Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'dey-2.6/master' into dey-2.6/maint 

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2020-02-05 17:59:13 +01:00
parent 92d658107f 1516bd03d0
commit 8185f8e884
197 changed files with 4735 additions and 15997 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,5 +1,5 @@
# Digi Embedded Yocto (DEY) 2.6
## Release 2.6-r2
## Release 2.6-r3
This document provides information about Digi Embedded Yocto,
Digi International's professional embedded Yocto development environment.
@ -86,8 +86,8 @@ Documentation is available online at https://www.digi.com/resources/documentatio
# Downloads
* Demo images: ftp://ftp1.digi.com/support/digiembeddedyocto/2.6/r2/images/
* Software Development Kit (SDK): ftp://ftp1.digi.com/support/digiembeddedyocto/2.6/r2/sdk/
* Demo images: https://ftp1.digi.com/support/digiembeddedyocto/2.6/r2/images/
* Software Development Kit (SDK): https://ftp1.digi.com/support/digiembeddedyocto/2.6/r2/sdk/
# Release Changelog

2
meta-digi-arm/classes/fsl-eula-unpack.bbclass
View File

@ -6,7 +6,7 @@
#
# SRC_URI = "${FSL_MIRROR}/firmware-imx-${PV};fsl-eula=true"
LIC_FILES_CHKSUM_append = " file://${FSL_EULA_FILE};md5=72c0f70181bb6e83eee6aab8de12a9f3"
LIC_FILES_CHKSUM_append = " file://${FSL_EULA_FILE};md5=fd4b227530cd88a82af6a5982cfb724d"
LIC_FILES_CHKSUM[vardepsexclude] += "FSL_EULA_FILE"

7
meta-digi-arm/classes/image_types_digi.bbclass
View File

@ -206,6 +206,10 @@ trustence_sign_cpio() {
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
if [ "${SIGN_MODE}" = "AHAB" ]; then
${DEPLOY_DIR_IMAGE}/imx-boot-tools/mkimage_imx8 -soc ${MX8_SOC_VAR} -rev ${MX8_CHIP_REV} -c -ap ${1} a35 ${RAM_CONTAINER_LOC_TF} -out ${1}-mkimg
mv "${1}-mkimg" "${1}"
fi
# Sign/encrypt the ramdisk
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -i "${1}" "${1}.tf"
else
@ -215,7 +219,8 @@ trustence_sign_cpio() {
}
CONVERSIONTYPES += "tf"
CONVERSION_CMD_tf = "trustence_sign_cpio ${IMAGE_NAME}.rootfs.${type}"
CONVERSION_DEPENDS_tf = "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
CONVERSION_DEPENDS_tf = "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', \
oe.utils.conditional('SIGN_MODE', 'AHAB', 'trustfence-sign-tools-native imx-mkimage', 'trustfence-sign-tools-native', d), '', d)}"
IMAGE_TYPES += "cpio.gz.u-boot.tf"
################################################################################

2
meta-digi-arm/conf/layer.conf
View File

@ -23,6 +23,6 @@ LICENSE_PATH += "${LAYERDIR}/custom-licenses"
DIGI_LOG_GIT ?= "git://log-sln-git.digi.com/"
DIGI_MTK_GIT ?= "git://stash.digi.com/"
DIGI_GIT ?= "${DIGI_LOG_GIT}"
DIGI_PKG_SRC ?= "ftp://ftp1.digi.com/support/digiembeddedyocto/source"
DIGI_PKG_SRC ?= "https://ftp1.digi.com/support/digiembeddedyocto/source"
DIGI_GITHUB_GIT ?= "git://github.com/digi-embedded"

8
meta-digi-arm/conf/machine/ccimx6qpsbc.conf
View File

@ -7,9 +7,11 @@ include conf/machine/include/ccimx6.inc
# Wireless external module
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
HAS_WIFI_VIRTWLANS = "true"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
WLAN_P2P_DEVICE_NAME ?= "ccimx6qp-p2p"
MACHINE_EXTRA_RRECOMMENDS += " \
cryptoauthlib \
@ -36,9 +38,15 @@ KERNEL_DEVICETREE ?= " \
SERIAL_CONSOLES ?= "115200;ttymxc3"
# Bluetooth interface
BT_DEVICE_NAME ?= "cc6qp"
# Bluetooth tty
BT_TTY ?= "ttymxc1"
# XBee
XBEE_TTY ?= "ttymxc4"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"

11
meta-digi-arm/conf/machine/ccimx6sbc.conf
View File

@ -5,6 +5,11 @@
# Contains the ConnectCore 6 module.
include conf/machine/include/ccimx6.inc
HAS_WIFI_VIRTWLANS = "false"
# Wireless p2p interface
WLAN_P2P_DEVICE_NAME ?= "ccimx6-p2p"
# Firmware
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_BT', '1' , 'firmware-atheros-ar3k', '', d)}"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1' , 'firmware-atheros-ath6kl', '', d)}"
@ -35,9 +40,15 @@ KERNEL_DEVICETREE ?= " \
SERIAL_CONSOLES ?= "115200;ttymxc3"
# Bluetooth interface
BT_DEVICE_NAME ?= "cc6"
# Bluetooth tty
BT_TTY ?= "ttymxc1"
# XBee
XBEE_TTY ?= "ttymxc4"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"

3
meta-digi-arm/conf/machine/ccimx6ulsbc.conf
View File

@ -35,6 +35,9 @@ SERIAL_CONSOLES ?= "115200;ttymxc4"
# Bluetooth tty
BT_TTY ?= "ttymxc0"
# XBee
XBEE_TTY ?= "ttymxc1"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"

36
meta-digi-arm/conf/machine/ccimx8mn-dvk.conf Normal file
View File

@ -0,0 +1,36 @@
#@TYPE: Machine
#@NAME: ConnectCore 8M Nano Development Kit.
#@DESCRIPTION: Machine configuration for Digi's ConnectCore 8M Nano DVK.
# Include the machine configuration for Digi's ConnectCore 8M Nano module.
include conf/machine/include/ccimx8mn.inc
# U-Boot configurations
# Last one is the default (the one the symlinks point at)
UBOOT_CONFIG ??= "ccimx8mn_dvk"
UBOOT_CONFIG[ccimx8mn_dvk] = "ccimx8mn_dvk_defconfig,,u-boot-dtb.${UBOOT_SUFFIX}"
SPL_BINARY = "spl/u-boot-spl.bin"
# Set u-boot DTB
UBOOT_DTB_NAME = "ccimx8mn-dvk.dtb"
KERNEL_DEVICETREE ?= " \
digi/ccimx8mn-dvk-wb.dtb \
digi/ccimx8mn-dvk.dtb \
"
SERIAL_CONSOLES ?= "115200;ttymxc0"
# Bluetooth tty
BT_TTY ?= "ttymxc1"
# XBees
XBEE_RESET_N_GPIO ?= "508,8"
XBEE_SLEEP_RQ_GPIO ?= "504,7"
XBEE_TTY ?= "ttymxc3"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"
# Flash image types
IMAGE_FSTYPES ?= "boot.vfat ext4 sdcard tar.bz2 recovery.vfat"

11
meta-digi-arm/conf/machine/ccimx8x-sbc-express.conf
View File

@ -5,16 +5,6 @@
# Include the machine configuration for Digi's ConnectCore 8X module.
include conf/machine/include/ccimx8x.inc
# Wireless external module
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
# Firmware
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_BT', '1', 'firmware-qualcomm-qca6574-bt', '', d)}"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'firmware-qualcomm-qca6574-wifi', '', d)}"
# U-Boot configurations
# Last one is the default (the one the symlinks point at)
UBOOT_CONFIG ??= "ccimx8x_sbc_express2GB ccimx8x_sbc_express1GB"
@ -35,6 +25,7 @@ BT_TTY ?= "ttyLP1"
# XBee
XBEE_RESET_N_GPIO ?= "397"
XBEE_SLEEP_RQ_GPIO ?= "400"
XBEE_TTY ?= "ttyLP0"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"

11
meta-digi-arm/conf/machine/ccimx8x-sbc-pro.conf
View File

@ -5,16 +5,6 @@
# Include the machine configuration for Digi's ConnectCore 8X module.
include conf/machine/include/ccimx8x.inc
# Wireless external module
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
# Firmware
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_BT', '1', 'firmware-qualcomm-qca6574-bt', '', d)}"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'firmware-qualcomm-qca6574-wifi', '', d)}"
# U-Boot configurations
# Last one is the default (the one the symlinks point at)
UBOOT_CONFIG ??= "ccimx8x_sbc_pro512MB ccimx8x_sbc_pro1GB ccimx8x_sbc_pro2GB"
@ -38,6 +28,7 @@ BT_TTY ?= "ttyLP1"
# XBee
XBEE_RESET_N_GPIO ?= "220"
XBEE_SLEEP_RQ_GPIO ?= "216"
XBEE_TTY ?= "ttyMCA0"
# U-Boot script to be copied to the boot image
BOOT_SCRIPTS = "boot.scr:boot.scr"

4
meta-digi-arm/conf/machine/include/ccimx6.inc
View File

@ -15,6 +15,8 @@ UBOOT_SUFFIX = "imx"
# Linux kernel configuration
KERNEL_DEFCONFIG ?= "arch/arm/configs/ccimx6sbc_defconfig"
STORAGE_MEDIA = "mmc"
# Wireless external module
WIRELESS_MODULE ?= ""
@ -41,3 +43,5 @@ MACHINE_EXTRA_RRECOMMENDS += " \
"
MACHINE_FEATURES += "accel-graphics accel-video wifi bluetooth pci"
SIGN_MODE = "HAB"

9
meta-digi-arm/conf/machine/include/ccimx6ul.inc
View File

@ -12,12 +12,19 @@ include conf/machine/include/tune-cortexa7.inc
UBOOT_PREFIX = "u-boot"
UBOOT_SUFFIX = "imx"
STORAGE_MEDIA = "mtd"
# Bluetooth interface
BT_DEVICE_NAME ?= "cc6ul"
# Wireless external module
WIRELESS_MODULE ?= ""
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
HAS_WIFI_VIRTWLANS = "true"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
WLAN_P2P_DEVICE_NAME ?= "ccimx6ul-p2p"
# Firmware
MACHINE_FIRMWARE ?= "firmware-imx-sdma"
@ -50,3 +57,5 @@ MKUBIFS_BOOT_ARGS ?= "-m 2048 -e 126976 -c 255"
# mkfs.ubifs parameters for rootfs partition
# Max LEB count (-c 8191) calculated for a partition of up to 1 GiB considering 128 KiB erase-block size.
MKUBIFS_ARGS ?= "-m 2048 -e 126976 -c 8191"
SIGN_MODE = "HAB"

74
meta-digi-arm/conf/machine/include/ccimx8mn.inc Normal file
View File

@ -0,0 +1,74 @@
#@TYPE: Machine
#@NAME: ConnectCore 8M Nano module.
#@DESCRIPTION: Machine configuration for Digi's ConnectCore 8M Nano module.
DIGI_FAMILY = "ccimx8mn"
MACHINEOVERRIDES =. "mx8:mx8m:mx8mn:ccimx8m:${DIGI_FAMILY}:"
include conf/machine/include/imx-digi-base.inc
include conf/machine/include/arm/arch-arm64.inc
# Platform u-boot settings
UBOOT_PREFIX = "imx-boot"
UBOOT_SUFFIX = "bin"
# The bootloader image that gets flashed consists of U-Boot and several fw binaries
EXTRA_IMAGEDEPENDS = "imx-boot"
BOOTLOADER_IMAGE_RECIPE = "imx-boot"
BOOTLOADER_SEEK = "32"
BOOTABLE_FILENAME = "${UBOOT_PREFIX}-${MACHINE}.bin"
SDIMG_BOOTLOADER = "${DEPLOY_DIR_IMAGE}/${BOOTABLE_FILENAME}"
# Set LPDDR4 FIRMWARE
DDR_FIRMWARE_NAME = "lpddr4_pmu_train_1d_imem.bin lpddr4_pmu_train_1d_dmem.bin lpddr4_pmu_train_2d_imem.bin lpddr4_pmu_train_2d_dmem.bin"
# Linux kernel configuration
KERNEL_DEFCONFIG ?= "arch/arm64/configs/ccimx8_defconfig"
STORAGE_MEDIA = "mmc"
# Bluetooth interface
BT_DEVICE_NAME ?= "cc8mn"
# Wireless external module
WIRELESS_MODULE ?= ""
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
HAS_WIFI_VIRTWLANS = "true"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
WLAN_P2P_DEVICE_NAME ?= "ccimx8mn-p2p"
# Firmware
MACHINE_FIRMWARE ?= "firmware-imx-sdma firmware-imx-easrc"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_BT', '1', 'firmware-qualcomm-qca6564-bt', '', d)}"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'firmware-qualcomm-qca6564-wifi', '', d)}"
MACHINE_EXTRA_RDEPENDS += " \
e2fsprogs-mke2fs \
e2fsprogs-resize2fs \
mca-tool \
parted \
u-boot-fw-utils \
xbee-init \
"
MACHINE_EXTRA_RRECOMMENDS += " \
${MACHINE_FIRMWARE} \
${WIRELESS_MODULE} \
cryptodev-module \
cryptoauthlib \
"
MACHINE_FEATURES += "accel-graphics accel-video wifi bluetooth cryptochip"
# AARCH64 doesn't support self-extracting zImage
KERNEL_IMAGETYPE = "Image.gz"
VIRTUAL-RUNTIME_init_manager ?= "systemd"
VIRTUAL-RUNTIME_initscripts ?= "initscripts"
# Adding 'wayland' along with 'x11' enables the xwayland backend
# Vulkan is necessary for wayland to build
DISTRO_FEATURES_append = " wayland vulkan systemd pam"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"

25
meta-digi-arm/conf/machine/include/ccimx8x.inc
View File

@ -27,13 +27,26 @@ SDIMG_BOOTLOADER = "${DEPLOY_DIR_IMAGE}/${BOOTABLE_FILENAME}"
RAM_CONFIGS = "1.2GHz_512MB_16bit 1.2GHz_1GB_16bit 1.2GHz_1GB_32bit 1.2GHz_2GB_32bit"
# Linux kernel configuration
KERNEL_DEFCONFIG ?= "arch/arm64/configs/ccimx8x_defconfig"
KERNEL_DEFCONFIG ?= "arch/arm64/configs/ccimx8_defconfig"
STORAGE_MEDIA = "mmc"
# Bluetooth interface
BT_DEVICE_NAME ?= "cc8x"
# Wireless external module
WIRELESS_MODULE ?= ""
WIRELESS_MODULE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'kernel-module-qualcomm', '', d)}"
HAS_WIFI_VIRTWLANS = "true"
# Wireless p2p interface
WLAN_P2P_INTERFACE ?= "p2p0"
WLAN_P2P_DEVICE_NAME ?= "ccimx8x-p2p"
# Firmware
MACHINE_FIRMWARE ?= "firmware-imx-vpu-imx8 firmware-imx-sdma"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_BT', '1', 'firmware-qualcomm-qca6574-bt', '', d)}"
MACHINE_FIRMWARE_append = " ${@oe.utils.conditional('HAVE_WIFI', '1', 'firmware-qualcomm-qca6574-wifi', '', d)}"
MACHINE_EXTRA_RDEPENDS += " \
e2fsprogs-mke2fs \
@ -59,6 +72,16 @@ KERNEL_IMAGETYPE = "Image.gz"
VIRTUAL-RUNTIME_init_manager ?= "systemd"
VIRTUAL-RUNTIME_initscripts ?= "initscripts"
# For i.MX 8 silicon chip revision
MX8_CHIP_REV ?= "B0"
MX8_SOC_VAR ?= "QX"
SIGN_MODE = "AHAB"
# For Trustfence container header RAM locations
RAM_CONTAINER_LOC_BOOT = "0x80280000"
RAM_CONTAINER_LOC_DTB = "0x82000000"
RAM_CONTAINER_LOC_TF = "0x82100000"
# Adding 'wayland' along with 'x11' enables the xwayland backend
# Vulkan is necessary for wayland to build
DISTRO_FEATURES_append = " wayland vulkan systemd pam"

3
meta-digi-arm/conf/machine/include/digi-defaults.inc
View File

@ -12,7 +12,8 @@ PREFERRED_PROVIDER_virtual/xserver = "xserver-xorg"
# Platform Linux U-Boot
# -------------------------------------------------
# ccimx6ul 4.14, 4.20 2017.03
# ccimx8x 4.14 2018.03, 2017.03 (both packaged in imx-boot)
# ccimx8x 4.14 2019.04, 2018.03, 2017.03 (all packaged in imx-boot)
# ccimx8mn 4.14 2018.03 (packaged in imx-boot)
#
# Help variables used in recipes

34
meta-digi-arm/conf/machine/include/imx-digi-base.inc
View File

@ -28,6 +28,7 @@ MACHINEOVERRIDES_EXTENDER_mx6q = "imxfbdev:imxipu:imxvpu:imxvpucnm:imxgpu:imxg
MACHINEOVERRIDES_EXTENDER_mx6dl = "imxfbdev:imxipu:imxpxp:imxvpu:imxvpucnm:imxgpu:imxgpu2d:imxdpublit:imxgpu3d:imxepdc"
MACHINEOVERRIDES_EXTENDER_mx6ul = "imxfbdev:imxpxp"
MACHINEOVERRIDES_EXTENDER_mx8qxp = "imxdrm:imxdpu:imxgpu:imxgpu2d:imxgpu3d"
MACHINEOVERRIDES_EXTENDER_mx8mn = "imxdrm:imxgpu:imxgpu3d"
# Sub-architecture support
MACHINE_SOCARCH_SUFFIX ?= ""
@ -37,16 +38,43 @@ MACHINE_SOCARCH_SUFFIX_mx6ul = "-mx6ul"
MACHINE_SOCARCH_SUFFIX_mx8qxp = "-mx8qxp"
MACHINE_SOCARCH_SUFFIX_mx8dxp = "-mx8dxp"
MACHINE_SOCARCH_SUFFIX_mx8dx = "-mx8dx"
MACHINE_SOCARCH_SUFFIX_mx8mn = "-mx8mn"
MACHINE_ARCH_FILTER = "virtual/kernel"
MACHINE_SOCARCH_FILTER_append_imxvpu = " imx-vpu libimxvpuapi imx-codec imx-vpuwrap imx-parser"
MACHINE_SOCARCH_FILTER_append_imxgpu2d = " virtual/libopenvg virtual/libgles1 virtual/libgles2 virtual/egl virtual/mesa virtual/libgl virtual/libg2d cairo pango"
MACHINE_SOCARCH_FILTER_append_imxpxp = " imx-codec imx-parser"
MACHINE_SOCARCH_FILTER_append_imxvpu = " \
imx-codec \
imx-vpu \
imx-vpuwrap \
libimxvpuapi \
"
MACHINE_SOCARCH_FILTER_append_imxgpu = " \
virtual/egl \
virtual/mesa \
virtual/libg2d \
libgal-imx \
virtual/libopenvg \
cairo \
opencv \
pango \
"
MACHINE_SOCARCH_FILTER_append_imxgpu3d = " \
virtual/libgl \
virtual/libgles1 \
virtual/libgles2 \
"
MACHINE_SOCARCH_FILTER_append_mx6q = " \
virtual/opencl-icd \
opencl-headers \
"
MACHINE_SOCARCH_FILTER_append_mx8 = " \
virtual/libopenvx \
virtual/opencl-icd \
opencl-headers \
"
MACHINE_SOCARCH_FILTER_append_imxpxp = " \
imx-codec \
"
INHERIT += "fsl-dynamic-packagearch"

4
meta-digi-arm/recipes-bsp/alsa-state/alsa-state.bbappend
View File

@ -1,4 +1,4 @@
# Copyright (C) 2013-2018 Digi International.
# Copyright (C) 2013-2020 Digi International.
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
@ -11,8 +11,8 @@ SRC_URI_append_ccimx6 = " \
"
SRC_URI_append_ccimx6ul = " file://asound.state"
SRC_URI_append_ccimx8x = " file://asound.state"
SRC_URI_append_ccimx8m = " file://asound.state"
do_install_append_ccimx6() {
ln -sf asound.micro_play.state ${D}${localstatedir}/lib/alsa/asound.state

9
meta-digi-arm/recipes-bsp/alsa-state/alsa-state/ccimx8mn/asound.conf Normal file
View File

@ -0,0 +1,9 @@
pcm.imxmax98088 {
type hw
card 0
}
ctl.imxmax98088 {
type hw
card 0
}
ctl.!default imxmax98088

1148
meta-digi-arm/recipes-bsp/alsa-state/alsa-state/ccimx8mn/asound.state Normal file
View File

File diff suppressed because it is too large Load Diff

6
meta-digi-arm/recipes-bsp/digi-sc-firmware/digi-sc-firmware_1.2.5.bb → meta-digi-arm/recipes-bsp/digi-sc-firmware/digi-sc-firmware_1.3.0.1.bb
View File

@ -4,15 +4,15 @@
DESCRIPTION = "i.MX System Controller Firmware, customized for Digi platforms"
LICENSE = "Proprietary"
LIC_FILES_CHKSUM = "file://COPYING;md5=72c0f70181bb6e83eee6aab8de12a9f3"
LIC_FILES_CHKSUM = "file://COPYING;md5=6c12031a11b81db21cdfe0be88cac4b3"
SECTION = "BSP"
inherit pkgconfig deploy
SRC_URI = "${DIGI_PKG_SRC}/${PN}-${PV}.tar.gz"
SRC_URI[md5sum] = "4a1a7a99cda9e55388d1c491011853c6"
SRC_URI[sha256sum] = "852cdd37d37905b08cfdc4b753ce33b7364749065bac91d78cc2292481e6d6a7"
SRC_URI[md5sum] = "29c2ab80f539dd285a8d99a23d616d3e"
SRC_URI[sha256sum] = "cb3f90c07e7ba547a8c467012bef23083a8e8c414c4a90e1b88c5a70dd7ece19"
S = "${WORKDIR}/${PN}-${PV}"

22
meta-digi-arm/recipes-bsp/firmware-imx/firmware-imx_8.3.bb → meta-digi-arm/recipes-bsp/firmware-imx/firmware-imx_8.4.1.bb
View File

@ -6,14 +6,14 @@ SUMMARY = "Freescale IMX firmware"
DESCRIPTION = "Freescale IMX firmware such as for the VPU"
SECTION = "base"
LICENSE = "Proprietary"
LIC_FILES_CHKSUM = "file://COPYING;md5=72c0f70181bb6e83eee6aab8de12a9f3"
LIC_FILES_CHKSUM = "file://COPYING;md5=fd4b227530cd88a82af6a5982cfb724d"
PE = "1"
SRC_URI = "${FSL_MIRROR}/firmware-imx-${PV}.bin;fsl-eula=true "
SRC_URI[md5sum] = "776c7fa64a6e96d9f0d9cd50bbf79ffc"
SRC_URI[sha256sum] = "48e4b9e4064930e2b6cd7f20f39177c8f4c5ef1a296f2ebc6ed422412ab56681"
SRC_URI[md5sum] = "70bdefdd7fb58f782237acf4c648f5cd"
SRC_URI[sha256sum] = "f04b2deb4f126e6b6cd4460462292acd72183b9f799e3b873fb390ff0f18eb55"
inherit fsl-eula-unpack allarch
@ -61,26 +61,12 @@ inherit deploy
addtask deploy before do_build after do_install
do_deploy () {
# Deploy i.MX8 related firmware files
if [ "${IS_MX8}" = "8m" ]; then
# Deploy ddr/synopsys
for ddr_firmware in ${DDR_FIRMWARE_NAME}; do
install -m 0644 ${S}/firmware/ddr/synopsys/${ddr_firmware} ${DEPLOYDIR}
done
# Deploy hdmi/cadence
install -m 0644 ${S}/firmware/hdmi/cadence/signed_dp_imx8m.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/signed_hdmi_imx8m.bin ${DEPLOYDIR}
elif [ "${IS_MX8}" = "8qm" ]; then
if [ "${IS_MX8}" = "8qm" ]; then
# Deploy hdmi/cadence
install -m 0644 ${S}/firmware/hdmi/cadence/hdmitxfw.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/hdmirxfw.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/dpfw.bin ${DEPLOYDIR}
# Deploy seco
install -m 0644 ${S}/firmware/seco/mx8qm-ahab-container.img ${DEPLOYDIR}
elif [ "${IS_MX8}" = "8qx" ]; then
# Deploy seco
install -m 0644 ${S}/firmware/seco/mx8qx-ahab-container.img ${DEPLOYDIR}
fi
}

52
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm.bb
View File

@ -1,4 +1,4 @@
# Copyright (C) 2016-2018 Digi International.
# Copyright (C) 2016-2020 Digi International.
SUMMARY = "Qualcomm firmware files for Digi's platforms."
SECTION = "base"
@ -10,42 +10,42 @@ QUALCOMM_WIFI_DRIVER ?= "proprietary"
# Bluetooth firmware files
FW_QUALCOMM_BT = " \
file://${QCA_MODEL}_bt/nvm_tlv_3.2.bin \
file://${QCA_MODEL}_bt/rampatch_tlv_3.2.tlv \
file://qca65X4_bt/nvm_tlv_3.2.bin \
file://qca65X4_bt/rampatch_tlv_3.2.tlv \
"
# Firmware files for QCA6564 (Qualcomm proprietary driver)
FW_QCA6564_WIFI_PROPRIETARY = " \
FW_QCA65X4_SDIO_PROPRIETARY = " \
file://bdwlan30_US.bin \
file://LICENCE.atheros_firmware \
file://qca6564_proprietary/otp30.bin \
file://qca6564_proprietary/qwlan30.bin \
file://qca6564_proprietary/utf30.bin \
file://qca65X4_sdio_proprietary/otp30.bin \
file://qca65X4_sdio_proprietary/qwlan30.bin \
file://qca65X4_sdio_proprietary/utf30.bin \
"
# Firmware files for QCA6574 (Qualcomm proprietary driver)
FW_QCA6574_WIFI_PROPRIETARY = " \
FW_QCA65X4_PCIE_PROPRIETARY = " \
file://bdwlan30_US.bin \
file://LICENCE.atheros_firmware \
file://qca6574_proprietary/qwlan30.bin \
file://qca6574_proprietary/fakeboar_US.bin \
file://qca6574_proprietary/otp.bin \
file://qca6574_proprietary/utf.bin \
file://qca65X4_pcie_proprietary/otp30.bin \
file://qca65X4_pcie_proprietary/qwlan30.bin \
file://qca65X4_pcie_proprietary/utf30.bin \
"
# Firmware files for QCA6574 (Qualcomm community driver)
# NOTE: the community file 'board.bin' must be substituted by proprietary
# 'fakeboar_US.bin'
# 'bdwlan30_US.bin'
FW_QCA6574_WIFI_COMMUNITY = " \
file://bdwlan30_US.bin \
file://qca6574_community/board-2.bin \
file://qca6574_community/firmware-4.bin \
file://qca6574_community/firmware-6.bin \
file://qca6574_community/notice_ath10k_firmware-4.txt \
file://qca6574_community/notice_ath10k_firmware-6.txt \
file://qca6574_proprietary/fakeboar_US.bin \
"
FW_QUALCOMM_WIFI ?= "${FW_QCA6564_WIFI_PROPRIETARY}"
FW_QUALCOMM_WIFI_ccimx8x = "${@oe.utils.conditional('QUALCOMM_WIFI_DRIVER', 'community', '${FW_QCA6574_WIFI_COMMUNITY}', '${FW_QCA6574_WIFI_PROPRIETARY}', d)}"
FW_QUALCOMM_WIFI ?= "${FW_QCA65X4_SDIO_PROPRIETARY}"
FW_QUALCOMM_WIFI_ccimx8x = "${@oe.utils.conditional('QUALCOMM_WIFI_DRIVER', 'community', '${FW_QCA6574_WIFI_COMMUNITY}', '${FW_QCA65X4_PCIE_PROPRIETARY}', d)}"
SRC_URI = " \
${FW_QUALCOMM_BT} \
@ -72,14 +72,24 @@ do_install() {
install -m 0644 ${FW_WIFI_FILES} ${D}${WIFI_FW_PATH}
if [ "${QUALCOMM_WIFI_DRIVER}" = "community" ]; then
# If using community driver, create symlink 'board.bin' to
# proprietary 'fakeboar_US.bin'
ln -s fakeboar_US.bin ${D}${WIFI_FW_PATH}/board.bin
# proprietary 'bdwlan30_US.bin'
ln -s bdwlan30_US.bin ${D}${WIFI_FW_PATH}/board.bin
else
if [ "${FW_QUALCOMM_WIFI}" = "${FW_QCA6574_WIFI_PROPRIETARY}" ]; then
if [ "${FW_QUALCOMM_WIFI}" = "${FW_QCA65X4_PCIE_PROPRIETARY}" ]; then
ln -s qwlan30.bin ${D}${WIFI_FW_PATH}/athwlan.bin
ln -s otp.bin ${D}${WIFI_FW_PATH}/athsetup.bin
ln -s otp30.bin ${D}${WIFI_FW_PATH}/athsetup.bin
fi
fi
# Disable IBS over H4 for all the platforms in the bluetooth firmware
printf \"\\x02\" | dd of="${D}${base_libdir}/firmware/qca/nvm_tlv_3.2.bin" bs=1 seek=54 count=1 conv=notrunc,fsync
}
do_install_append_ccimx6ul() {
# Disable DEEP SLEEP in the bluetooth firmware
printf \"\\x00\" | dd of="${D}${base_libdir}/firmware/qca/nvm_tlv_3.2.bin" bs=1 seek=74 count=1 conv=notrunc,fsync
# Enable Internal Clock in the bluetooth firmware
printf \"\\x01\\x00\" | dd of="${D}${base_libdir}/firmware/qca/nvm_tlv_3.2.bin" bs=1 seek=93 count=2 conv=notrunc,fsync
}
QCA_MODEL ?= "qca6564"
@ -92,4 +102,4 @@ FILES_${PN}-${QCA_MODEL}-bt = "/lib/firmware/qca"
FILES_${PN}-${QCA_MODEL}-wifi = "/lib/firmware"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x|ccimx8m)"

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/ccimx6ul/bdwlan30_US.bin
View File

Binary file not shown.

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/ccimx8mn/bdwlan30_US.bin Normal file
View File

Binary file not shown.

0
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_proprietary/fakeboar_US.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/ccimx8x/bdwlan30_US.bin
View File

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6564_bt/nvm_tlv_3.2.bin
View File

Binary file not shown.

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6564_bt/rampatch_tlv_3.2.tlv
View File

Binary file not shown.

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_bt/nvm_tlv_3.2.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_bt/nvm_tlv_3.2.bin
View File

Binary file not shown.

0
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_bt/rampatch_tlv_3.2.tlv → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_bt/rampatch_tlv_3.2.tlv
View File

0
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_proprietary/otp.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_pcie_proprietary/otp30.bin Normal file → Executable file
View File

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_proprietary/qwlan30.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_pcie_proprietary/qwlan30.bin
View File

Binary file not shown.

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6574_proprietary/utf.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_pcie_proprietary/utf30.bin Normal file → Executable file
View File

Binary file not shown.

0
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6564_proprietary/otp30.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_sdio_proprietary/otp30.bin
View File

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6564_proprietary/qwlan30.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_sdio_proprietary/qwlan30.bin
View File

Binary file not shown.

BIN
meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca6564_proprietary/utf30.bin → meta-digi-arm/recipes-bsp/firmware-qualcomm/firmware-qualcomm/qca65X4_sdio_proprietary/utf30.bin Normal file → Executable file
View File

Binary file not shown.

32
meta-digi-arm/recipes-bsp/imx-atf/imx-atf/0001-imx8mn-Disable-M7-debug-console.patch Normal file
View File

@ -0,0 +1,32 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Fri, 27 Dec 2019 09:42:48 +0100
Subject: [PATCH] imx8mn: Disable M7 debug console
The Cortex-M7 uses the UART4 as debug console, and it is
shared with the Cortex-A53.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
plat/imx/imx8mn/imx8mn_bl31_setup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plat/imx/imx8mn/imx8mn_bl31_setup.c b/plat/imx/imx8mn/imx8mn_bl31_setup.c
index 57db28a..a36c2d5 100644
--- a/plat/imx/imx8mn/imx8mn_bl31_setup.c
+++ b/plat/imx/imx8mn/imx8mn_bl31_setup.c
@@ -242,11 +242,12 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
#endif
bl31_tzc380_setup();
/* Assign M7 to domain 1 */
mmio_write_32(IMX_RDC_BASE + 0x204, 0x1);
- mmio_write_32(IMX_RDC_BASE + 0x518, 0xfc);
+ /* Uncomment to use the M7 debug console (shared with A53 UART4) */
+ /*mmio_write_32(IMX_RDC_BASE + 0x518, 0xfc);*/
mmio_write_32(IMX_RDC_BASE + 0x5A4, 0xf3);
}
void bl31_plat_arch_setup(void)
{
--

6
meta-digi-arm/recipes-bsp/imx-atf/imx-atf_2.0.bb
View File

@ -10,10 +10,12 @@ inherit fsl-eula-unpack pkgconfig deploy
PV = "2.0+git${SRCPV}"
ATF_SRC ?= "git://source.codeaurora.org/external/imx/imx-atf.git;protocol=https"
SRCBRANCH = "imx_4.14.98_2.1.0"
SRCBRANCH = "imx_4.14.98_2.3.0"
SRC_URI = "${ATF_SRC};branch=${SRCBRANCH}"
SRCREV = "727cf896a4c79d152dae4537e28400c747bf39b9"
SRCREV = "09c5cc994634060ad7dfef4620866838d19694a4"
SRC_URI_append_ccimx8mn = " file://0001-imx8mn-Disable-M7-debug-console.patch"
S = "${WORKDIR}/git"

14
meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot/0001-iMX8QX-remove-SC_BD_FLAGS_ALT_CONFIG-flag-in-flash_r.patch
View File

@ -17,15 +17,15 @@ Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iMX8QX/soc.mak b/iMX8QX/soc.mak
index 3c8e7b1..f06ece8 100755
index e08cf3c..88f990a 100755
--- a/iMX8QX/soc.mak
+++ b/iMX8QX/soc.mak
@@ -114,7 +114,7 @@ flash_linux_m4_xip: $(MKIMG) mx8qx-ahab-container.img scfw_tcm.bin u-boot-atf-co
@@ -120,7 +120,7 @@ flash_linux_m4_xip: $(MKIMG) $(AHAB_IMG) scfw_tcm.bin u-boot-atf-container.img m
./$(QSPI_PACKER) $(QSPI_HEADER)
flash_regression_linux_m4: $(MKIMG) mx8qx-ahab-container.img scfw_tcm.bin u-boot-atf.bin m4_image.bin
- ./$(MKIMG) -soc QX -rev B0 -append mx8qx-ahab-container.img -c -flags 0x00200000 -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -p3 -m4 m4_image.bin 0 0x34FE0000 -out flash.bin
+ ./$(MKIMG) -soc QX -rev B0 -append mx8qx-ahab-container.img -c -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -m4 m4_image.bin 0 0x34FE0000 -out flash.bin
flash_regression_linux_m4: $(MKIMG) $(AHAB_IMG) scfw_tcm.bin u-boot-atf.bin m4_image.bin
- ./$(MKIMG) -soc QX -rev B0 -append $(AHAB_IMG) -c -flags 0x00200000 -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -p3 -m4 m4_image.bin 0 0x34FE0000 -out flash.bin
+ ./$(MKIMG) -soc QX -rev B0 -append $(AHAB_IMG) -c -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -m4 m4_image.bin 0 0x34FE0000 -out flash.bin
flash_regression_linux_m4_ddr: $(MKIMG) mx8qx-ahab-container.img scfw_tcm.bin u-boot-atf.bin m4_image.bin
./$(MKIMG) -soc QX -rev B0 -append mx8qx-ahab-container.img -c -flags 0x00200000 -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -p3 -m4 m4_image.bin 0 0x88000000 -out flash.bin
flash_regression_linux_m4_ddr: $(MKIMG) $(AHAB_IMG) scfw_tcm.bin u-boot-atf.bin m4_image.bin
./$(MKIMG) -soc QX -rev B0 -append $(AHAB_IMG) -c -flags 0x00200000 -scfw scfw_tcm.bin -ap u-boot-atf.bin a35 0x80000000 -p3 -m4 m4_image.bin 0 0x88000000 -out flash.bin

184
meta-digi-arm/recipes-bsp/imx-mkimage/imx-boot_0.2.bbappend
View File

@ -1,22 +1,25 @@
# Copyright 2019 Digi International, Inc.
# Copyright 2019,2020 Digi International, Inc.
inherit boot-artifacts
# Use the v4.14 latest BSP branch
SRCBRANCH = "imx_4.14.98_2.1.0"
SRCREV = "abd6ce551a7b81fc6953d32d92b24a4a1d4b214e"
SRCBRANCH = "imx_4.14.98_2.3.0"
SRCREV = "2556000499f667123094af22326cfd8e4cbadaac"
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
SRC_URI_append_ccimx8x = " file://0001-iMX8QX-remove-SC_BD_FLAGS_ALT_CONFIG-flag-in-flash_r.patch"
IMX_EXTRA_FIRMWARE_ccimx8x = "digi-sc-firmware"
IMX_EXTRA_FIRMWARE_ccimx8x = "digi-sc-firmware imx-seco"
DEPENDS_append_ccimx8x = " coreutils-native"
DEPENDS_append_ccimx8x += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
# For i.MX 8, this package aggregates the imx-m4-demos
# output. Note that this aggregation replaces the aggregation
# that would otherwise be done in the image build as controlled
# by IMAGE_BOOTFILES_DEPENDS and IMAGE_BOOTFILES in image_types_fsl.bbclass
IMX_M4_DEMOS = "imx-m4-demos"
IMX_M4_DEMOS = ""
IMX_M4_DEMOS_mx8qm = "imx-m4-demos"
IMX_M4_DEMOS_mx8qxp = "imx-m4-demos"
# This package aggregates output deployed by other packages,
# so set the appropriate dependencies
@ -35,15 +38,29 @@ do_populate_lic[depends] += " \
firmware-imx:do_populate_lic \
"
ATF_MACHINE_NAME_mx8qxp = "bl31-imx8qx.bin"
ATF_MACHINE_NAME_mx8mn = "bl31-imx8mn.bin"
SECO_FIRMWARE ?= ""
SECO_FIRMWARE_mx8qm = "mx8qmb0-ahab-container.img"
SECO_FIRMWARE_mx8qxp = "mx8qxb0-ahab-container.img"
# i.MX8QXP C0 support
#SECO_FIRMWARE_mx8qxp = "mx8qxc0-ahab-container.img"
# 8MQ/8MM/8MN share the same soc folder
BOOT_STAGING_mx8mn = "${S}/iMX8M"
SOC_TARGET_mx8mn = "iMX8MN"
IMXBOOT_TARGETS_ccimx8x = "${@bb.utils.contains('UBOOT_CONFIG', 'fspi', 'flash_flexspi', \
'flash flash_regression_linux_m4', d)}"
do_compile () {
IMXBOOT_TARGETS_ccimx8mn = "${@bb.utils.contains('UBOOT_CONFIG', 'fspi', 'flash_evk_flexspi', 'flash_spl_uboot', d)}"
compile_mx8x() {
bbnote 8QX boot binary build
cp ${DEPLOY_DIR_IMAGE}/imx8qx_m4_TCM_srtm_demo.bin ${BOOT_STAGING}/m40_tcm.bin
cp ${DEPLOY_DIR_IMAGE}/imx8qx_m4_TCM_srtm_demo.bin ${BOOT_STAGING}/m4_image.bin
cp ${DEPLOY_DIR_IMAGE}/mx8qx-ahab-container.img ${BOOT_STAGING}/
cp ${DEPLOY_DIR_IMAGE}/imx8qx_m4_TCM_power_mode_switch.bin ${BOOT_STAGING}/m40_tcm.bin
cp ${DEPLOY_DIR_IMAGE}/imx8qx_m4_TCM_power_mode_switch.bin ${BOOT_STAGING}/m4_image.bin
cp ${DEPLOY_DIR_IMAGE}/${SECO_FIRMWARE} ${BOOT_STAGING}/
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${ATF_MACHINE_NAME} ${BOOT_STAGING}/bl31.bin
for type in ${UBOOT_CONFIG}; do
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/u-boot-${type}.bin ${BOOT_STAGING}/
@ -51,63 +68,105 @@ do_compile () {
for ramc in ${RAM_CONFIGS}; do
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${SC_FIRMWARE_NAME}-${ramc} ${BOOT_STAGING}/
done
}
compile_mx8m() {
bbnote 8MQ/8MM/8MN boot binary build
cp ${DEPLOY_DIR_IMAGE}/signed_*_imx8m.bin ${BOOT_STAGING}
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/u-boot-spl.bin-${MACHINE}-${UBOOT_CONFIG} ${BOOT_STAGING}/u-boot-spl.bin
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${UBOOT_DTB_NAME} ${BOOT_STAGING}/fsl-imx8mn-evk.dtb
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/u-boot-nodtb.bin-${MACHINE}-${UBOOT_CONFIG} ${BOOT_STAGING}/u-boot-nodtb.bin
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/mkimage_uboot ${BOOT_STAGING}/
cp ${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/${ATF_MACHINE_NAME} ${BOOT_STAGING}/bl31.bin
for ddr_firmware in ${DDR_FIRMWARE_NAME}; do
cp ${DEPLOY_DIR_IMAGE}/${ddr_firmware} ${BOOT_STAGING}
done
}
do_compile () {
compile_${SOC_FAMILY}
# mkimage for i.MX8
for type in ${UBOOT_CONFIG}; do
RAM_SIZE="$(echo ${type} | sed -e 's,.*[a-z]\+\([0-9]\+[M|G]B\)$,\1,g')"
for ramc in ${RAM_CONFIGS}; do
if echo "${ramc}" | grep -qs "${RAM_SIZE}"; then
# Match U-Boot memory size and and SCFW memory configuration
cd ${BOOT_STAGING}
ln -sf u-boot-${type}.bin u-boot.bin
ln -sf ${SC_FIRMWARE_NAME}-${ramc} scfw_tcm.bin
cd -
for target in ${IMXBOOT_TARGETS}; do
bbnote "building ${SOC_TARGET} - ${ramc} - ${target}"
make SOC=${SOC_TARGET} ${target}
if [ -e "${BOOT_STAGING}/flash.bin" ]; then
cp ${BOOT_STAGING}/flash.bin ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target}
fi
SCFWBUILT="yes"
done
rm ${BOOT_STAGING}/scfw_tcm.bin
rm ${BOOT_STAGING}/u-boot.bin
# Remove u-boot-atf.bin and u-boot-hash.bin so they get generated with the next iteration's U-Boot
rm ${BOOT_STAGING}/u-boot-atf.bin
rm ${BOOT_STAGING}/u-boot-hash.bin
if [ "${SOC_TARGET}" = "iMX8QX" ]; then
RAM_SIZE="$(echo ${type} | sed -e 's,.*[a-z]\+\([0-9]\+[M|G]B\)$,\1,g')"
for ramc in ${RAM_CONFIGS}; do
if echo "${ramc}" | grep -qs "${RAM_SIZE}"; then
# Match U-Boot memory size and and SCFW memory configuration
cd ${BOOT_STAGING}
ln -sf u-boot-${type}.bin u-boot.bin
ln -sf ${SC_FIRMWARE_NAME}-${ramc} scfw_tcm.bin
cd -
for target in ${IMXBOOT_TARGETS}; do
bbnote "building ${SOC_TARGET} - ${ramc} - ${target}"
make SOC=${SOC_TARGET} ${target}
# i.MX8QXP C0 support
#make SOC=${SOC_TARGET} REV=C0 ${target}
if [ -e "${BOOT_STAGING}/flash.bin" ]; then
cp ${BOOT_STAGING}/flash.bin ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target}
fi
SCFWBUILT="yes"
done
rm ${BOOT_STAGING}/scfw_tcm.bin
rm ${BOOT_STAGING}/u-boot.bin
# Remove u-boot-atf.bin and u-boot-hash.bin so they get generated with the next iteration's U-Boot
rm ${BOOT_STAGING}/u-boot-atf.bin
rm ${BOOT_STAGING}/u-boot-hash.bin
fi
done
else
# mkimage for i.MX8M
for target in ${IMXBOOT_TARGETS}; do
bbnote "building ${SOC_TARGET} - ${target}"
make SOC=${SOC_TARGET} ${target}
if [ -e "${BOOT_STAGING}/flash.bin" ]; then
cp ${BOOT_STAGING}/flash.bin ${S}/${UBOOT_PREFIX}-${MACHINE}.bin-${target}
fi
done
done
fi
done
# Check that SCFW was built at least once
if [ "${SCFWBUILT}" != "yes" ]; then
if [ "${SOC_TARGET}" = "iMX8QX" and "${SCFWBUILT}" != "yes" ]; then
bbfatal "SCFW was not built!"
fi
}
# ConnectCore 8M Nano does not have different binaries
UBOOT_RAM_COMBINATIONS_ccimx8mn = ""
do_install () {
install -d ${D}/boot
for ramc in ${UBOOT_RAM_COMBINATIONS}; do
if [ "${UBOOT_RAM_COMBINATIONS}" = "" ]; then
for target in ${IMXBOOT_TARGETS}; do
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target} ${D}/boot/
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}.bin-${target} ${D}/boot/
done
done
else
for ramc in ${UBOOT_RAM_COMBINATIONS}; do
for target in ${IMXBOOT_TARGETS}; do
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target} ${D}/boot/
done
done
fi
}
do_deploy () {
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
# copy the tool mkimage to deploy path and sc fw, dcd and uboot
install -m 0644 ${BOOT_STAGING}/mx8qx-ahab-container.img ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0644 ${BOOT_STAGING}/m40_tcm.bin ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0644 ${BOOT_STAGING}/m4_image.bin ${DEPLOYDIR}/${BOOT_TOOLS}
if [ "${SOC_TARGET}" = "iMX8QX" ]; then
install -m 0644 ${BOOT_STAGING}/${SECO_FIRMWARE} ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0644 ${BOOT_STAGING}/m40_tcm.bin ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0644 ${BOOT_STAGING}/m4_image.bin ${DEPLOYDIR}/${BOOT_TOOLS}
fi
install -m 0755 ${S}/${TOOLS_NAME} ${DEPLOYDIR}/${BOOT_TOOLS}
# copy makefile (soc.mak) for reference
install -m 0644 ${BOOT_STAGING}/soc.mak ${DEPLOYDIR}/${BOOT_TOOLS}
# copy the generated boot image to deploy path
for ramc in ${UBOOT_RAM_COMBINATIONS}; do
if [ "${UBOOT_RAM_COMBINATIONS}" = "" ]; then
IMAGE_IMXBOOT_TARGET=""
for target in ${IMXBOOT_TARGETS}; do
# Use first "target" as IMAGE_IMXBOOT_TARGET
@ -115,15 +174,52 @@ do_deploy () {
IMAGE_IMXBOOT_TARGET="$target"
echo "Set boot target as $IMAGE_IMXBOOT_TARGET"
fi
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target} ${DEPLOYDIR}
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}.bin-${target} ${DEPLOYDIR}
done
cd ${DEPLOYDIR}
ln -sf ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin
ln -sf ${UBOOT_PREFIX}-${MACHINE}.bin-${IMAGE_IMXBOOT_TARGET} ${UBOOT_PREFIX}-${MACHINE}.bin
# Link to default bootable U-Boot filename. It gets overwritten
# on every loop so the only last RAM_CONFIG will survive.
ln -sf ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME}
ln -sf ${UBOOT_PREFIX}-${MACHINE}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME}
cd -
done
else
for ramc in ${UBOOT_RAM_COMBINATIONS}; do
IMAGE_IMXBOOT_TARGET=""
for target in ${IMXBOOT_TARGETS}; do
# Use first "target" as IMAGE_IMXBOOT_TARGET
if [ "$IMAGE_IMXBOOT_TARGET" = "" ]; then
IMAGE_IMXBOOT_TARGET="$target"
echo "Set boot target as $IMAGE_IMXBOOT_TARGET"
fi
install -m 0644 ${S}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${target} ${DEPLOYDIR}
done
cd ${DEPLOYDIR}
ln -sf ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin
# Link to default bootable U-Boot filename. It gets overwritten
# on every loop so the only last RAM_CONFIG will survive.
ln -sf ${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin-${IMAGE_IMXBOOT_TARGET} ${BOOTABLE_FILENAME}
cd -
done
fi
}
COMPATIBLE_MACHINE = "(ccimx8x)"
do_deploy_append () {
if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${SIGN_MODE}" = "AHAB" ]; then
export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
# Sign U-boot image
for ramc in ${RAM_CONFIGS}; do
trustfence-sign-ahab-uboot.sh ${DEPLOYDIR}/${UBOOT_PREFIX}-${MACHINE}-${ramc}.bin ${DEPLOYDIR}/${UBOOT_PREFIX}-${MACHINE}-${ramc}-signed.bin
done
cd ${DEPLOYDIR}
cp ${B}/${config}SRK_efuses.bin ${DEPLOYDIR}
install ${B}/${config}SRK_efuses.bin SRK_efuses-${PV}-${PR}.bin
ln -sf SRK_efuses-${PV}-${PR}.bin SRK_efuses.bin
fi
}
COMPATIBLE_MACHINE = "(ccimx8x|ccimx8mn)"

6
meta-digi-arm/recipes-bsp/imx-mkimage/imx-mkimage_%.bbappend
View File

@ -1,5 +1,5 @@
# Copyright (C) 2018,2019 Digi International, Inc.
# Copyright (C) 2018-2020 Digi International, Inc.
# Use the v4.14 ga BSP branch
SRCBRANCH = "imx_4.14.98_2.1.0"
SRCREV = "abd6ce551a7b81fc6953d32d92b24a4a1d4b214e"
SRCBRANCH = "imx_4.14.98_2.3.0"
SRCREV = "2556000499f667123094af22326cfd8e4cbadaac"

24
meta-digi-arm/recipes-bsp/imx-seco/imx-seco-libs_git.bb Normal file
View File

@ -0,0 +1,24 @@
# Copyright 2019 NXP
SUMMARY = "NXP i.MX SECO library"
DESCRIPTION = "NXP IMX SECO library"
SECTION = "base"
LICENSE = "Proprietary"
LIC_FILES_CHKSUM = "file://LA_OPT_NXP_Software_License.htm;md5=6a8fcab25f3d3f5c2898456114b91f44"
DEPENDS = "zlib"
SRCBRANCH = "master"
SECO_LIB_SRC ?= "git://github.com/NXP/imx-seco-libs.git;protocol=https"
SRC_URI = "${SECO_LIB_SRC};branch=${SRCBRANCH}"
SRCREV = "1afb4e66ba26cc723bd5bf96eb2e79a6c81daa70"
S = "${WORKDIR}/git"
TARGET_CC_ARCH += "${LDFLAGS}"
do_install () {
oe_runmake DESTDIR=${D} install
}
COMPATIBLE_MACHINE = "(mx8qm|mx8qxp)"

32
meta-digi-arm/recipes-bsp/imx-seco/imx-seco_2.5.4.bb Normal file
View File

@ -0,0 +1,32 @@
# Copyright 2019 NXP
SUMMARY = "NXP i.MX SECO firmware"
DESCRIPTION = "NXP IMX SECO firmware"
SECTION = "base"
LICENSE = "Proprietary"
LIC_FILES_CHKSUM = "file://COPYING;md5=fd4b227530cd88a82af6a5982cfb724d"
inherit fsl-eula-unpack deploy
SRC_URI = "${FSL_MIRROR}/${PN}-${PV}.bin;fsl-eula=true "
SRC_URI[md5sum] = "52f71d8965e99cd162a91a326e2e5dd8"
SRC_URI[sha256sum] = "552076de1dfcf880bf1ccf208ad646dee0f32454bf4f620f71b8699c95ccb96e"
do_compile[noexec] = "1"
do_install[noexec] = "1"
SECO_FIRMWARE_NAME ?= "mx8qmb0-ahab-container.img"
SECO_FIRMWARE_NAME_mx8qm = "mx8qmb0-ahab-container.img"
SECO_FIRMWARE_NAME_mx8qxp = "mx8qxb0-ahab-container.img"
# i.MX8QXP C0 support
#SECO_FIRMWARE_NAME_mx8qxp = "mx8qxc0-ahab-container.img"
addtask deploy after do_install
do_deploy () {
# Deploy i.MX8 SECO firmware files
install -m 0644 ${S}/firmware/seco/${SECO_FIRMWARE_NAME} ${DEPLOYDIR}
}
COMPATIBLE_MACHINE = "(mx8qm|mx8qxp)"

11
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
View File

@ -13,6 +13,8 @@ SRC_URI = " \
file://0002-hab4_pki_tree.sh-automate-script.patch \
file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
file://0005-ahab_pki_tree.sh-automate-script.patch \
file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \
file://Makefile \
"
@ -41,7 +43,14 @@ do_install() {
install -d ${D}${bindir}
install -m 0755 linux64/cst ${D}${bindir}/cst
install -m 0755 $(find linux64 -type f -name srktool) ${D}${bindir}/srktool
install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
if [ "${SIGN_MODE}" = "AHAB" ]; then
install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
elif [ "${SIGN_MODE}" = "HAB" ]; then
install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
else
bberror "Unkown SIGN_MODE value"
exit 1
fi
install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf

206
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0005-ahab_pki_tree.sh-automate-script.patch Normal file
View File

@ -0,0 +1,206 @@
From: Mike Engel <Mike.Engel@digi.com>
Date: Fri, 24 Jan 2020 17:31:50 +0100
Subject: [PATCH] ahab_pki_tree.sh: automate script
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
---
keys/ahab_pki_tree.sh | 116 ++++++++++++++++++-------------------------------------
1 file changed, 38 insertions(+), 78 deletions(-)
diff --git a/keys/ahab_pki_tree.sh b/keys/ahab_pki_tree.sh
index 988c27e..00dd143 100755
--- a/keys/ahab_pki_tree.sh
+++ b/keys/ahab_pki_tree.sh
@@ -47,74 +47,36 @@
#
#-----------------------------------------------------------------------------
-printf "\n"
-printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
-printf " This script is a part of the Code signing tools for NXP's\n"
-printf " Advanced High Assurance Boot. It generates a basic PKI tree. The\n"
-printf " PKI tree consists of one or more Super Root Keys (SRK), with each\n"
-printf " SRK having one subordinate keys: \n"
-printf " + a Signing key (SGK) \n"
-printf " Additional keys can be added to the PKI tree but a separate \n"
-printf " script is available for this. This this script assumes openssl\n"
-printf " is installed on your system and is included in your search \n"
-printf " path. Finally, the private keys generated are password \n"
-printf " protectedwith the password provided by the file key_pass.txt.\n"
-printf " The format of the file is the password repeated twice:\n"
-printf " my_password\n"
-printf " my_password\n"
-printf " All private keys in the PKI tree are in PKCS #8 format will be\n"
-printf " protected by the same password.\n\n"
-printf " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
-
-stty erase 
-
-printf "Do you want to use an existing CA key (y/n)?: \b"
-read existing_ca
-if [ $existing_ca = "y" ]
-then
- printf "Enter CA key name: \b"
- read ca_key
- printf "Enter CA certificate name: \b"
- read ca_cert
+SCRIPT_BASEDIR="$(cd $(dirname ${0}) && pwd)"
+CSF_PATH="${1}"
+if [ ! -d "${CSF_PATH}" ]; then
+ echo "Invalid CSF_PATH: ${CSF_PATH}"
+ exit 1
fi
-printf "Do you want to use Elliptic Curve Cryptography (y/n)?: \b"
-read use_ecc
-if [ $use_ecc = "y" ]
-then
- printf "Enter length for elliptic curve to be used for PKI tree:\n"
- printf "Possible values p256, p384, p521: \b"
- read kl
-
- # Confirm that a valid key length has been entered
- case $kl in
- p256)
- cn="prime256v1" ;;
- p384)
- cn="secp384r1" ;;
- p521)
- cn="secp521r1" ;;
- *)
- echo Invalid key length. Supported key lengths: 256, 384, 521
- exit 1 ;;
- esac
-else
- printf "Enter key length in bits for PKI tree: \b"
- read kl
-
- # Confirm that a valid key length has been entered
- case $kl in
- 2048) ;;
- 3072) ;;
- 4096) ;;
- *)
- echo Invalid key length. Supported key lengths: 2048, 3072, 4096
- exit 1 ;;
- esac
-fi
+cd "${CSF_PATH}"
+
+[ -d crts ] || mkdir crts
+[ -d keys ] || mkdir keys
+
+cd keys
+
+use_ecc="y"
+existing_ca="n"
+kl="p521"
+cn="secp521r1"
+
+# Confirm that a valid key length has been entered
+case $kl in
+ p256);;
+ p384);;
+ p521);;
+ *)
+ echo Invalid key length. Supported key lengths: 256, 384, 521
+ exit 1 ;;
+esac
-printf "Enter the digest algorithm to use: \b"
-read da
+da="sha512"
# Confirm that a valid digest algorithm has been entered
case $da in
@@ -126,8 +88,7 @@ case $da in
exit 1 ;;
esac
-printf "Enter PKI tree duration (years): \b"
-read duration
+duration="10"
# Compute validity period
val_period=$((duration*365))
@@ -144,8 +105,7 @@ then
fi
# Check if SRKs should be generated as CA certs or user certs
-printf "Do you want the SRK certificates to have the CA flag set? (y/n)?: \b"
-read srk_ca
+srk_ca="y"
# Check that the file "serial" is present, if not create it:
if [ ! -f serial ]
@@ -201,7 +161,7 @@ then
-x509 -extensions v3_ca \
-keyout temp_ca.pem \
-out ${ca_cert}.pem \
- -days ${val_period} -config ../ca/openssl.cnf
+ -days ${val_period} -config "${SCRIPT_BASEDIR}/openssl.cnf"
# Generate CA key in PKCS #8 format - both PEM and DER
openssl pkcs8 -passin file:./key_pass.txt -passout file:./key_pass.txt \
@@ -218,7 +178,7 @@ then
openssl x509 -inform PEM -outform DER -in ${ca_cert}.pem -out ${ca_cert}.der
# Cleanup
- \rm temp_ca.pem
+ rm temp_ca.pem
fi
@@ -292,7 +252,7 @@ then
-out ${srk_key}.pem
# Cleanup
- \rm ./temp_srk.pem ./temp_srk_req.pem
+ rm ./temp_srk.pem ./temp_srk_req.pem
i=$((i+1))
done
else
@@ -341,10 +301,10 @@ do
-in ./temp_srk_req.pem \
-cert ${ca_cert}.pem \
-keyfile ${ca_key}.pem \
- -extfile ../ca/v3_ca.cnf \
+ -extfile "${SCRIPT_BASEDIR}/v3_ca.cnf" \
-out ${srk_crt}.pem \
-days ${val_period} \
- -config ../ca/openssl.cnf
+ -config "${SCRIPT_BASEDIR}/openssl.cnf"
# Convert SRK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -365,7 +325,7 @@ do
-out ${srk_key}.pem
# Cleanup
- \rm ./temp_srk.pem ./temp_srk_req.pem
+ rm ./temp_srk.pem ./temp_srk_req.pem
echo
echo ++++++++++++++++++++++++++++++++++++++++
@@ -410,10 +370,10 @@ do
-in ./temp_sgk_req.pem \
-cert ${srk_crt_i} \
-keyfile ${srk_key_i} \
- -extfile ../ca/v3_usr.cnf \
+ -extfile "${SCRIPT_BASEDIR}/v3_usr.cnf" \
-out ${sgk_crt}.pem \
-days ${val_period} \
- -config ../ca/openssl.cnf
+ -config "${SCRIPT_BASEDIR}/openssl.cnf"
# Convert SGK Certificate to DER format
openssl x509 -inform PEM -outform DER \
@@ -432,7 +392,7 @@ do
-out ${sgk_key}.pem
# Cleanup
- \rm ./temp_sgk.pem ./temp_sgk_req.pem
+ rm ./temp_sgk.pem ./temp_sgk_req.pem
i=$((i+1))
done

28
meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch Normal file
View File

@ -0,0 +1,28 @@
From: Mike Engel <Mike.Engel@digi.com>
Date: Fri, 24 Jan 2020 17:47:56 +0100
Subject: [PATCH] ahab_pki_tree.sh: use a random password for the default PKI
generation
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
---
keys/ahab_pki_tree.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/keys/ahab_pki_tree.sh b/keys/ahab_pki_tree.sh
index 00dd143..8b81143 100755
--- a/keys/ahab_pki_tree.sh
+++ b/keys/ahab_pki_tree.sh
@@ -117,9 +117,10 @@ fi
# Check that the file "key_pass.txt" is present, if not create it with default user/pwd:
if [ ! -f key_pass.txt ]
then
- echo "test" > key_pass.txt
- echo "test" >> key_pass.txt
- echo "A default file 'key_pass.txt' was created with password = test!"
+ password="$(openssl rand -base64 32)"
+ echo "${password}" > key_pass.txt
+ echo "${password}" >> key_pass.txt
+ echo "A file 'key_pass.txt' was created with a random password!"
fi
# The following is required otherwise OpenSSL complains

46
meta-digi-arm/recipes-bsp/u-boot/digi-u-boot.inc
View File

@ -63,7 +63,6 @@ do_compile () {
if [ $j -eq $i ]
then
oe_runmake -C ${S} O=${B}/${config} ${config}
# Reconfigure U-Boot with Digi UBOOT_EXTRA_CONF
for var in ${UBOOT_EXTRA_CONF}; do
echo "${var}" >> ${B}/${config}/.config
@ -80,7 +79,7 @@ do_compile () {
unset k
# Secure boot artifacts
if [ "${TRUSTFENCE_SIGN}" = "1" ]
if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${SIGN_MODE}" = "HAB" ]
then
cp ${B}/${config}/u-boot-dtb-signed.imx ${B}/${config}/u-boot-dtb-signed-${type}.${UBOOT_SUFFIX}
cp ${B}/${config}/u-boot-dtb-usb-signed.imx ${B}/${config}/u-boot-dtb-usb-signed-${type}.${UBOOT_SUFFIX}
@ -123,8 +122,7 @@ do_deploy_append() {
cd ${DEPLOYDIR}
rm -r ${UBOOT_BINARY}-${type}
ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_SUFFIX} u-boot-${type}.${UBOOT_SUFFIX}
if [ "${TRUSTFENCE_SIGN}" = "1" ]
then
if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${SIGN_MODE}" = "HAB" ]; then
install ${B}/${config}/SRK_efuses.bin SRK_efuses-${PV}-${PR}.bin
ln -sf SRK_efuses-${PV}-${PR}.bin SRK_efuses.bin
@ -163,9 +161,11 @@ do_deploy_append() {
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
# Sign boot script
TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${TMP_SIGNED_BOOTSCR}"
mv "${TMP_SIGNED_BOOTSCR}" "${DEPLOYDIR}/boot.scr"
if [ "${SIGN_MODE}" = "HAB" ]; then
TMP_SIGNED_BOOTSCR="$(mktemp ${WORKDIR}/bootscr-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot.scr" "${TMP_SIGNED_BOOTSCR}"
mv "${TMP_SIGNED_BOOTSCR}" "${DEPLOYDIR}/boot.scr"
fi
fi
rm -f ${TMP_BOOTSCR}
}
@ -178,4 +178,36 @@ do_deploy_append_ccimx8x() {
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
mv ${DEPLOYDIR}/u-boot* ${DEPLOYDIR}/${BOOT_TOOLS}/
mv ${DEPLOYDIR}/${UBOOT_SYMLINK}-* ${DEPLOYDIR}/${BOOT_TOOLS}/
if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
${DEPLOY_DIR_IMAGE}/${BOOT_TOOLS}/mkimage_imx8 -soc ${MX8_SOC_VAR} -rev ${MX8_CHIP_REV} -c -ap ${DEPLOYDIR}/boot.scr a35 ${RAM_CONTAINER_LOC_BOOT} -out ${DEPLOYDIR}/boot-mkimg.scr
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -b "${DEPLOYDIR}/boot-mkimg.scr" "${DEPLOYDIR}/boot.scr"
rm -f ${DEPLOYDIR}/boot-mkimg.scr
fi
}
do_deploy_append_ccimx8mn() {
# Move all U-Boot artifacts to the imx-boot-tools folder
# U-Boot images are not bootable on the i.MX8M
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
mv ${DEPLOYDIR}/u-boot-spl* ${DEPLOYDIR}/${BOOT_TOOLS}/
# Deploy the mkimage, u-boot-nodtb.bin and ccimx8mn-dvk.dtb for mkimage to generate boot binary
if [ -n "${UBOOT_CONFIG}" ]
then
for config in ${UBOOT_MACHINE}; do
i=$(expr $i + 1);
for type in ${UBOOT_CONFIG}; do
j=$(expr $j + 1);
if [ $j -eq $i ]
then
install -d ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0777 ${B}/${config}/arch/arm/dts/${UBOOT_DTB_NAME} ${DEPLOYDIR}/${BOOT_TOOLS}
install -m 0777 ${B}/${config}/tools/mkimage ${DEPLOYDIR}/${BOOT_TOOLS}/mkimage_uboot
install -m 0777 ${B}/${config}/u-boot-nodtb.bin ${DEPLOYDIR}/${BOOT_TOOLS}/u-boot-nodtb.bin-${MACHINE}-${UBOOT_CONFIG}
fi
done
unset j
done
unset i
fi
}

48
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8mn-dvk/boot.txt Normal file
View File

@ -0,0 +1,48 @@
#
# U-Boot bootscript for EMMC/SD images created by Yocto.
#
# Set SOC type to "imx8mn" if not already defined by U-Boot
if test ! -n "${soc_type}"; then
setenv soc_type "imx8mn"
fi
#
# Set device tree filename depending on the board ID (if defined)
#
if test -n "${board_id}"; then
setenv fdt_file cc${soc_type}-dvk-id${board_id}.dtb
else
#
# Set device tree filename depending on the hardware capabilities
#
if test -n "${module_ram}"; then
setexpr module_has_wifi ${hwid_2} \& 10000
setexpr module_has_wifi ${module_has_wifi} / 10000
setexpr module_has_bt ${hwid_2} \& 20000
setexpr module_has_bt ${module_has_bt} / 20000
if test "${module_has_wifi}" = "1" &&
test "${module_has_bt}" = "1"; then
setenv fdt_file cc${soc_type}-dvk-wb.dtb
else
setenv fdt_file cc${soc_type}-dvk.dtb
fi
fi
fi
# Get the UUID of the configured boot partition.
part uuid mmc ${mmcbootdev}:${mmcpart} bootpart
# Check the boot source.
if test "${bootpart}" = "${part1_uuid}"; then
# We are booting from the eMMC using 'linux'.
true
elif test "${bootpart}" = "${part2_uuid}"; then
# We are booting from the eMMC using 'recovery'.
setenv boot_initrd true
setenv initrd_file uramdisk-recovery.img
else
# We are booting from the SD card.
setenv mmcroot /dev/mmcblk${mmcbootdev}p2
fi
dboot linux mmc ${mmcbootdev}:${mmcpart}

142
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccimx8mn-dvk/install_linux_fw_sd.txt Normal file
View File

@ -0,0 +1,142 @@
#
# U-Boot script for installing Linux images created by Yocto from the SD
# card into the eMMC
#
echo "############################################################"
echo "# Linux firmware install from micro SD #"
echo "############################################################"
echo ""
echo " This process will erase your eMMC and will install a new"
echo " U-Boot and Linux firmware images on the eMMC."
echo ""
echo " Press CTRL+C now if you wish to abort or wait 10 seconds"
echo " to continue."
sleep 10
if test $? -eq 1; then
echo "Aborted by user.";
exit;
fi
setenv INSTALL_UBOOT_FILENAME imx-boot-ccimx8mn-dvk.bin;
setenv INSTALL_MMCDEV 1
setenv INSTALL_LINUX_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx8mn-dvk.boot.vfat
setenv INSTALL_RECOVERY_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx8mn-dvk.recovery.vfat
setenv INSTALL_ROOTFS_FILENAME dey-image-qt-##GRAPHICAL_BACKEND##-ccimx8mn-dvk.ext4
# Check for presence of firmware files on the SD card
for install_f in ${INSTALL_UBOOT_FILENAME} ${INSTALL_LINUX_FILENAME} ${INSTALL_RECOVERY_FILENAME} ${INSTALL_ROOTFS_FILENAME}; do
if test ! -e mmc ${INSTALL_MMCDEV} ${install_f}; then
echo "ERROR: Could not find file ${install_f}";
install_abort=1;
fi;
done
if test -n "${install_abort}"; then
echo "Aborted.";
exit;
fi
# Skip user confirmation for U-Boot update
setenv forced_update 1
# Set bootdelay to zero so that firmware update is run immediately after
# the first reset.
setenv bootdelay 0
# Set target MMC device index to eMMC
setenv mmcdev 0
# Update U-Boot
echo ""
echo ""
echo ">> Installing U-Boot boot loader (target will reset)"
echo ""
echo ""
update uboot mmc ${INSTALL_MMCDEV} fat ${INSTALL_UBOOT_FILENAME}
if test $? -eq 1; then
echo "[ERROR] Failed to update U-Boot boot loader!";
echo "";
echo "Aborted.";
exit;
fi
# Set 'bootcmd' to the second part of the script that will
# - Reset environment to defaults
# - Save the environment
# - Force on-the-fly updates to avoid possible verification errors
# - Partition the eMMC user data area for Linux
# - Update the 'linux' partition
# - Update the 'recovery' partition
# - Update the 'rootfs' partition
# - Configure recovery to wipe 'update' partition
# - Disable on-the-fly updates
# - Run 'recovery' and let the system boot after
setenv bootcmd "
env default -a;
saveenv;
setenv otf-update yes;
echo \"\";
echo \"\";
echo \">> Creating Linux partition table on the eMMC\";
echo \"\";
echo \"\";
run partition_mmc_linux;
if test \$? -eq 1; then
echo \"[ERROR] Failed to create Linux partition table!\";
echo \"\";
echo \"Aborted.\";
exit;
fi;
echo \"\";
echo \"\";
echo \">> Installing Linux kernel and device tree files\";
echo \"\";
echo \"\";
update linux mmc ${INSTALL_MMCDEV} fat ${INSTALL_LINUX_FILENAME};
if test \$? -eq 1; then
echo \"[ERROR] Failed to update linux partition!\";
echo \"\";
echo \"Aborted.\";
exit;
fi;
echo \"\";
echo \"\";
echo \">> Installing recovery\";
echo \"\";
echo \"\";
update recovery mmc ${INSTALL_MMCDEV} fat ${INSTALL_RECOVERY_FILENAME};
if test \$? -eq 1; then
echo \"[ERROR] Failed to update recovery partition!\";
echo \"\";
echo \"Aborted.\";
exit;
fi;
echo \"\";
echo \"\";
echo \">> Installing Linux root file system\";
echo \"\";
echo \"\";
update rootfs mmc ${INSTALL_MMCDEV} fat ${INSTALL_ROOTFS_FILENAME};
if test \$? -eq 1; then
echo \"[ERROR] Failed to update rootfs partition!\";
echo \"\";
echo \"Aborted.\";
exit;
fi;
echo \"\";
setenv boot_recovery yes;
setenv recovery_command wipe_update;
setenv otf-update;
saveenv;
echo \"\";
echo \"\";
echo \">> Firmware installation complete. Rebooting into recovery mode for final deployment.\";
echo \"\";
echo \"\";
sleep 1;
reset;
"
saveenv
reset

4
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2018.03.bb
View File

@ -1,8 +1,8 @@
# Copyright (C) 2019 Digi International
# Copyright (C) 2019,2020 Digi International
require digi-u-boot.inc
SRCBRANCH = "v2018.03/maint"
SRCREV = "${AUTOREV}"
COMPATIBLE_MACHINE = "(ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx8x|ccimx8m)"

11
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2019.04.bb Normal file
View File

@ -0,0 +1,11 @@
# Copyright (C) 2019 Digi International
require digi-u-boot.inc
LIC_FILES_CHKSUM = "file://Licenses/README;md5=30503fd321432fc713238f582193b78e"
DEPENDS += "flex-native bison-native"
SRCBRANCH = "v2019.04/master"
SRCREV = "${AUTOREV}"
COMPATIBLE_MACHINE = "(ccimx8x)"

7
meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/ccimx8mn/fw_env.config Normal file
View File

@ -0,0 +1,7 @@
# Configuration file for fw_(printenv/setenv) utility.
# Up to two entries are valid, in this case the redundant
# environment sector is assumed present.
# Device name Offset Size
/dev/mmcblk0boot1 0x1C0000 0x4000
/dev/mmcblk0boot1 0x1E0000 0x4000

2
meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils_%.bbappend
View File

@ -82,5 +82,3 @@ pkg_postinst_ontarget_${PN}() {
${CONFIG_FILE}
fi
}
COMPATIBLE_MACHINE = "(ccimx6$|ccimx6ul|ccimx8x)"

8
meta-digi-arm/recipes-core/udev/udev-extraconf_1.1.bbappend
View File

@ -22,6 +22,14 @@ do_install_append() {
>> ${D}${sysconfdir}/udev/rules.d/localextra.rules
fi
# XBee TTY symlink
if [ -n "${XBEE_TTY}" ]; then
printf "%s\n%s\n" \
"# Symlink to the XBee tty" \
"KERNEL==\"${XBEE_TTY}\", MODE=\"0660\", GROUP=\"tty\", SYMLINK+=\"ttyXBee\"" \
>> ${D}${sysconfdir}/udev/rules.d/localextra.rules
fi
install -d ${D}${sysconfdir}/modprobe.d
install -m 0644 ${WORKDIR}/blacklist.conf ${D}${sysconfdir}/modprobe.d
}

1
meta-digi-arm/recipes-cpu/m4-demos/imx-m4-demos-2.inc
View File

@ -22,6 +22,7 @@ SCR = "SCR-${SOC}-m4-demo.txt"
do_deploy () {
# Install the demo binaries
cp ${D}/* ${DEPLOYDIR}/
chmod 0644 ${DEPLOYDIR}/*
}
addtask deploy after do_install

14
meta-digi-arm/recipes-cpu/m4-demos/imx-m4-demos_2.5.2.bb
View File

@ -1,14 +0,0 @@
# Copyright 2017-2019 NXP
# Released under the MIT license (see COPYING.MIT for the terms)
require imx-m4-demos-2.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=80c0478f4339af024519b3723023fe28"
SRC_URI[imx8qm.md5sum] = "6423c4c60412b509b6d7537ce1a3fd44"
SRC_URI[imx8qm.sha256sum] = "cf430d4a111370c021435e864666d34fae4c4242907c195aad0c46c48073f78f"
SRC_URI[imx8qx.md5sum] = "fe2e5c9513faac946d29e5904bf792d9"
SRC_URI[imx8qx.sha256sum] = "151c6a578f6ae5a09b378015116061875047e4f3b6264e4becc80276621893b1"
COMPATIBLE_MACHINE = "(mx8qm|mx8qxp)"

11
meta-digi-arm/recipes-cpu/m4-demos/imx-m4-demos_2.7.0.bb Normal file
View File

@ -0,0 +1,11 @@
# Copyright 2017-2019 NXP
# Released under the MIT license (see COPYING.MIT for the terms)
require imx-m4-demos-2.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=fd4b227530cd88a82af6a5982cfb724d"
SRC_URI[imx8qx.md5sum] = "659c0ccf3a215fae7345d30e85774143"
SRC_URI[imx8qx.sha256sum] = "74e97eea086b3cabe6d4430570e46586625fba822af97c0c2b5d025e69b3b3cb"
COMPATIBLE_MACHINE = "(mx8qxp)"

404
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0001-Port-changes-from-the-cryptoauth-engine-repo-to-the-.patch
View File

@ -1,404 +0,0 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Wed, 14 Feb 2018 17:30:49 +0100
Subject: [PATCH 1/2] Port changes from the cryptoauth engine repo to the
library repo
Incorporate makefiles to be able to build cryptoauthlib as well as the changes
Digi has done in the atmel-cryptoauth-openssl-engine repo (except for
our modifications in the HAL section, which are not needed anymore). Update
package configuration version to 1.3, remove OpenSSL engine dependencies and
fix an infinite recursion that happened when cleaning the project.
https://jira.digi.com/browse/DEL-5591
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
---
Makefile | 32 +++++++++++++++++
Makefile.generic | 22 ++++++++++++
ecc-test-main.c | 71 +++++++++++++++++++++++++++++++++++++
lib/Makefile | 46 ++++++++++++++++++++++++
lib/atca_cfgs.c | 16 +++++++--
lib/atcacert/Makefile | 1 +
lib/basic/Makefile | 1 +
lib/crypto/Makefile | 1 +
lib/crypto/hashes/Makefile | 1 +
lib/cryptoauthlib.pc | 11 ++++++
lib/hal/Makefile | 1 +
lib/host/Makefile | 1 +
lib/jwt/Makefile | 1 +
lib/tls/Makefile | 1 +
test/Makefile | 15 ++++++++
test/atcacert/Makefile | 1 +
test/jwt/Makefile | 1 +
test/sha-byte-test-vectors/Makefile | 1 +
test/tls/Makefile | 1 +
19 files changed, 222 insertions(+), 3 deletions(-)
create mode 100644 Makefile
create mode 100644 Makefile.generic
create mode 100644 ecc-test-main.c
create mode 100644 lib/Makefile
create mode 100644 lib/atcacert/Makefile
create mode 100644 lib/basic/Makefile
create mode 100644 lib/crypto/Makefile
create mode 100644 lib/crypto/hashes/Makefile
create mode 100644 lib/cryptoauthlib.pc
create mode 100644 lib/hal/Makefile
create mode 100644 lib/host/Makefile
create mode 100644 lib/jwt/Makefile
create mode 100644 lib/tls/Makefile
create mode 100644 test/Makefile
create mode 100644 test/atcacert/Makefile
create mode 100644 test/jwt/Makefile
create mode 100644 test/sha-byte-test-vectors/Makefile
create mode 100644 test/tls/Makefile
diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000000..a471428ad12c
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,32 @@
+CWD:= $(shell pwd)
+CFLAGS+= -I. -I../.. -fPIC -g -O0
+SRC:= $(wildcard *.c)
+export CFLAGS
+
+SUBDIRS= lib test
+
+.PHONY: tgt_lib tgt_test clean
+
+all: tgt_lib tgt_test ecc-test
+
+%.o: %.c
+ $(CC) $(CFLAGS) -o $@ -c $<
+
+tgt_lib:
+ make -w -C lib
+
+tgt_test:
+ make -w -C test
+
+ecc-test: tgt_lib tgt_test
+ $(CC) -c ecc-test-main.c $(CFLAGS) $(LDFLAGS) -I ./lib/ -I ./test/
+ $(CC) -o ecc-test-main ecc-test-main.o $(LDFLAGS) test/tls/atcatls_tests.o -L lib -L test -lm -lc -lrt -lcryptoauth -lunity
+
+install:
+ for a in $(SUBDIRS); do $(MAKE) -C $$a $@; done
+ install -d $(DESTDIR)/usr/bin
+ install -m 0755 ecc-test-main $(DESTDIR)/usr/bin/
+
+clean:
+ rm -f *.o *.a ecc-test-main
+ $(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir) clean;)
diff --git a/Makefile.generic b/Makefile.generic
new file mode 100644
index 000000000000..f6a0d67c708c
--- /dev/null
+++ b/Makefile.generic
@@ -0,0 +1,22 @@
+CWD:= $(shell pwd)
+CFLAGS+= -I. -I.. -I../.. -I../../.. -I../../../.. -I../../lib -I../lib -fPIC -g -O0 -DATCA_HAL_I2C -DATCAPRINTF
+SRC:= $(wildcard *.c)
+export CFLAGS
+
+DIRECTORIES= $(shell find . -maxdepth 1 ! -path . -type d)
+SUBDIRS= $(DIRECTORIES)
+
+.PHONY: clean tgt_local
+
+MODULES= $(patsubst %.c,%.o,$(SRC))
+
+all: $(MODULES) tgt_local
+ $(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir);)
+
+%.o: %.c
+ $(CC) $(CFLAGS) -o $@ -c $<
+
+clean:
+ rm -f *.o *.a
+ $(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir) clean;)
+
diff --git a/ecc-test-main.c b/ecc-test-main.c
new file mode 100644
index 000000000000..032bc4bc2b5a
--- /dev/null
+++ b/ecc-test-main.c
@@ -0,0 +1,71 @@
+/** \file ecc-test-main.c
+ * \brief Used to launch CryptoAuthLib tests for TLS
+ *
+ * Copyright (c) 2015 Atmel Corporation. All rights reserved.
+ *
+ * \atmel_crypto_device_library_license_start
+ *
+ * \page License
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of Atmel nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior written permission.
+ *
+ * 4. This software may only be redistributed and used in connection with an
+ * Atmel integrated circuit.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//#include "ssl.h"
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+#include <cryptoauthlib.h>
+#include <tls/atcatls_tests.h>
+
+#define ATCA_HAL_I2C
+
+// Get a pointer to the default configuration based on the compiler switch
+#ifdef ATCA_HAL_KIT_CDC
+ATCAIfaceCfg* pCfg = &cfg_ecc508_kitcdc_default;
+#elif defined(ATCA_HAL_KIT_HID)
+ATCAIfaceCfg* pCfg = &cfg_ecc508_kithid_default;
+#elif defined(ATCA_HAL_I2C)
+ATCAIfaceCfg* pCfg = &cfg_ateccx08a_i2c_default;
+#endif
+
+
+/** \brief Main function for running ATECC508 tests.
+ * Use this test program to ensure that the Engine can communicate to your ATECC508
+ *
+ * \return For success return 0
+ */
+int main()
+{
+ uint8_t runTests = true;
+
+ if (runTests)
+ {
+ atcatls_test_runner(pCfg);
+ }
+ return 0;
+}
diff --git a/lib/Makefile b/lib/Makefile
new file mode 100644
index 000000000000..e8c89380a43c
--- /dev/null
+++ b/lib/Makefile
@@ -0,0 +1,46 @@
+CWD:=$(shell pwd)
+SRC:=$(wildcard *.c)
+
+DIRECTORIES=$(shell find . -maxdepth 1 ! -path . -type d)
+SUBDIRS=$(DIRECTORIES)
+
+.PHONY: clean
+
+MODULES=$(patsubst %.c,%.o,$(SRC))
+#O_FILES=$(shell find . -name \*.o)
+O_FILES=$(wildcard **/**/*.o)
+O_FILES+=$(wildcard **/*.o)
+LIBNAME=libcryptoauth
+
+INCLUDE_PATH = "$(DESTDIR)/usr/include/cryptoauthlib"
+
+all: $(MODULES)
+ - $(foreach subdir,$(basename $(SUBDIRS)),$(shell make -w -C $(subdir)))
+ @echo "OFILES: $(O_FILES)"
+ $(AR) -r $(LIBNAME).a $(MODULES) $(O_FILES)
+ $(RANLIB) $(LIBNAME).a
+
+.PHONY: install
+install: $(LIBNAME).a
+ install -d $(DESTDIR)/usr/lib/pkgconfig
+ install -m 0644 $(LIBNAME).a $(DESTDIR)/usr/lib/
+ install -m 0644 cryptoauthlib.pc $(DESTDIR)/usr/lib/pkgconfig/
+
+ install -d $(INCLUDE_PATH)/atcacert $(INCLUDE_PATH)/basic $(INCLUDE_PATH)/hal $(INCLUDE_PATH)/tls
+ install -m 0644 atcacert/*.h $(INCLUDE_PATH)/atcacert
+ install -m 0644 basic/*.h $(INCLUDE_PATH)/basic
+ install -m 0644 hal/*.h $(INCLUDE_PATH)/hal
+ install -m 0644 tls/*.h $(INCLUDE_PATH)/tls
+ install -m 0644 *.h $(INCLUDE_PATH)
+
+ install -d $(INCLUDE_PATH)/crypto/hashes
+ install -m 0644 crypto/*.h $(INCLUDE_PATH)/crypto
+ install -m 0644 crypto/hashes/*.h $(INCLUDE_PATH)/crypto/hashes
+
+%.o: %.c
+ $(CC) $(CFLAGS) -o $@ -c $<
+
+clean:
+ rm -f *.o *.a
+ $(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir) clean;)
+
diff --git a/lib/atca_cfgs.c b/lib/atca_cfgs.c
index b8de8e8ede7f..4cbd305724d4 100644
--- a/lib/atca_cfgs.c
+++ b/lib/atca_cfgs.c
@@ -40,14 +40,24 @@
/* if the number of these configurations grows large, we can #ifdef them based on required device support */
+/* Default I2C configuration */
+#ifndef ATCA_HAL_I2C_BUS
+#define ATCA_HAL_I2C_BUS 0
+#warning "Using default value for ATCA_HAL_I2C_BUS: 0"
+#endif
+
+#ifndef ATCA_HAL_I2C_SPEED
+#define ATCA_HAL_I2C_SPEED 400000
+#warning "Using default value for ATCA_HAL_I2C_SPEED: 400000"
+#endif
+
/** \brief default configuration for an ECCx08A device */
ATCAIfaceCfg cfg_ateccx08a_i2c_default = {
.iface_type = ATCA_I2C_IFACE,
.devtype = ATECC508A,
.atcai2c.slave_address = 0xC0,
- .atcai2c.bus = 2,
- .atcai2c.baud = 400000,
- //.atcai2c.baud = 100000,
+ .atcai2c.bus = ATCA_HAL_I2C_BUS,
+ .atcai2c.baud = ATCA_HAL_I2C_SPEED,
.wake_delay = 1500,
.rx_retries = 20
};
diff --git a/lib/atcacert/Makefile b/lib/atcacert/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/atcacert/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/basic/Makefile b/lib/basic/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/basic/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/crypto/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/crypto/hashes/Makefile b/lib/crypto/hashes/Makefile
new file mode 100644
index 000000000000..0356cb8c0cd5
--- /dev/null
+++ b/lib/crypto/hashes/Makefile
@@ -0,0 +1 @@
+include ../../../Makefile.generic
diff --git a/lib/cryptoauthlib.pc b/lib/cryptoauthlib.pc
new file mode 100644
index 000000000000..001a02c1c341
--- /dev/null
+++ b/lib/cryptoauthlib.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: cryptoauthlib
+Description: Atmel Cryptochip library for ATECC508A
+Version:1.3
+
+Libs: -L${libdir} -lcryptoauth
+Cflags: -I${includedir} -I${includedir}/cryptoauthlib -I${includedir}/cryptoauthlib/tls
diff --git a/lib/hal/Makefile b/lib/hal/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/hal/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/host/Makefile b/lib/host/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/host/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/jwt/Makefile b/lib/jwt/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/jwt/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/lib/tls/Makefile b/lib/tls/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/lib/tls/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/test/Makefile b/test/Makefile
new file mode 100644
index 000000000000..5de9ef42a46b
--- /dev/null
+++ b/test/Makefile
@@ -0,0 +1,15 @@
+LIBNAME= libunity
+LIB= $(LIBNAME).a
+AR+= r
+
+include ../Makefile.generic
+
+tgt_local:
+ $(CC) -o unity.o -c unity.c
+ $(AR) $(LIB) unity.o
+
+ecc-test: tgt_local
+ $(CC) -c ecc-test-main.c $(CFLAGS) -I. -I..
+ $(CC) -o ecc-test-main ecc-test-main.o ../test/tls/atcatls_tests.o -Lcryptoauthlib/lib -lcryptoauth -Lcryptoauthlib/test -lunity -lm -lc -lrt
+
+install: ;
diff --git a/test/atcacert/Makefile b/test/atcacert/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/test/atcacert/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/test/jwt/Makefile b/test/jwt/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/test/jwt/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic
diff --git a/test/sha-byte-test-vectors/Makefile b/test/sha-byte-test-vectors/Makefile
new file mode 100644
index 000000000000..78d24559879f
--- /dev/null
+++ b/test/sha-byte-test-vectors/Makefile
@@ -0,0 +1 @@
+empty_target: ;
diff --git a/test/tls/Makefile b/test/tls/Makefile
new file mode 100644
index 000000000000..aa3e01644e15
--- /dev/null
+++ b/test/tls/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.generic

63
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0001-lib-add-parameters-to-be-able-to-modify-default-I2C-.patch Normal file
View File

@ -0,0 +1,63 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Thu, 31 Oct 2019 11:49:06 +0100
Subject: [PATCH 1/6] lib: add parameters to be able to modify default I2C bus
index and speed
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
lib/CMakeLists.txt | 8 ++++++++
lib/atca_cfgs.c | 15 +++++++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 9816ed1..b198d1f 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -66,6 +66,14 @@ add_definitions(-DATCA_HAL_I2C)
set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} ${TWI_SRC})
endif(LINUX AND ATCA_HAL_I2C)
+if(ATCA_HAL_I2C_BUS)
+add_definitions(-DATCA_HAL_I2C_BUS=${ATCA_HAL_I2C_BUS})
+endif(ATCA_HAL_I2C_BUS)
+
+if(ATCA_HAL_I2C_SPEED)
+add_definitions(-DATCA_HAL_I2C_SPEED=${ATCA_HAL_I2C_SPEED})
+endif(ATCA_HAL_I2C_SPEED)
+
if(ATCA_HAL_CUSTOM)
add_definitions(-DATCA_HAL_CUSTOM)
endif()
diff --git a/lib/atca_cfgs.c b/lib/atca_cfgs.c
index a79e02b..60727f7 100644
--- a/lib/atca_cfgs.c
+++ b/lib/atca_cfgs.c
@@ -37,13 +37,24 @@
/* if the number of these configurations grows large, we can #ifdef them based on required device support */
+/* Default I2C configuration */
+#ifndef ATCA_HAL_I2C_BUS
+#define ATCA_HAL_I2C_BUS 0
+#warning "Using default value for ATCA_HAL_I2C_BUS: 0"
+#endif
+
+#ifndef ATCA_HAL_I2C_SPEED
+#define ATCA_HAL_I2C_SPEED 400000
+#warning "Using default value for ATCA_HAL_I2C_SPEED: 400000"
+#endif
+
/** \brief default configuration for an ECCx08A device */
ATCAIfaceCfg cfg_ateccx08a_i2c_default = {
.iface_type = ATCA_I2C_IFACE,
.devtype = ATECC608A,
.atcai2c.slave_address = 0xC0,
- .atcai2c.bus = 1,
- .atcai2c.baud = 400000,
+ .atcai2c.bus = ATCA_HAL_I2C_BUS,
+ .atcai2c.baud = ATCA_HAL_I2C_SPEED,
//.atcai2c.baud = 100000,
.wake_delay = 1500,
.rx_retries = 20

13459
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0002-Remove-unused-HAL-implementations.patch
View File

File diff suppressed because it is too large Load Diff

30
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0002-lib-apply-library-version-number-to-CMake-VERSION-pr.patch Normal file
View File

@ -0,0 +1,30 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Mon, 4 Nov 2019 16:11:48 +0100
Subject: [PATCH 2/6] lib: apply library version number to CMake VERSION
property
This way, CMake will generate a shared library with the version number and an
additional symlink without it. This avoids bitbake errors that appear when
creating *-dev packages, as Yocto development packages should only include
the soname symlinks instead of the actual library file.
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
lib/CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index b198d1f..88533f1 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -93,6 +93,8 @@ endif()
add_library(cryptoauth ${CRYPTOAUTH_SRC} ${ATCACERT_DEF_SRC})
+set_property(TARGET cryptoauth PROPERTY VERSION "${VERSION}")
+
set_property(TARGET cryptoauth PROPERTY C_STANDARD 99)
if(ATCA_PRINTF)

50
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-Build-cryptochip-cmd-processor-application-along-wit.patch
View File

@ -1,50 +0,0 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Mon, 26 Feb 2018 11:42:50 +0100
Subject: [PATCH 1/2] Build cryptochip-cmd-processor application along with the
library
This new test application is more complete than ecc-test-main. It includes a
command line with different test runs for the chip's basic functionality,
helper functions, certificate functions and allows the configuration to be
read, among other things.
Hardcode the app to use the ATECC508A and remove all code that is specific for
other chips.
https://jira.digi.com/browse/DEL-5763
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
Makefile | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index a471428..c57b1bf 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ SUBDIRS= lib test
.PHONY: tgt_lib tgt_test clean
-all: tgt_lib tgt_test ecc-test
+all: tgt_lib tgt_test ecc-test cmd-processor
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -22,11 +22,15 @@ ecc-test: tgt_lib tgt_test
$(CC) -c ecc-test-main.c $(CFLAGS) $(LDFLAGS) -I ./lib/ -I ./test/
$(CC) -o ecc-test-main ecc-test-main.o $(LDFLAGS) test/tls/atcatls_tests.o -L lib -L test -lm -lc -lrt -lcryptoauth -lunity
+cmd-processor: tgt_lib tgt_test
+ $(CC) -o cryptochip-cmd-processor test/*.o $(LDFLAGS) test/*/*.o -L lib -L test -lcryptoauth
+
install:
for a in $(SUBDIRS); do $(MAKE) -C $$a $@; done
install -d $(DESTDIR)/usr/bin
install -m 0755 ecc-test-main $(DESTDIR)/usr/bin/
+ install -m 0755 cryptochip-cmd-processor $(DESTDIR)/usr/bin
clean:
- rm -f *.o *.a ecc-test-main
+ rm -f *.o *.a ecc-test-main cryptochip-cmd-processor
$(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir) clean;)

84
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-pkcs11-rename-template-configuration-file-to-its-int.patch Normal file
View File

@ -0,0 +1,84 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Thu, 7 Nov 2019 13:43:53 +0100
Subject: [PATCH 3/6] pkcs11: rename template configuration file to its
intended name
Otherwise, users will need to manually rename the file in the rootfs to use
the pkcs11 feature.
https://jira.digi.com/browse/DEL-6835
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
CMakeLists.txt | 4 ++--
app/pkcs11/0.conf | 19 +++++++++++++++++++
app/pkcs11/slot.conf.tmpl | 19 -------------------
3 files changed, 21 insertions(+), 21 deletions(-)
create mode 100644 app/pkcs11/0.conf
delete mode 100644 app/pkcs11/slot.conf.tmpl
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9326fd1..00214d3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -80,8 +80,8 @@ install(CODE "
install(DIRECTORY DESTINATION ${DEFAULT_STORE_PATH})
install(CODE "execute_process(COMMAND chmod 1777 ${DEFAULT_STORE_PATH})")
install(CODE "
- if(NOT EXISTS ${DEFAULT_STORE_PATH}/slot.conf.tmpl)
- file(INSTALL ${PROJECT_SOURCE_DIR}/app/pkcs11/slot.conf.tmpl
+ if(NOT EXISTS ${DEFAULT_STORE_PATH}/0.conf)
+ file(INSTALL ${PROJECT_SOURCE_DIR}/app/pkcs11/0.conf
DESTINATION ${DEFAULT_STORE_PATH})
endif()
")
diff --git a/app/pkcs11/0.conf b/app/pkcs11/0.conf
new file mode 100644
index 0000000..b637abd
--- /dev/null
+++ b/app/pkcs11/0.conf
@@ -0,0 +1,19 @@
+# Reserved Configuration for a device
+# The objects in this file will be created and marked as undeletable
+# These are processed in order. Configuration parameters must be comma
+# delimited and may not contain spaces
+
+interface = i2c,0xB0
+freeslots = 1,2,3
+
+# Slot 0 is the primary private key
+object = private,device,0
+
+# Slot 10 is the certificate data for the device's public key
+#object = certificate,device,10
+
+# Slot 12 is the intermedate/signer certificate data
+#object = certificate,signer,12
+
+# Slot 15 is a public key
+object = public,root,15
diff --git a/app/pkcs11/slot.conf.tmpl b/app/pkcs11/slot.conf.tmpl
deleted file mode 100644
index b637abd..0000000
--- a/app/pkcs11/slot.conf.tmpl
+++ /dev/null
@@ -1,19 +0,0 @@
-# Reserved Configuration for a device
-# The objects in this file will be created and marked as undeletable
-# These are processed in order. Configuration parameters must be comma
-# delimited and may not contain spaces
-
-interface = i2c,0xB0
-freeslots = 1,2,3
-
-# Slot 0 is the primary private key
-object = private,device,0
-
-# Slot 10 is the certificate data for the device's public key
-#object = certificate,device,10
-
-# Slot 12 is the intermedate/signer certificate data
-#object = certificate,signer,12
-
-# Slot 15 is a public key
-object = public,root,15

82
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-lib-install-pkg-config-file-and-header-files.patch Normal file
View File

@ -0,0 +1,82 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Thu, 7 Nov 2019 14:16:53 +0100
Subject: [PATCH 4/6] lib: install pkg-config file and header files
These are needed to be able to develop using cryptoauthlib.
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
CMakeLists.txt | 15 +++++++++++++++
lib/CMakeLists.txt | 4 ++++
lib/cryptoauthlib.pc.in | 11 +++++++++++
3 files changed, 30 insertions(+)
create mode 100644 lib/cryptoauthlib.pc.in
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00214d3..f95736d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -33,6 +33,10 @@ set(DEFAULT_CONF_PATH "${CMAKE_INSTALL_FULL_SYSCONFDIR}/${PROJECT_NAME}" CACHE
STRING "The default location of ${PROJECT_NAME}.conf")
set(DEFAULT_STORE_PATH "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/${PROJECT_NAME}" CACHE
STRING "The default location of the filestore directory")
+set(DEFAULT_PKGCONFIG_PATH "${DEFAULT_LIB_PATH}/pkgconfig" CACHE
+ STRING "The default location of the library's pkg-config file")
+set(DEFAULT_INCLUDE_PATH "${CMAKE_INSTALL_FULL_INCLUDEDIR}" CACHE
+ STRING "The default location of the library's header files")
endif()
set(DEFAULT_CONF_FILE_NAME "${PROJECT_NAME}.conf" CACHE
@@ -49,6 +53,9 @@ endif()
# Set up a default configuration file to install
configure_file(${PROJECT_SOURCE_DIR}/app/pkcs11/cryptoauthlib.conf.in ${PROJECT_BINARY_DIR}/${DEFAULT_CONF_FILE_NAME})
+# Set up the pkg-config file
+configure_file(${PROJECT_SOURCE_DIR}/lib/${PROJECT_NAME}.pc.in ${PROJECT_BINARY_DIR}/${PROJECT_NAME}.pc @ONLY)
+
message(STATUS "Building Configuration: ${CMAKE_BUILD_TYPE}")
# Packaging
@@ -86,3 +93,11 @@ install(CODE "
endif()
")
+install(DIRECTORY DESTINATION ${DEFAULT_PKGCONFIG_PATH})
+install(CODE "
+ if(NOT EXISTS ${DEFAULT_PKGCONFIG_PATH}/${PROJECT_NAME}.pc)
+ file(INSTALL ${PROJECT_BINARY_DIR}/${PROJECT_NAME}.pc
+ DESTINATION ${DEFAULT_PKGCONFIG_PATH})
+ endif()
+ ")
+
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 88533f1..d4749ec 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -128,3 +128,7 @@ endif()
if(DEFAULT_LIB_PATH)
install(TARGETS ${PROJECT_NAME} DESTINATION ${DEFAULT_LIB_PATH})
endif()
+
+if(DEFAULT_INCLUDE_PATH)
+install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" DESTINATION "${DEFAULT_INCLUDE_PATH}" FILES_MATCHING PATTERN "*.h")
+endif()
diff --git a/lib/cryptoauthlib.pc.in b/lib/cryptoauthlib.pc.in
new file mode 100644
index 0000000..e682913
--- /dev/null
+++ b/lib/cryptoauthlib.pc.in
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
+
+Name: @PROJECT_NAME@
+Description: Atmel Cryptochip library for ATECC508A
+Version: @VERSION@
+
+Libs: -L${libdir} -lcryptoauth
+Cflags: -I${includedir} -I${includedir}/@PROJECT_NAME@

96
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0005-test-add-CMakeLists.txt.patch Normal file
View File

@ -0,0 +1,96 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Thu, 7 Nov 2019 16:36:35 +0100
Subject: [PATCH 5/6] test: add CMakeLists.txt
This file was ported form the master branch to be able to compile the
cryptoauth_test app. Additional installation instructions were added as well.
Move the ATCA_HAL_I2C build option to the root CMake file to enable it for both
the library and the test app.
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
CMakeLists.txt | 3 +++
lib/CMakeLists.txt | 1 -
test/CMakeLists.txt | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+), 1 deletion(-)
create mode 100644 test/CMakeLists.txt
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 429c06c..a490557 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,9 @@
cmake_minimum_required(VERSION 2.6.4)
project (cryptoauthlib)
+# Enable the I2C build option at a global level by default to use it for both the library and the test app
+option(ATCA_HAL_I2C "Include the I2C Hal Driver - Linux & MCU only" ON)
+
# Set the current release version
set(VERSION "2018.10.26")
set(VERSION_MAJOR 2028)
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 88533f1..6a00f7c 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -3,7 +3,6 @@ project(cryptoauth)
# Various Options for Build
option(ATCA_HAL_KIT_HID "Include the HID HAL Driver")
-option(ATCA_HAL_I2C "Include the I2C Hal Driver - Linux & MCU only" ON)
option(ATCA_HAL_CUSTOM "Include support for Custom/Plug-in Hal Driver" ON)
option(ATCA_PRINTF "Enable Debug print statements in library")
option(ATCA_PKCS11 "Build PKCS11 Library")
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
new file mode 100644
index 0000000..7155f38
--- /dev/null
+++ b/test/CMakeLists.txt
@@ -0,0 +1,44 @@
+cmake_minimum_required(VERSION 2.6.4)
+project (cryptoauth_test)
+
+file(GLOB TEST_ATCACERT_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "atcacert/*.c")
+file(GLOB TEST_JWT_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "jwt/*.c")
+file(GLOB TEST_TNG_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "tng/*.c")
+file(GLOB TEST_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*.c")
+
+if(ATCA_HAL_KIT_HID)
+add_definitions(-DATCA_HAL_KIT_HID)
+endif(ATCA_HAL_KIT_HID)
+
+if(ATCA_HAL_KIT_CDC)
+add_definitions(-DATCA_HAL_KIT_CDC)
+endif(ATCA_HAL_KIT_CDC)
+
+if(ATCA_HAL_I2C)
+add_definitions(-DATCA_HAL_I2C)
+endif(ATCA_HAL_I2C)
+
+if(ATCA_HAL_CUSTOM)
+add_definitions(-DATCA_HAL_CUSTOM)
+endif()
+
+add_executable(cryptoauth_test ${TEST_SRC} ${TEST_TNG_SRC} ${TEST_JWT_SRC} ${TEST_ATCACERT_SRC})
+
+include_directories(cryptoauth_test ${CMAKE_CURRENT_SOURCE_DIR}/../ ${CMAKE_CURRENT_SOURCE_DIR}/../lib)
+
+target_link_libraries(cryptoauth_test cryptoauth)
+
+if(UNIX)
+target_link_libraries(cryptoauth_test pthread)
+endif()
+
+set(DEFAULT_BIN_PATH "${CMAKE_INSTALL_FULL_BINDIR}" CACHE
+ STRING "The default absolute test app path")
+
+install(DIRECTORY DESTINATION ${DEFAULT_BIN_PATH})
+install(CODE "
+ if(NOT EXISTS ${DEFAULT_BIN_PATH}/cryptoauth_test)
+ file(INSTALL ${PROJECT_BINARY_DIR}/cryptoauth_test
+ DESTINATION ${DEFAULT_BIN_PATH})
+ endif()
+ ")

160
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch → meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0006-Remove-unnecessary-code-from-cryptoauth_test.patch
View File

@ -1,24 +1,27 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Fri, 23 Feb 2018 13:50:29 +0100
Subject: [PATCH 2/2] Remove unnecessary code from cryptochip-cmd-processor
Date: Thu, 31 Oct 2019 16:15:30 +0100
Subject: [PATCH 6/6] Remove unnecessary code from cryptoauth_test
Some test commands apply to chips other than the ATECC508A, and can cause
errors when used incorrectly. Remove all code that doesn't apply to our
platforms.
https://jira.digi.com/browse/DEL-5763
https://jira.digi.com/browse/DEL-6826
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
test/cmd-processor.c | 348 ++-------------------------------------------------
1 file changed, 13 insertions(+), 335 deletions(-)
test/cmd-processor.c | 360 ++-------------------------------------------------
1 file changed, 12 insertions(+), 348 deletions(-)
diff --git a/test/cmd-processor.c b/test/cmd-processor.c
index c8c60e0..592157e 100644
index c0f819f..07ecf2a 100644
--- a/test/cmd-processor.c
+++ b/test/cmd-processor.c
@@ -92,10 +92,6 @@ static void sernum(void);
static void discover(void);
@@ -61,13 +61,8 @@ static void lock_config(void);
static void lock_data(void);
static void info(void);
static void sernum(void);
-static void discover(void);
static void select_device(ATCADeviceType device_type);
static int run_test(void* fptest);
-static void select_204(void);
@ -28,7 +31,7 @@ index c8c60e0..592157e 100644
static void run_basic_tests(void);
static void run_unit_tests(void);
static void run_otpzero_tests(void);
@@ -103,20 +99,11 @@ static void run_helper_tests(void);
@@ -75,10 +70,6 @@ static void run_helper_tests(void);
static void help(void);
static int parse_cmd(const char *command);
static void run_all_tests(void);
@ -36,43 +39,41 @@ index c8c60e0..592157e 100644
-static void set_clock_divider_m0(void);
-static void set_clock_divider_m1(void);
-static void set_clock_divider_m2(void);
static void tng22_tests(void);
static void tngtn_tests(void);
static const char* argv[] = { "manual", "-v" };
@@ -87,11 +78,6 @@ static const char* argv[] = { "manual", "-v" };
static t_menu_info mas_menu_info[] =
{
{ "help", "Display Menu", help },
- { "discover", "Discover Buses and Devices", discover },
- { "204", "Set Target Device to ATECC204A", select_204 },
- { "108", "Set Target Device to ATECC108A", select_108 },
- { "508", "Set Target Device to ATECC508A", select_508 },
- { "608", "Set Target Device to ATECC608A", select_608 },
{ "info", "Get the Chip Revision", info },
{ "sernum", "Get the Chip Serial Number", sernum },
{ "basic", "Run Basic Test on Selected Device", run_basic_tests },
@@ -135,12 +122,9 @@ static t_menu_info mas_menu_info[] =
{ "cio", "Run Unit Test on Cert I/O", (fp_menu_handler)certio_unit_tests },
{ "help", "Display Menu", help },
- { "discover", "Discover Buses and Devices", discover },
- { "204", "Set Target Device to ATSHA204A", select_204 },
- { "108", "Set Target Device to ATECC108A", select_108 },
- { "508", "Set Target Device to ATECC508A", select_508 },
- { "608", "Set Target Device to ATECC608A", select_608 },
{ "info", "Get the Chip Revision", info },
{ "sernum", "Get the Chip Serial Number", sernum },
{ "rand", "Generate Some Random Numbers", (fp_menu_handler)do_randoms },
@@ -107,9 +93,6 @@ static t_menu_info mas_menu_info[] =
{ "unit", "Run Unit Test on Selected Device", run_unit_tests },
{ "otpzero", "Zero Out OTP Zone", run_otpzero_tests },
{ "util", "Run Helper Function Tests", run_helper_tests },
- { "clkdivm0", "Set ATECC608A to ClockDivider M0(0x00)", set_clock_divider_m0 },
- { "clkdivm1", "Set ATECC608A to ClockDivider M1(0x05)", set_clock_divider_m1 },
- { "clkdivm2", "Set ATECC608A to ClockDivider M2(0x0D)", set_clock_divider_m2 },
#endif
#ifdef TEST_SW_CRYPTO
- { "crypto", "Run Unit Tests for Software Crypto Functions", atca_crypto_sw_tests },
+ { "crypto", "Run Unit Tests for Software Crypto Functions", (fp_menu_handler)atca_crypto_sw_tests },
#endif
{ "all", "Run all unit tests, locking as needed.", run_all_tests },
- { "clkdivm0", "Set ATECC608A to ClockDivider M0(0x00)", set_clock_divider_m0},
- { "clkdivm1", "Set ATECC608A to ClockDivider M1(0x05)", set_clock_divider_m1},
- { "clkdivm2", "Set ATECC608A to ClockDivider M2(0x0D)", set_clock_divider_m2},
{ NULL, NULL, NULL },
};
@@ -160,6 +144,8 @@ int main(int argc, char* argv[])
return 1;
}
#ifndef DO_NOT_TEST_CERT
{ "cd", "Run Unit Tests on Cert Data", (fp_menu_handler)certdata_unit_tests },
@@ -130,6 +113,8 @@ int main(int argc, char* argv[])
{
char buffer[1024];
+ select_device(ATECC508A);
+
while (true)
{
printf("$ ");
@@ -230,96 +216,13 @@ static void help(void)
@@ -202,101 +187,13 @@ static void help(void)
}
}
@ -149,7 +150,8 @@ index c8c60e0..592157e 100644
- // Update the ATECC608A test config data so all the unit tests will run with the new chip mode
- update_chip_mode(&test_ecc608_configdata[ATCA_CHIPMODE_OFFSET], 0xFF, 0xFF, chip_mode & ATCA_CHIPMODE_WATCHDOG_MASK, chip_mode & ATCA_CHIPMODE_CLOCK_DIV_MASK);
-
- } while (0);
- }
- while (0);
-
- atcab_release();
- return status;
@ -158,21 +160,26 @@ index c8c60e0..592157e 100644
static void run_basic_tests(void)
{
- if (gCfg->devtype == ATECC608A)
- {
- check_clock_divider();
- }
run_test(RunAllBasicTests);
}
static void run_unit_tests(void)
{
- if (gCfg->devtype == ATECC608A)
- {
- check_clock_divider();
- }
run_test(RunAllFeatureTests);
}
static void run_otpzero_tests(void)
@@ -453,37 +356,6 @@ static ATCA_STATUS do_randoms(void)
@@ -431,38 +328,6 @@ static ATCA_STATUS do_randoms(void)
return status;
}
-
-static void discover(void)
-{
- ATCAIfaceCfg ifaceCfgs[10];
@ -185,7 +192,7 @@ index c8c60e0..592157e 100644
- ifaceCfgs[i].iface_type = ATCA_UNKNOWN_IFACE;
- }
-
- printf("Searching...");
- printf("Searching...\r\n");
- atcab_cfg_discover(ifaceCfgs, sizeof(ifaceCfgs) / sizeof(ATCAIfaceCfg));
- for (i = 0; i < (int)(sizeof(ifaceCfgs) / sizeof(ATCAIfaceCfg)); i++)
- {
@ -207,7 +214,7 @@ index c8c60e0..592157e 100644
static void info(void)
{
ATCA_STATUS status;
@@ -636,18 +508,7 @@ static ATCA_STATUS get_serial_no(uint8_t *sernum)
@@ -640,18 +505,7 @@ static ATCA_STATUS get_serial_no(uint8_t *sernum)
static void select_device(ATCADeviceType device_type)
{
@ -227,17 +234,19 @@ index c8c60e0..592157e 100644
}
static int run_test(void* fptest)
@@ -670,9 +531,6 @@ static void run_all_tests(void)
@@ -674,11 +528,6 @@ static void run_all_tests(void)
bool is_data_locked = false;
int fails = 0;
- if (gCfg->devtype == ATECC608A)
- {
- check_clock_divider();
- }
-
status = is_device_locked(LOCK_ZONE_CONFIG, &is_config_locked);
if (status != ATCA_SUCCESS)
{
@@ -814,204 +672,24 @@ static ATCA_STATUS set_test_config(ATCADeviceType deviceType)
info();
sernum();
do_randoms();
@@ -826,212 +675,27 @@ static ATCA_STATUS set_test_config(ATCADeviceType deviceType)
gCfg->devtype = ATCA_DEV_UNKNOWN;
gCfg->iface_type = ATCA_UNKNOWN_IFACE;
@ -260,23 +269,32 @@ index c8c60e0..592157e 100644
- break;
-
- case ATECC108A:
-#if defined(ATCA_HAL_I2C)
#if defined(ATCA_HAL_I2C)
- *gCfg = cfg_ateccx08a_i2c_default;
- gCfg->devtype = deviceType;
-#elif defined(ATCA_HAL_SWI)
+ *gCfg = cfg_ateccx08a_i2c_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_SWI)
- *gCfg = cfg_ateccx08a_swi_default;
- gCfg->devtype = deviceType;
-#elif defined(ATCA_HAL_KIT_HID)
+ *gCfg = cfg_ateccx08a_swi_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_KIT_HID)
- *gCfg = cfg_ateccx08a_kithid_default;
- gCfg->devtype = deviceType;
-#elif defined(ATCA_HAL_KIT_CDC)
+ *gCfg = cfg_ateccx08a_kithid_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_KIT_CDC)
- *gCfg = cfg_ateccx08a_kitcdc_default;
- gCfg->devtype = deviceType;
-#elif defined(ATCA_HAL_CUSTOM)
+ *gCfg = cfg_ateccx08a_kitcdc_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_CUSTOM)
- *gCfg = g_cfg_atecc108a_custom;
-#else
-#error "HAL interface is not selected";
-#endif
+ *gCfg = g_cfg_atecc508a_custom;
#else
#error "HAL interface is not selected";
#endif
- break;
-
- case ATECC508A:
@ -300,32 +318,23 @@ index c8c60e0..592157e 100644
- break;
-
- case ATECC608A:
#if defined(ATCA_HAL_I2C)
-#if defined(ATCA_HAL_I2C)
- *gCfg = cfg_ateccx08a_i2c_default;
- gCfg->devtype = deviceType;
+ *gCfg = cfg_ateccx08a_i2c_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_SWI)
-#elif defined(ATCA_HAL_SWI)
- *gCfg = cfg_ateccx08a_swi_default;
- gCfg->devtype = deviceType;
+ *gCfg = cfg_ateccx08a_swi_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_KIT_HID)
-#elif defined(ATCA_HAL_KIT_HID)
- *gCfg = cfg_ateccx08a_kithid_default;
- gCfg->devtype = deviceType;
+ *gCfg = cfg_ateccx08a_kithid_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_KIT_CDC)
-#elif defined(ATCA_HAL_KIT_CDC)
- *gCfg = cfg_ateccx08a_kitcdc_default;
- gCfg->devtype = deviceType;
+ *gCfg = cfg_ateccx08a_kitcdc_default;
+ gCfg->devtype = deviceType;
#elif defined(ATCA_HAL_CUSTOM)
-#elif defined(ATCA_HAL_CUSTOM)
- *gCfg = g_cfg_atecc608a_custom;
+ *gCfg = g_cfg_atecc508a_custom;
#else
#error "HAL interface is not selected";
#endif
-#else
-#error "HAL interface is not selected";
-#endif
- break;
-
- default:
@ -417,7 +426,8 @@ index c8c60e0..592157e 100644
- // Update the ATECC608A test config data so all the unit tests will run with the new chip mode
- update_chip_mode(&test_ecc608_configdata[ATCA_CHIPMODE_OFFSET], i2c_user_extra_add, ttl_enable, watchdog, clock_divider);
-
- } while (0);
- }
- while (0);
-
- atcab_release();
- return status;
@ -426,6 +436,7 @@ index c8c60e0..592157e 100644
-static void set_clock_divider_m0(void)
-{
- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_SHORT, ATCA_CHIPMODE_CLOCK_DIV_M0);
-
- if (status == ATCA_SUCCESS)
- {
- printf("Set device to clock divider M0 (0x%02X) and watchdog to 1.3s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M0 >> 3);
@ -435,6 +446,7 @@ index c8c60e0..592157e 100644
-static void set_clock_divider_m1(void)
-{
- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_SHORT, ATCA_CHIPMODE_CLOCK_DIV_M1);
-
- if (status == ATCA_SUCCESS)
- {
- printf("Set device to clock divider M1 (0x%02X) and watchdog to 1.3s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M1 >> 3);
@ -446,9 +458,13 @@ index c8c60e0..592157e 100644
- // Additionally set watchdog to long settings (~13s) as some commands
- // can't complete in time on the faster watchdog setting.
- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_LONG, ATCA_CHIPMODE_CLOCK_DIV_M2);
-
- if (status == ATCA_SUCCESS)
- {
- printf("Set device to clock divider M2 (0x%02X) and watchdog to 13s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M2 >> 3);
- }
-}
\ No newline at end of file
-
static void tng22_tests(void)
{
ATCA_STATUS status;

43
meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib_git.bb
View File

@ -1,21 +1,22 @@
# Copyright (C) 2017, 2018 Digi International Inc.
# Copyright (C) 2017-2020 Digi International Inc.
SUMMARY = "Microchip CryptoAuthentication Library"
SECTION = "libs"
LICENSE = "MICROCHIP_CRYPTOAUTHLIB_LICENSE"
LIC_FILES_CHKSUM = "file://license.txt;endline=19;md5=5bcd26c644867b127c2cce82960fae7b"
LIC_FILES_CHKSUM = "file://license.txt;md5=84f2905dc39d2f8cdffb00af6f9e6d4e"
SRCBRANCH = "master"
SRCREV = "c6da3358a102c10d954372598c6efef8ad84c9ee"
SRCREV = "a0007d2f6c42fddab5dca1575e0f404788829ddc"
GIT_URI ?= "git://github.com/MicrochipTech/cryptoauthlib.git;protocol=https"
SRC_URI = " \
${GIT_URI};nobranch=1 \
file://0001-Port-changes-from-the-cryptoauth-engine-repo-to-the-.patch \
file://0002-Remove-unused-HAL-implementations.patch \
file://0003-Build-cryptochip-cmd-processor-application-along-wit.patch \
file://0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch \
file://0001-lib-add-parameters-to-be-able-to-modify-default-I2C-.patch \
file://0002-lib-apply-library-version-number-to-CMake-VERSION-pr.patch \
file://0003-pkcs11-rename-template-configuration-file-to-its-int.patch \
file://0004-lib-install-pkg-config-file-and-header-files.patch \
file://0005-test-add-CMakeLists.txt.patch \
file://0006-Remove-unnecessary-code-from-cryptoauth_test.patch \
"
S = "${WORKDIR}/git"
@ -24,20 +25,30 @@ I2C_BUS = ""
I2C_BUS_ccimx6qpsbc = "1"
I2C_BUS_ccimx6ul = "0"
I2C_BUS_ccimx8x = "0"
I2C_BUS_ccimx8mn = "0"
I2C_SPEED ?= "100000"
CFLAGS += "-DATCA_HAL_I2C_BUS=${I2C_BUS} -DATCA_HAL_I2C_SPEED=${I2C_SPEED}"
EXTRA_OECMAKE += "-DATCA_HAL_I2C_BUS=${I2C_BUS} -DATCA_HAL_I2C_SPEED=${I2C_SPEED} -DBUILD_TESTS=on"
do_patch[prefuncs] = "change_line_endings"
inherit cmake
change_line_endings() {
find ${S} -type f -name '*.[ch]' -print0 | xargs -0 sed -i -e 's/\r//g'
do_install_append() {
# Rename the folder containing the header files to be more package-specific
mv ${D}${includedir}/lib ${D}${includedir}/cryptoauthlib
# Remove RPATH from the executable
chrpath -d ${D}${bindir}/cryptoauth_test
chmod +x ${D}${bindir}/cryptoauth_test
}
do_install() {
oe_runmake DESTDIR=${D} install
}
PACKAGES =+ "${PN}-test"
FILES_${PN}-test = "${bindir}/cryptoauth_test"
RDEPENDS_${PN} = "libp11"
RDEPENDS_${PN}-test = "${PN}"
RRECOMMENDS_${PN} = "${PN}-test"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x|ccimx8m)"

12
meta-digi-arm/recipes-digi/mca/mca-tool_1.18.bb → meta-digi-arm/recipes-digi/mca/mca-tool_1.20.bb
View File

@ -1,4 +1,4 @@
# Copyright (C) 2016-2019 Digi International.
# Copyright (C) 2016-2020 Digi International.
SUMMARY = "MCA firmware management tool"
SECTION = "console/tools"
@ -8,13 +8,13 @@ PKGNAME = "mca_tool"
# ARM tarball
SRC_URI_arm = "${DIGI_PKG_SRC}/${PKGNAME}-${PV}-${TUNE_ARCH}.tar.gz;name=arm"
SRC_URI[arm.md5sum] = "aa2037b93dadafe160824f7d63dd8582"
SRC_URI[arm.sha256sum] = "7dbc07672d5cce52e3ec611a1bcef1b6c0aed278fbcd6a150b3f528d8da66065"
SRC_URI[arm.md5sum] = "2007a858cd8f82ae2ddbff43f437335a"
SRC_URI[arm.sha256sum] = "d9a0c1ca1c9f20041602edd585c31bd79b75bc8d8a74648d1809350e731af3d5"
# AARCH64 tarball
SRC_URI_aarch64 = "${DIGI_PKG_SRC}/${PKGNAME}-${PV}-${TUNE_ARCH}.tar.gz;name=aarch64"
SRC_URI[aarch64.md5sum] = "40d8113353daf8e426597c289f6659d8"
SRC_URI[aarch64.sha256sum] = "a0f7d8bae72f9dcdb1102bcf3e42a4b66d4f66b4bef43f80a4fd63282562a9d4"
SRC_URI[aarch64.md5sum] = "600451f7312a130c63f3b3b5c7abdbb6"
SRC_URI[aarch64.sha256sum] = "1acc7498943662e7e5bd26a67d2733a4814823170ba0756313459cb0e68e6e5f"
S = "${WORKDIR}/${PKGNAME}-${PV}"
@ -22,4 +22,4 @@ inherit bin_package
INSANE_SKIP_${PN} = "already-stripped"
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x|ccimx8m)"

0
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage → meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_hab
View File

23
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_ahab Normal file
View File

@ -0,0 +1,23 @@
# The syntax for this file is documented in the HAB Code Signing Tool
# User's Guid which is included in the CST package distributed by NXP
[Header]
Target = AHAB
Version = 1.0
[Install SRK]
# SRK table generated by srktool
File = "%srk_table%"
# Public key certificate in PEM format
Source = "%cert_img%"
# Index of the public key certificate within the SRK table (0 .. 3)
Source index = %key_index%
# Type of SRK set (NXP or OEM)
Source set = OEM
# bitmask of the revoked SRKs
Revocations = 0x%key_index%
[Authenticate Data]
# Binary to be signed generated by mkimage
File = "%kernel-img%"
# Offsets = Container header Signature block (printed out by mkimage)
Offsets = %container_offset% %block_offset%

0
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage → meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_hab
View File

352
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh
#===============================================================================
#
# trustfence_sign_uimage.sh
# trustfence-sign-kernel.sh
#
# Copyright (C) 2016 by Digi International Inc.
# Copyright (C) 2016-2020 by Digi International Inc.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify it
@ -54,7 +54,7 @@ Usage: ${SCRIPT_NAME} [OPTIONS] input-unsigned-image output-signed-image
-i sign/encrypt initramfs
-l sign/encrypt Linux image
Supported platforms: ccimx6, ccimx6ul
Supported platforms: ccimx6, ccimx6ul, ccimx8x
EOF
}
@ -64,14 +64,16 @@ if [ "${#}" != "2" ]; then
exit 1
fi
# Negative offset with respect to CONFIG_RAM_START in which U-Boot
# copies the DEK blob.
DEK_BLOB_OFFSET="0x100"
CONFIG_CSF_SIZE="0x4000"
UIMAGE_PATH="$(readlink -e ${1})"
TARGET="$(readlink -m ${2})"
# Negative offset with respect to CONFIG_RAM_START in which U-Boot
# copies the DEK blob.
if [ "${SIGN_MODE}" = "HAB" ]; then
DEK_BLOB_OFFSET="0x100"
CONFIG_CSF_SIZE="0x4000"
fi
# Read user configuration file (if used)
[ -f .config ] && . ./.config
@ -81,43 +83,45 @@ if [ -z "${CONFIG_SIGN_KEYS_PATH}" ]; then
fi
[ -d "${CONFIG_SIGN_KEYS_PATH}" ] || mkdir "${CONFIG_SIGN_KEYS_PATH}"
if [ -n "${CONFIG_DEK_PATH}" ]; then
if [ ! -f "${CONFIG_DEK_PATH}" ]; then
echo "DEK not found. Generating random 256 bit DEK."
[ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH})
dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 >/dev/null 2>&1
if [ "${SIGN_MODE}" = "HAB" ]; then
if [ -n "${CONFIG_DEK_PATH}" ]; then
if [ ! -f "${CONFIG_DEK_PATH}" ]; then
echo "DEK not found. Generating random 256 bit DEK."
[ -d $(dirname ${CONFIG_DEK_PATH}) ] || mkdir -p $(dirname ${CONFIG_DEK_PATH})
dd if=/dev/urandom of="${CONFIG_DEK_PATH}" bs=32 count=1 >/dev/null 2>&1
fi
dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))"
if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then
echo "Invalid DEK size: ${dek_size} bits. Valid sizes are 128, 192 and 256 bits"
exit 1
fi
ENCRYPT="true"
fi
dek_size="$((8 * $(stat -L -c %s ${CONFIG_DEK_PATH})))"
if [ "${dek_size}" != "128" ] && [ "${dek_size}" != "192" ] && [ "${dek_size}" != "256" ]; then
echo "Invalid DEK size: ${dek_size} bits. Valid sizes are 128, 192 and 256 bits"
if [ "${PLATFORM}" = "ccimx6" ]; then
CONFIG_FDT_LOADADDR="0x18000000"
CONFIG_RAMDISK_LOADADDR="0x19000000"
CONFIG_KERNEL_LOADADDR="0x12000000"
elif [ "${PLATFORM}" = "ccimx6ul" ]; then
CONFIG_FDT_LOADADDR="0x83000000"
CONFIG_RAMDISK_LOADADDR="0x83800000"
CONFIG_KERNEL_LOADADDR="0x80800000"
else
echo "Invalid platform: ${PLATFORM}"
echo "Supported platforms: ccimx6, ccimx6ul"
exit 1
fi
ENCRYPT="true"
fi
if [ "${PLATFORM}" = "ccimx6" ]; then
CONFIG_FDT_LOADADDR="0x18000000"
CONFIG_RAMDISK_LOADADDR="0x19000000"
CONFIG_KERNEL_LOADADDR="0x12000000"
elif [ "${PLATFORM}" = "ccimx6ul" ]; then
CONFIG_FDT_LOADADDR="0x83000000"
CONFIG_RAMDISK_LOADADDR="0x83800000"
CONFIG_KERNEL_LOADADDR="0x80800000"
else
echo "Invalid platform: ${PLATFORM}"
echo "Supported platforms: ccimx6, ccimx6ul"
exit 1
fi
[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}"
[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}"
[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
# bootscripts are loaded to $loadaddr, just like the kernel
[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
[ "${ARTIFACT_DTB}" = "y" ] && CONFIG_RAM_START="${CONFIG_FDT_LOADADDR}"
[ "${ARTIFACT_INITRAMFS}" = "y" ] && CONFIG_RAM_START="${CONFIG_RAMDISK_LOADADDR}"
[ "${ARTIFACT_KERNEL}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
# bootscripts are loaded to $loadaddr, just like the kernel
[ "${ARTIFACT_BOOTSCRIPT}" = "y" ] && CONFIG_RAM_START="${CONFIG_KERNEL_LOADADDR}"
if [ -z "${CONFIG_RAM_START}" ]; then
echo "Specify the type of image to process (-b, -i, -d, or -l)"
exit 1
if [ -z "${CONFIG_RAM_START}" ]; then
echo "Specify the type of image to process (-b, -i, -d, or -l)"
exit 1
fi
fi
# Default values
@ -125,135 +129,197 @@ fi
CONFIG_KEY_INDEX_1="$((CONFIG_KEY_INDEX + 1))"
SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)"
CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)"
CERT_IMG="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/IMG${CONFIG_KEY_INDEX_1}*crt.pem)"
if [ "${SIGN_MODE}" = "HAB" ]; then
CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)"
CERT_IMG="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/IMG${CONFIG_KEY_INDEX_1}*crt.pem)"
fi
n_commas="$(echo ${SRK_KEYS} | grep -o "," | wc -l)"
if [ "${n_commas}" -eq 3 ] && [ -f "${CERT_CSF}" ] && [ -f "${CERT_IMG}" ]; then
# PKI tree already exists.
echo "Using existing PKI tree"
elif [ "${n_commas}" -eq 0 ] || [ ! -f "${CERT_CSF}" ] || [ ! -f "${CERT_IMG}" ]; then
# Generate PKI
trustfence-gen-pki.sh "${CONFIG_SIGN_KEYS_PATH}"
if [ "${SIGN_MODE}" = "HAB" ]; then
if [ "${n_commas}" -eq 3 ] && [ -f "${CERT_CSF}" ] && [ -f "${CERT_IMG}" ]; then
# PKI tree already exists.
echo "Using existing PKI tree"
elif [ "${n_commas}" -eq 0 ] || [ ! -f "${CERT_CSF}" ] || [ ! -f "${CERT_IMG}" ]; then
# Generate PKI
trustfence-gen-pki.sh "${CONFIG_SIGN_KEYS_PATH}"
SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)"
CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)"
CERT_IMG="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/IMG${CONFIG_KEY_INDEX_1}*crt.pem)"
else
echo "Inconsistent CST folder."
exit 1
SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)"
CERT_CSF="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/CSF${CONFIG_KEY_INDEX_1}*crt.pem)"
CERT_IMG="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/IMG${CONFIG_KEY_INDEX_1}*crt.pem)"
else
echo "Inconsistent CST folder."
exit 1
fi
elif [ "${SIGN_MODE}" = "AHAB" ]; then
if [ "${n_commas}" -eq 3 ] && [ "${SIGN_MODE}" = "AHAB" ]; then
# PKI tree already exists. Do nothing
echo "Using existing PKI tree"
elif [ "${n_commas}" -eq 0 ] && [ "${SIGN_MODE}" = "AHAB" ]; then
# Generate PKI
trustfence-gen-pki.sh "${CONFIG_SIGN_KEYS_PATH}"
SRK_KEYS="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK*crt.pem | sed s/\ /\,/g)"
else
echo "Inconsistent CST folder."
exit 1
fi
fi
SRK_TABLE="$(pwd)/SRK_table.bin"
if [ "${SIGN_MODE}" = "HAB" ]; then
HAB_VER="hab_ver 4"
DIGEST="digest"
DIGEST_ALGO="sha256"
SRK_EFUSES="/dev/null"
# Other constants
GAP_FILLER="0x00"
# Other constants
GAP_FILLER="0x00"
# The DEK blob is placed by U-Boot just before the kernel image
dek_blob_offset="$((CONFIG_KERNEL_LOADADDR - DEK_BLOB_OFFSET))"
# The DEK blob is placed by U-Boot just before the kernel image
dek_blob_offset="$((CONFIG_KERNEL_LOADADDR - DEK_BLOB_OFFSET))"
# Compute the layout: sizes and offsets.
uimage_size="$(stat -L -c %s ${UIMAGE_PATH})"
uimage_offset="0x0"
pad_len="$(((uimage_size + 0x1000 - 1) & ~(0x1000 - 1)))"
auth_len="$((pad_len + 0x20))"
sig_len="$((auth_len + CONFIG_CSF_SIZE))"
# Compute the layout: sizes and offsets.
uimage_size="$(stat -L -c %s ${UIMAGE_PATH})"
uimage_offset="0x0"
pad_len="$(((uimage_size + 0x1000 - 1) & ~(0x1000 - 1)))"
auth_len="$((pad_len + 0x20))"
sig_len="$((auth_len + CONFIG_CSF_SIZE))"
ivt_uimage_start="$((auth_len - 0x20))"
ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))"
ivt_size="0x20"
csf_ram_start="$((ivt_ram_start + ivt_size))"
entrypoint_uimage_offset="0x100"
entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))"
entrypoint_size="0x20"
header_uimage_offset="0x0"
header_ram_start="${CONFIG_RAM_START}"
header_size="0x40"
ivt_uimage_start="$((auth_len - 0x20))"
ivt_ram_start="$((CONFIG_RAM_START + ivt_uimage_start))"
ivt_size="0x20"
csf_ram_start="$((ivt_ram_start + ivt_size))"
entrypoint_uimage_offset="0x100"
entrypoint_ram_start="$((CONFIG_RAM_START + entrypoint_uimage_offset))"
entrypoint_size="0x20"
header_uimage_offset="0x0"
header_ram_start="${CONFIG_RAM_START}"
header_size="0x40"
r1_uimage_offset="${header_size}"
r1_ram_start="$((CONFIG_RAM_START + r1_uimage_offset))"
r1_size="$((entrypoint_uimage_offset - header_size ))"
r2_uimage_offset="$((entrypoint_uimage_offset + entrypoint_size))"
r2_ram_start="$((CONFIG_RAM_START + r2_uimage_offset))"
r2_size="$((ivt_uimage_start - (entrypoint_uimage_offset + entrypoint_size)))"
r1_uimage_offset="${header_size}"
r1_ram_start="$((CONFIG_RAM_START + r1_uimage_offset))"
r1_size="$((entrypoint_uimage_offset - header_size ))"
r2_uimage_offset="$((entrypoint_uimage_offset + entrypoint_size))"
r2_ram_start="$((CONFIG_RAM_START + r2_uimage_offset))"
r2_size="$((ivt_uimage_start - (entrypoint_uimage_offset + entrypoint_size)))"
# Generate actual CSF descriptor file from template
if [ "${ENCRYPT}" = "true" ]; then
sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \
-e "s,%srk_table%,${SRK_TABLE},g " \
-e "s,%cert_csf%,${CERT_CSF},g" \
-e "s,%cert_img%,${CERT_IMG},g" \
-e "s,%uimage_path%,${TARGET},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
-e "s,%dek_len%,${dek_size},g" \
-e "s,%dek_path%,${CONFIG_DEK_PATH},g" \
-e "s,%dek_offset%,${dek_blob_offset},g" \
-e "s,%ivt_uimage_start%,${ivt_uimage_start},g" \
-e "s,%ivt_ram_start%,${ivt_ram_start},g" \
-e "s,%ivt_size%,${ivt_size},g" \
-e "s,%entrypoint_uimage_offset%,${entrypoint_uimage_offset},g" \
-e "s,%entrypoint_ram_start%,${entrypoint_ram_start},g" \
-e "s,%entrypoint_size%,${entrypoint_size},g" \
-e "s,%header_uimage_offset%,${header_uimage_offset},g" \
-e "s,%header_ram_start%,${header_ram_start},g" \
-e "s,%header_size%,${header_size},g" \
-e "s,%r1_uimage_offset%,${r1_uimage_offset},g" \
-e "s,%r1_ram_start%,${r1_ram_start},g" \
-e "s,%r1_size%,${r1_size},g" \
-e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \
-e "s,%r2_ram_start%,${r2_ram_start},g" \
-e "s,%r2_size%,${r2_size},g" \
"${SCRIPT_PATH}/csf_templates/encrypt_uimage" > csf_descriptor
# Generate actual CSF descriptor file from template
if [ "${ENCRYPT}" = "true" ]; then
sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \
-e "s,%srk_table%,${SRK_TABLE},g " \
-e "s,%cert_csf%,${CERT_CSF},g" \
-e "s,%cert_img%,${CERT_IMG},g" \
-e "s,%uimage_path%,${TARGET},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
-e "s,%dek_len%,${dek_size},g" \
-e "s,%dek_path%,${CONFIG_DEK_PATH},g" \
-e "s,%dek_offset%,${dek_blob_offset},g" \
-e "s,%ivt_uimage_start%,${ivt_uimage_start},g" \
-e "s,%ivt_ram_start%,${ivt_ram_start},g" \
-e "s,%ivt_size%,${ivt_size},g" \
-e "s,%entrypoint_uimage_offset%,${entrypoint_uimage_offset},g" \
-e "s,%entrypoint_ram_start%,${entrypoint_ram_start},g" \
-e "s,%entrypoint_size%,${entrypoint_size},g" \
-e "s,%header_uimage_offset%,${header_uimage_offset},g" \
-e "s,%header_ram_start%,${header_ram_start},g" \
-e "s,%header_size%,${header_size},g" \
-e "s,%r1_uimage_offset%,${r1_uimage_offset},g" \
-e "s,%r1_ram_start%,${r1_ram_start},g" \
-e "s,%r1_size%,${r1_size},g" \
-e "s,%r2_uimage_offset%,${r2_uimage_offset},g" \
-e "s,%r2_ram_start%,${r2_ram_start},g" \
-e "s,%r2_size%,${r2_size},g" \
"${SCRIPT_PATH}/csf_templates/encrypt_hab" > csf_descriptor
else
sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \
-e "s,%srk_table%,${SRK_TABLE},g" \
-e "s,%image_offset%,${uimage_offset},g" \
-e "s,%auth_len%,${auth_len},g" \
-e "s,%cert_csf%,${CERT_CSF},g" \
-e "s,%cert_img%,${CERT_IMG},g" \
-e "s,%uimage_path%,${TARGET},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
"${SCRIPT_PATH}/csf_templates/sign_hab" > csf_descriptor
fi
else
sed -e "s,%ram_start%,${CONFIG_RAM_START},g" \
-e "s,%srk_table%,${SRK_TABLE},g" \
-e "s,%image_offset%,${uimage_offset},g" \
-e "s,%auth_len%,${auth_len},g" \
-e "s,%cert_csf%,${CERT_CSF},g" \
-e "s,%cert_img%,${CERT_IMG},g" \
-e "s,%uimage_path%,${TARGET},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
"${SCRIPT_PATH}/csf_templates/sign_uimage" > csf_descriptor
SRK_EFUSES="$(pwd)/SRK_efuses.bin"
# Other constants
KERNEL_START_OFFSET="0x0"
KERNEL_SIG_BLOCK_OFFSET="0x90"
KERNEL_NAME="${1}"
HAB_VER="ahab"
DIGEST="sign_digest"
DIGEST_ALGO="sha512"
# Compute the layout: sizes and offsets.
container_header_offset="${KERNEL_START_OFFSET}"
signature_block_offset="${KERNEL_SIG_BLOCK_OFFSET}"
SRK_CERT_KEY_IMG="$(echo ${CONFIG_SIGN_KEYS_PATH}/crts/SRK${CONFIG_KEY_INDEX_1}*crt.pem | sed s/\ /\,/g)"
sed -e "s,%srk_table%,${SRK_TABLE},g" \
-e "s,%cert_img%,${SRK_CERT_KEY_IMG},g" \
-e "s,%kernel-img%,${KERNEL_NAME},g" \
-e "s,%key_index%,${CONFIG_KEY_INDEX},g" \
-e "s,%container_offset%,${container_header_offset},g" \
-e "s,%block_offset%,${signature_block_offset},g" \
"${SCRIPT_PATH}/csf_templates/sign_ahab" > csf_descriptor
if [ "${ENCRYPT}" = "true" ]; then
echo "[ERROR] Environment encryption is not supported."
exit 1
fi
fi
# Generate SRK tables
srktool --hab_ver 4 --certs "${SRK_KEYS}" --table "${SRK_TABLE}" --efuses /dev/null --digest sha256
srktool --${HAB_VER} --certs "${SRK_KEYS}" --table "${SRK_TABLE}" --efuses "${SRK_EFUSES}" --${DIGEST} "${DIGEST_ALGO}"
if [ $? -ne 0 ]; then
echo "[ERROR] Could not generate SRK tables"
exit 1
fi
# Pad to IVT
objcopy -I binary -O binary --pad-to "${pad_len}" --gap-fill="${GAP_FILLER}" "${UIMAGE_PATH}" "${TARGET}"
if [ "${SIGN_MODE}" = "HAB" ]; then
# Pad to IVT
objcopy -I binary -O binary --pad-to "${pad_len}" --gap-fill="${GAP_FILLER}" "${UIMAGE_PATH}" "${TARGET}"
# Generate and attach IVT
# Fields: header, jump location, reserved (0), DCD pointer (null)
# boot data (null), self pointer, CSF pointer, reserved (0)
PRINTF="$(which printf)"
IVT_HEADER="0x402000D1"
{
${PRINTF} $(${PRINTF} "%08x" ${IVT_HEADER} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${entrypoint_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${ivt_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${csf_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
} >> "${TARGET}"
# Generate and attach IVT
# Fields: header, jump location, reserved (0), DCD pointer (null)
# boot data (null), self pointer, CSF pointer, reserved (0)
PRINTF="$(which printf)"
IVT_HEADER="0x402000D1"
{
${PRINTF} $(${PRINTF} "%08x" ${IVT_HEADER} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${entrypoint_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${ivt_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" ${csf_ram_start} | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
${PRINTF} $(${PRINTF} "%08x" 0 | sed 's/.\{2\}/&\n/g' | tac | sed 's,^,\\x,g' | tr -d '\n')
} >> "${TARGET}"
CURRENT_PATH="$(pwd)"
cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null
if [ $? -ne 0 ]; then
echo "[ERROR] Could not generate CSF"
exit 1
CURRENT_PATH="$(pwd)"
cst -o "${CURRENT_PATH}/csf.bin" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null
if [ $? -ne 0 ]; then
echo "[ERROR] Could not generate CSF"
exit 1
fi
cat csf.bin >> "${TARGET}"
objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}"
else
CURRENT_PATH="$(pwd)"
cst -o "${TARGET}" -i "${CURRENT_PATH}/csf_descriptor" >/dev/null
if [ $? -ne 0 ]; then
echo "[ERROR] Could not generate CSF $?"
exit 1
fi
fi
cat csf.bin >> "${TARGET}"
objcopy -I binary -O binary --pad-to "${sig_len}" --gap-fill="${GAP_FILLER}" "${TARGET}"
[ "${ENCRYPT}" = "true" ] && ENCRYPTED_MSG="and encrypted "
echo "Signed ${ENCRYPTED_MSG}image ready: ${TARGET}"
rm -f "${SRK_TABLE}" csf_descriptor csf.bin 2> /dev/null

23
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_git.bb
View File

@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425
DEPENDS = "trustfence-cst coreutils util-linux"
SRCBRANCH = "v2017.03/maint"
SRCBRANCH_ccimx8x = "v2019.04/master"
SRCREV = "${AUTOREV}"
S = "${WORKDIR}"
@ -16,8 +17,9 @@ UBOOT_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT
SRC_URI = " \
${UBOOT_GIT_URI};branch=${SRCBRANCH} \
file://trustfence-sign-kernel.sh;name=kernel-script \
file://sign_uimage;name=kernel-sign \
file://encrypt_uimage;name=kernel-encrypt \
file://sign_hab;name=kernel-sign \
file://encrypt_hab;name=kernel-encrypt \
file://sign_ahab;name=kernel-sign \
"
do_configure[noexec] = "1"
@ -25,12 +27,19 @@ do_compile[noexec] = "1"
do_install() {
install -d ${D}${bindir}/csf_templates
if [ "${SIGN_MODE}" = "AHAB" ]; then
install -m 0755 sign_ahab ${D}${bindir}/csf_templates/
install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-ahab-uboot.sh
elif [ "${SIGN_MODE}" = "HAB" ]; then
install -m 0755 sign_hab ${D}${bindir}/csf_templates/
install -m 0755 encrypt_hab ${D}${bindir}/csf_templates/
install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
else
bberror "Unkown SIGN_MODE value"
exit 1
fi
install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/
install -m 0755 sign_uimage ${D}${bindir}/csf_templates/
install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/
install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates
install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates
install -m 0755 git/scripts/csf_templates/* ${D}${bindir}/csf_templates
}
FILES_${PN} = "${bindir}"

10
meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm.bb
View File

@ -1,4 +1,4 @@
# Copyright (C) 2016-2019 Digi International.
# Copyright (C) 2016-2020 Digi International.
SUMMARY = "Qualcomm's wireless driver for qca65xx"
DESCRIPTION = "qcacld-2.0 module"
@ -6,11 +6,9 @@ LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d"
# Reference Qualcomm tag/version
PV = "v4.2.89.63"
PV_ccimx8x = "v4.0.11.208Q"
PV = "v4.0.11.213X"
SRCBRANCH = "qca6564/dey-2.6/maint"
SRCBRANCH_ccimx8x = "qca6574/dey-2.6/maint"
SRCBRANCH = "qca65X4/master"
SRCREV = "${AUTOREV}"
QCOM_GIT_URI = "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_MTK_GIT}linux/qcacld-2.0.git;protocol=ssh', '${DIGI_GITHUB_GIT}/qcacld-2.0.git;protocol=https', d)}"
@ -84,4 +82,4 @@ FILES_${PN} += " \
${base_libdir}/firmware/wlan/qcom_cfg.ini \
"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul|ccimx8x|ccimx8m)"

109
meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm.sh
View File

@ -21,6 +21,34 @@ log() {
printf "<$1>qca65x4: $2\n" >/dev/kmsg
}
# Get the permissions of the filesystem containing the given path
get_filesystem_access() {
[ -z "${1}" ] && return
fs_device="$(df ${1} | awk 'NR==2 { print $1 }')"
fs_access="$(awk -v dev="${fs_device}" '$0 ~ dev { print substr($4,1,2) }' < /proc/mounts)"
echo ${fs_access}
}
# Get the mount point of the filesystem containing the given path
get_filesystem_mount_point() {
[ -z "${1}" ] && return
fs_device="$(df ${1} | awk 'NR==2 { print $1 }')"
fs_mount_point="$(awk -v dev="${fs_device}" '$0 ~ dev { print $2 }' < /proc/mounts)"
echo ${fs_mount_point}
}
# Remount the filesystem containing the given path as 'read-write' if it was
# mounted as 'read-only'.
set_filesystem_rw_access() {
[ -z "${1}" ] && return
if [ "$(get_filesystem_access ${1})" = "ro" ]; then
mount -o remount,rw $(get_filesystem_mount_point ${1})
fi
}
# Do nothing if the wireless node does not exist on the device tree
[ -d "/proc/device-tree/wireless" ] || exit 0
@ -30,6 +58,7 @@ grep -qws 'wlan' /proc/modules && exit 0
FIRMWARE_DIR="/lib/firmware"
MACFILE="${FIRMWARE_DIR}/wlan/wlan_mac.bin"
TMP_MACFILE="$(mktemp -t wlan_mac.XXXXXX)"
FS_ORIGINAL_ACCESS="$(get_filesystem_access ${FIRMWARE_DIR})"
# Read the MACs from DeviceTree. We can have up to four wireless interfaces
# The only required one is wlan0 that is mapped with device tree mac address
@ -47,86 +76,26 @@ done
# Override the MAC firmware file only if the MAC file has changed.
if ! cmp -s ${TMP_MACFILE} ${MACFILE}; then
if [ ! -w ${MACFILE} ]; then
mount_point="$(df $(dirname "${MACFILE}") | awk '!/^Filesystem/{ print $6 }')"
log "6" "[INFO] ${MACFILE} is not writable, remounting '${mount_point}' as rw"
mount -o remount,rw ${mount_point}
fi
set_filesystem_rw_access ${FIRMWARE_DIR}
cp ${TMP_MACFILE} ${MACFILE} || log "3" "[ERROR] Could not create ${MACFILE}"
fi
rm -f "${TMP_MACFILE}"
OTP_REGION_CODE="$(cat /proc/device-tree/digi,hwid,cert 2>/dev/null | tr -d '\0')"
DTB_REGION_CODE="$(cat /proc/device-tree/wireless/regulatory-domain 2>/dev/null | tr -d '\0')"
US_CODE="0x0"
WW_CODE="0x1"
JP_CODE="0x2"
# Check if the DTB_REGION_CODE is in the list of valid codes,
# if not use the OTP programmed value.
case "${DTB_REGION_CODE}" in
${US_CODE} | ${WW_CODE} | ${JP_CODE})
REGULATORY_DOMAIN="${DTB_REGION_CODE}";;
*)
if [ -n "${DTB_REGION_CODE}" ]; then
log "5" "[WARN] Invalid region code in device tree, using OTP value"
fi
REGULATORY_DOMAIN="${OTP_REGION_CODE}";;
esac
# Create symbolic links to the proper FW files depending on the country region
# Use a sub-shell here to change to firmware directory
(
cd "${FIRMWARE_DIR}"
if [ -f "bdwlan30_US.bin" ] || [ -f "bdwlan30_World.bin" ]; then
BDATA_US="bdwlan30_US.bin"
BDATA_WW="bdwlan30_World.bin"
BDATA_LINK="bdwlan30.bin"
UTFBDATA_LINK="utfbd30.bin"
elif [ -f "fakeboar_US.bin" ] || [ -f "fakeboar_World.bin" ]; then
BDATA_US="fakeboar_US.bin"
BDATA_WW="fakeboar_World.bin"
# Use different links for propietary and community drivers
if [ -f "board.bin" ]; then
BDATA_LINK="board.bin"
else
BDATA_LINK="fakeboar.bin"
fi
else
log "5" "[ERROR] Could not locate board data files"
exit 1
fi
BDATA_SOURCE="${BDATA_US}"
case "${REGULATORY_DOMAIN}" in
${US_CODE})
log "5" "Setting US wireless region";;
${WW_CODE}|${JP_CODE})
if [ -f "${BDATA_WW}" ]; then
log "5" "Setting WW (world wide) wireless region"
BDATA_SOURCE="${BDATA_WW}"
else
log "5" "[WARN] No WW (worldwide) board data file, using US"
fi
;;
"")
log "5" "[WARN] region code not found, using US";;
*)
log "5" "[WARN] Invalid region code, using US";;
esac
BDATA_SOURCE="bdwlan30_US.bin"
log "5" "Setting US wireless region"
# When defined, update the links only if they are wrong so we don't
# rewrite the internal memory every time we boot
if [ -n "${BDATA_LINK}" ] &&
([ ! -f "${BDATA_LINK}" ] ||
! cmp -s "${BDATA_LINK}" "${BDATA_SOURCE}"); then
BDATA_LINK="bdwlan30.bin"
UTFBDATA_LINK="utfbd30.bin"
if ([ ! -f "${BDATA_LINK}" ] || ! cmp -s "${BDATA_LINK}" "${BDATA_SOURCE}"); then
set_filesystem_rw_access ${FIRMWARE_DIR}
ln -sf "${BDATA_SOURCE}" "${BDATA_LINK}"
fi
if [ -n "${UTFBDATA_LINK}" ] &&
([ ! -f "${UTFBDATA_LINK}" ] ||
! cmp -s "${UTFBDATA_LINK}" "${BDATA_SOURCE}"); then
ln -sf "${BDATA_SOURCE}" "${UTFBDATA_LINK}"
fi
)
@ -139,3 +108,9 @@ modprobe wlan
# Verify the interface is present
[ -d "/sys/class/net/wlan0" ] || log "3" "[ERROR] Loading wlan module"
# Restore the filesystem with the original access permissions if it has been
# changed inside the script.
if [ "$(get_filesystem_access ${FIRMWARE_DIR})" != "${FS_ORIGINAL_ACCESS}" ]; then
mount -o remount,${FS_ORIGINAL_ACCESS} $(get_filesystem_mount_point ${FIRMWARE_DIR})
fi

58
meta-digi-arm/recipes-kernel/linux/linux-dey.inc
View File

@ -24,23 +24,49 @@ trustfence_sign() {
[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
# Sign/encrypt the kernel images
for type in ${KERNEL_IMAGETYPES}; do
KERNEL_IMAGE="${type}-${KERNEL_IMAGE_NAME}.bin"
TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
done
if [ "${SIGN_MODE}" = "HAB" ]; then
for type in ${KERNEL_IMAGETYPES}; do
KERNEL_IMAGE="${type}-${KERNEL_IMAGE_NAME}.bin"
TMP_KERNEL_IMAGE_SIGNED="$(mktemp ${KERNEL_IMAGE}-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "${KERNEL_IMAGE}" "${TMP_KERNEL_IMAGE_SIGNED}"
mv "${TMP_KERNEL_IMAGE_SIGNED}" "${KERNEL_IMAGE}"
done
# Sign/encrypt the device tree blobs
for DTB in ${KERNEL_DEVICETREE}; do
DTB=`normalize_dtb "${DTB}"`
DTB_EXT=${DTB##*.}
DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
DTB_IMAGE="${DTB_BASE_NAME}-${KERNEL_IMAGE_NAME}.${DTB_EXT}"
TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
done
# Sign/encrypt the device tree blobs
for DTB in ${KERNEL_DEVICETREE}; do
DTB=`normalize_dtb "${DTB}"`
DTB_EXT=${DTB##*.}
DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
DTB_IMAGE="${DTB_BASE_NAME}-${KERNEL_IMAGE_NAME}.${DTB_EXT}"
TMP_DTB_IMAGE_SIGNED="$(mktemp ${DTB_IMAGE}-signed.XXXXXX)"
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}" "${TMP_DTB_IMAGE_SIGNED}"
mv "${TMP_DTB_IMAGE_SIGNED}" "${DTB_IMAGE}"
done
elif [ "${SIGN_MODE}" = "AHAB" ]; then
# Sign the kernel images
for type in ${KERNEL_IMAGETYPES}; do
KERNEL_IMAGE="${type}-${KERNEL_IMAGE_NAME}.bin"
${DEPLOY_DIR_IMAGE}/imx-boot-tools/mkimage_imx8 -soc ${MX8_SOC_VAR} -rev ${MX8_CHIP_REV} -c -ap ${WORKDIR}/build/arch/arm64/boot/Image a35 ${RAM_CONTAINER_LOC_BOOT} -out flash_os.bin
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -l "flash_os.bin" "${type}-${MACHINE}-signed.bin"
gzip ${type}-${MACHINE}-signed.bin
mv ${type}-${MACHINE}-signed.bin.gz "${KERNEL_IMAGE}"
done
# Sign/encrypt the device tree blobs
for DTB in ${KERNEL_DEVICETREE}; do
DTB=`normalize_dtb "${DTB}"`
DTB_EXT=${DTB##*.}
DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
DTB_IMAGE="${DTB_BASE_NAME}-${KERNEL_IMAGE_NAME}.${DTB_EXT}"
${DEPLOY_DIR_IMAGE}/imx-boot-tools/mkimage_imx8 -soc ${MX8_SOC_VAR} -rev ${MX8_CHIP_REV} -c -ap ${DTB_IMAGE} a35 ${RAM_CONTAINER_LOC_DTB} -out ${DTB_IMAGE}-mkimg-signed
trustfence-sign-kernel.sh -p "${DIGI_FAMILY}" -d "${DTB_IMAGE}-mkimg-signed" "${DTB_IMAGE}-signed"
mv "${DTB_IMAGE}-signed" "${DTB_IMAGE}"
rm -f ${DTB_IMAGE}-mkimg-signed
done
else
bberror "Unkown SIGN_MODE value"
exit 1
fi
}
trustfence_sign[dirs] = "${DEPLOYDIR}"

4
meta-digi-arm/recipes-kernel/linux/linux-dey_4.14.bb
View File

@ -1,5 +1,5 @@
# Copyright (C) 2019 Digi International
# Copyright (C) 2019,2020 Digi International
require recipes-kernel/linux/linux-dey.inc
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x|ccimx8m)"

4
meta-digi-arm/recipes-kernel/linux/linux-imx-headers_4.14.bb
View File

@ -1,5 +1,5 @@
# Copyright (C) 2019 Digi International
# Copyright (C) 2019,2020 Digi International
require recipes-kernel/linux/linux-imx-headers.inc
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x)"
COMPATIBLE_MACHINE = "(ccimx6ul|ccimx8x|ccimx8m)"

17
meta-digi-dey/classes/dey-image.bbclass
View File

@ -34,15 +34,18 @@ DEY_IMAGE_INSTALLER ?= "0"
inherit ${@oe.utils.conditional("DEY_IMAGE_INSTALLER", "1", "dey-image-installer", "", d)}
#
# Create a dey-version file when populating the toolchain/SDK
# Create a dey-version file when populating the toolchain/SDK and modify the
# default SDK installation path so it includes the proper 'IMAGE_BASENAME'
# value.
#
# 'SDK_POSTPROCESS_COMMAND' variable is originally defined in populate_sdk_base
# class: poky/meta/classes/populate_sdk_base.bbclass
# It is redefined here to be able to tweak the resulting SDK before packaging,
# using the proper 'IMAGE_BASENAME' value.
# It is redefined here to be able to tweak the resulting SDK before and after
# packaging, using the proper 'IMAGE_BASENAME' value.
#
SDK_PREPACKAGING_COMMAND ?= "toolchain_create_sdk_dey_version"
SDK_POSTPROCESS_COMMAND = " create_sdk_files; check_sdk_sysroots; ${SDK_PREPACKAGING_COMMAND}; tar_sdk; ${SDK_PACKAGING_COMMAND} "
SDK_POSTPACKAGING_COMMAND ?= "toolchain_modify_default_path"
SDK_POSTPROCESS_COMMAND = " create_sdk_files; check_sdk_sysroots; ${SDK_PREPACKAGING_COMMAND}; tar_sdk; ${SDK_PACKAGING_COMMAND} ${SDK_POSTPACKAGING_COMMAND}; "
# This function creates a DEY version information file
fakeroot toolchain_create_sdk_dey_version() {
@ -56,3 +59,9 @@ fakeroot toolchain_create_sdk_dey_version() {
}
toolchain_create_sdk_dey_version[vardepsexclude] = "DATETIME"
# This function appends IMAGE_BASENAME to the default installation path
fakeroot toolchain_modify_default_path() {
sed -i -e 's#^DEFAULT_INSTALL_DIR="${SDKPATH}"#DEFAULT_INSTALL_DIR="${SDKPATH}/${IMAGE_BASENAME}"#g' \
${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.sh
}

17
meta-digi-dey/classes/trustfence.bbclass
View File

@ -36,10 +36,6 @@ python () {
import hashlib
import os
if ("ccimx8x" in d.getVar("MACHINE", True)):
bb.fatal("Trustfence is not currently supported on the ccimx8x SOM")
return
# Secure console configuration
if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE", True) == "1"):
d.appendVar("UBOOT_EXTRA_CONF", "CONFIG_CONSOLE_DISABLE=y ")
@ -67,7 +63,11 @@ python () {
if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in [None, "0"]):
d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_DEK_PATH=\\"%s\\" ' % d.getVar("TRUSTFENCE_DEK_PATH", True))
if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"):
d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y')
if ("ccimx8x" in d.getVar("MACHINE", True)):
bb.fatal("Environment encryption is not currently supported on the ccimx8x SOM")
return
else:
d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y')
# Provide sane default values for SWUPDATE class in case Trustfence is enabled
if (d.getVar("TRUSTFENCE_SIGN", True) == "1"):
@ -84,7 +84,12 @@ python () {
key_index_1 = key_index + 1
# Set the private key template, it will be expanded later in 'swu' recipes once keys are generated.
d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem")
if (d.getVar("SIGN_MODE", "") == "AHAB"):
d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/SRK" + str(key_index_1) + "*key.pem")
d.setVar("CONFIG_SIGN_MODE", "AHAB")
else:
d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem")
d.setVar("CONFIG_SIGN_MODE", "HAB")
# Set the key password.
d.setVar("SWUPDATE_PASSWORD_FILE", keys_path + "/keys/key_pass.txt")

4
meta-digi-dey/conf/distro/dey.conf
View File

@ -1,6 +1,6 @@
DISTRO = "dey"
DISTRO_NAME = "Digi Embedded Yocto"
DISTRO_VERSION = "2.6-r2"
DISTRO_VERSION = "2.6-r3"
DISTRO_CODENAME = "thud"
SDK_VENDOR = "-deysdk"
SDK_VERSION := "${@'${DISTRO_VERSION}'}"
@ -70,7 +70,7 @@ PREFERRED_VERSION_libsoc = "git"
PREFERRED_PROVIDER_opencl-headers ?= "imx-gpu-viv"
SDK_NAME = "${DISTRO}-${TCLIBC}-${SDK_ARCH}-${IMAGE_BASENAME}-${TUNE_PKGARCH}"
SDKPATH = "/opt/${DISTRO}/${SDK_VERSION}"
SDKPATH = "/opt/${DISTRO}/${SDK_VERSION}/${MACHINE}"
DISTRO_EXTRA_RDEPENDS += " ${POKY_DEFAULT_EXTRA_RDEPENDS}"
DISTRO_EXTRA_RRECOMMENDS += " ${POKY_DEFAULT_EXTRA_RRECOMMENDS}"

3
meta-digi-dey/conf/layer.conf
View File

@ -15,6 +15,7 @@ BBFILE_PATTERN_digi-dey := "^${LAYERDIR}/"
BBFILE_PRIORITY_digi-dey = "6"
BBMASK += "meta-freescale/recipes-graphics/drm/libdrm_%.bbappend"
BBMASK += "meta-freescale/recipes-graphics/wayland/weston-init.bbappend"
LAYERDEPENDS_digi-dey = "core digi-arm"
LAYERDEPENDS_digi-dey += "openembedded-layer networking-layer webserver qt5-layer swupdate"
@ -26,7 +27,7 @@ DIGI_EULA_FILE = "${LAYERDIR}/DIGI_EULA"
DIGI_OPEN_EULA_FILE = "${LAYERDIR}/DIGI_OPEN_EULA"
# Digi mirror for packages vanished upstream
DIGI_MIRROR ?= "ftp://ftp1.digi.com/support/digiembeddedyocto/mirror/"
DIGI_MIRROR ?= "https://ftp1.digi.com/support/digiembeddedyocto/mirror/"
MIRRORS += "\
ftp://.*/.* ${DIGI_MIRROR} \n \
http://.*/.* ${DIGI_MIRROR} \n \

69
meta-digi-dey/recipes-connectivity/bluez/bluez5-5.50/ccimx8mn/bluetooth-init Normal file
View File

@ -0,0 +1,69 @@
#!/bin/sh
#===============================================================================
#
# Copyright (C) 2018,2019 by Digi International Inc.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published by
# the Free Software Foundation.
#
#
# !Description: Initialize bluetooth hardware
#
#===============================================================================
bluetooth_init() {
# Get MAC address from the device tree. Use a default value if it has not been set.
BT_MACADDR="$(hexdump -ve '1/1 "%02X" ":"' /proc/device-tree/bluetooth/mac-address 2>/dev/null | sed 's/:$//g')"
if [ -z "${BT_MACADDR}" ] || [ "${BT_MACADDR}" = "00:00:00:00:00:00" ]; then
BT_MACADDR="00:04:F3:FF:FF:BB"
fi
# Start the Bluetooth driver and bring up the interface
HCIATTACH_LOG="/var/log/hciattach.log"
for RETRY in $(seq 1 5)
do
killproc hciattach
modprobe btdigi
if hciattach ttyBt qca ${BT_RATE:-3000000} -t30 ${BT_FLOW:-flow} unused ${BT_MACADDR} >${HCIATTACH_LOG} 2>&1; then
return
fi
rmmod btdigi
sleep 1
done
BT_ERROR="FAIL (hciattach)"
}
# Source function library
. /etc/init.d/functions
case "$1" in
start)
if [ -d "/proc/device-tree/bluetooth" ]; then
if [ "$(tr -d '\0' 2>/dev/null </proc/device-tree/bluetooth/status)" != "disabled" ]; then
echo -n "Starting bluetooth hardware: "
bluetooth_init
echo "${BT_ERROR:-done.}"
fi
fi
;;
stop)
if [ -d "/sys/class/bluetooth/hci0" ]; then
echo -n "Stopping bluetooth hardware: "
killproc hciattach
rmmod btdigi
echo "done."
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac

12
meta-digi-dey/recipes-connectivity/bluez/bluez5/ccimx6qpsbc/main.conf
View File

@ -1,12 +0,0 @@
[General]
# Default adapter name
# Defaults to 'BlueZ X.YZ'
Name = cc6qp
[Policy]
# AutoEnable defines option to enable all controllers when they are found.
# This includes adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'false'.
AutoEnable=true

2
meta-digi-dey/recipes-connectivity/bluez/bluez5/ccimx6sbc/main.conf
View File

@ -2,7 +2,7 @@
# Default adapter name
# Defaults to 'BlueZ X.YZ'
Name = cc6
Name = ##BT_DEVICE_NAME##
#[Policy]

12
meta-digi-dey/recipes-connectivity/bluez/bluez5/ccimx6ul/main.conf
View File

@ -1,12 +0,0 @@
[General]
# Default adapter name
# Defaults to 'BlueZ X.YZ'
Name = cc6ul
[Policy]
# AutoEnable defines option to enable all controllers when they are found.
# This includes adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'false'.
AutoEnable=true

2
meta-digi-dey/recipes-connectivity/bluez/bluez5-5.50/ccimx8x/main.conf → meta-digi-dey/recipes-connectivity/bluez/bluez5/main.conf
View File

@ -2,7 +2,7 @@
# Default adapter name
# Defaults to 'BlueZ X.YZ'
Name = cc8x
Name = ##BT_DEVICE_NAME##
[Policy]

2
meta-digi-dey/recipes-connectivity/bluez/bluez5_5.41.bbappend
View File

@ -40,6 +40,8 @@ do_install_append() {
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/bluetooth-init.service ${D}${systemd_unitdir}/system/bluetooth-init.service
install -m 0644 ${WORKDIR}/main.conf ${D}${sysconfdir}/bluetooth/
sed -i -e "s,##BT_DEVICE_NAME##,${BT_DEVICE_NAME},g" \
${D}${sysconfdir}/bluetooth/main.conf
if [ -n "${@bb.utils.contains('PACKAGECONFIG', 'experimental', 'experimental', '', d)}" ]; then
sed -i '/^SSD_OPTIONS/a SSD_OPTIONS="${SSD_OPTIONS} --experimental"' ${D}${INIT_D_DIR}/bluetooth
fi

5
meta-digi-dey/recipes-connectivity/bluez/bluez5_5.50.bbappend
View File

@ -1,4 +1,4 @@
# Copyright (C) 2015-2019 Digi International.
# Copyright (C) 2015-2020 Digi International.
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:${THISDIR}/${BP}:"
@ -22,6 +22,7 @@ QCA65XX_COMMON_PATCHES = " \
SRC_URI_append_ccimx6ul = " ${QCA65XX_COMMON_PATCHES}"
SRC_URI_append_ccimx6qpsbc = " ${QCA65XX_COMMON_PATCHES}"
SRC_URI_append_ccimx8x = " ${QCA65XX_COMMON_PATCHES}"
SRC_URI_append_ccimx8m = " ${QCA65XX_COMMON_PATCHES}"
inherit update-rc.d
@ -32,6 +33,8 @@ do_install_append() {
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/bluetooth-init.service ${D}${systemd_unitdir}/system/bluetooth-init.service
install -m 0644 ${WORKDIR}/main.conf ${D}${sysconfdir}/bluetooth/
sed -i -e "s,##BT_DEVICE_NAME##,${BT_DEVICE_NAME},g" \
${D}${sysconfdir}/bluetooth/main.conf
# Staging bluetooth internal headers and libs to allow other recipes
# to link against them

24
meta-digi-dey/recipes-connectivity/hostapd/hostapd_%.bbappend
View File

@ -1,14 +1,12 @@
# Copyright (C) 2016-2019 Digi International.
# Copyright (C) 2016-2020 Digi International.
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
SRC_URI_append = " \
file://hostapd_wlan0.conf \
file://hostapd@.service \
${@oe.utils.conditional('HAS_WIFI_VIRTWLANS', 'true', 'file://hostapd_wlan1.conf', '', d)} \
"
SRC_URI_append_ccimx6ul = " file://hostapd_wlan1.conf"
SRC_URI_append_ccimx6qpsbc = " file://hostapd_wlan1.conf"
SRC_URI_append_ccimx8x = " file://hostapd_wlan1.conf"
SYSTEMD_SERVICE_${PN}_append = " hostapd@.service"
@ -20,21 +18,11 @@ do_install_append() {
# Install interface-specific systemd service
install -m 0644 ${WORKDIR}/hostapd@.service ${D}${systemd_unitdir}/system/
sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd@.service
}
do_install_append_ccimx6ul() {
# Install custom hostapd_IFACE.conf file
install -m 0644 ${WORKDIR}/hostapd_wlan1.conf ${D}${sysconfdir}
}
do_install_append_ccimx6qpsbc() {
# Install custom hostapd_IFACE.conf file
install -m 0644 ${WORKDIR}/hostapd_wlan1.conf ${D}${sysconfdir}
}
do_install_append_ccimx8x() {
# Install custom hostapd_IFACE.conf file
install -m 0644 ${WORKDIR}/hostapd_wlan1.conf ${D}${sysconfdir}
if ${HAS_WIFI_VIRTWLANS}; then
# Install custom hostapd_IFACE.conf file
install -m 0644 ${WORKDIR}/hostapd_wlan1.conf ${D}${sysconfdir}
fi
}
pkg_postinst_ontarget_${PN}() {

11
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager/ccimx6/78-mm-digi-xbee-cellular.rules
View File

@ -1,11 +0,0 @@
ACTION!="add|change|move", GOTO="mm_digi_xbee_cellular_modem_end"
# By default, ModemManager expects a default baudrate of 57600bps. Different
# baudrates may be used by setting the ID_MM_TTY_BAUDRATE udev tag.
# ModemManager documentation states that the best practice is to use the DEVPATH
# this way rather than other rules such as KERNEL, so be careful when modifying
DEVPATH=="/devices/soc0/soc.0/2100000.aips-bus/21f4000.serial/tty/ttymxc4", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
DEVPATH=="/devices/soc0/soc/2100000.aips-bus/21f4000.serial/tty/ttymxc4", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
LABEL="mm_digi_xbee_cellular_modem_end"

11
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager/ccimx6ul/78-mm-digi-xbee-cellular.rules
View File

@ -1,11 +0,0 @@
ACTION!="add|change|move", GOTO="mm_digi_xbee_cellular_modem_end"
# By default, ModemManager expects a default baudrate of 57600bps. Different
# baudrates may be used by setting the ID_MM_TTY_BAUDRATE udev tag.
# ModemManager documentation states that the best practice is to use the DEVPATH
# this way rather than other rules such as KERNEL, so be careful when modifying
DEVPATH=="/devices/platform/soc/2100000.aips-bus/21e8000.serial/tty/ttymxc1", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
DEVPATH=="/devices/soc0/soc/2100000.aips-bus/21e8000.serial/tty/ttymxc1", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
LABEL="mm_digi_xbee_cellular_modem_end"

15
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager/ccimx8mn/80-mm-net-device-blacklist.rules Normal file
View File

@ -0,0 +1,15 @@
ACTION!="add|change|move|bind", GOTO="mm_net_device_blacklist_end"
# ModemManager documentation states that the best practice is to use the DEVPATH
# this way rather than other rules such as KERNEL, so be careful when modifying
# Remove Ethernet interfaces from ModemManager probing
SUBSYSTEM=="net", DEVPATH=="/devices/platform/30be0000.ethernet*", ENV{ID_MM_CANDIDATE}="0", ENV{ID_MM_DEVICE_IGNORE}="1"
# Remove SPI-to-CAN interface from ModemManager probing
SUBSYSTEM=="net", DEVPATH=="/devices/platform/30840000.ecspi*", ENV{ID_MM_CANDIDATE}="0", ENV{ID_MM_DEVICE_IGNORE}="1"
# Remove MMC interfaces from ModemManager probing
SUBSYSTEM=="net", DEVPATH=="/devices/platform/30b40000.mmc*", ENV{ID_MM_CANDIDATE}="0", ENV{ID_MM_DEVICE_IGNORE}="1"
LABEL="mm_net_device_blacklist_end"

10
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager/ccimx8x-sbc-express/78-mm-digi-xbee-cellular.rules
View File

@ -1,10 +0,0 @@
ACTION!="add|change|move", GOTO="mm_digi_xbee_cellular_modem_end"
# By default, ModemManager expects a default baudrate of 57600bps. Different
# baudrates may be used by setting the ID_MM_TTY_BAUDRATE udev tag.
# ModemManager documentation states that the best practice is to use the DEVPATH
# this way rather than other rules such as KERNEL, so be careful when modifying
DEVPATH=="/devices/platform/5a060000.serial/tty/ttyLP0", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
LABEL="mm_digi_xbee_cellular_modem_end"

10
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager/ccimx8x-sbc-pro/78-mm-digi-xbee-cellular.rules
View File

@ -1,10 +0,0 @@
ACTION!="add|change|move", GOTO="mm_digi_xbee_cellular_modem_end"
# By default, ModemManager expects a default baudrate of 57600bps. Different
# baudrates may be used by setting the ID_MM_TTY_BAUDRATE udev tag.
# ModemManager documentation states that the best practice is to use the DEVPATH
# this way rather than other rules such as KERNEL, so be careful when modifying
DEVPATH=="/devices/platform/5a800000.i2c/i2c-0/0-0063/mca-cc8x-uart/tty/ttyMCA0", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1", ENV{ID_MM_PHYSDEV_UID}="Digi XBee Cellular"
LABEL="mm_digi_xbee_cellular_modem_end"

6
meta-digi-dey/recipes-connectivity/modemmanager/modemmanager_%.bbappend
View File

@ -3,7 +3,6 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
SRC_URI += " \
file://78-mm-digi-xbee-cellular.rules \
file://80-mm-net-device-blacklist.rules \
file://late-modems-scan.service \
file://late-modems-scan.timer \
@ -15,11 +14,8 @@ SRC_URI += " \
PACKAGECONFIG_remove = " polkit"
do_install_append() {
# Install udev rules for XBee cellular
install -d ${D}${nonarch_base_libdir}/udev/rules.d
install -m 0644 ${WORKDIR}/78-mm-digi-xbee-cellular.rules ${D}${nonarch_base_libdir}/udev/rules.d/
# Install udev rules for ModemManager blacklist devices
install -d ${D}${nonarch_base_libdir}/udev/rules.d
install -m 0644 ${WORKDIR}/80-mm-net-device-blacklist.rules ${D}${nonarch_base_libdir}/udev/rules.d/
# Install systemd service for scanning late modems

41
meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-cryptoc.patch
View File

@ -1,41 +0,0 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Thu, 31 Jan 2019 18:01:02 +0100
Subject: [PATCH] Modify openssl.cnf to automatically load the cryptochip
engine
https://jira.digi.com/browse/DEL-5592
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
apps/openssl.cnf | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 6df2878d50..762582f4d0 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -3,6 +3,8 @@
# This is mostly being used for generation of certificate requests.
#
+openssl_conf = openssl_init
+
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
@@ -348,3 +350,14 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
+
+[ openssl_init ]
+engines = engine_section
+
+[ engine_section ]
+ateccx08 = ateccx08_config
+
+[ ateccx08_config ]
+engine_id = ateccx08
+dynamic_path = /usr/lib/ssl/engines/libateccssl.so
+init = 0

40
meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-pkcs11-.patch Normal file
View File

@ -0,0 +1,40 @@
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Tue, 12 Nov 2019 12:00:07 +0100
Subject: [PATCH] Modify openssl.cnf to automatically load the pkcs11 engine
https://jira.digi.com/browse/DEL-6835
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
apps/openssl.cnf | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 4acca4b..2261048 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -7,6 +7,8 @@
# file using the .include directive.
#.include filename
+openssl_conf = openssl_init
+
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
@@ -348,3 +350,15 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
+
+[ openssl_init ]
+engines = engine_section
+
+[ engine_section ]
+pkcs11 = pkcs11_config
+
+[ pkcs11_config ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines-1.1/pkcs11.so
+MODULE_PATH = /usr/lib/libcryptoauth.so.2018.10.26
+init = 0

2
meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend
View File

@ -3,7 +3,7 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
CRYPTOCHIP_COMMON_PATCHES = " \
file://0001-Modify-openssl.cnf-to-automatically-load-the-cryptoc.patch \
file://0001-Modify-openssl.cnf-to-automatically-load-the-pkcs11-.patch \
"
SRC_URI_remove = " \

7
meta-digi-dey/recipes-connectivity/packagegroups/packagegroup-dey-wireless.bb
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2012-2019 Digi International.
# Copyright (C) 2012-2020 Digi International.
#
SUMMARY = "Wireless packagegroup for DEY image"
@ -8,12 +8,11 @@ inherit packagegroup
RDEPENDS_${PN} = "\
crda \
hostapd \
iw \
wpa-supplicant \
wpa-supplicant-cli \
wpa-supplicant-passphrase \
"
RDEPENDS_${PN}_append_ccimx6ul = " hostapd"
RDEPENDS_${PN}_append_ccimx6qpsbc = " hostapd"
RDEPENDS_${PN}_append_ccimx8x = " hostapd"
RDEPENDS_${PN}_remove_ccimx6sbc = "hostapd"

18
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/ccimx6qpsbc/wpa_supplicant.conf-sane
View File

@ -1,18 +0,0 @@
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
fast_reauth=1
update_config=1
ap_scan=1
# Static scheduled scan interval time in seconds
#
# The wpa-supplicant dynamically adjusts the scheduled scan time interval. On
# occassions, fixing the interval time is helpful, for example on DFS channels.
#sched_scan_interval=2
network={
scan_ssid=1
ssid=""
key_mgmt=NONE
}

Some files were not shown because too many files have changed in this diff Show More