Add support based on v2.8 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.
Rename the variables so that it's easier to identify the platforms/vendors they
affect:
* Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
* Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP
Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When we use a fitImage kernel type, all the boot artifacts are inside the
FIT image, so there is no need to add them to the boot image additionally.
We were using TRUSTFENCE_FIT_IMG to do this filtering, which uses
a fitImage kernel type underneath. This commit uses KERNEL_IMAGETYPE
instead, as this way, we can use kernel FIT images out of Trustfence and
still prevent polluting the boot images with not-needed artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This compression method has a better compression ratio than the default (lzo),
but the (de)compression speed is slower, leading to slower read/write speeds.
However, the recovery partition only gets accessed in specific use cases such
as software updates and partition encryption, and it contains an initramfs. The
UBIFS will only be read at boot time to load its elements, but once the
initramfs is loaded in RAM, there are no more read/write operations to the
UBIFS during runtime, so the speed penalty is minimal.
Take advantage of the improved compression ratio to reduce the size of the
recovery image. On the ccimx6ul, the size is reduced by 248 KiB.
https://onedigi.atlassian.net/browse/DEL-8819https://onedigi.atlassian.net/browse/DEL-8825
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
A recipe may generate different runtime packages, with names other than
PN. This commit allows removing the ontarget postinst script for those
other runtime package names. To do so, just define REMOVE_POSTINST_RPN
before including this class in the recipe.
The first user is in the following commit.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The class 'boot-artifacts.bbclass' was created to generate a
list of the bootable artifacts that must be copied from the
deploy dir to the installer ZIP file, so that the installer
has all the possible bootloader files to update any variant
of the hardware.
The class was somewhat over-engineered to produce the list,
specially for the cc8x, with the variants of SoC revision,
RAM size and width. With the arrival of ST family, it got
more complex, as the artifacts don't even come from U-Boot
recipe.
To remove complexity, this commit removes the bbclass and
moves the list to the platform config file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For platforms that do not define FIP_UBOOT_DTB, the
'd.getVar('FIP_UBOOT_DTB') gets evaluated to None, which is not equal to
"", and thus the code continues in the wrong "if" branch.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This variable was removed from meta-st-stm32mp so we need to get rid of it
in meta-digi, too.
Reported-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8268
This commit changes the arm-trusted-firmware build configuration to only build
one ATF artifact.
It will create an image that boot over USB and NAND.
https://onedigi.atlassian.net/browse/DEL-8187
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
For platforms with a FIP artifact, ignore U-Boot artifacts and instead
add to the installer zip file the FIP artifact and the ATF artifacts.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit reverts partially the commit 548b8729 ("image_types: add support to
create CCMP15 ubifs images") to fix the boot partition generation.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The sign mode needed for each platform is invariable, and since the platform
is already a mandatory parameter for the script, we can store this information
implicitly. Reflect this change in every recipe where the script is used, but
keep the variable at the Yocto level since it's still needed in several places.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
It seems like the version of mkfs.vfat used in Yocto 3.3 has a label name
length limit of 11 characters. All of the labels for our current platforms
surpassed this limit ("Boot ccimxX" alone already occupies 11 characters), so
replace the machine name with "DEY"
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since these images are highly compressable, this greatly reduces the amount of
space taken up by build artifacts.
Modify the code used to generate the .sdcard and .installer.zip files so that
they contain the decompressed .ext4 image.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When the Bootloader is an 'u-boot' select the correct u-boot
signed image to compose the sdcard artifact.
Signed u-boot artifacts start with 'u-boot-dtb-signed-'.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When the Bootloader is an 'imx-boot', select the correct imx-boot
signed image to compose the sdcard artifact.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The signing script is used for signing multiple artifacts, not just the
kernel, so rename it for a broader use.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
imx-mkimage is a host recipe to provide the mkimage_imx8 binaries, required
for the trustfence support with platform based on AHAB (ccimx8x). Since
these binaries are required to the sign process we need to export it in the
SDK to allow the standalone sign mode, and with that we can simplify the
mechanism to share these binaries with another recipes (u-boot, linux).
Also the do_deploy() from imx-mkimage recipe was removed to avoid overriding
the implementation from the native class and allow populating the mkimage
binaries.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The scripts need to know the SOC's revision to be able to select the correct
imx-boot image. Modify the boot-artifacts bbclass so the renamed imx-boot files
are included in the installation .zip.
Also, bypass the SECO fw check in the uSD script so it can install future
versions that aren't recognized by U-Boot's SECO fw checking logic. The UUU
script doesn't require this bypass, since it doesn't use the Digi update
command to flash the bootloader.
https://jira.digi.com/browse/DEL-7069
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
* prefix TRUSTFENCE_ to variable SIGN_MODE for DEY
* prefix CONFIG_ to variable SIGN_MODE for script
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The bootable artifacts that must go inside the installer ZIP image, are defined
in the variable BOOTABLE_ARTIFACTS. For platforms without RAM_CONFIGS, these
artifacts are obtained from the UBOOT_CONFIG variable.
This commit fixes the final artifact name added to the BOOTABLE_ARTIFACTS that
for some platform is not strictly the same that the UBOOT_CONFIG name.
For example for the U-Boot configuration "ccimx8mn_dvk", corresponds the
bootable artifact "ccimx8mn-dvk"
https://jira.digi.com/browse/DEL-6974
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the copy of the initramfs final image with the extension
*.tf when Trustfence is disabled. This was introduced by commit
5beec04b ("trustfence: Add Trustfence support for CCMX8X")
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Commit 5beec04b ("trustfence: Add Trustfence support for CCMX8X") introduces
a dependency when the imx-mkimage recipe and the SIGN_MODE is equal to AHAB.
However this dependency should be added only when the TRUSTFENCE_SIGN is equal
to 1 and when the SIGN_MODE is equal to AHAB, not only when the SIGN_MODE is
equal to AHAB. This commit introduces this double check.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The artifacts that must go inside the installer ZIP image are not anymore
the ones in UBOOT_CONFIG. For CC8X, the artifacts are combinations of
UBOOT_CONFIG and RAM_CONFIGS.
This commit adds a function 'get_bootable_artifacts()' to boot-artifacts class
to generate a new variable BOOTABLE_ARTIFACTS with the list of bootable
artifacts DEY produces.
The installer recipe can then simply iterate on that list, rather than
needing to calculate it by itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-6641
The existing loops were iterating through all RAM_CONFIGS, but
they must only iterate over those that match the RAM size on the
platform's UBOOT_CONFIG.
This commit adds a Python class 'boot-artifacts' to get the list of matching
combinations of RAM_CONFIGS and UBOOT_CONFIG so that the iteration
is easier to do than nesting loops inside one another.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-6641
A variable called IMAGE_BOOTLOADER was being used without distinction for
referring to two different things:
- the recipe that builds the bootable artifacts
- the prefix of those artifacts
The value of this is "u-boot" for most platforms, but "imx-boot" for the
CC8X based platforms.
The name of the variable is misleading, so this commit splits it into two:
- BOOTLOADER_IMAGE_RECIPE, to refer to the recipe
- UBOOT_PREFIX, to refer to the prefix of the bootable artifact
With the separation, the variable UBOOT_SYMLINK becomes a generic formed
one, so it is moved to digi-defaults.inc.
While on it, fix the image_types_digi.bbclass which was not making use of
the original variable to establish all the dependencies.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Update NXP's .bbclass files with the ones in meta-fsl-bsp-release branch
sumo-4.14.98-2.0.0_ga.
https://jira.digi.com/browse/DEL-6603
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Device tree names don't use KERNEL_IMAGETYPE as a prefix anymore,
since in this version, there are different variable names to generate
device tree files.
https://jira.digi.com/browse/DEL-6443
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Arturo Buzarra
Gabriel Valcazar
Javier Viguera
Mike Engel
Hector Palacios
Gonzalo Ruiz
Ariel D'Alessandro