The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit modifies the cloud connector configuration to use
'remotemanager.digi.com' URL since it does not use certificates for the
connection.
'edp12.devicecloud.com' only allows connections with certificates.
The certificate is downloaded during the first device connection to DRM and
stored in '/etc/ssl/certs' directory inside the 'rootfs' partition.
Following connections must use this certificate.
After a firmware update 'rootfs' partition is re-programmed (standard boot)
or changed to use the corresponding partition of the other block (dual boot). In
any case the certificate downloaded is not available anymore, so the device is
not able to reconnect.
Currently there is no a 'immutable' partition to store the certificate, that is,
a place where the certificate is not removed during a firmware update and can
be used by the cloud connector (similar to the 'data' partition on a ccmp1)
Related to commit 063a946e7c.
https://onedigi.atlassian.net/browse/DEL-8400
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
By launching in system mode it is possible to play music from a shell using
pulseaudio. With change all platforms and images (with or without graphical
support) have pulseaudio working.
https://onedigi.atlassian.net/browse/DEL-8417
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit modifies the boot script condition to apply the overlay for DVK v1
on boards without the board_version variable defined.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds an overlay for DVK v1 and modifies the boot script to apply it
based on the board_version variable.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Partitions 'fip-a' and 'fip-b' are redundant at the moment. They are
not currently part of the dualboot system. In consequence, program
both partitons unconditionally during the install process.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Our /tmp file is a symbolic link to /var/tmp, therefore a "find /tmp" returns
nothing. Force to search files inside tmp folder by using "find /tmp/".
https://onedigi.atlassian.net/browse/DEL-8410
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Move generic IMX machine firmware to imx-digi-base.inc file. This eases
maintenance, as this file follows imx-base.inc in meta-freescale.
Still, configure platform's Digi specific firmware in each machine's
config file.
As a positive side effect, this removes the "firmware-imx-easrc-imx8mn"
firmware file from the 8M Mini, as it's only used in the 8M Nano. This
saves about 263KB.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With platform overrides we need to use ':append' operand. Otherwise, we
are overriding the previous content of the variable and not adding to it.
In this case, for example, we removed some postprocessing functions that
allow SSH into the device with an empty password.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the patch series for wpa-supplicant and hostapd v2.10,
based on the Murata release imx-kirkstone-fafnir_r1.0 that matches with the
Cypress Linux WiFi Driver (FMAC) release v5.15.58-2023_0222
https://onedigi.atlassian.net/browse/DEL-8407
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the required firmware binaries for Bluetooth and Wireless
interfaces, based on the Murata release imx-kirkstone-fafnir_r1.0 that matches
with the Cypress Linux WiFi Driver (FMAC) release v5.15.58-2023_0222 (Wireless
firmware v13.10.246.300)
https://onedigi.atlassian.net/browse/DEL-8407
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For now, we're only interested in generating the SBOM, which we can upload and
have Vigiles scan later on if needed. The report generation process adds some
overhead and can cause unwanted errors if the Vigiles server takes too long.
Enable report generation for our automated builds.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit creates a new launcher group in the '/etc/xdg/weston/weston.ini' to
have access to the QT cinematicexperience.
This is done for QT5 (ccmp15, ccimx8mm, ccim8mn) and QT6 (ccimx93).
https://onedigi.atlassian.net/browse/DEL-8379
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
ConnectCore 93 DVK only connects the XBee reset line (XBEE_RESET_N_GPIO) but not
the sleep request (XBEE_SLEEP_RQ_GPIO)
It also reworks the 'xbee-init' script to support empty reset
(XBEE_RESET_N_GPIO) or sleep request (XBEE_SLEEP_RQ_GPIO) values.
https://onedigi.atlassian.net/browse/DEL-8375
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Symbols are needed for DTB overlays. In the CC6UL we are not using
overlays, so disable symbols generation.
https://onedigi.atlassian.net/browse/DEL-8397
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
'do_populate_sdk' for dey-image-webkit was not working because of package
nghttp2:
DNF version: 4.11.1
--> Starting dependency resolution
--> Finished dependency resolution
Error:
Problem: package nghttp2-dev-1.47.0-r0.1.cortexa53_crypto requires nghttp2 = 1.47.0-r0.1, but none of the providers can be installed
conflicting requests
nothing provides nghttp2-client >= 1.47.0 needed by nghttp2-1.47.0-r0.1.cortexa53_crypto
nothing provides nghttp2-server >= 1.47.0 needed by nghttp2-1.47.0-r0.1.cortexa53_crypto(try to add '--skip-broken' to skip uninstallable packages)
ERROR: Logfile of failure stored in: proj/ccimx8mm-dvk/tmp/work/ccimx8mm_dvk-dey-linux/dey-image-webkit/1.0-r0/temp/log.do_populate_sdk.2923894
ERROR: Task (dey/4.0/sources/meta-digi/meta-digi-dey/dynamic-layers/webkit/recipes-core/images/dey-image-webkit.bb:do_populate_sdk) failed with exit code '1'
This commit creates a bbapend to allow empty 'nghttp2-client' and
'nghttp2-server' packages because 'nghttp2-dev' depends on 'nghttp2' that
depends on
'${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server (>= ${PV})' per
the recipe at poky.
https://onedigi.atlassian.net/browse/DEL-8380
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The SW encryption is much faster than decicated HW in our platforms.
The HW encryption is limited to the use of CAAM which is used through
blob calls, therefore the cryptodev module is not required.
https://onedigi.atlassian.net/browse/DEL-8371
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Set parameter 'greentxConfig__0_0=0x2' to use the optimal TxPower
in MCS7 data rates, improving performance.
Also, adjust maximum TxPower in the 5GHz band to account for
output power tolerances.
The new BDF is:
- bdwlan30_US.bin (53072f8af541a49e4ed9c22698b1912f)
https://onedigi.atlassian.net/browse/CC6UL-1302https://onedigi.atlassian.net/browse/DEL-8364
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Packages bluez5-init, cloudconnector, and connectcore-demo-example-webkit
provide a launcher script that is used regardless of the init system being
systemd or sysvinit. Those launcher scripts use the '/etc/init.d/functions'
file, which is provided by the 'initscripts-functions' runtime package,
so add that runtime dependence.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
No functional change, just include poky.conf (which is the base for our
distro) and then remove all the code that is duplicated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Francisco Gil
Hector Palacios
Arturo Buzarra
Tatiana Leon
Gonzalo Ruiz
Javier Viguera
Isaac Hermida
Gabriel Valcazar
Mike Engel