Without this call, swupdate will be built with a default configuration which
is incompatible with our package format. Even though this function is already
called in the original recipe, it was done in the package's "git" directory.
Make sure the function is called at least once so that our defconfig is used in
the build.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 28d9e025ea used += to append
a dependency to RDEPENDS but this was not working fine and was removing
previous dependencies.
Use instead _append override.
Reported-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, swupdate will treat the update process like it's an OTA one and it
will try to store the package contents in /tmp, which won't fit.
swupdate commit 8b70ae5796e75c2ff856e8c46b3a3c09cb8fcccd states that all local
SWU packages should include this flag, since the old implementation had this
information implicitly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Technically, partition unencryption is safe to do in open devices, although it
implies that at least one partition has already been encrypted. If we aren't
going to encrypt any partitions, there's no need to print the warning.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of checking for the existence of /proc/mtd, which might lead to false
positives, check the "root" parameter in /proc/cmdline. Assume eMMC in case of
any error.
https://onedigi.atlassian.net/browse/DEL-7539
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
- Check the existence of files before the 10 second wait.
- Print the list of filenames to program to each partition.
- Print the file that's being updated to each partition.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
With the generalization done in previous commits, we have now several files
that are identical and can be merged into a common SOM or SOM family
folder.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Create global variables:
DEFAULT_IMAGE_NAME
GRAPHICAL_IMAGES
to have them substituted on the U-Boot install scripts for better
generalization.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
U-Boot install scripts (from uSD and USB) were hard-coded to dey-image-qt.
Allow to install other image files by setting a new variable 'image-name'
which defaults to 'dey-image-qt' if not defined, except for the CC6UL
SBC Express, that defaults to 'core-image-base'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7385https://jira.digi.com/browse/DEL-7333
On these boot scripts, this variable is not used, so we can remove it.
Besides, it's generated by U-Boot code.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Use ##MACHINE## placeholder to have it later substituted by the recipe
using Yocto ${MACHINE} variable.
This will help later reducing the number of files to have one per SOM
(or even family) instead of one per platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
There are some init packages from the poky layer that remain using only a SysV
init script. Systemd converts these init scripts to systemd service format on
boot and shows an ugly warning for each one. To avoid flooding the console with
this kind of messages, we reduce the verbosity of these messages.
https://onedigi.atlassian.net/browse/DEL-7540
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In the libubootenv implementation of fw_setenv, multiple variables can be set
in one call. When setting a variable with a space-separated list, the app
interprets the list as new variable/value tuples, for example:
fw_setenv myvar value1 value2 value3
Results in:
myvar=value1
value2=value3
This was causing the encrypted eMMC partition mechanism to break, because the
list of encrypted partitions is stored as a space-separated list in an
environment variable. Avoid this by enclosing the variable argument of
set_uboot_var() with double quotes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, the name of the file will be "u-boot-dey-initial-env", causing
errors when reading the default environment from userspace, since libubootenv
expects "u-boot-initial-env" instead.
https://onedigi.atlassian.net/browse/DEL-7566
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update version from 2.28.1 to 2.32.0, remove patch that is already included in
the source tarball and stop removing the qtwpe PACKAGECONFIG, since it's no
longer being included by default.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update the version from 0.7.1 to 0.8.0 and remove two patches that are already
being applied in meta-webkit.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds the sdma-firmware.service to the rootfs
to load the SDMA firmware during boot, that is necessary
for some drivers to work correctly.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Before using the encrypted partition functionality, users have to manually
install the encryption key in the system. Failing to install said key will
result in errors later on.
Even though the installation isn't a difficult operation from a user's point of
view, the recovery script has the necessary logic to detect cases where a
partition is going to be encrypted with no key installed. Automatically
generate a key in these cases to avoid undesired behavior and to improve the
overall user experience.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version adds new functionality to check if an encryption key is installed
as well as a fix for an issue that happens when encrypting partitions with long
names (over 12 characters).
https://onedigi.atlassian.net/browse/DEL-7535
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we trigger a key change while there are partitions that are encrypted,
print a warning and ask for confirmation so users know that the operation will
erase the contents of said partitions.
Like in the partition (un)encryption mechanism, add the possibility to skip
both the warning message and the confirmation prompt.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This initramfs only makes sense in platforms with an eMMC as the internal
storage, due to how the partition encryption support is implemented. In
plaatforms that use NAND instead, ths initramfs offers no functionality and
increases the recovery image size, so remove it.
https://onedigi.atlassian.net/browse/DEL-7534
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we allow users to manually change the encryption status of the rootfs
partition, we run the risk of wiping it without flashing a proper replacement
image. Because of this, rootfs encryption status should be determined
automatically using information from the update package.
Have the recovery script parse the update package's description to determine
whether to encrypt the rootfs or not.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partition isn't blacklisted, but it should only be (un)encrypted when
providing an update package. Make it so that manual encryption status changes
for this partition aren't possible from the recovery library.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the recovery script checks the update package before installing it, use
the package's description to indicate if the package is meant to encrypt the
rootfs or not. Also, remove the pre-install script from the ccimx6ul packages,
since the logic in the script to remove the encryption flag from the rootfs is
now in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the update partition might be involved during a software update, we need
to make sure that its contents are accesible and safe when using the partition
encryption feature at the same time.
Mount and unmount the partition correctly if it's encrypted and cancel any
operations that will result in the deletion of the update package.
https://onedigi.atlassian.net/browse/DEL-7174https://onedigi.atlassian.net/browse/DEL-7422
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a new function to the recovery library to be able to encrypt/unencrypt any
partition on the internal storage media. Since it's a destructive operation,
add a warning message and a confirmation prompt that can be skipped if needed.
Reflect this new functionality in the recovery-reboot app. Change the logic so
that an encryption key can be set even if there's no update package, because
now it's possible to encrypt other partitions while leaving the rootfs intact.
Also change the logic so that the app doesn't reboot into recovery mode if
there's no recovery command set.
Implement the same blacklist as the one in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The partition encryption system now uses dynamically generated names for the
decrypted block devices, which are based on the partition name. Reflect this
change in places where the encrypted rootfs is referenced.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Modify the recovery and trustfence initramfs scripts to be able to encrypt any
partition on the internal storage media, not just the rootfs.
To implement this functionality, add a new recovery command called
'encrypt_partitions'. When used, this command must contain a comma-separated
list of the partitions that are to be encrypted by the end of the recovery
process, including partitions that were already encrypted beforehand. Any
partition that isn't in the list will be unencrypted. If the command is absent,
no changes will be made, but it's possible to pass an empty command to
unencrypt all partitions.
Include a blacklist to avoid encrypting partitions that shouldn't be encrypted,
such as partitions that need to be accessed by the ROM code/U-Boot or
partitions that contain encryption keys.
While at it, remove unnecessary "get_kernel_version" function from the script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Non-graphical images (core-image-base, dey-image-aws) don't contain the
graphic-backend on their filenames.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- Determine first the filenames and abort if any does not exist.
- Print a warning message about the erasing of the media with a list
of partitions and files to use for the update
- Sync the different scripts so they look more similar
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7333
Similar to how it's done on the ccimx6ul, create a function for updating
a partition with a file, that also prints a message.
Rename the function to be the same in all scripts.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7333
Previously, this script only allowed the U-Boot filename as parameter.
This commit makes use of getopts() to pass the following options to the
script:
-h, for help
-i, to pass the dey image name that prefixes the firmware filenames
-n, to skip the 10 seconds delay that allow you to cancel the process
-u, to pass the U-Boot filename
The default image name (if none passed) keeps being 'dey-image-qt' but the
new option allows reusing this script to install dey-image-webkit or
dey-image-aws images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7385
The matchbox-terminal provides a GTK+ terminal application on the sato desktop,
however it has a dependeency of the virtual terminal emulator GTK+ widget
library (vte) that recently introduced a dependency with the icu package that
increase the rootfs size in 20MB. Since this is a sample application, remove it
to save space on the rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package adds a dependency of python3-xml that includes the python3 core
package, increasing the size of rootfs by 8MB.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
packagegroup-core-x11-sato has a dependency on the gst-examples package and
adds a RRECOMMENDS for several packages including many codecs, enconders, etc.
We remove this package for the cc6ul platform to save space in rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add just one qt demo by default and move all of them to platforms with gpu
support, as platforms like cc6ul have few space available.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The prebuilt 'athtestcmd' binary allows you to test tx/rx of the
Wi-Fi MAC, when the driver is loaded in test mode.
This is required for certifying Wi-Fi in products, so add it by
default for the ccimx6sbc.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7444
(cherry picked from commit acb402fdcfa54d8d5519580ff7fcfb76fbed3f49)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Now libgpiod is not added automatically and we need to add the
dependence manually.
For more info see commit 4339c28ff4aa0264c34f4f183349aea20a5ff127 in
meta-openembedded layer.
https://jira.digi.com/browse/DEL-7522
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
This commit backports a patch to fix the following build issue with
the GCC v10:
dtc-parser.tab.c:1069: multiple definition of `yylloc'
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Gabriel Valcazar
Hector Palacios
Mike Engel
Arturo Buzarra
Gonzalo Ruiz
Francisco Gil Martinez