This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.1. It introduces support for encrypted boot artifacts,
including TF-A and FIP for the ConnectCore MP13 platform.
https://onedigi.atlassian.net/browse/DEL-8535
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Kernel commit b6ae6fee73eab568ba49a4a489fdac6bb5027997 removed the
RTO-based flush logic in stm32-usart.
As a result, the RT patch no longer applies cleanly because it
modifies the receive_chars() call using the old context.
Update the RT patch to match the new baseline while preserving
the PREEMPT_RT locking changes.
https://onedigi.atlassian.net/browse/DEL-10000
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The fragment-07-rt-sysvinit.config disables several cgroup
controllers (PIDS, CPUACCT, DEVICE, FREEZER, etc.) and is
intended for minimal RT configurations using sysvinit.
It is currently applied unconditionally for STM32MP RT builds,
including systemd-based systems. This breaks container runtimes
such as podman, which require full cgroup support (notably
CONFIG_CGROUP_PIDS) when running on PREEMPT_RT kernels.
Apply the sysvinit RT fragment only when the 'sysvinit'
DISTRO_FEATURE is enabled, leaving systemd configurations
unaffected.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The ConnectCore 95 SMARC module has an MCA so we need to
build the mca-tool for this platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Due to GPIO1 port belongs to the Always-ON (AON) domain and probed last,
port GPIO4 is probed as gpio2.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
CONFIG_BRIDGE_NETFILTER depends on CONFIG_NETFILTER_ADVANCED.
Some platforms enable this support, while others do not, so add it as an
explicit dependency.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.145-2026_0108.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.590.3
- 2EC Wireless chip: v18.53.546.29
These updates are included as part of the imx-styhead-longma_r1.0 Murata release.
https://onedigi.atlassian.net/browse/DEL-9960
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The i.MX91 does not include an NPU; only the i.MX93 does.
Remove the Ethos-U firmware support that was accidentally added during
code reorganization.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
While BTRFS can be useful on server-class systems (e.g. RAID-based or
snapshot-heavy setups), enabling it unconditionally is not appropriate
for typical embedded systems. It introduces unnecessary kernel
complexity, pulls in RAID6 support, and increases kernel boot time by
approximately 0.7 seconds.
This reverts commit 503e50f392.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Revert patch. This is covered in Linux DT directly for SOM v2.
This reverts commit 8f7ece342d.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Some of the hardware settings that were common between the cc93/cc91 SOMs
and DVK are not common for the cc95.
This commit moves those defines from common ccimx9.inc to each specific
machine configuration file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Blacklist the Bluetooth kernel module for CC95 (hci_uart) to let user
space bluetooth-init script load/unload it.
While on it, group blacklisting of all platforms using Murata chipsets.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For SOM v2, the Wi-Fi chipset has been changed, which requires
overlays that are specific to cc95, different than the ones
for cc93/cc91.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9915
Use the SDMA firmware provided by linux-firmware for i.MX6 and i.MX8
platforms. The SDMA blobs shipped in linux-firmware and firmware-imx are
identical, so just use the upstream ones as meta-freescale does.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Version 1.14.0 is no longer available, as meta-openembedded updated it
to version 1.14.1. Update our preferred version using a wildcard.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M4
co-processor by verifying images against custom public key from OP-TEE.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add RSA key generation support for the Cortex-M4 co-processor on
ConnectCore MP15 platforms as part of DEY TrustFence framework.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Select the proper OP-TEE board configuration in the optee-os-stm32mp recipe so
trusted applications are built/exported correctly in the SDK. Without this
change, the build may choose a different MACHINE and trigger unexpected
compilation issues.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a dynamic layer to integrate X-LINUX-ISP v6.1.0 ST layer into DEY,
providing ISP image quality software, tools, and example applications for
STM32MP25x series.
https://onedigi.atlassian.net/browse/DEL-9890
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For both wireless and Bluetooth regulatory domain files, install the
files as is and create symlinks for the different regulatory domains.
Then, the drivers are responsible of loading the default files (US for
wireless, FCC for Bluetooth) or other files when specified through the
'regdmn' module parameters.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.110-2025_0718.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.522.8
- 2FY Bluetooth chip: v1.2.32.40.33 FCC and CE.JP
These updates are included as part of the imx-scarthgap-kraken_r1.0 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Correct the bootloader artifact names (TF-A and FIP) for CCMP1/CCMP2 during
.swu generation with TrustFence enabled.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Distribute all the required bootloader artifacts required for USB recovery
as part of the ZIP installer. That way, every pre-compiled set of images
is enough for starting development.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
As the HWID support is not implemented yet, is needed to fill
the wireless information in the DT structure to have Wi-Fi and
Bluetooth working.
This is just a temporal patch for initial prototypes.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Other platforms that have flutter support use clang to build the flutter-engine
recipe, so do the same with the ccmp15. meta-flutter uses clang for a set of
its recipes (mainly flutter-engine) as long as meta-clang is in the bblayers,
so all we need to do is add said layer.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Updated error guidance to use `./install_linux_fw_uuu.sh -u <uboot_file>`
instead of setting INSTALL_UBOOT_FILENAME manually.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We originally removed GUI-related layers from headless platforms in commit
ef26e935d0, but we left meta-webkit in the ccimx91's bblayers due to a
spurious selinux dependency. Since we recently removed both the webkit and
selinux layers from the ccimx95's bblayers in commit 2aaa76c963, do the same
for the ccimx91.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
GPIO1 port access was not enabled on ATF because NXP
reserved it to have exclusive access from the secure
world on their EVK.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9839
The new image runs the local ConnectCore demo application using chromium
on the ccimx95.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
At the moment, webkit does not work well on the ccimx95. Running cog on
wayland crashes with:
eglCreateWaylandBufferFromImageWL not found
cog-platform-wl.c:1731:on_export_wl_egl_image: assertion failed: (wpe_view_data.buffer)
So just delete the layer from the project's config file. Selinux layer
depends on meta-webkit, so we need to remove it as well.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Arturo Buzarra
Isaac Hermida
Javier Viguera
Hector Palacios
Francisco Gil
Mike Engel
Gonzalo Ruiz
Gabriel Valcazar