Due to a change in systemd the default home directory is now "/root".
Modify our recipes to match with this change.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We had a SYSROOT_PREPROCESS_FUNCS on the tf-a-stm32mp recipe to
create symlinks to both TF-A and FIP binaries, but the FIP binaries
are now produced by fip-stm32mp recipe.
This had the effect that the files might not be ready.
Duplicate the function in the fip-stm32mp recipe and create the
symlinks for the FIP images there.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Also, add the wifi driver patch and binaries included in
NXP's incremental release to fix the issues on release
'lf-6.6.52-2.2.0'.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Update to 5.9.4.1 version following 'lf-6.6.52_2.2.0' NXP release.
This has not been released in meta-freescale yet, so reuse the 5.9.4
recipe and apply the changes from meta-imx.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Update to 4.4.0 version following 'lf-6.6.52_2.2.0' NXP release.
This has not been released in meta-freescale yet, so reuse 4.2.0
recipes and apply the changes from meta-imx commit
900356ea1bf71854053266eec4b92adf4552624c.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
imx-boot includes the 'imx-mkimage_git.inc' from meta-freescale, so
redefine the SRCBRANCH and SRCREV for every platform in the bbappend.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This recipe extracts a small set of UAPI header files form the linux-imx tree.
However, the revision these headers are extracted from is already present in
our linux fork, so bitbake is currently fetching the linux-imx repo to obtain
some files that it can also obtain from our fork. This is impractical because
the repo in question is quite large (~2.80 GiB) and only getting larger with
time.
By modifying the recipe to use our linux fork instead of NXP's, we avoid having
to fetch NXP's repo.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These are clones of 'optee-programmer-uart' and
'optee-programmer-usb' defined in tf-a-stm32mp-config.inc but
do not require to have the STM32MP_DEVICETREE_PROGRAMMER_ENABLE=1
which causes build problems in U-Boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9483
This avoids the next warning when builing for STM platforms
WARNING: No recipes in default available for:
meta-digi/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan_git.bbappend
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The following TF-A artifacts are deployed to subdirectories of
the image deploydir:
- arm-trusted-firmware/tf-a-<platform>-<bootconfig>.stm32
- arm-trusted-firmware/metadata-<platform>.bin
- fip/fip-<platform>-<bootconfig>.bin
- fip/fip-<platform>-ddr-<bootconfig>.bin
These binaries are not copied to the image deploy dir during
the regular do_deploy(), instead, they are deployed by script
tf_a_sysroot_populate() which is added to SYSROOT_PREPROCESS_FUNCS.
To follow this logic, change the previously wrong do_deploy:append
into a new function and append it also to SYSROOT_PREPROCESS_FUNCS,
so that it is called after the artifacts have really been deployed.
In the existing code, fix the paths and commands, which had some
errors.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9461
We apply a very similar patch to the i.MX fork of weston 12.0.4, but we never
needed this patch for stm32mp platforms because they used to have 10.0.2, which
has wl_shell support. Now that stm32mp platforms use 13.0.1, use the 12.0.4
patch as reference and adapt it so it applies and builds correctly.
This makes it possible to run the LVGL demo on the ccmp25-dvk.
https://onedigi.atlassian.net/browse/DEL-9458
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds a patch to the gcnano-driver-stm32mp recipe to address a
Kernel NULL pointer issue that occurs during uncontrolled shutdown sequences.
This issue causes an unexpected Kernel NULL pointer exception, preventing the
system from powering off.
https://onedigi.atlassian.net/browse/DEL-9449
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Based on the boot schemes and sources supported for each platform, the boot
artifacts now include this information in their filenames. This commit updates
the filenames accordingly in several recipes.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates the necessary changes from the weston-init.bb recipe in
the Poky layer to resolve a rootfs installation issue with the tim-vx-tools
recipe caused by a mismatch in the permissions of the /home/weston folder.
https://onedigi.atlassian.net/browse/DEL-9419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates a custom .bbappend to fix a deployment issue of the
final FIP artifact, where the SoC name does not match with the FIP device tree
name.
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes all outdated weston recipes and synchronizes it with the
latest v13.0.1 from the meta-st-openstlinux layer, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes all unnecessary files after the integration of the latest
ST BSP, based on the openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for
Yocto 5.0 (Scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the outdated wayland-protocols recipe and synchronizes it
with the latest v1.33 from the meta-st-openstlinux layer, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes all outdated gstreamer recipes and synchronizes it with the
latest v1.22.12 from the meta-st-openstlinux layer, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the gcnano recipes integrated into meta-digi, as a new
version (v6.4.19) has been released in the latest ST BSP, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (Scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the scp-firmware recipe, as it has been integrated into the
optee-os recipe with the latest v4.0.0 from the ST BSP release. This update is
based on the openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0
(Scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes all outdated OPTEE-OS recipes and synchronizes the Digi custom
.bbappend with the latest v4.0.0 from the ST BSP release, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes all outdated TF-A recipes and synchronizes the Digi custom
.bbappend with the latest v2.10 from the ST BSP release, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Our distribution is Digi Embedded Yocto (DEY), so use that to mark the
upstream status of the patches in our layer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The way tagged imx-boot images are handled in meta-freescale was changed in
commit 161f1b3e69a3cf011a50e9b742fb8c46d61e41e8. Reflect this in our recipe by
using the same overrides as uuu_bootloader_tag.bbclass to disable the
functionality
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This variable was removed from the base imx-boot recipe in meta-freescale
commit c30f12b809a8cf36043b42c67dd8a11f69d9cf77, as it was never being
overridden and always had a value of "imx-boot".
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
For some reason, using the '+=' operator instead of ':append' when specifying
the staticdev package's FILES, the original values are overwritten, causing all
of them to get included in the dev package instead. Since some of these files
are static libraries, this causes QA errors.
Replace the '+=' operator with ':append' to fix this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In meta-freescale commit 4d64dde1686a017ebe2763dd7880563a6fc51b53,
compile_mx8m() was modified to account for possible configuration suffixes in
the dtb filename via the creation of a symlink. In our case, the filename is
the same as the target, causing the dtb to get replaced with a dead symlink.
For now, revert this function to how it was in the kirkstone branch of
meta-freescale to avoid this.
https://onedigi.atlassian.net/browse/DEL-9011https://onedigi.atlassian.net/browse/DEL-9081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Check that weston-start exists before modifying it: after a recent change in
poky's weston-init recipe, this file only gets installed in non-systemd images.
Remove hardcoded systemd service path: some of the code ported from
meta-st-openstlinux assumes that the original weston-init systemd services are
installed under /lib, and it uses hardcoded paths to detect them. Yocto 5.0 now
has usrmerge enabled, so the services are installed in /usr/lib instead,
causing the check to fail. Replace the hardcoded path with its respective
variable.
https://onedigi.atlassian.net/browse/DEL-9011https://onedigi.atlassian.net/browse/DEL-9045
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since our recipes handle native builds differently, port the latest version
of the recipes from meta-freescale to our layer while keeping our
customizations. Use the same revision for all platforms.
Adapt patches for lf-6.6.23-2.0.0 release and add the "Upstream-Status" tag to
them to avoid QA errors.
For now, use the imx-boot recipe from meta-freescale, but there's a chance we
might need to port the version of the recipe in meta-imx.
https://onedigi.atlassian.net/browse/DEL-9011https://onedigi.atlassian.net/browse/DEL-9081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The recipe for 4.2.0.imx has been upstreamed, so merge both of our .bb files
for 4.0.0.imx and 4.2.0.imx into a single .bbappend file. Adapt our patches to
support the ccimx93 and ccimx91, and while at it, add the "Upstream-Status"
tag to them to avoid QA errors
https://onedigi.atlassian.net/browse/DEL-9011https://onedigi.atlassian.net/browse/DEL-9081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Back in Yocto 4.0, we applied some imx recipe changes exclusively for the
ccimx93 from meta-imx's rel_imx_6.1.55_2.2.0 tag, but now these changes have
been upstreamed in the meta-freescale scarthgap branch. Since there currently
isn't an NXP BSP based on scarthgap, make all platforms use the upstreamed
versions of the recipes, which are the same versions or newer as the ones
available in meta-imx
Remove the recipes for:
* firmware-ele-imx
* gstreamer1.0-plugins-bad
* gstreamer1.0-plugins-base
* gstreamer1.0-plugins-good
* gstreamer1.0-plugins-good
* gstreamer1.0-plugins-ugly
* gstreamer1.0
* imx-atf
* imx-boot-firmware-files
* imx-codec
* imx-g2d-samples
* imx-m33-demos
* imx-m4-demos
* imx-m7-demos
* imx-parser
* imx-pxp-g2d
* libdrm
* linux-imx-headers
* optee-test
* wayland
* wayland-protocols
* weston
* xwayland
Apply these changes:
* Remove ccimx93-exclusive changes in gstreamer1.0-meta-base
* Modify imx-gst1.0-plugin bbappend so the upstream version is used in all
platforms
* Remove imx-alsa-plugins bbappend so the upstream version is used in all
platforms
* Remove firmware-nxp-wifi bbappend since the files we need to install seem
to already be included in the meta-freescale recipe
* Remove imx-test and imx-lib bbappends since our custom changes have
already been included in the meta-freescale recipes
https://onedigi.atlassian.net/browse/DEL-9011https://onedigi.atlassian.net/browse/DEL-9081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The SCP firmware introduces too much verbosity (with
timestamp included) in the middle of the boot log
between the TF-A and U-Boot.
Reduce the log and remove compiler flags for errors
on unused variables (banner strings).
This removes the following messages from SCP firmware:
[ 0.000000] SCP-firmware v2.12.0-dev
[ 0.000000]
[ 0.000000] [FWK] Module initialization complete!
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ST_OPTEE_DEBUG_TRACE is set to 0 if ST_DEBUG_TRACE is set to 0.
However, on the optee source code, if ST_OPTEE_DEBUG_TRACE=0 the
log level is automatically set to 3 (INFO) resulting in a very
verbose optee log.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
DEY generates the ccmp25 boot artifacts on subdirectories of the main
deploy folder. The firmware installation script expects to have them on
the deploy directory, so create the proper symlinks.
https://onedigi.atlassian.net/browse/DEL-9120
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add support based on STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add open-source implementation of the OpenGL API support based on v23.0.3
version from STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add GPU support based on v6.4.15 version from STM release
openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v2.8 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v3.19.0 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
When TrustFence is enabled, use the HUK programmed on the OTP
bits for the ccmp15 platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9121
By default, the secure storage path in the REE is "/var/lib/tee". It is
part of the rootfs, and thus, it gets lost on a firmware update.
This commit changes that path to a different partition "/mnt/data/tee"
when Trustfence file-based encryption is enabled.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Building Optee trusted applications (TA) depends on optee_client and the TA
devkit provided by optee_os. Our toolchain provides those dependencies, but
the SDK script which configures the environment for standalone building,
is not configuring some variables needed to build trusted applications.
This commit extends the SDK environment script to allow building TAs.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Optee-client provides the TEE Client API as defined by the GlobalPlatform TEE standard.
It is required to communicate with a Trusted Application (TA) running in a Trusted OS.
https://onedigi.atlassian.net/browse/DEL-8970
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Several things were wrong after the latest update to version 4.0: the
tee-supplicant path, some settings in the systemd unit, etc.
This commit fixes the installation so the optee test suite completes again.
https://onedigi.atlassian.net/browse/DEL-8989
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This is an NXP change that reverts a mainline weston commit form v9.0.0, in
which the mouse cursor only gets activated when there is mouse movement. This
change was only being included in the weston v10.0.X i.MX forks.
For platforms that don't use these weston forks (ccimx93 uses the v11.0.X fork
and ccmp15 uses mainline weston), the mouse cursor doesn't load right away when
booting the system, which causes apps that are automatically launched (such as
the LVGL demo) to not register the mouse, rendering said apps unresponsive to
it.
Port NXP's change to all of the weston versions we currently use to avoid this
problem.
https://onedigi.atlassian.net/browse/DEL-8865
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: bd5506ddba364ad04602d5009b77077f78450b97
Source: NXP's MCUXpresso SDK_2.14.2_MIMX9352xxxxM
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting with NXP release "lf-6.1.55-2.2.0" the IMX optee fork (based on
version 4.0.0) does not support SOC revision A0. This commit recovers
support to build a bootloader for A0, extending the optee patch for
ccimx93 to support A0 with a build time option, and then extending the
optee-os and imx-boot recipes to build two optee binaries and using them
to generate bootloaders for both SOC revisions.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This includes also an update and rename of the Edgelock Enclave firmware
package (firmware-ele-imx).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Notice, that the new version of weston used now by the ccimx93 requires
a different profile file (weston-socket.sh). This profile supercedes the
old 'weston.sh'.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 019deb6313)
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 2fd1dbfed7)
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
mkimage output provides some information (basically image offsets) that
cst (code signing tool) uses to sign imx-boot images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We will use BOOTDEVICE_LABELS as a means to add 'sdcard'
configuration to TF_A_CONFIG within meta-st-stm32 so there
is no need to have a wrapper variable in meta-digi.
This reverts commit c6f19a099c.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 92969f0c4 ("plat-stm32mp1: Remove CFG_STM32_BSEC_WRITE dependency with
debug configuration OP-TEE") on OP-TEE source code, removed the link between
the BSEC WRITE feature with DEBUG feature, so now by default it is enabled.
This reverts commit 2395378ec4.
https://onedigi.atlassian.net/browse/DEL-8657
Create a new script for the generation of PKI tree for STM platforms
and leave the trustfence-sign-artifact script exclusively for signing.
The new gen-pki script only requires the platform as an argument and the
path to where to save the tree (if it doesn't exist) in
CONFIG_SIGN_KEYS_PATH.
This commit also reverts commit 13c136dbc5 by getting rid of the
trustfence-genpki-native.bb recipe and moving back the PKI generation
functions into trustfence.bbclass. This recipe didn't quite guarantee
that the PKI was generated on time for the recipes that required the
keys to exist, anyway.
Instead, the PKI generation function must be called right after
do_compile() of recipe tf-a-stm32mp to be ready for do_deploy() where
the key is used.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 7cf314ba80 made a weak assignment of TF_A_CONFIG in the machine
config file, so that it could be overriden from conf/local.conf with a
straight assignment. However, this variable already has a weak assignment
on include files for the tf-a-stm32mp recipe, which apparently take
precedence over the machine files.
This commit creates a new variable DEY_TF_A_CONFIG in the machine config,
and then uses a straight assignment of TF_A_CONFIG to the new variable on the
tf-a-stm32mp.bbappend.
This allows users to override the machine default and avoids the STM recipe
weak assignment.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Do not install the combo FW and install the WiFi and BT FW as separated FWs,
so they are managed independently.
Md5sums are:
44cf5535f3b40784296843544eae159e sd_w61x_v1.bin.se
300c739a4e126a8f430001c41e5b3a5f uartspi_n61x_v1.bin.se
Note: currently these FW files are copied manually here, till the github FW
files are updated.
These firmware files come from the package IW612_18.99.2.p19.5.zip provided
by NXP support page.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Make a series of changes to make sure the imx-boot signing process works:
* Store separate mkimage logs for each imx-boot build. In our case, this
means storing one log per SoC revision. Each SoC revision has a different
SECO fw binary with varying sizes, which causes offsets of specific
signing regions to differ among revisions. Since we parse the offsets
from the logs, we need to make sure the offset information is correct in
each case.
* Remove u-boot-atf-container.img in each mkimage iteration, otherwise the
ATF offset information will be missing from subsequent logs.
* Implement a separate trustfence_sign_imxboot() function for the ccimx8x
to iterate through all SoC revisions.
Note that the SPL+AHAB signing script doesn't support imx-boot encryption yet.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Now that both U-Boot and the SCFW can autodetect the RAM configuration, we can
simplify the imx-boot build process to generate two binaries (one per SOC
revision) instead of eight. Build "flash_spl" imx-boot images and use only one
global defconfig for u-boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This update includes automatic RAM configuration detection, and only one SCFW
binary is needed for all ccimx8x variants. Adapt the imx-boot recipe
accordingly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Use our custom compile/install/deploy functions from DEY 3.2. NXP's imx-boot
recipe assumes only one U-Boot config and SOC revision, but we have multiple,
so we have to rewrite all of these functions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
(cherry picked from commit 92ca458e4f)
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Remove patch file "0001-Makefile-Suppress-array-bounds-error.patch"
for ccimx93, as it is already included in the lf-6.1.1_1.0.0 revision.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Arturo Buzarra
Francisco Gil
Hector Palacios
Gonzalo Ruiz
Gabriel Valcazar
Isaac Hermida
Javier Viguera
Mike Engel
David Escalona