The fact of including both storage types (mtd and mmc) in the same 'sw-description' file is not providing any kind
of benefit. Instead, it makes the file larger, complex and harder to maintain. Additionally, most of the images
entries share the same structure and contents, changing only names and mount points. This commit simplifies the
'sw-description' file by configuring the storage type and the images to include in the SWU package at build
time, using a generic 'sw-description' template and template files for 'mmc' and 'mtd' images.
While on it, use the new 'DEY_FIRMWARE_VERSION' variable for SWU package version and fix the recipe to not include
all 'SRC_URI' files in the SWU update image, but only the required files for the update. Also, make use of variable
substitution provided by SWU class in the 'sw-description' file.
Note: SWU U-Boot update will be broken after this change. Waiting for official support with a robust implementation.
https://onedigi.atlassian.net/browse/DEL-8537https://onedigi.atlassian.net/browse/DEL-8538
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, rename the old "Firmware" variable to "DEY version", as it refers explicity to the DEY
distribution version.
https://onedigi.atlassian.net/browse/DEL-8539
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CC_DEVICE_TYPE' is not defined or it is empty use 'MACHINE' as the device
type in the Cloud Connector configuration file.
This commit also limits its length to a maximum of 255 characters.
https://onedigi.atlassian.net/browse/DEL-8531
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We used to use BAD_RECOMMENDATIONS to remove this package in ccimx6 builds,
we enable the imx-gpu-viv driver as built-in in our kernel, but this method
isn't working anymore. Instead, undo the specific RRECOMMENDS that pulls the
module in.
Apply the change for the aarch32 version of the package only, since this change
is only needed for the ccimx6 platforms.
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of depending on library releases in Pypi, update the recipe to compile latest
Github code. This allows to use minor fixes in DEY before a new release of the library
is available. While on it, set the 'SRCREV' to point to the last commit of the repository
for traceability.
Signed-off-by: David Escalona <david.escalona@digi.com>
Main development of the library will be done in Github. The Stash repository will be
used as a "security backup mirror", so update the recipe to always compile from Github.
Signed-off-by: David Escalona <david.escalona@digi.com>
This commits changes the CONFIG_CONSOLE_ENABLE_GPIO_NAME to be a string
and not an integer.
https://onedigi.atlassian.net/browse/DEL-8520
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Sometimes, it may be desired that the DEY project does not sign the
artifacts, for example, if they are going to be externally signed on a
secure server. In this case, the user sets TRUSTFENCE_SIGN="0".
On STM platforms, all the variables were being set if TRUSTFENCE_SIGN="1"
and authentication support is not enabled on TF_A otherwise.
Set TF_A_SIGN_ENABLE (which adds authentication support to TF_A) always
for STM platforms (as long as the project inherits the trustfence class)
and set FIP_SIGN_ENABLE="0" if its sibling TRUSTFENCE_SIGN="0", so that
DEY doesn't sign the FIP image either.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The name of the variable was not very intuitive of what
it contains. This variable expands to the SoC vendor
(NXP or STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit d2c1494bbf36b6392e47ffd4a75307d29681d190 in poky adds this variable
to EXTRA_OESCONS, which breaks the do_compile() task of this recipe. Remove
the variable to be able to build the package.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 065cf3e9 ("kirkstone migration: general update to the new override
syntax") incorrectly renamed binaries in a massive change. This commit restores
the binary names to the original.
https://onedigi.atlassian.net/browse/DEL-8478
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit syncs the device request code to match with the latest 'cc_api'
layer implementation.
See commit 99a2ff39b771f0e36af8d15d40f970462352e0b6 in 'cc_api' repository and
commit d8c848fc2f516a6c2197181f7540c9c23feaf44f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Connector creates detached threads and calling to 'wait_for_ccimp_threads()' is
not required.
See commit d34ddfb719932ae59774b388579b7d6a77472c4f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
* Remove 'MAX_RESPONSE_SIZE' define and allocate required memory in
'device_request_listener' example.
* Create 'free_timestamp()' function in 'upload_data_points' example.
* Use some sorter variable names.
* Use '__func__' to log function names.
* Remove line feed from log messages.
* Remove not required curly braces for single line loops.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
By default, our 'cloudconnector' package is installed.
This can be overriden by defining 'CLOUDCONNECTOR_PKG' in the 'local.conf'
with the custom package that includes this application.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
These examples have a gtk+3 dependency that can't be met on the ccmp13 due to
it being a headless device. Remove these examples from the packagegroups so we
can at least build the rest of the ML packages.
Note that all of ST's ML examples are GUI-based and will not be usable on the
ccmp13, but since the remaining examples don't have an explicit gtk+3
dependency, at least they won't trigger build errors when included in the
image.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ST's onnxruntime recipe moves a file in a way that triggers a QA error due to
file ownership issues. Copy the do_install() function as-is and modify the
offending line to copy the file instead. Create a dynamic layer for stm32mpu-ai
to include the bbappend.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These are recipes we created to support Google Coral on i.MX platforms. ST's
machine learning layer provides similar recipes, so to avoid conflicts, move
the recipes meant for i.MX platforms to a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
rename interface sta_name to be "wlan0" instead of "mlan0", so it keeps
compatibility with other platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Check if the bluetooth-init service is running before going to suspend,
just in case has stopped or disabled it on purpose.
https://onedigi.atlassian.net/browse/DEL-8497
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Otherwise the build fails, with:
ERROR: dey-image-qt-1.0-r0 do_rootfs: The following packages could not be configured offline and rootfs is read-only: ['100-e2fsprogs-mke2fs']
https://onedigi.atlassian.net/browse/DEL-8495
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Masking the extended advertising flag makes the hcitool lescan work, but
triggers functionality problem such as bluetoothctl scanning or extended
advertisement not working.
Do not mask it, so use bluetoothctl scan instead of hcitool lescan to discover
LE devices.
This reverts commit ac1e4633fb.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We need to take in account if the IW612 chip (WiFi/Bt) is going to be powered
off on suspend state. In such a case, we need to unload the driver modules and
restore the expected tty speed for Bluetooth, so that functionality is restored
back on resume.
https://onedigi.atlassian.net/browse/DEL-8489
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The BT chip for the ccimx93 cannot be turned off, nor can it be re-uploaded.
Therefore, we need to set some conditions to assume that it is going to be
attached correctly. The changes in this script take care of that.
Upon the first attachment, the rate is set to 3M, and future uses will always
be done at this rate. If, for any reason, it was not stopped and the chip is
already attached, do nothing.
https://onedigi.atlassian.net/browse/DEL-8464
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This fix is needed for bluez-5.65 version.
We can drop it when using a newer version.
https://onedigi.atlassian.net/browse/DEL-8346
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The enabled options are mainly for AP mode, which improve the P2P
performance when the P2P node behaves as an AP, it is, as P2P GO.
https://onedigi.atlassian.net/browse/DEL-8346
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Use the specific hcitool vendor command to set the BT mac address.
It is a custom vendor command (0x3f), and the field is 0x0022.
The BT address is passed from last octet to first octet.
https://onedigi.atlassian.net/browse/DEL-8346
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Sync the defconfig to version 2.10.
Additionally, add support for new features, such as:
* ACS (auto channel selection)
* 802.11AX (Wi-Fi 6)
* SAE (WPA3 Personal)
* SUITEB192 (WPA3 Enterprise 192 bits)
https://onedigi.atlassian.net/browse/DEL-8346
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Codeaurora was retired on April 2023.
Fix bbappends to point to their new location on Github.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Cloud Connector configuration file sets:
* 'edp12.devicecloud.com' as the URL to connect to (this end point uses client
certificates)
* '/mnt/data' as the directory to store downloaded certificates, now that
this is also available in emmc platforms (see
62d937df42)
This commit:
* reverts a0842cbcfd to keep
'edp12.devicecloud.com' URL that uses certificates for ccimx8m platforms.
* reverts fd94f10c0b since now the cloud connector
configuration file sets '/mnt/data' as the place to store downloaded
certificates, so no need to modify it for ccmp1 platforms.
* It also configures '/etc/ssl/certs' as the certificates directory for cc6ul
devices. Although by default, these devices are connecting to
'remotemanager.digi.com' that not uses certificates, we prefer to use an
existing directory in that setting. See commit
063a946e7c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
'environment' partition is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if the 'rootfs' is
'ubifs' mounted.
Related to commits 7c07b15370 and
678eaaf0fc4ce74e67682387e3465eb29659bd47
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit adds a new function to get the active system in a dualboot device
without using 'active_system' U-Boot variable.
This way the script always knows the real active system even when the variable
'active_system' has the value of the next boot active system, for example, after
performing a 'update-firmware --swap-active-system'.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This option combined with '-a' ('--active') only prints the active block: a or b
The purpose an output to be consumed by other scripts or programs.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Check the second ('/') and third ('ubifs') field of 'rootfs' entry in
'/proc/mounts' as the first one ('rootfs_a' or 'rootfs_b') may be changed by
custormers:
root@ccmp15-dvk:~# cat /proc/mounts
ubi0:rootfs_b / ubifs rw,relatime,assert=read-only,ubi=0,vol=5 0 0
[...]
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This is required for the firmware update using Digi Remote Manager. The reboot
is commanded by the server, it that does not happen the update process is not
ended for DRM.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Codeaurora was retired on April 2023.
Fix bbappends to point to their new location on Github.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The bluetooth FW for the IW612 is loaded together with WiFi FW, so there
is not BT FW file as in our other products.
In order to use the BT, it is a requirement to load the WiFi FW, so
ensure that the service is started after the load of the system
modules.
https://onedigi.atlassian.net/browse/DEL-8346
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Instead of changing POKY_DEFAULT_DISTRO_FEATURES, do the distro features
configuration directly in the DISTRO_FEATURES variable. Also, add a couple
of variables (MACHINE_DISTRO_FEATURES_ADD/REMOVE) that allow machines
for extra tweaking the distro features.
While on it, clean up some distro features:
- pulseaudio: already added by DISTRO_FEATURES_BACKFILL
- bluez5, splashscreen, initrd, gplv3: not used (dead code)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit bdece7102b)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Isaac Hermida
David Escalona
Tatiana Leon
Mike Engel
Francisco Gil
Gabriel Valcazar
Arturo Buzarra
Javier Viguera
Hector Palacios