The way the kernel artifacts are generated has change as of Yocto 2.2.
Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed
their default values.
Thus the trustfence_sign function needed some tweaks to continue working
properly.
https://jira.digi.com/browse/DEL-3834
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
KERNEL_IMAGE_BASE_NAME and KERNEL_IMAGE_SYMLINK_NAME default values have
changed in Yocto 2.2, so now this appended command is failing because
it's translated to:
ln -sf -4.1-r0.2-ccimx6ulstarter-20170216122147.bin ccimx6ulstarter
which fails with:
ln: invalid option -- '4'
Just remove it, because we don't need that symlink anymore. New U-Boot's
'zimage' and 'uimage' environment variables have default values ending in
'.bin' which is what Yocto provides.
https://jira.digi.com/browse/DEL-3451
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This re-enables USB mass storage support that was unintentionally
removed in commit 6851ab23e4.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-713
This updates the kernel configuration to the latest one
which disables unused drivers and options to optimize the
kernel size.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The kernel recipe was modifying the device tree blobs in place within the
kernel build temporal directory. This can cause problems after several
compilations, only the deployed artifacts should be signed/encrypted.
The deployment of the DTBs is done by do_deploy_appends in other layers which
are appended after this recipe, so it is required to use a postfunc to do the
trustfence related process after the deployment of all the artifacts.
https://jira.digi.com/browse/DEL-3388
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The name "ext-eth" seems to indicate "External Ethernet". Rename that variable
and related ones to a more proper name like second ethernet.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of
the fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Do not compile the kernel for supporting the static regulatory domain
but force the system to do that by using crda.
https://jira.digi.com/browse/DEL-2539
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We compile those modules as built in to avoid a mismatch
between the current kernel version and the wlan.ko module.
https://jira.digi.com/browse/DEL-2653
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Used ccimx6ul_defconfig from v4.1/master repository.
The defconfig file will live under module folder and not specific platform
folder because it will be the same for other ccimx6ul platforms.
https://jira.digi.com/browse/DEL-2381https://jira.digi.com/browse/DEL-2529
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
COMPATIBLE_MACHINE is a regular expression, so we need to update the current
pattern for ccimx6 due to it will also match with ccimx6ul.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Javier Viguera
Mike Engel
Alex Gonzalez
Hector Palacios
Diaz de Grenu, Jose
Isaac Hermida