Some variables in the script belong to u-boot, not to the shell
running the script. Escape those variables so the shell does not
expand them.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The command trustfence update doesn't require the partition argument.
Besides of that, remove extra fi on the cc8m platforms.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit fixes u-boot Trustfence naming for signed and
encrypted images used in the installation script removing
the a duplicated dash in the u-boot name.
https://onedigi.atlassian.net/browse/DEL-8271
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Add a check on the existence of the "temp-fitimg-loaded" environment
variable before setting it. It is needed, as with encrypted FIT images,
we need to decrypt them before accessing the boot script. In such cases,
u-boot sets that variable to "no" so the boot script does not override it,
and the FIT image is loaded again before the final boot to the OS.
https://onedigi.atlassian.net/browse/DEL-8945
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.
Rename the variables so that it's easier to identify the platforms/vendors they
affect:
* Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
* Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP
Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Unless we have a use case in which we need to apply these fragments separately,
we can merge them both into a single fragment.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This logic was fixed in commit e915a14b4b, so we
no longer have to manually copy the bootscript to generate FIT images.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We rely on FIT support to implement boot artifact authentication on ccmp1
platforms, but our implementation made it impossible to enable FIT support
outside of the context of Trustfence/secure boot.
Change this so that it's possible to enable FIT support without having to sign
the FIT artifacts. Also, modify the linux-dey 5.15 recipe so that the U-Boot
DTBs with signatures get copied only when FIT signing is enabled.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The standard string split() function does not support splitting a string
by spaces but preserving quoted strings, so it does not work for build
options disabling functionality, as they have this format:
"# CONFIG_OPTION is not set"
On the other hand, the "shlex" module provides a split function that
allows splitting strings by spaces and, at the same time, preserves
quoted strings.
In Trustfence, we need this functionality to disable default options that
would allow the booting of non-authenticated images.
https://onedigi.atlassian.net/browse/DEL-8704
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Other recipes may access SYSROOT_DIRS content by adding a dependence
on do_populate_sysroot.
We need this specific directory for the kernel fitImage support.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes a build issue when this script is installed but not shipped
in the u-boot-tools package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit implements the support to sign the different memory configurations for
the CCMP1 platforms, when trustfence is enabled, using FIT images.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit implements the support to allow different memory configurations for
the CCMP1 platforms, adding support to 512MB and 1GB memory variants for the CCMP15.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Command 'bootz' allows boot unsigned Linux zImages, so disable it when secure
boot is enabled using FIT images.
https://onedigi.atlassian.net/browse/DEL-8769
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Some minor fixes:
* return error code if installation fails
* cosmetic: update comment with options
* just exit after error and do not execute boolimit command
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Up until recently, we were only generating dey-image-qt images for the
ccimx93-dvk. Now that we are generating dey-image-lvgl images as well, make
sure to print the helper message to set image-name when installing said images.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
One of the conditions used to determine the U-Boot file was missing its
terminator, breaking the script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
An additional line was added to a comment block without the '#' character,
resulting in the following error when running the script:
Unknown command '-' - try 'help'
Nonetheless, this error is harmless and the script continues as expected, which
is the reason why we hadn't found it until now.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In case a HWID is not set or the variant is unknown, do not set it to a default
U-Boot file but ask the user for the proper file.
This case should not happen, but cover it for safety.
https://onedigi.atlassian.net/browse/DEL-8855
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
With the update of the ethos-u firmware for the NPU in previous commit,
this overlay is no longer required.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The LEGACY_IMAGE_FORMAT defaults to 'y' if there is no FIT
support, which happens after applying the default configuration.
Then, the FIT support is added in a config fragment, but the
LEGACY_IMAGE_FORMAT is not disabled.
Disabling this is recommended to avoid the possibility to boot
unsigned legacy images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The U-Boot bootscript loads the fitImage into RAM memory to run
this bootscript. This bootscript ends up calling 'dboot' command
to run the FIT default configuration.
To avoid 'dboot' re-loading again the fitImage into RAM memory,
set this temporary variable that will be immediately reset
by 'dboot'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds several overlays for DVK v2 and modifies the boot script to apply it
based on the board_version variable.
https://onedigi.atlassian.net/browse/DEL-8746
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 961acf48de)
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
(cherry picked from commit 918a9caf1d)
Use the intention of installing dual boot firmware as a condition to set
bootlimit=3 so that the bootcount mechanism is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1058
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
Francisco Gil
Mike Engel
Javier Viguera
Gabriel Valcazar
Gonzalo Ruiz
Arturo Buzarra
Isaac Hermida
Hector Bujanda
Hector Palacios