", &test);
+		fclose(sysfsfp);
+		if (test != val) {
+			printf("Possible failure in int write %d to %s%s\n",
+				val,
+				basedir,
+				filename);
+			ret = -1;
+		}
+	}
+error_free:
+	free(temp);
+	return ret;
+}
+
+int write_sysfs_int(char *filename, char *basedir, int val)
+{
+	return _write_sysfs_int(filename, basedir, val, 0);
+}
+
+int write_sysfs_int_and_verify(char *filename, char *basedir, int val)
+{
+	return _write_sysfs_int(filename, basedir, val, 1);
+}
+
+int _write_sysfs_string(char *filename, char *basedir, char *val, int verify)
+{
+	int ret = 0;
+	FILE  *sysfsfp;
+	char *temp = malloc(strlen(basedir) + strlen(filename) + 2);
+
+	if (temp == NULL) {
+		printf("Memory allocation failed\n");
+		return -ENOMEM;
+	}
+	sprintf(temp, "%s/%s", basedir, filename);
+	sysfsfp = fopen(temp, "w");
+	if (sysfsfp == NULL) {
+		printf("Could not open %s\n", temp);
+		ret = -errno;
+		goto error_free;
+	}
+	fprintf(sysfsfp, "%s", val);
+	fclose(sysfsfp);
+	if (verify) {
+		sysfsfp = fopen(temp, "r");
+		if (sysfsfp == NULL) {
+			printf("could not open file to verify\n");
+			ret = -errno;
+			goto error_free;
+		}
+		fscanf(sysfsfp, "%s", temp);
+		fclose(sysfsfp);
+		if (strcmp(temp, val) != 0) {
+			printf("Possible failure in string write of %s "
+				"Should be %s "
+				"written to %s\%s\n",
+				temp,
+				val,
+				basedir,
+				filename);
+			ret = -1;
+		}
+	}
+error_free:
+	free(temp);
+
+	return ret;
+}
+
+/**
+ * write_sysfs_string_and_verify() - string write, readback and verify
+ * @filename: name of file to write to
+ * @basedir: the sysfs directory in which the file is to be found
+ * @val: the string to write
+ **/
+int write_sysfs_string_and_verify(char *filename, char *basedir, char *val)
+{
+	return _write_sysfs_string(filename, basedir, val, 1);
+}
+
+int write_sysfs_string(char *filename, char *basedir, char *val)
+{
+	return _write_sysfs_string(filename, basedir, val, 0);
+}
+
+int read_sysfs_posint(char *filename, char *basedir)
+{
+	int ret;
+	FILE  *sysfsfp;
+	char *temp = malloc(strlen(basedir) + strlen(filename) + 2);
+
+	if (temp == NULL) {
+		printf("Memory allocation failed");
+		return -ENOMEM;
+	}
+	sprintf(temp, "%s/%s", basedir, filename);
+	sysfsfp = fopen(temp, "r");
+	if (sysfsfp == NULL) {
+		ret = -errno;
+		goto error_free;
+	}
+	fscanf(sysfsfp, "%d\n", &ret);
+	fclose(sysfsfp);
+error_free:
+	free(temp);
+	return ret;
+}
+
+int read_sysfs_float(char *filename, char *basedir, float *val)
+{
+	int ret = 0;
+	FILE  *sysfsfp;
+	char *temp = malloc(strlen(basedir) + strlen(filename) + 2);
+
+	if (temp == NULL) {
+		printf("Memory allocation failed");
+		return -ENOMEM;
+	}
+	sprintf(temp, "%s/%s", basedir, filename);
+	sysfsfp = fopen(temp, "r");
+	if (sysfsfp == NULL) {
+		ret = -errno;
+		goto error_free;
+	}
+	fscanf(sysfsfp, "%f\n", val);
+	fclose(sysfsfp);
+error_free:
+	free(temp);
+	return ret;
+}
+
+int read_sysfs_string(const char *filename, const char *basedir, char *str)
+{
+	int ret = 0;
+	FILE  *sysfsfp;
+	char *temp = malloc(strlen(basedir) + strlen(filename) + 2);
+
+	if (temp == NULL) {
+		printf("Memory allocation failed");
+		return -ENOMEM;
+	}
+	sprintf(temp, "%s/%s", basedir, filename);
+	sysfsfp = fopen(temp, "r");
+	if (sysfsfp == NULL) {
+		ret = -errno;
+		goto error_free;
+	}
+	fscanf(sysfsfp, "%s\n", str);
+	fclose(sysfsfp);
+error_free:
+	free(temp);
+	return ret;
+}
+
+#endif /* _IIO_UTILS_H */

meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/iio_utils.h

@@ -0,0 +1,71 @@
+#ifndef _IIO_UTILS_H_
+#define _IIO_UTILS_H_
+
+/* IIO - useful set of util functionality
+ *
+ * Copyright (c) 2008 Jonathan Cameron
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <stdint.h>
+
+/* Made up value to limit allocation sizes */
+#define IIO_MAX_NAME_LENGTH 30
+
+#define FORMAT_SCAN_ELEMENTS_DIR "%s/scan_elements"
+#define FORMAT_TYPE_FILE "%s_type"
+
+extern const char *iio_dir;
+
+/**
+ * struct iio_channel_info - information about a given channel
+ * @name: channel name
+ * @generic_name: general name for channel type
+ * @scale: scale factor to be applied for conversion to si units
+ * @offset: offset to be applied for conversion to si units
+ * @index: the channel index in the buffer output
+ * @bytes: number of bytes occupied in buffer output
+ * @mask: a bit mask for the raw output
+ * @is_signed: is the raw value stored signed
+ * @enabled: is this channel enabled
+ **/
+struct iio_channel_info {
+	char *name;
+	char *generic_name;
+	float scale;
+	float offset;
+	unsigned index;
+	unsigned bytes;
+	unsigned bits_used;
+	unsigned shift;
+	uint64_t mask;
+	unsigned be;
+	unsigned is_signed;
+	unsigned location;
+};
+
+int iioutils_break_up_name(const char *full_name, char **generic_name);
+int iioutils_get_type(unsigned *is_signed, unsigned *bytes,
+					  unsigned *bits_used, unsigned *shift,
+					  uint64_t *mask, unsigned *be,
+					  const char *device_dir, const char *name,
+					  const char *generic_name);
+int iioutils_get_param_float(float *output, const char *param_name,
+							 const char *device_dir, const char *name,
+							 const char *generic_name);
+void bsort_channel_array_by_index(struct iio_channel_info **ci_array, int cnt);
+int build_channel_array(const char *device_dir,
+						struct iio_channel_info **ci_array, int *counter);
+int find_type_by_name(const char *name, const char *type);
+int write_sysfs_int(char *filename, char *basedir, int val);
+int write_sysfs_int_and_verify(char *filename, char *basedir, int val);
+int write_sysfs_string_and_verify(char *filename, char *basedir, char *val);
+int write_sysfs_string(char *filename, char *basedir, char *val);
+int read_sysfs_posint(char *filename, char *basedir);
+int read_sysfs_float(char *filename, char *basedir, float *val);
+int read_sysfs_string(const char *filename, const char *basedir, char *str);
+
+#endif /* _IIO_UTILS_H_ */

meta-digi-dey/recipes-digi/dey-examples/files/tamper_sample/tamper_sample.c

@@ -0,0 +1,215 @@
+/*
+ * ConnectCore 6UL tamper sample application.
+ *
+ * Copyright (c) 2016 Digi International Inc.
+ * All rights reserved.
+ *
+ * Based on iio_event_monitor.c from the tools/iio directory, of the linux
+ * kernel.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <linux/iio/events.h>
+#include <linux/iio/types.h>
+#include <sys/ioctl.h>
+
+#include "iio_utils.h"
+
+#define TAMPER_SAMPLE_USAGE				\
+	"Usage:\n"					\
+	"tamper_sample -i tamper_iface\n\n"
+
+#define TAMPER_SAMPLE_FULL_USAGE			\
+	"Usage:\n"					\
+	"tamper_sample [options]\n\n"			\
+	"Options:\n"					\
+	"  -i : tamper interface to be used\n"		\
+	"  -h : help\n\n"
+
+typedef struct mca_tamper {
+	struct iio_event_data event;
+	char *dev_name;
+	char *chrdev_name;
+	int iface;
+	int dev_num;
+	int event_fd;
+} mca_tamper_t;
+
+mca_tamper_t tamper_data;
+
+static void show_usage(int full)
+{
+	fprintf(stdout, "%s", full ?
+		TAMPER_SAMPLE_FULL_USAGE : TAMPER_SAMPLE_USAGE);
+}
+
+static bool event_is_tamper(struct iio_event_data *event)
+{
+	enum iio_chan_type type = IIO_EVENT_CODE_EXTRACT_CHAN_TYPE(event->id);
+	enum iio_event_type ev_type = IIO_EVENT_CODE_EXTRACT_TYPE(event->id);
+	enum iio_event_direction dir = IIO_EVENT_CODE_EXTRACT_DIR(event->id);
+	bool ret = true;
+
+	if (type != IIO_ACTIVITY)
+		ret = false;
+	else if (ev_type != IIO_EV_TYPE_CHANGE)
+		ret = false;
+	else if (dir != IIO_EV_DIR_NONE)
+		ret = false;
+
+	return ret;
+}
+
+static void tamper_event_log(mca_tamper_t *tdata)
+{
+	/* Log the event in the system log, if any */
+	fprintf(stdout, "tamper%d event! time: %lld\n",
+		tdata->iface, tdata->event.timestamp);
+}
+
+static void tamper_event_actions(mca_tamper_t *tdata)
+{
+	/* Take the necessary defensive actions after a tamper event */
+	fprintf(stdout, "tamper%d: taking actions!\n", tdata->iface);
+}
+
+static void tamper_event_ack(mca_tamper_t *tdata)
+{
+	int ret;
+	char *tamper_sysfs_dir;
+
+	ret = asprintf(&tamper_sysfs_dir,
+		       "/sys/bus/iio/devices/iio:device%d",
+		       tdata->dev_num);
+	if (ret < 0) {
+		fprintf(stdout, "Failed to build event ack file name\n");
+		return;
+	}
+
+	/* Finally, acknowledge the event */
+	ret = write_sysfs_int("tamper_events", tamper_sysfs_dir, 2);
+	if (ret < 0) {
+		fprintf(stdout, "Failed to acknowledge tamper%d event\n",
+			tdata->iface);
+	}
+}
+
+static void process_tamper_event(mca_tamper_t *tdata)
+{
+	if (!event_is_tamper(&tdata->event)) {
+		fprintf(stdout, "Unknown event: time: %lld, id: %llx\n",
+			tdata->event.timestamp, tdata->event.id);
+		return;
+	}
+
+	tamper_event_log(tdata);
+	tamper_event_actions(tdata);
+	tamper_event_ack(tdata);
+}
+
+int main(int argc, char **argv)
+{
+	mca_tamper_t *tdata = &tamper_data;
+	int ret;
+	int opt;
+	int fd;
+
+	memset(tdata, 0, sizeof(mca_tamper_t));
+
+	if (argc <= 1) {
+		show_usage(0);
+		return EXIT_FAILURE;
+	}
+
+	while ((opt = getopt(argc, argv, "i:h")) > 0) {
+		switch (opt) {
+		case 'i':
+			tdata->iface = atoi(optarg);
+			break;
+
+		case 'h':
+			show_usage(1);
+			return EXIT_SUCCESS;
+
+		default:
+			show_usage(0);
+			return EXIT_FAILURE;
+		}
+	}
+
+	ret = asprintf(&tdata->dev_name, "TAMPER%d", tdata->iface);
+	if (ret < 0) {
+		fprintf(stdout, "Failed to find interface, device name too long?\n");
+		ret = -ENOMEM;
+		goto error_ret;
+	}
+
+	tdata->dev_num = find_type_by_name(tdata->dev_name, "iio:device");
+	if (tdata->dev_num < 0) {
+		fprintf(stdout, "Failed to find iio:device for TAMPER%d\n",
+			tdata->iface);
+		ret = -ENODEV;
+		goto error_ret2;
+	}
+
+	ret = asprintf(&tdata->chrdev_name, "/dev/iio:device%d", tdata->dev_num);
+	if (ret < 0) {
+		fprintf(stdout, "Failed to allocate memory\n");
+		ret = -ENOMEM;
+		goto error_ret2;
+	}
+
+	fd = open(tdata->chrdev_name, 0);
+	if (fd < 0) {
+		fprintf(stdout, "Failed to open %s\n", tdata->chrdev_name);
+		ret = -errno;
+		goto error_ret3;
+	}
+
+	ret = ioctl(fd, IIO_GET_EVENT_FD_IOCTL, &tdata->event_fd);
+
+	close(fd);
+
+	if (ret < 0 || tdata->event_fd < 0) {
+		fprintf(stdout, "Failed to retrieve event fd\n");
+		ret = -errno;
+		goto error_ret3;
+	}
+
+	fprintf(stdout, "Waiting for tamper events:\n");
+
+	while (true) {
+		ret = read(tdata->event_fd, &tdata->event, sizeof(struct iio_event_data));
+		if (ret < 0) {
+			if (errno == EAGAIN) {
+				fprintf(stdout, "No events... continue\n");
+				continue;
+			} else {
+				perror("Failed to read event from device");
+				ret = -errno;
+				break;
+			}
+		}
+
+		process_tamper_event(tdata);
+	}
+
+	close(tdata->event_fd);
+
+error_ret3:
+	free(tdata->chrdev_name);
+error_ret2:
+	free(tdata->dev_name);
+error_ret:
+	return ret;
+}

meta-digi-dey/recipes-digi/packagegroups/packagegroup-dey-examples.bb

@@ -40,6 +40,7 @@ RDEPENDS_${PN}_append_ccimx6ul = "\
 	${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-btconfig", "", d)} \
 	dey-examples-can \
 	${@bb.utils.contains("MACHINE_FEATURES", "bluetooth", "dey-examples-hdp", "", d)} \
+	dey-examples-tamper \
 "
 
 COMPATIBLE_MACHINE = "(ccardimx28|ccimx6$|ccimx6ul)"

meta-digi-dey/recipes-digi/sysinfo/sysinfo/sysinfo

@@ -182,15 +182,63 @@ make_report(){
 	ip link show
 	printf "\n"
 
+	echo "--------------------------------------"
+	echo "-                                    -"
+	echo "-       Wireless configuration       -"
+	echo "-                                    -"
+	echo "--------------------------------------"
+	echo ""
+	wpa_supplicant -v 2>/dev/null
+	echo ""
+	if [ -f "/etc/wpa_supplicant.conf" ]; then
+		echo "wpa_supplicant.conf:"
+		cat "/etc/wpa_supplicant.conf"
+	else
+		echo "[NOT FOUND] /etc/wpa_supplicant.conf"
+	fi
+
+	echo ""
+	hostapd -v 2>&1
+	echo ""
+	if [ -f "/etc/hostapd.conf" ]; then
+		echo "hostapd.conf:"
+		cat "/etc/hostapd.conf"
+	else
+		echo "[NOT FOUND] hostapd.conf"
+	fi
+	printf "\n\n"
+
+	echo "--------------------------------------"
+	echo "-                                    -"
+	echo "-             TrustFence             -"
+	echo "-                                    -"
+	echo "--------------------------------------"
+	echo ""
+
+	if [ "$(($(cat /sys/fsl_otp/HW_OCOTP_CFG5) & 2))" != "0" ]; then
+		echo "Device status: [CLOSED]"
+	else
+		echo "Device status: [OPEN]"
+	fi
+
+	if [ -f "/proc/device-tree/digi,uboot-env,encrypted" ]; then
+		echo "U-Boot environment is encrypted"
+	else
+		echo "U-Boot environment is NOT encrypted"
+	fi
+
 	echo "-------------End of report------------"
 }
 
 
 DISTRO="$(sed -ne 's,DISTRO = \(.*\)$,\1,g;T;p' /etc/build)"
 DEY_VERSION="$(sed -ne 's,DISTRO_VERSION = \(.*\)$,\1,g;T;p' /etc/build)"
-UBOOT_PARTITION="/dev/mmcblk0boot0"
+UBOOT_VERSION="$(cat /proc/device-tree/digi,uboot,version 2>/dev/null)"
-[ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0"
+if [ -z "${UBOOT_VERSION}" ]; then
-UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)"
+	UBOOT_PARTITION="/dev/mmcblk0boot0"
+	[ -c "/dev/mtd0" ] && UBOOT_PARTITION="/dev/mtd0"
+	UBOOT_VERSION="$(strings ${UBOOT_PARTITION} | grep -m 1 dub | cut -d' ' -f2)"
+fi
 MACHINE="$(cat /proc/device-tree/digi,machine,name)"
 BOARD_VARIANT="$(cat /proc/device-tree/digi,hwid,variant)"
 BOARD_SN="$(cat /proc/device-tree/digi,hwid,sn)"

meta-digi-dey/recipes-graphics/packagegroups/packagegroup-dey-qt.bb

@@ -4,6 +4,7 @@
 SUMMARY = "QT packagegroup for DEY image"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58"
+
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 inherit packagegroup
@@ -11,21 +12,20 @@ inherit packagegroup
 MACHINE_QT5_EXTRA_INSTALL ?= ""
 MACHINE_QT5_EXTRA_INSTALL_ccimx6 ?= "qtwebengine-examples"
 
-QT5_PKS = " \
+QT5_PKS = "qtbase-fonts qtserialport"
-    qtbase-fonts \
+QT5_PKS_append_ccimx6 = " qtdeclarative-tools"
-    qtdeclarative-tools \
-"
 
-QT5_EXAMPLES = " \
+QT5_EXAMPLES = "qtbase-examples"
+QT5_EXAMPLES_append_ccimx6 = " \
     qt3d-examples \
-    qtbase-examples \
     qtconnectivity-examples \
     qtdeclarative-examples \
     qtmultimedia-examples \
     qtsvg-examples \
 "
 
-QT5_DEMOS = " \
+QT5_DEMOS = ""
+QT5_DEMOS_append_ccimx6 = " \
     cinematicexperience \
     qt5-demo-extrafiles \
     qt5everywheredemo \

meta-digi-dey/recipes-graphics/xinput-calibrator/pointercal-xinput/ccimx6ul/pointercal.xinput

@@ -0,0 +1 @@
+# Empty calibration file to avoid re-calibration

meta-digi-dey/recipes-multimedia/gstreamer/gst-player_git.bbappend

@@ -2,4 +2,6 @@
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 
-SRC_URI_append = " file://0001-gstplayer-force-use-glimagesink.patch"
+SRC_URI_append_ccimx6 = " file://0001-gstplayer-force-use-glimagesink.patch"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"

meta-digi-dey/recipes-qt/qt5/qtbase/ccimx6ul/qt5.sh

@@ -0,0 +1,2 @@
+# Use LINUXFB platform plugin for images without X11
+[ -f "/etc/init.d/xserver-nodm" ] || export QT_QPA_PLATFORM="linuxfb"

meta-digi-dey/recipes-qt/qt5/qtbase_%.bbappend

@@ -4,9 +4,16 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 
 SRC_URI_append = " file://qt5.sh"
 
-PACKAGECONFIG_append = " accessibility examples icu sql-sqlite"
+PACKAGECONFIG_GL_mx6ul = "gles2"
+QT_CONFIG_FLAGS_append_mx6ul = "${@base_contains('DISTRO_FEATURES', 'x11', ' -no-eglfs', ' -eglfs', d)}"
+
+PACKAGECONFIG_append = " accessibility examples sql-sqlite"
+PACKAGECONFIG_append_ccimx6 = " icu"
+PACKAGECONFIG_append_ccimx6ul = " linuxfb"
 
 do_install_append() {
 	install -d ${D}${sysconfdir}/profile.d
 	install -m 0755 ${WORKDIR}/qt5.sh ${D}${sysconfdir}/profile.d/
 }
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"

meta-digi-dey/recipes-sato/matchbox-sato/matchbox-session-sato/session

@@ -2,12 +2,14 @@
 
 . /etc/formfactor/config
 
-## Use SHOWCURSOR from formfactor config files instaed of hardcoding it
+## Use first SHOWCURSOR from formfactor config files (fallback to set it depending on HAVE_TOUCHSCREEN)
-# if [ "$HAVE_TOUCHSCREEN" = "1" ]; then
+if [ -z "${SHOWCURSOR}" ]; then
-#     SHOWCURSOR="no"
+    if [ "$HAVE_TOUCHSCREEN" = "1" ]; then
-# else
+        SHOWCURSOR="no"
-#     SHOWCURSOR="yes"
+    else
-# fi
+        SHOWCURSOR="yes"
+    fi
+fi
 
 if [ "$HAVE_KEYBOARD" = "1" ]; then
     KEYBOARD_APPLET=""
@@ -15,6 +17,10 @@ else
     KEYBOARD_APPLET="keyboard"
 fi
 
+# Tell GTK+3 we really want server side decorations, even with
+# GtkHeaderBar using applications: Without that mb-panel will render
+# on top of the client side decorations.
+export GTK_CSD=0
 
 matchbox-desktop &
 

meta-digi-dey/recipes-sato/packagegroups/packagegroup-core-x11-sato.bbappend

@@ -2,3 +2,5 @@
 
 # Disable network manager
 NETWORK_MANAGER = ""
+
+RDEPENDS_${PN}-apps_remove_ccimx6ul = "gst-player-bin"

sdk/build-github.sh

@@ -16,13 +16,13 @@
 #  Parameters set by Jenkins:
 #     DY_PLATFORMS: Platforms to build
 #     DY_REVISION:  Revision of the manifest repository (for 'repo init')
-#     DY_TARGET:    Target image (the default is 'dey-image-qt')
+#     DY_TARGET:    Target image (the default is platform dependent)
 #
 #===============================================================================
 
 set -e
 
-AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc"
+AVAILABLE_PLATFORMS="ccardimx28js ccimx6sbc ccimx6ulsbc ccimx6ulstarter"
 
 MANIFEST_URL="https://github.com/digi-embedded/dey-manifest.git"
 
@@ -98,7 +98,17 @@ purge_sstate() {
 
 # Set default values if not provided by Jenkins
 [ -z "${DY_PLATFORMS}" ] && DY_PLATFORMS="$(echo ${AVAILABLE_PLATFORMS})"
-[ -z "${DY_TARGET}" ] && DY_TARGET="dey-image-qt"
+
+# Per-platform data
+while read _pl _tgt; do
+	[ -n "${DY_TARGET}" ] && _tgt="${DY_TARGET}" || true
+	eval "${_pl}_tgt=\"${_tgt}\""
+done<<-_EOF_
+	ccardimx28js      dey-image-qt
+	ccimx6sbc         dey-image-qt
+	ccimx6ulsbc       dey-image-qt
+	ccimx6ulstarter   core-image-base
+_EOF_
 
 YOCTO_IMGS_DIR="${WORKSPACE}/images"
 YOCTO_INST_DIR="${WORKSPACE}/dey.$(echo ${DY_REVISION} | tr '/' '_')"
@@ -133,6 +143,7 @@ fi
 # Create projects and build
 rm -rf ${YOCTO_IMGS_DIR} ${YOCTO_PROJ_DIR}
 for platform in ${DY_PLATFORMS}; do
+	eval platform_targets="\${${platform}_tgt}"
 	_this_prj_dir="${YOCTO_PROJ_DIR}/${platform}"
 	_this_img_dir="${YOCTO_IMGS_DIR}/${platform}"
 	mkdir -p ${_this_img_dir} ${_this_prj_dir}
@@ -151,8 +162,8 @@ for platform in ${DY_PLATFORMS}; do
 			if [ "${DY_FB_IMAGE}" = "true" ]; then
 				printf "${X11_REMOVAL_CFG}" >> conf/local.conf
 			fi
-			for target in ${DY_TARGET}; do
+			for target in ${platform_targets}; do
-				printf "\n[INFO] Building the $target target.\n"
+				printf "\n[INFO] Building the ${target} target.\n"
 				time bitbake ${target}
 			done
 			purge_sstate

sdk/build.sh

@@ -152,6 +152,7 @@ while read _pl _var _tgt; do
 done<<-_EOF_
 	ccardimx28js      - e w wb web web1   dey-image-qt
 	ccimx6sbc         DONTBUILDVARIANTS   dey-image-qt
+	ccimx6ulsbc       DONTBUILDVARIANTS   dey-image-qt
 	ccimx6ulstarter   DONTBUILDVARIANTS   core-image-base
 _EOF_
 

sdk/config/ccimx6ulsbc/bblayers.conf.sample

@@ -0,0 +1,25 @@
+# LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf
+# changes incompatibly
+LCONF_VERSION = "6"
+
+BBPATH = "${TOPDIR}"
+BBFILES ?= ""
+
+BBLAYERS ?= " \
+  ##OEROOT##/meta \
+  ##OEROOT##/meta-yocto \
+  ##OEROOT##/meta-yocto-bsp \
+  ##DIGIBASE##/meta-openembedded/meta-oe \
+  ##DIGIBASE##/meta-openembedded/meta-python \
+  ##DIGIBASE##/meta-openembedded/meta-networking \
+  ##DIGIBASE##/meta-openembedded/meta-webserver \
+  ##DIGIBASE##/meta-qt5 \
+  ##DIGIBASE##/meta-fsl-arm \
+  ##DIGIBASE##/meta-fsl-demos \
+  ##DIGIBASE##/meta-digi/meta-digi-arm \
+  ##DIGIBASE##/meta-digi/meta-digi-dey \
+  "
+BBLAYERS_NON_REMOVABLE ?= " \
+  ##OEROOT##/meta \
+  ##OEROOT##/meta-yocto \
+  "

sdk/config/ccimx6ulsbc/conf-notes.txt

@@ -0,0 +1,17 @@
+Digi Embedded Yocto provides the following image recipes:
+
+  * dey-image-qt: graphical QT image
+
+    By default the image is X11-based so it provides a full SATO theme
+    desktop environment.
+
+    To compile the image for the framebuffer (instead of X11) add the
+    following line to the project's conf/local.conf:
+
+    DISTRO_FEATURES_remove = "x11"
+
+  * core-image-base: a console-only image
+
+    Expansion of native core-image-base by including all the support for the
+    target device hardware like firmware files, rootfs customizations, etc.
+

sdk/config/ccimx6ulsbc/local.conf.sample

@@ -0,0 +1,256 @@
+#
+# This file is your local configuration file and is where all local user settings
+# are placed. The comments in this file give some guide to the options a new user
+# to the system might want to change but pretty much any configuration option can
+# be set in this file. More adventurous users can look at local.conf.extended
+# which contains other examples of configuration which can be placed in this file
+# but new users likely won't need any of them initially.
+#
+# Lines starting with the '#' character are commented out and in some cases the
+# default values are provided as comments to show people example syntax. Enabling
+# the option is a question of removing the # character and making any change to the
+# variable as required.
+
+#
+# Machine Selection
+#
+# You need to select a specific machine to target the build with. There are a selection
+# of emulated machines available which can boot and run in the QEMU emulator:
+#
+#MACHINE ?= "qemuarm"
+#MACHINE ?= "qemuarm64"
+#MACHINE ?= "qemumips"
+#MACHINE ?= "qemuppc"
+#MACHINE ?= "qemux86"
+#MACHINE ?= "qemux86-64"
+#
+# There are also the following hardware board target machines included for
+# demonstration purposes:
+#
+#MACHINE ?= "beaglebone"
+#MACHINE ?= "genericx86"
+#MACHINE ?= "genericx86-64"
+#MACHINE ?= "mpc8315e-rdb"
+#MACHINE ?= "edgerouter"
+#
+# This sets the default machine to be qemux86 if no other machine is selected:
+#MACHINE ??= "qemux86"
+
+MACHINE = "ccimx6ulsbc"
+
+#
+# Use Digi's internal git repositories
+#
+#DIGI_INTERNAL_GIT ?= "1"
+
+#
+# Where to place downloads
+#
+# During a first build the system will download many different source code tarballs
+# from various upstream projects. This can take a while, particularly if your network
+# connection is slow. These are all stored in DL_DIR. When wiping and rebuilding you
+# can preserve this directory to speed up this part of subsequent builds. This directory
+# is safe to share between multiple builds on the same machine too.
+#
+# The default is a downloads directory under TOPDIR which is the build directory.
+#
+#DL_DIR ?= "${TOPDIR}/downloads"
+
+#
+# Where to place shared-state files
+#
+# BitBake has the capability to accelerate builds based on previously built output.
+# This is done using "shared state" files which can be thought of as cache objects
+# and this option determines where those files are placed.
+#
+# You can wipe out TMPDIR leaving this directory intact and the build would regenerate
+# from these files if no changes were made to the configuration. If changes were made
+# to the configuration, only shared state files where the state was still valid would
+# be used (done using checksums).
+#
+# The default is a sstate-cache directory under TOPDIR.
+#
+#SSTATE_DIR ?= "${TOPDIR}/sstate-cache"
+
+#
+# Where to place the build output
+#
+# This option specifies where the bulk of the building work should be done and
+# where BitBake should place its temporary files and output. Keep in mind that
+# this includes the extraction and compilation of many applications and the toolchain
+# which can use Gigabytes of hard disk space.
+#
+# The default is a tmp directory under TOPDIR.
+#
+#TMPDIR = "${TOPDIR}/tmp"
+
+#
+# Default policy config
+#
+# The distribution setting controls which policy settings are used as defaults.
+# The default value is fine for general Yocto project use, at least initially.
+# Ultimately when creating custom policy, people will likely end up subclassing
+# these defaults.
+#
+DISTRO ?= "dey"
+# As an example of a subclass there is a "bleeding" edge policy configuration
+# where many versions are set to the absolute latest code from the upstream
+# source control systems. This is just mentioned here as an example, its not
+# useful to most new users.
+# DISTRO ?= "poky-bleeding"
+
+#
+# Package Management configuration
+#
+# This variable lists which packaging formats to enable. Multiple package backends
+# can be enabled at once and the first item listed in the variable will be used
+# to generate the root filesystems.
+# Options are:
+#  - 'package_deb' for debian style deb files
+#  - 'package_ipk' for ipk files are used by opkg (a debian style embedded package manager)
+#  - 'package_rpm' for rpm style packages
+# E.g.: PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk"
+# We default to rpm:
+PACKAGE_CLASSES ?= "package_rpm"
+
+#
+# SDK/ADT target architecture
+#
+# This variable specifies the architecture to build SDK/ADT items for and means
+# you can build the SDK packages for architectures other than the machine you are
+# running the build on (i.e. building i686 packages on an x86_64 host).
+# Supported values are i686 and x86_64
+#SDKMACHINE ?= "i686"
+
+#
+# Extra image configuration defaults
+#
+# The EXTRA_IMAGE_FEATURES variable allows extra packages to be added to the generated
+# images. Some of these options are added to certain image types automatically. The
+# variable can contain the following options:
+#  "dbg-pkgs"       - add -dbg packages for all installed packages
+#                     (adds symbol information for debugging/profiling)
+#  "dev-pkgs"       - add -dev packages for all installed packages
+#                     (useful if you want to develop against libs in the image)
+#  "ptest-pkgs"     - add -ptest packages for all ptest-enabled packages
+#                     (useful if you want to run the package test suites)
+#  "tools-sdk"      - add development tools (gcc, make, pkgconfig etc.)
+#  "tools-debug"    - add debugging tools (gdb, strace)
+#  "eclipse-debug"  - add Eclipse remote debugging support
+#  "tools-profile"  - add profiling tools (oprofile, exmap, lttng, valgrind)
+#  "tools-testapps" - add useful testing tools (ts_print, aplay, arecord etc.)
+#  "debug-tweaks"   - make an image suitable for development
+#                     e.g. ssh root access has a blank password
+# There are other application targets that can be used here too, see
+# meta/classes/image.bbclass and meta/classes/core-image.bbclass for more details.
+# We default to enabling the debugging tweaks.
+EXTRA_IMAGE_FEATURES = "debug-tweaks"
+
+#
+# Additional image features
+#
+# The following is a list of additional classes to use when building images which
+# enable extra features. Some available options which can be included in this variable
+# are:
+#   - 'buildstats' collect build statistics
+#   - 'image-mklibs' to reduce shared library files size for an image
+#   - 'image-prelink' in order to prelink the filesystem image
+#   - 'image-swab' to perform host system intrusion detection
+# NOTE: if listing mklibs & prelink both, then make sure mklibs is before prelink
+# NOTE: mklibs also needs to be explicitly enabled for a given image, see local.conf.extended
+# NOTE: image-prelink is currently broken due to problems with the prelinker.  It is advised
+# that you do NOT run the prelinker at this time.
+USER_CLASSES ?= "buildstats image-mklibs"
+
+#
+# Runtime testing of images
+#
+# The build system can test booting virtual machine images under qemu (an emulator)
+# after any root filesystems are created and run tests against those images. To
+# enable this uncomment this line. See classes/testimage(-auto).bbclass for
+# further details.
+#TEST_IMAGE = "1"
+#
+# Interactive shell configuration
+#
+# Under certain circumstances the system may need input from you and to do this it
+# can launch an interactive shell. It needs to do this since the build is
+# multithreaded and needs to be able to handle the case where more than one parallel
+# process may require the user's attention. The default is iterate over the available
+# terminal types to find one that works.
+#
+# Examples of the occasions this may happen are when resolving patches which cannot
+# be applied, to use the devshell or the kernel menuconfig
+#
+# Supported values are auto, gnome, xfce, rxvt, screen, konsole (KDE 3.x only), none
+# Note: currently, Konsole support only works for KDE 3.x due to the way
+# newer Konsole versions behave
+#OE_TERMINAL = "auto"
+# By default disable interactive patch resolution (tasks will just fail instead):
+PATCHRESOLVE = "noop"
+
+#
+# Disk Space Monitoring during the build
+#
+# Monitor the disk space during the build. If there is less that 1GB of space or less
+# than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully
+# shutdown the build. If there is less that 100MB or 1K inodes, perform a hard abort
+# of the build. The reason for this is that running completely out of space can corrupt
+# files and damages the build in ways which may not be easily recoverable.
+# It's necesary to monitor /tmp, if there is no space left the build will fail
+# with very exotic errors.
+BB_DISKMON_DIRS = "\
+    STOPTASKS,${TMPDIR},1G,100K \
+    STOPTASKS,${DL_DIR},1G,100K \
+    STOPTASKS,${SSTATE_DIR},1G,100K \
+    STOPTASKS,/tmp,100M,100K \
+    ABORT,${TMPDIR},100M,1K \
+    ABORT,${DL_DIR},100M,1K \
+    ABORT,${SSTATE_DIR},100M,1K \
+    ABORT,/tmp,10M,1K"
+
+#
+# Shared-state files from other locations
+#
+# As mentioned above, shared state files are prebuilt cache data objects which can
+# used to accelerate build time. This variable can be used to configure the system
+# to search other mirror locations for these objects before it builds the data itself.
+#
+# This can be a filesystem directory, or a remote url such as http or ftp. These
+# would contain the sstate-cache results from previous builds (possibly from other
+# machines). This variable works like fetcher MIRRORS/PREMIRRORS and points to the
+# cache locations to check for the shared objects.
+# NOTE: if the mirror uses the same structure as SSTATE_DIR, you need to add PATH
+# at the end as shown in the examples below. This will be substituted with the
+# correct path within the directory structure.
+#SSTATE_MIRRORS ?= "\
+#file://.* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \
+#file://.* file:///some/local/dir/sstate/PATH"
+
+
+#
+# Qemu configuration
+#
+# By default qemu will build with a builtin VNC server where graphical output can be
+# seen. The two lines below enable the SDL backend too. By default libsdl-native will
+# be built, if you want to use your host's libSDL instead of the minimal libsdl built
+# by libsdl-native then uncomment the ASSUME_PROVIDED line below.
+PACKAGECONFIG_append_pn-qemu-native = " sdl"
+PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl"
+#ASSUME_PROVIDED += "libsdl-native"
+
+
+# CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to
+# track the version of this file when it was generated. This can safely be ignored if
+# this doesn't mean anything to you.
+CONF_VERSION = "1"
+
+#
+# Enable local PR server
+#
+PRSERV_HOST = "localhost:0"
+
+#
+# Some libraries and packages are covered by Freescale EULA
+#
+#ACCEPT_FSL_EULA = "1"