Commit 074e3ba3 ("meta-digi-dey: add cryptsetup tool into initramfs") added
the runtime dependency to cryptsetup for all platforms, but it is
required only to encrypt/decrypt block devices.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This tool was only needed for old kernels, newer kernels use the hardware
random number generator themselves.
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This commit modifies different recipes to support the new platform
ccimx6qpsbc and adapt it to maintain the support to ccimx6sbc.
https://jira.digi.com/browse/DEL-5082
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Turns out that the busybox' fdisk applet is also able to parse the GPT
partition tables. This saves around 0.5 MiB of space.
https://jira.digi.com/browse/DEL-4565
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
In the recovery images we are using a custom init so we are not executing
any post-installation that is required for a correct rootfs setup, so call
all the post installation scripts from our custom init.
The package installation could be ipk, rpm or deb, so call to the
*postint folder.
Given that the recovery rootfs is a ramdisk, there is no need to remove the
post installation scripts.
https://jira.digi.com/browse/DEL-4430
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The recovery init checks if the configured update package exists and it is valid
before setting a new key and/or formatting the rootfs partition.
This change avoids getting non-booting devices after performing a firmware
update with a non-existing or invalid update package.
https://jira.digi.com/browse/DEL-3959
Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
If the volume is not found, the partition cannot be wiped since it is attached.
Remove 'update' UBI device in:
* mdev automount script if volume is not found
* recovery init script before formatting 'update' partition
https://jira.digi.com/browse/DEL-3962
Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
This commit adds mdev support into the recovery ramdisk to
mount/unmount storage devices for the firmware up tool.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-3692
- Instead of trying to generate the TrustFence keys in this recipe
when they are not present, depend on the 'virtual/kernel' to
ensure they are already generated. This solves a concurrency problem
when two recipes try to generate TrustFence keys at the same time.
https://jira.digi.com/browse/DEL-3913
Signed-off-by: David Escalona <david.escalona@digi.com>
For CC6UL, when setting a new key, an "enc" flag must be added to the rootfs in
the "mtdparts" U-Boot variable.
After that a reboot is needed, so the recovery command must be modified to
remove the encryption key and proceed with the rest of commands in the next
boot.
When updating the firmware, a format of the rootfs partition is always
performed, independently if a new encryption key has just been configured.
In case only the encryption key is being configured, we also need to reboot to
format the rootfs properly.
https://jira.digi.com/browse/DEL-3685
Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
- While trying to update the system using signed swupdate packages, the
swupdate binary requires a new parameter (-k) to specify the location
of the public key that will be used to verify the update package. At
the moment there is no way to check if a package is signed or not, so
we asume that the existence of the public key in the recovery initramfs
is enough to determine that we want to update the system using signed
packages.
https://jira.digi.com/browse/DEL-3775
Signed-off-by: David Escalona <david.escalona@digi.com>
- The swupdate binary included in the recovery partition when the
images to build are trustfence enabled performs a verification
of the swupdate package. For this verification to suceed, it is
mandatory to provide to the swupdate binary the public key that
will be used to verify the swupdate package. This public key must be
included in the recovery initramfs only when 'TRUSTFENCE_SIGN=1'.
https://jira.digi.com/browse/DEL-3772
Signed-off-by: David Escalona <david.escalona@digi.com>
We have seen corner cases (e.g. when the partition to format has already
some corrupted UBI metadata) where ubiformat stops and ask the user for
confirmation to do the format. We cannot have such interactivity in the
recovery ramdisk so use the '-y' argument to assume yes for all
questions.
Also use the '-q' (quiet) parameter instead of the '/dev/null'
redirections to remove command's output.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Instead of using a hardcoded path to the SWU update package, just get
the filename and search the file in the different mounted partitions
(giving priority to the internal 'update' partition over other external
media).
https://jira.digi.com/browse/DEL-3466
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
For block devices we can get the filesystem in the partition using the
'blkid' command.
This cleans up some warnings on mounting:
EXT4-fs (sda2): couldn't mount as ext3 due to feature incompatibilities
EXT4-fs (sda2): couldn't mount as ext2 due to feature incompatibilities
EXT4-fs (mmcblk0p4): couldn't mount as ext3 due to feature incompatibilities
EXT4-fs (mmcblk0p4): couldn't mount as ext2 due to feature incompatibilities
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
"i" variable in the nested loop is expanded to the absolute path
of the device, so prepending it with the ${device} results in
"/dev/sda/dev/sda1" for a 'sda1' partition.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
recovery-utils allows to configure recovery commands and reboot into
recovery mode.
Internal recovery-utils.git SHA1: 5555d4c736e3
https://jira.digi.com/browse/DEL-3358
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- Include psplash package in the recovery initramfs recipe.
- Start psplash in the recovery init.
- Add new methods to communicate with psplash from the init script.
- Show psplash progress information from the init script.
- Start progress binary to update psplash during a firmware update.
https://jira.digi.com/browse/DEL-3356
Signed-off-by: David Escalona <david.escalona@digi.com>
- Added a 5 seconds delay before mounting external disks so they have
time to be recognized in the system.
- Check if UBI volume is mounted before formatting it.
- Check if eMMC block device exists before formatting it.
Signed-off-by: David Escalona <david.escalona@digi.com>
Arturo Buzarra
Mike Engel
Jose Diaz de Grenu
Isaac Hermida
Tatiana Leon
David Escalona
Javier Viguera