There's a Yocto configuration option that enables this feature in U-Boot, but
since imx-boot images are signed using the scripts in trustfence-sign-tools,
said configuration is lost and the scripts don't take it into account if it's
enabled. Make sure that the configuation carries over to the script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, mkimage will delete the device trees between imx-boot builds,
causing the build to fail when generating a signed imx-boot.
https://jira.digi.com/browse/DEL-7420
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Both ConnectCore 8M platforms share the same U-Boot build process,
so apply the same changes for them.
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In order to revoke SRKs in platforms with AHAB we need to set a mask
during the signing/encryption process.
Create new TRUSTFENCE_SRK_REVOKE_MASK variable to export the
SRK_REVOKE_MASK variable required by the imx-boot signing script.
The revoke mask is not necessary for signing/encryption of other artifacts,
so set it by default to 0x0.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This command isn't essential and might not be available on all systems, so
remove it. Use the "oflag=sync" dd parameter instead.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Includes:
imx-boot_1.0.bb: Update M4 binary name for i.MX 8QM [YOCIMX-4866]
8QM M4 demos unified the binary name.
Change name make it more easy for understanding.
imx-boot: Update the build option for iMX 8DXL Phantom C0 new boards [YOCIMX-4663]
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
With the latest version of imx-mkimage, the original dtb file is being
removed at the end of the build.
Add a patch to preserve it and be able to run several builds during the
same compile run, like we do for imx-boot signing.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit fixed the sdcard generation when encryption is enabled.
In the sdcard image always is included the signed image instead of the
encrypted.
https://jira.digi.com/browse/DEL-7200
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Store mkimage log for every built target so it can be later used by the
signing script to create the correct CSF file for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The mkimage.log file is required by the signing script to create the CSF file.
Since there is one mkimage log file per target, update the mkimage.log symlink
right before signing the imx-boot file to ensure creating the CSF with the
corresponding mkimage log for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates to the NXP imx-5.4.24-2.1.0 BSP.
Including following changes
In M4 MCUX SDK 2.8.0, it added PMS demo for CM40 to support Partition
reboot feature besides rpmsg pingpong. So change the m40 default image
to imx8qm_m4_0_TCM_power_mode_switch_m40.bin
Build i.MX 8DXL flash_linux_m4 with V2X off
Use option V2X=NO to switch V2X off.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
imx-boot files for target flash_regression_linux_m4 fail the signature
process, so skip them while signing the rest of the targets.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signed imx-boot files had the '-signed' appended at the end of the file.
Add it after the file prefix instead, so it is easier to replace using an
unsigned file for a signed one just by changing the file prefix.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The '-fmacro-prefix' option is a new GCC option introduced in gcc version 8.
To keep compatibility with previous GCC versions, remove this option from
the DEBUG_PREFIX_MAP list so nativesdk builds are able to compile this recipe.
Following is the compilation issue avoided by this patch:
| gcc: error: unrecognized command line option ‘-fmacro-prefix-map=<yocto-workspace>/tmp/work/x86_64-nativesdk-deysdk-linux/nativesdk-imx-mkimage/git-r0=/usr/src/debug/nativesdk-imx-mkimage/git-r0’
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This recipe is now built as native and nativesdk by means of the
BBCLASSEXTEND configuration.
Remove every remaining legacy native configuration since all will be covered
by the class extension.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
imx-mkimage is a host recipe to provide the mkimage_imx8 binaries, required
for the trustfence support with platform based on AHAB (ccimx8x). Since
these binaries are required to the sign process we need to export it in the
SDK to allow the standalone sign mode, and with that we can simplify the
mechanism to share these binaries with another recipes (u-boot, linux).
Also the do_deploy() from imx-mkimage recipe was removed to avoid overriding
the implementation from the native class and allow populating the mkimage
binaries.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 3fbd38ca ("imx-boot: build ccimx8x images for B0 and C0 silicon
revisions") added support to build images for B0 and C0 revisions,
forgetting include this support on trustfence builds.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This recipe takes several binaries demo for the Cortex M7 CPU,
and are provided in the deploy directory.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Modify the imx-seco recipe so it deploys the B0 and C0 versions of the SECO
firmware, Then, modify the imx-boot recipe so it builds every possible
combination of:
* RAM configuration
* imx-boot target (with and without M4 demos)
* Silicon revision
https://jira.digi.com/browse/DEL-7069
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This reverts commit 03d40edfd0.
The build of U-Boot without the flags field, incorporated changes
that made the Cortex M4 acquired certain resources (like GPIOs)
that were later not available for the Cortex A35 cores.
Revert this patch so that such changes only take place on images
that contain the M4 applications.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7073
(cherry picked from commit 28ce9340f55a35199dacf1bcbf83dc016b6a2fc7)
Add Trustfence support for signing imx-boot images:
- Install a different U-Boot signing script for images with U-Boot SPL.
- Store mkimage log for later use in the signing script
- make 'print_hab_log' and store its log for later use in the signing script
https://jira.digi.com/browse/DEL-7023
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Do not evaluate TRUSTFENCE_SIGN_MODE on conditions where the sign mode
is not relevant:
1) U-Boot binary file should be signed directly after building it when simple
U-Boot images are used, but it should not be signed when imx-boot bundled
images are used.
For those, the signing process is performed later over the whole imx-boot
bundled binary file on a different recipe.
We use BOOTLOADER_IMAGE_RECIPE variable to evaluate this distinction.
BOOTLOADER_IMAGE_RECIPE is set to "u-boot" by default and is set to "imx-boot"
on ccimx8x and ccimx8mn machine configuration files.
2) For signing imx-boot images we should treat differently those images that
include the RAM configuration in their name and those that don't, as we do
for the rest of the tasks in the same recipe. We can ignore the sign mode
method in this case.
https://jira.digi.com/browse/DEL-7023
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
There is no need to generate PV-PR revision of this file
since it's the same for any version.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The recipe needs to create a copy of the sign.sh script to be used by
other recipes, but the file is the same whether you use it for HAB or AHAB
images. This is determined through the use of an exported variable with
the mode. There is no need to have the script duplicated.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This binary is required for signing the U-Boot scripts generated
by the U-Boot recipe but it wasn't available because this recipe
was not installing it anywhere.
At the same time, remove the installation from imx-boot, to avoid a
conflict between the two (imx-mkimage is a dependency from imx-boot
anyway).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
* prefix TRUSTFENCE_ to variable SIGN_MODE for DEY
* prefix CONFIG_ to variable SIGN_MODE for script
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Although the recipe was updated with the modifications in meta-fsl-bsp-release,
the revision was still pointing to the sumo-4.14.98-2.2.0 version of
imx-mkimage, which is incompatible with our recently updated patch.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update SRCREV and SRCBRANCH, change the names of the m4 demos that are
installed into imx-boot, change the name of the SECO firmware (ahab container)
and update our patch so it applies over the newest revision of imx-mkimage.
For the time being, use the B0 SECO firmware for all i.MX8QXP platforms and add
the changes needed for C0 support in comments.
https://jira.digi.com/browse/DEL-6932
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This imx-seco recipe manages now the NXP IMX SECO firmware, it was removed
from the firmware-imx recipe.
https://jira.digi.com/browse/DEL-6823
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
These images were broken in many ways, including ethernet not working and Linux
not booting. For now, revert back to the build command that was used in
DEY-2.6-r1.
https://jira.digi.com/browse/DEL-6677
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The existing loops were iterating through all RAM_CONFIGS, but
they must only iterate over those that match the RAM size on the
platform's UBOOT_CONFIG.
This commit adds a Python class 'boot-artifacts' to get the list of matching
combinations of RAM_CONFIGS and UBOOT_CONFIG so that the iteration
is easier to do than nesting loops inside one another.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-6641
Arturo Buzarra
Gabriel Valcazar
Mike Engel
Gonzalo Ruiz
Hector Bujanda
Hector Palacios