Use ${servicedir} instead of hardcoded /srv, disable unnecessary
configure/compile steps and reorder the recipe according to Yocto coding
style.
No functional change.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Out of the three patches we currently apply to v2.44.4, two are no longer
needed for v2.46.7:
* 0001-Build-fix-when-LAYER_BASED_SVG_ENGINE-is-off.patch is already
included in v2.46.X releases
* 0001-DMABufVideoSinkGStreamer-disable-sink-unconditionall.patch is no
longer needed, since the GL sink is chosen by default in v2.46.7
Only port 0001-UIProcess-WebProcessPool-always-swap-process-when-us.patch to
avoid performance issues on platforms with memory restrictions.
Keep the v2.44.4 patches in case customers want to use said version, and
clearly separate the patchsets for both versions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partially reverts commit 6a7e9fa9e4. We initially downgraded to v2.44.4
to fix an issue with mouse clicks in our ConnectCore demo, but these issues
have been fixed after cog was upgraded to v0.18.5 in meta-webkit.
Remove the downgrade to use the newest v2.46.X versions of wpewebkit in the
scarthgap branch of meta-webkit, currently at v2.46.7.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
i.MX6 platforms use an older version of weston, 10.0.5.imx, which sets the
wayland socket to wayland-0 by default. Without this change, our demo launcher
scripts/services will fail on ccimx6/6qp platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Use an HCI vendor-specific command from Infineon on bluetooth-init
to set a custom MAC address every time the interface is started.
Valid for both CCMP1 (Murata 2AE) and CCMP2 (Murata 2FY) devices.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Exposing these regulators makes the SM disable them during
a reboot process, which leaves the SoC without power, preventing
it from resetting.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9804
We support only B0 silicon revision and that is already set on
"imx-digi-base.inc" for all mx95 based machines.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a patch with the DDR calibration for B0 generated with NXP's config
tool version 2025.09.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the dcmipp-isp-ctrl recipe to align with the version
provided in OpenSTLinux v6.1.0. This new version includes support for histogram
handling in the ISP controller.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the virtual OP-TEE syntax for the CCMP1 and CCMP2 platforms
to align with the changes introduced in the meta-st-stm32mp layer. Specifically,
it mirrors the update made in commit ded46c7d24addf91ec81c9f64309e6376689977a
("Adapt to virtual optee changes").
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ConnectCore MP2 DVK does not include an external STM32G0 component.
This commit removes the 'usbg0' entry from MACHINE_FEATURES to prevent
the installation of the unnecessary stm32mp-g0 firmware.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the trustfence-stm-signtools package with the latest
versions from the STM32 MPU ecosystem v6.1.0:
- STM32MP_KeyGen_CLI v2.20.0
- STM32MP_SigningTool_CLI v2.20.0
These tools are deployed as part of STM32CubeProgrammer v2.20.0, adding support
for STM32MP21x processors and bug fixing.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Default value of 'MKP_CONFIGPATH' points to a config path in the
meta-digi/meta-digi-arm layer.
When mkproject.sh is called with the '-m' argument, another layer is
provided to build the project from. In this layer the conf/templates
new structure must be respected, but it is likely it does not contain a
meta-digi-arm directory on top.
Keep the 'meta-digi-arm' directory in the config path by default, but
remove it when a different layer is provided through an argument.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
(cherry picked from commit 7888fe3b22)
Default value of 'MKP_CONFIGPATH' points to a config path in the
meta-digi/meta-digi-arm layer.
When mkproject.sh is called with the '-m' argument, another layer is
provided to build the project from. In this layer the conf/templates
new structure must be respected, but it is likely it does not contain a
meta-digi-arm directory on top.
Keep the 'meta-digi-arm' directory in the config path by default, but
remove it when a different layer is provided through an argument.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
* generate SD card image using wic
* remove ZIP_INSTALLER_CFG since DEY_IMAGE_INSTALLER="1" is now the default
* drop purge_sstate
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
vfat images need U-Boot scripts, which are always provided by the U-Boot
recipe, even for imx-boot-based machines. Replace the machine-dependent
BOOTLOADER_IMAGE_RECIPE with virtual/bootloader (which is provided by
u-boot recipes).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove obsolete SD card image creation logic and related variables. We
will use WIC images for bootable SD cards.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Notice that we need to create u-boot and imx-boot symlinks in the deploy
directory, as they are required for the bootloader of the wic images.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Replace the hard-coded '/etc' with ${sysconfdir}
* Extend the mmcblk check to prevent updating the environment configuration
when booting from the EMMC (even though the kernel command line root
passed is in the form of /dev/mmcblk).
* Switch the conditional inherit to inherit_defer as it depends on
IMAGE_FEATURES to avoid parse-time ordering issues.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Different platforms use different Cortex-M processors, so instead of
using the M4_DEFAULT_IMAGE_MX95 (as meta-imx does) for an M7 processor,
generalize to the CORTEXM_DEFAULT_IMAGE variable name. Also, move it
to the imx-boot recipe (where it is used) and deploy that image to
the imx-boot-tools directory, so the imx-boot image can be regenerated
externally (without yocto).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove IMAGE_BOOT_FILES and related WKS dependencies from ccimx93-dvk and
ccimx95-dvk machine configs. IMAGE_BOOT_FILES defines the files included
in the boot partition when creating WIC images. The removed files are
the Cortex-M demo firmware that we don't want on the boot partition of
our WIC image.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This package is specially required for configuring the camera
paths on the newest kernels and capture drivers.
Include it by default in all platforms that support video.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Let customers decide if they only want to generate SBOMs for a subset of their
images, or none at all
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit b010285f785706635b6a765a529d6d4d0e087ddc)
This series of patches expose a number of regulators of
the PMIC to the non-secure world, so that they can be
referenced and used by Linux drivers.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This patch fixes build failures of the virtio_trans driver (Cortex-A9, 32-bit ARM)
when building a PREEMPT_RT-enabled kernel. The errors were caused by
unresolved 64-bit division symbols (__aeabi_uldivmod / __aeabi_ldivmod)
generated when the driver was compiled as a module.
Changes included:
* virtio_trans.c:
- Replace 64-bit modulus operations (`idx % vt->{tx,rx}_vring_size`) with
kernel-safe 64-bit division macros using `div_u64_rem()`.
This prevents implicit calls to non-exported ARM EABI helpers that are not
available to kernel modules on 32-bit ARM.
* fragment-nxp-rt.config:
- Enable the mailbox framework (`CONFIG_MAILBOX=y`) required by virtio
mailbox-based transports.
- Build the virtio transport driver into the kernel (`CONFIG_VIRTIO_TRANS=y`)
instead of as a module, ensuring proper symbol resolution
during link time. Without this a license error is shown when building
the kernel in yocto.
https://onedigi.atlassian.net/browse/DEL-9783
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
It was added following same change in meta-imx, but meta-imx deleted it
in commit 02a40222adc7.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is the version supporting the i.MX95. This library is a dependence
of the gputop package.
As a requirement to allow building this library for the ccimx95-dvk,
update the fsl-eula-graphics bbclass with the latest changes in meta-imx.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This .bbclass allows to generate a .zip file per image, each containing all of
the necessary information to run a CVE scan using the Digi ConnectCore Security
Services' CVE analysis tool.
https://onedigi.atlassian.net/browse/DEL-9632
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit fabce3a881454c8a7346538127da5f22862654b6)
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit disables the signing and encryption mechanism for the ConnectCore
MP2 platform's co-processor firmware. Currently, this functionality is not yet
supported in DEY, and enabling it causes build failures when TrustFence support
is active. Disabling it ensures successful builds until full support is
implemented.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the Digi custom version of sign-stm32mp bbclass to ensure
that the search_path() function does not raise a build exception if the signing
tool or keys are not present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently, the patch is identical for all ccimx9 platforms, so move it
to a generic override folder to be used also for ccimx95.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add support for the ccimx95 and reorganize the recipe so that all machine
patches are applied for the DEY distribution, regardless of the build
target.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95dvk flavor to OP-TEE, define the UART6 base and DDR
settings, and update the machine mappings using OPTEEMACHINE as the base
recipe does.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Javier Viguera
Gabriel Valcazar
Hector Palacios
Isaac Hermida
Gonzalo Ruiz
Arturo Buzarra
Francisco Gil