Merge tag 'dey-2.0-r3.2' into dey-2.0/master

Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of the fixed SHA1s from the tag. Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2016-08-16 12:03:41 +02:00 · 2016-08-16 12:03:41 +02:00 · a7400b47f4
parent c4bf4c791a c92db49554
commit a7400b47f4
22 changed files with 185 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -1,11 +1,14 @@
 # Digi Embedded Yocto (DEY) 2.0
-## Release 2.0-master
+## Release 2.0-r3
 This document provides information about Digi Embedded Yocto,
 Digi International's professional embedded Yocto development environment.
 Digi Embedded Yocto 2.0 is based on the 2.0 (Jethro) Yocto release.
 For a full list of supported features and interfaces please refer to the
 online documentation.
 # Supported Platforms
 The current release supports the following hardware platforms:
@ -28,7 +31,6 @@ Software for the following hardware platforms is in beta support:
 * Digi ConnectCore 6UL
  * [Digi P/N CC-WMX-JN58-NE](http://www.digi.com/products/models/cc-wmx-jn58-ne)
  * [Digi P/N CC-MX-JN58-Z1](http://www.digi.com/products/models/cc-mx-jn58-z1)
 * Digi ConnectCore 6UL Starter Kit
  * [Digi P/N CC-WMX6UL-START](http://www.digi.com/products/models/cc-wmx6ul-start) ([Get Started](https://www.digi.com/resources/documentation/digidocs/90001514/default.htm#concept/yocto/c_get_started_with_yocto.htm))
@ -52,13 +54,11 @@ Documentation is available online on the Digi documentation site:
 # Downloads
-* [Demo images](TBC)
+* Demo images: ftp://ftp1.digi.com/support/digiembeddedyocto/2.0/r3/images/
-* [Software Development Kit (SDK)](TBC)
+* Software Development Kit (SDK): ftp://ftp1.digi.com/support/digiembeddedyocto/2.0/r3/sdk/
 # Release Changelog
 ## 2.0-r4
 ## 2.0-r3
 * Support for the new Digi ConnectCore 6UL System-On-Module and Starter Kit
@ -90,9 +90,18 @@ Documentation is available online on the Digi documentation site:
 # Known Issues and Limitations
 This is a list of known issues and limitations at the time of release. An
 updated list can be found on the online documentation.
 * When using the TrustFence (TM) U-Boot environment encryption, access to the
 U-Boot environment from the Linux OS is not supported.
 ## Digi ConnectCore 6UL
-## Digi ConnectCore 6UL Starter Kit
+* In the Bluetooth interface, the UART hardware flow control doesn’t work
 properly. To work around this problem the UART is configured without hardware
 flow control at 115200 bps, reducing the maximum throughput of this interface.
 This problem will be corrected in newer revisions of the hardware.
 ## Digi ConnectCore 6
@ -108,19 +117,21 @@ modes:
 softAP mode
 * A maximum of ten connected devices are supported when using Qualcomm's AR6233
 Bluetooth Low Energy mode
 * When using TrustFence encrypted images secure boot support, the CAAM will
 hang the processor when trying to authenticate an encrypted kernel image after
 a failed attempt. Hence the target needs to be reset after an authentication
 failure.
 * NXP i.MX6 processor does not set the sticky bit which write protects the
 SRK_REVOKE eFuse on closed devices. This means that in the ConnectCore 6,
 key revocation is always possible, no matter the value of the Yocto macro
 TRUSTFENCE_UNLOCK_KEY_REVOCATION.
 * When using TrustFence (TM)  encrypted images secure boot support, the CAAM
 will hang the processor when trying to authenticate an encrypted kernel image
 after a failed attempt. Hence the target needs to be reset after an
 authentication failure.
 ## Digi ConnectCore 6 SBC
 * The Micrel PHY KSZ9031 may take between five and six seconds to
 auto-negotiate with Gigabit switches
 * Secure uSD booting only supports booting signed images. A uSD image is not
 generated if TrustFence (TM) image encryption support is enabled.
 # Support Contact Information
--- a/meta-digi-arm/classes/image_types_digi.bbclass
+++ b/meta-digi-arm/classes/image_types_digi.bbclass
@ -185,8 +185,14 @@ IMAGE_CMD_sdcard() {
 	parted -s ${SDIMG} -- unit KiB mkpart primary ext2 $(expr ${IMAGE_ROOTFS_ALIGNMENT} \+ ${BOOT_SPACE_ALIGNED}) -1s
 	parted -s ${SDIMG} unit KiB print
 	# Set u-boot image to flash depending on whether TRUSTFENCE_SIGN is enabled
 	SDIMG_UBOOT="${DEPLOY_DIR_IMAGE}/${UBOOT_SYMLINK}"
 	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
 		SDIMG_UBOOT="$(readlink -e ${SDIMG_UBOOT} | sed -e 's,u-boot-,u-boot-signed-,g')"
 	fi
 	# Burn bootloader, boot and rootfs partitions
-	dd if=${DEPLOY_DIR_IMAGE}/${UBOOT_SYMLINK} of=${SDIMG} conv=notrunc,fsync seek=2 bs=512
+	dd if=${SDIMG_UBOOT} of=${SDIMG} conv=notrunc,fsync seek=2 bs=512
 	dd if=${SDIMG_BOOTFS} of=${SDIMG} conv=notrunc,fsync seek=1 bs=$(expr ${IMAGE_ROOTFS_ALIGNMENT} \* 1024)
 	dd if=${SDIMG_ROOTFS} of=${SDIMG} conv=notrunc,fsync seek=1 bs=$(expr ${IMAGE_ROOTFS_ALIGNMENT} \* 1024 + ${BOOT_SPACE_ALIGNED} \* 1024)
 }
--- a/meta-digi-arm/conf/machine/include/ccimx6.inc
+++ b/meta-digi-arm/conf/machine/include/ccimx6.inc
@ -27,7 +27,7 @@ MACHINE_EXTRA_RDEPENDS += " \
    e2fsprogs-mke2fs \
    e2fsprogs-resize2fs \
    parted \
-    u-boot-fw-utils \
+    ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \
 "
 MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}"
 MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module rng-tools"
--- a/meta-digi-arm/conf/machine/include/ccimx6ul.inc
+++ b/meta-digi-arm/conf/machine/include/ccimx6ul.inc
@ -22,7 +22,7 @@ MACHINE_FIRMWARE ?= ""
 MACHINE_EXTRA_RDEPENDS += " \
    imx-kobs \
    mtd-utils-ubifs \
-    u-boot-fw-utils \
+    ${@base_conditional('TRUSTFENCE_ENCRYPT_ENVIRONMENT', '1', '', 'u-boot-fw-utils', d)} \
 "
 MACHINE_EXTRA_RRECOMMENDS += "${MACHINE_FIRMWARE} ${WIRELESS_MODULE}"
 MACHINE_EXTRA_RRECOMMENDS += "fsl-alsa-plugins cryptodev-module"
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey_2015.04.bb
@ -36,7 +36,7 @@ UBOOT_EXTRA_CONF ?= ""
 python __anonymous() {
    if (d.getVar("TRUSTFENCE_DEK_PATH", True) not in ["0", None]) and (d.getVar("TRUSTFENCE_SIGN", True) != "1"):
-         bb.fatal("Only signed U-Boot images can be encrypted. Generate signed images (TRUSTFENCE_SIGN=1) or remove encryption (TRUSTFENCE_DEK_PATH = 0)")
+         bb.fatal("Only signed U-Boot images can be encrypted. Generate signed images (TRUSTFENCE_SIGN = \"1\") or remove encryption (TRUSTFENCE_DEK_PATH = \"0\")")
 }
 do_compile () {
--- a/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm-pre-up
+++ b/meta-digi-arm/recipes-kernel/kernel-module-qualcomm/kernel-module-qualcomm/qualcomm-pre-up
@ -61,7 +61,9 @@ case "${DTB_REGION_CODE}" in
 	${US_CODE}|${WW_CODE}|${JP_CODE})
 		REGULATORY_DOMAIN=${DTB_REGION_CODE};;
 	*)
 		if [ -n "${DTB_REGION_CODE}" ]; then
 			logger -t qca6564 "[ERROR] Invalid region code in device tree, using OTP value"
 		fi
 		REGULATORY_DOMAIN=${OTP_REGION_CODE};;
 esac
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey-4.1/ccimx6ul/defconfig
@ -43,7 +43,6 @@ CONFIG_VFP=y
 CONFIG_NEON=y
 CONFIG_BINFMT_MISC=m
 CONFIG_PM_DEBUG=y
 CONFIG_PM_TEST_SUSPEND=y
 CONFIG_NET=y
 CONFIG_PACKET=y
 CONFIG_UNIX=y
@ -188,6 +187,7 @@ CONFIG_CPU_THERMAL=y
 CONFIG_IMX_THERMAL=y
 CONFIG_DEVICE_THERMAL=y
 CONFIG_WATCHDOG=y
 CONFIG_WATCHDOG_NOWAYOUT=y
 CONFIG_MCA_CC6UL_WATCHDOG=y
 CONFIG_IMX2_WDT=y
 CONFIG_MFD_DA9052_I2C=y
@ -216,7 +216,6 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
 CONFIG_VIDEO_CODA=y
 CONFIG_SOC_CAMERA_OV2640=y
 CONFIG_DRM=y
 CONFIG_DRM_VIVANTE=y
 CONFIG_FB=y
 CONFIG_FB_MXS=y
 CONFIG_FB_MXC_SYNC_PANEL=y
@ -308,7 +307,6 @@ CONFIG_MXC_PXP_V2=y
 CONFIG_MXC_PXP_V3=y
 CONFIG_IMX_SDMA=y
 CONFIG_MXS_DMA=y
 CONFIG_DMATEST=m
 CONFIG_STAGING=y
 CONFIG_STAGING_MEDIA=y
 # CONFIG_IOMMU_SUPPORT is not set
@ -332,11 +330,6 @@ CONFIG_QUOTA_NETLINK_INTERFACE=y
 # CONFIG_PRINT_QUOTA_WARNING is not set
 CONFIG_AUTOFS4_FS=y
 CONFIG_FUSE_FS=y
 CONFIG_ISO9660_FS=m
 CONFIG_JOLIET=y
 CONFIG_ZISOFS=y
 CONFIG_UDF_FS=m
 CONFIG_MSDOS_FS=m
 CONFIG_VFAT_FS=y
 CONFIG_TMPFS=y
 CONFIG_JFFS2_FS=y
@ -380,10 +373,10 @@ CONFIG_CRYPTO_TWOFISH=y
 # CONFIG_CRYPTO_ANSI_CPRNG is not set
 CONFIG_CRYPTO_DEV_FSL_CAAM=y
 CONFIG_CRYPTO_DEV_FSL_CAAM_SM=y
 CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST=y
 CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO=y
 CONFIG_CRC_CCITT=m
 CONFIG_CRC_T10DIF=y
 CONFIG_CRC_ITU_T=m
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_FONTS=y
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@ -65,3 +65,6 @@ python () {
    if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT", True) == "1"):
        d.appendVar("UBOOT_EXTRA_CONF", 'CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y')
 }
 # SDCARD image is not supported when encryption is enabled, so disable it in such cases
 IMAGE_FSTYPES_remove = "${@'' if d.getVar('TRUSTFENCE_DEK_PATH', True) == '0' else 'sdcard'}"
--- a/meta-digi-dey/conf/distro/dey.conf
+++ b/meta-digi-dey/conf/distro/dey.conf
@ -1,6 +1,6 @@
 DISTRO = "dey"
 DISTRO_NAME = "Digi Embedded Yocto"
-DISTRO_VERSION = "2.0-r2"
+DISTRO_VERSION = "2.0-r3"
 DISTRO_CODENAME = "jethro"
 SDK_VENDOR = "-deysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'}"
--- a/meta-digi-dey/recipes-core/base-files/base-files/resize-ext4fs.sh
+++ b/meta-digi-dey/recipes-core/base-files/base-files/resize-ext4fs.sh
@ -26,9 +26,12 @@ get_emmc_block_device() {
 }
 RESIZE2FS="$(which resize2fs)"
 DM_BLOCK_DEVICE="/dev/dm-"
 EMMC_BLOCK_DEVICE="$(get_emmc_block_device)"
 if [ -x "${RESIZE2FS}" -a -n "${EMMC_BLOCK_DEVICE}" ]; then
 	PARTITIONS="$(blkid | sed -ne "{s,\(^${EMMC_BLOCK_DEVICE}[^:]\+\):.*TYPE=\"ext4\".*,\1,g;T;p}" | sort -u)"
 	# Add possible device mapper devices
 	PARTITIONS="${PARTITIONS} $(blkid | sed -ne "{s,\(^${DM_BLOCK_DEVICE}[^:]\+\):.*TYPE=\"ext4\".*,\1,g;T;p}" | sort -u)"
 	for i in ${PARTITIONS}; do
 		if ! ${RESIZE2FS} ${i} 2>/dev/null; then
 			echo "ERROR: resize2fs ${i}"
--- a/meta-digi-dey/recipes-core/busybox/busybox-1.23.2/ccimx6ul/acpid.map
+++ b/meta-digi-dey/recipes-core/busybox/busybox-1.23.2/ccimx6ul/acpid.map
@ -0,0 +1,3 @@
 #s_type	n_type(hex)	s_code		n_code	value	description
 EV_KEY	0x01		KEY_SLEEP	142	1	pswitch-suspend
 EV_KEY	0x01		KEY_POWER	116	1	pswitch-poweroff
--- a/meta-digi-dey/recipes-core/busybox/busybox-1.23.2/ccimx6ul/suspend
+++ b/meta-digi-dey/recipes-core/busybox/busybox-1.23.2/ccimx6ul/suspend
@ -29,12 +29,16 @@ suspend_interfaces() {
 	if grep -qs '^wlan0' /var/run/ifstate; then
 		ifdown wlan0 && up_wlan_on_resume="1" && sleep 0.5 && rmmod wlan
 	fi
 	if hcitool -i hci0 dev >/dev/null 2>&1; then
 		hciconfig hci0 down && up_hci0_on_resume="1" && sleep 0.5
 	fi
 }
 resume_interfaces() {
 	if ! grep -qs '^wlan0' /var/run/ifstate; then
 		[ -n "${up_wlan_on_resume}" ] && modprobe wlan && sleep 0.5 && ifup wlan0
 	fi
 	[ -n "${up_hci0_on_resume}" ] && hciconfig hci0 up
 }
 while getopts "h" c; do
--- a/meta-digi-dey/recipes-core/busybox/busybox_1.23.2.bbappend
+++ b/meta-digi-dey/recipes-core/busybox/busybox_1.23.2.bbappend
@ -38,6 +38,9 @@ FILES_${PN}-acpid = " ${sysconfdir}/init.d/busybox-acpid \
 INITSCRIPT_PACKAGES =+ "${PN}-acpid"
 INITSCRIPT_NAME_${PN}-acpid = "busybox-acpid"
 # Start busybox-syslog at a very early state
 INITSCRIPT_PARAMS_${PN}-syslog = "defaults 02"
 # static-nodes package (create static nodes from /etc/device_table)
 PACKAGES =+ "${PN}-static-nodes"
 FILES_${PN}-static-nodes = "${sysconfdir}/init.d/busybox-static-nodes"
--- a/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend
+++ b/meta-digi-dey/recipes-core/init-ifupdown/init-ifupdown_1.0.bbappend
@ -46,37 +46,38 @@ do_install_append() {
 	# Cellular interface
 	if [ -n "${@bb.utils.contains('DISTRO_FEATURES', 'cellular', '1', '', d)}" ] && [ -n "${CELLULAR_INTERFACE}" ]; then
 		cat ${WORKDIR}/interfaces.cellular >> ${D}${sysconfdir}/network/interfaces
 		[ -n "${CELLULAR_AUTO}" ] && sed -i -e 's/^#auto ##CELLULAR_INTERFACE##/auto ##CELLULAR_INTERFACE##/g' ${D}${sysconfdir}/network/interfaces
 		sed -i -e 's,##CELLULAR_INTERFACE##,${CELLULAR_INTERFACE},g' ${D}${sysconfdir}/network/interfaces
-		[ -n "${CELLULAR_AUTO}" ] && sed -i -e 's/#auto/auto/g' ${D}${sysconfdir}/network/interfaces
+
 		if [ -n "${CELLULAR_APN}" ]; then
-			sed -i -e 's/apn/apn ${CELLULAR_APN}/g' ${D}${sysconfdir}/network/interfaces
+			sed -i -e 's/^\([[:blank:]]*\)apn/\1apn ${CELLULAR_APN}/g' ${D}${sysconfdir}/network/interfaces
 		else
-			sed -i -e '/apn/d' ${D}${sysconfdir}/network/interfaces
+			sed -i -e '/^[[:blank:]]*apn/d' ${D}${sysconfdir}/network/interfaces
 		fi
 		if [ -n "${CELLULAR_PIN}" ]; then
-			sed -i -e 's/pin/pin ${CELLULAR_PIN}/g' ${D}${sysconfdir}/network/interfaces
+			sed -i -e 's/^\([[:blank:]]*\)pin/\1pin ${CELLULAR_PIN}/g' ${D}${sysconfdir}/network/interfaces
 		else
-			sed -i -e '/pin/d' ${D}${sysconfdir}/network/interfaces
+			sed -i -e '/^[[:blank:]]*pin/d' ${D}${sysconfdir}/network/interfaces
 		fi
 		if [ -n "${CELLULAR_PORT}" ]; then
-			sed -i -e 's/port/port ${CELLULAR_PORT}/g' ${D}${sysconfdir}/network/interfaces
+			sed -i -e 's/^\([[:blank:]]*\)port/\1port ${CELLULAR_PORT}/g' ${D}${sysconfdir}/network/interfaces
 			sed -i -e 's,dhcp,manual,g' ${D}${sysconfdir}/network/interfaces
 		else
-			sed -i -e '/port/d' ${D}${sysconfdir}/network/interfaces
+			sed -i -e '/^[[:blank:]]*port/d' ${D}${sysconfdir}/network/interfaces
 		fi
 		if [ -n "${CELLULAR_USER}" ]; then
-			sed -i -e 's/user/user ${CELLULAR_PORT}/g' ${D}${sysconfdir}/network/interfaces
+			sed -i -e 's/^\([[:blank:]]*\)user/\1user ${CELLULAR_USER}/g' ${D}${sysconfdir}/network/interfaces
 		else
-			sed -i -e '/user/d' ${D}${sysconfdir}/network/interfaces
+			sed -i -e '/^[[:blank:]]*user/d' ${D}${sysconfdir}/network/interfaces
 		fi
 		if [ -n "${CELLULAR_PASSWORD}" ]; then
-			sed -i -e 's/password/password ${CELLULAR_PORT}/g' ${D}${sysconfdir}/network/interfaces
+			sed -i -e 's/^\([[:blank:]]*\)password/\1password ${CELLULAR_PASSWORD}/g' ${D}${sysconfdir}/network/interfaces
 		else
-			sed -i -e '/password/d' ${D}${sysconfdir}/network/interfaces
+			sed -i -e '/^[[:blank:]]*password/d' ${D}${sysconfdir}/network/interfaces
 		fi
 	fi
--- a/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb
+++ b/meta-digi-dey/recipes-core/packagegroups/packagegroup-dey-core.bb
@ -55,3 +55,5 @@ RRECOMMENDS_${PN} = "\
    ${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \
    ${MACHINE_EXTRA_RRECOMMENDS} \
 "
 do_package[vardeps] = "TRUSTFENCE_ENCRYPT_ENVIRONMENT"
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb
@ -4,13 +4,17 @@ SUMMARY = "Trustfence initramfs required files"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
-SRC_URI = "file://trustfence-initramfs-init"
+SRC_URI = " \
    file://trustfence-initramfs-init \
    file://trustfence-install.sh \
 "
 S = "${WORKDIR}"
 do_install() {
-	install -d ${D}${sbindir}
+	install -d ${D}${base_sbindir}
 	install -m 0755 trustfence-initramfs-init ${D}/init
 	install -m 0755 trustfence-install.sh ${D}${base_sbindir}
 }
 # Do not create debug/devel packages
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init
@ -31,10 +31,13 @@ mkdir -p /var/run && rngd
 for arg in $(cat /proc/cmdline); do
 	case "${arg}" in
-		init=*|rescue=1|root=*) eval ${arg};;
+		init=*|rescue=1|root=*|trustfence_install=*) eval ${arg};;
 	esac
 done
 # Translate "PARTUUID=..." to real device
 root="$(findfs ${root})"
 # Jump to a rescue shell if requested
 if [ -n "${rescue}" ]; then
 	# Expand console and respawn if exited
@ -44,8 +47,14 @@ if [ -n "${rescue}" ]; then
 	done
 fi
-# Translate "PARTUUID=..." to real device
+# Run install script if "trustfence_install" kernel parameter exists
-root="$(findfs ${root})"
+if [ -n "${trustfence_install}" ]; then
 	trustfence-install.sh ${trustfence_install} ${root}
 	sleep 1
 	echo ">> Rebooting the system"
 	sleep 1
 	sync && reboot -f
 fi
 # Open LUKS encrypted device
 if trustfence-tool ${root} cryptroot; then
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-install.sh
@ -0,0 +1,89 @@
 #!/bin/sh
 #===============================================================================
 #
 #  trustfence-install.sh
 #
 #  Copyright (C) 2016 by Digi International Inc.
 #  All rights reserved.
 #
 #  This program is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU General Public License version 2 as published by
 #  the Free Software Foundation.
 #
 #
 #  !Description: Wrapper script for initial deployment of encrypted rootfs
 #
 #  The script gathers the needed information from the 'trustfence_install'
 #  kernel command line parameter with following syntax:
 #
 #    trustfence_install="source:serverip:filename"
 #      source   -> 'tftp' | <block-device>
 #      serverip -> <tftp-ip> | ''               (serverip or empty if local)
 #      filename -> <image-filename>             (path relative to 'source')
 #
 #  For 'tftp' mode the kernel IP autoconfig may be used to bring the network
 #  interface up, with 'ip' kernel parameter. Examples:
 #
 #    ip=<static-ip>:::<netmask>::eth0:off
 #    ip=dhcp
 #
 #  This script is meant for testing purposes. It's NOT a stable API and may
 #  be subject to change.
 #
 #===============================================================================
 set -o pipefail
 TF_INSTALL_INFO="${1}"
 TF_ROOTFS_DEV="${2}"
 error() {
 	[ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}"
 	exit 1
 }
 # Parse trustfence_install kernel parameter
 IFS=":" read SOURCE SERVERIP FILENAME <<_EOF_
 ${TF_INSTALL_INFO}
 _EOF_
 # Validate command line arguments
 if [ -z "${SOURCE}" ] || [ -z "${FILENAME}" ] || { [ "${SOURCE}" = "tftp" ] && [ -z "${SERVERIP}" ]; }; then
 	error "wrong 'trustfence_install' parameter: ${TF_INSTALL_INFO}"
 elif ! [ -b "${TF_ROOTFS_DEV}" ]; then
 	error "${TF_ROOTFS_DEV} is not a block device"
 fi
 # Generate random key, initialize the partition and open the virtual mapped device
 trustfence-tool --format --newkey "${TF_ROOTFS_DEV}" cryptroot
 if [ "${?}" != "0" ]; then
 	error "trustfence-tool: open mapped device"
 fi
 # Install image to the encrypted mapped device
 if [ "${SOURCE}" = "tftp" ]; then
 	printf "\nInstalling ${FILENAME} from TFTP\n\n"
 	tftp -g -l - -r "${FILENAME}" "${SERVERIP}" | pv -tprebW | dd of=/dev/mapper/cryptroot 2>/dev/null
 	if [ "${?}" != "0" ]; then
 		error "write ${FILENAME}"
 	fi
 elif [ -b "${SOURCE}" ]; then
 	printf "\nInstalling ${FILENAME} from local media\n\n"
 	MOUNTPOINT="/media/$(basename ${SOURCE})"
 	FSTYPE="$(blkid ${SOURCE} | sed -e 's,.*TYPE="\([^"]\+\)".*,\1,g')"
 	mkdir -p ${MOUNTPOINT}
 	mount -r ${FSTYPE:+-t ${FSTYPE}} ${SOURCE} ${MOUNTPOINT}
 	pv -tprebW ${MOUNTPOINT}/${FILENAME} | dd of=/dev/mapper/cryptroot 2>/dev/null
 	if [ "${?}" != "0" ]; then
 		error "write ${FILENAME}"
 	fi
 	umount ${SOURCE}
 else
 	error "${SOURCE} is neither a block device nor 'tftp'"
 fi
 echo ""
 echo "#######################"
 echo "#  Install completed  #"
 echo "#######################"
 echo ""
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-tool_1.0.bb
@ -6,7 +6,7 @@ LICENSE = "CLOSED"
 SRC_URI = "${DIGI_PKG_SRC}/${BP}.tar.gz"
-SRC_URI[md5sum] = "1140b71d0e619001b677117e8938be48"
+SRC_URI[md5sum] = "eea4efe8b8e7527a0ffeea16fd238ba3"
-SRC_URI[sha256sum] = "13eecca139dfb6470204c75291c5791144dea098653f52d39d847b2aee3fe19b"
+SRC_URI[sha256sum] = "aefeb08f2db59c891cf1162488499448bf9d80d64b2778d4fda11343793373e7"
 inherit bin_package
--- a/sdk/build-github.sh
+++ b/sdk/build-github.sh
@ -29,7 +29,7 @@ MANIFEST_URL="https://github.com/digi-embedded/dey-manifest.git"
 RM_WORK_CFG="
 INHERIT += \"rm_work\"
 # Exclude rm_work for some key packages (for debugging purposes)
-RM_WORK_EXCLUDE += \"dey-image-qt linux-dey u-boot-dey\"
+RM_WORK_EXCLUDE += \"dey-image-qt linux-dey qtbase u-boot-dey\"
 "
 X11_REMOVAL_CFG="
--- a/sdk/build.sh
+++ b/sdk/build.sh
@ -42,7 +42,7 @@ BB_GENERATE_MIRROR_TARBALLS = \"1\"
 RM_WORK_CFG="
 INHERIT += \"rm_work\"
 # Exclude rm_work for some key packages (for debugging purposes)
-RM_WORK_EXCLUDE += \"dey-image-qt linux-dey u-boot-dey\"
+RM_WORK_EXCLUDE += \"dey-image-qt linux-dey qtbase u-boot-dey\"
 "
 X11_REMOVAL_CFG="
@ -238,7 +238,7 @@ for platform in ${DY_PLATFORMS}; do
 					printf "\n[INFO] Building the ${target} target.\n"
 					time bitbake ${target}
 					# Build the toolchain for DEY images
-					if [ "${DY_BUILD_TCHAIN}" = "true" ] && echo "${target}" | grep -qs '^dey-image-[^-]\+$'; then
+					if [ "${DY_BUILD_TCHAIN}" = "true" ] && echo "${target}" | grep -qs '^\(core\|dey\)-image-[^-]\+$'; then
 						printf "\n[INFO] Building the toolchain for ${target}.\n"
 						time bitbake -c populate_sdk ${target}
 					fi
--- a/sdk/mkproject.sh
+++ b/sdk/mkproject.sh
@ -28,7 +28,7 @@ MKP_NONE="\033[0m"
 MKP_CONFIGPATH="${MKP_SCRIPTPATH}/sources/meta-digi/sdk/config"
 # Blacklist platforms (not officially supported in a DEY release)
-MKP_BLACKLIST_PLATFORMS=""
+MKP_BLACKLIST_PLATFORMS="ccardimx28js"
 MKP_SETUP_ENVIRONMENT='#!/bin/bash