This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.110-2025_0718.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.522.8
- 2FY Bluetooth chip: v1.2.32.40.33 FCC and CE.JP
These updates are included as part of the imx-scarthgap-kraken_r1.0 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Correct the bootloader artifact names (TF-A and FIP) for CCMP1/CCMP2 during
.swu generation with TrustFence enabled.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Distribute all the required bootloader artifacts required for USB recovery
as part of the ZIP installer. That way, every pre-compiled set of images
is enough for starting development.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
As the HWID support is not implemented yet, is needed to fill
the wireless information in the DT structure to have Wi-Fi and
Bluetooth working.
This is just a temporal patch for initial prototypes.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Other platforms that have flutter support use clang to build the flutter-engine
recipe, so do the same with the ccmp15. meta-flutter uses clang for a set of
its recipes (mainly flutter-engine) as long as meta-clang is in the bblayers,
so all we need to do is add said layer.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Updated error guidance to use `./install_linux_fw_uuu.sh -u <uboot_file>`
instead of setting INSTALL_UBOOT_FILENAME manually.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We originally removed GUI-related layers from headless platforms in commit
ef26e935d0, but we left meta-webkit in the ccimx91's bblayers due to a
spurious selinux dependency. Since we recently removed both the webkit and
selinux layers from the ccimx95's bblayers in commit 2aaa76c963, do the same
for the ccimx91.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
GPIO1 port access was not enabled on ATF because NXP
reserved it to have exclusive access from the secure
world on their EVK.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9839
The new image runs the local ConnectCore demo application using chromium
on the ccimx95.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
At the moment, webkit does not work well on the ccimx95. Running cog on
wayland crashes with:
eglCreateWaylandBufferFromImageWL not found
cog-platform-wl.c:1731:on_export_wl_egl_image: assertion failed: (wpe_view_data.buffer)
So just delete the layer from the project's config file. Selinux layer
depends on meta-webkit, so we need to remove it as well.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Fix runtime undefined symbol by wrapping Awb::queueRequest() call to
configureAwbAlgo() with EVISION_ALGO_ENABLED.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Integrate ST libcamera recipe from meta-st-openstlinux layer at
openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 tag. This recipe is required by
the NPU demos in meta-st-x-linux-ai.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Sync STM32MP-specific RT kernel patches, aligned with the latest
ST release openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 from
meta-st-x-linux-rt layer.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
i.MX6 platforms use an older version of weston, 10.0.5.imx, which sets the
wayland socket to wayland-0 by default. Without this change, our demo launcher
scripts/services will fail on ccimx6/6qp platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Exposing these regulators makes the SM disable them during
a reboot process, which leaves the SoC without power, preventing
it from resetting.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9804
We support only B0 silicon revision and that is already set on
"imx-digi-base.inc" for all mx95 based machines.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a patch with the DDR calibration for B0 generated with NXP's config
tool version 2025.09.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the virtual OP-TEE syntax for the CCMP1 and CCMP2 platforms
to align with the changes introduced in the meta-st-stm32mp layer. Specifically,
it mirrors the update made in commit ded46c7d24addf91ec81c9f64309e6376689977a
("Adapt to virtual optee changes").
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ConnectCore MP2 DVK does not include an external STM32G0 component.
This commit removes the 'usbg0' entry from MACHINE_FEATURES to prevent
the installation of the unnecessary stm32mp-g0 firmware.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the trustfence-stm-signtools package with the latest
versions from the STM32 MPU ecosystem v6.1.0:
- STM32MP_KeyGen_CLI v2.20.0
- STM32MP_SigningTool_CLI v2.20.0
These tools are deployed as part of STM32CubeProgrammer v2.20.0, adding support
for STM32MP21x processors and bug fixing.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vfat images need U-Boot scripts, which are always provided by the U-Boot
recipe, even for imx-boot-based machines. Replace the machine-dependent
BOOTLOADER_IMAGE_RECIPE with virtual/bootloader (which is provided by
u-boot recipes).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove obsolete SD card image creation logic and related variables. We
will use WIC images for bootable SD cards.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Notice that we need to create u-boot and imx-boot symlinks in the deploy
directory, as they are required for the bootloader of the wic images.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Replace the hard-coded '/etc' with ${sysconfdir}
* Extend the mmcblk check to prevent updating the environment configuration
when booting from the EMMC (even though the kernel command line root
passed is in the form of /dev/mmcblk).
* Switch the conditional inherit to inherit_defer as it depends on
IMAGE_FEATURES to avoid parse-time ordering issues.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Different platforms use different Cortex-M processors, so instead of
using the M4_DEFAULT_IMAGE_MX95 (as meta-imx does) for an M7 processor,
generalize to the CORTEXM_DEFAULT_IMAGE variable name. Also, move it
to the imx-boot recipe (where it is used) and deploy that image to
the imx-boot-tools directory, so the imx-boot image can be regenerated
externally (without yocto).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove IMAGE_BOOT_FILES and related WKS dependencies from ccimx93-dvk and
ccimx95-dvk machine configs. IMAGE_BOOT_FILES defines the files included
in the boot partition when creating WIC images. The removed files are
the Cortex-M demo firmware that we don't want on the boot partition of
our WIC image.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This series of patches expose a number of regulators of
the PMIC to the non-secure world, so that they can be
referenced and used by Linux drivers.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This patch fixes build failures of the virtio_trans driver (Cortex-A9, 32-bit ARM)
when building a PREEMPT_RT-enabled kernel. The errors were caused by
unresolved 64-bit division symbols (__aeabi_uldivmod / __aeabi_ldivmod)
generated when the driver was compiled as a module.
Changes included:
* virtio_trans.c:
- Replace 64-bit modulus operations (`idx % vt->{tx,rx}_vring_size`) with
kernel-safe 64-bit division macros using `div_u64_rem()`.
This prevents implicit calls to non-exported ARM EABI helpers that are not
available to kernel modules on 32-bit ARM.
* fragment-nxp-rt.config:
- Enable the mailbox framework (`CONFIG_MAILBOX=y`) required by virtio
mailbox-based transports.
- Build the virtio transport driver into the kernel (`CONFIG_VIRTIO_TRANS=y`)
instead of as a module, ensuring proper symbol resolution
during link time. Without this a license error is shown when building
the kernel in yocto.
https://onedigi.atlassian.net/browse/DEL-9783
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
It was added following same change in meta-imx, but meta-imx deleted it
in commit 02a40222adc7.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is the version supporting the i.MX95. This library is a dependence
of the gputop package.
As a requirement to allow building this library for the ccimx95-dvk,
update the fsl-eula-graphics bbclass with the latest changes in meta-imx.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Arturo Buzarra
Javier Viguera
Gonzalo Ruiz
Isaac Hermida
Gabriel Valcazar
Francisco Gil
Hector Palacios