Add also 'e2fsprogs-tune2fs' to the image, as busybox's version of
tune2fs command does not support setting the "encrypt" feature of the
EXT4 filesystem.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On new platforms, trustfence will use file-based encryption instead of
full-disk encryption. Add base variables and platform defaults to allow
implementing file-based encryption.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Encrypting boot artifacts impacts the device's boot time, so disable them
by default. It is still possible to enable it in the project's config
file by setting the TRUSTFENCE_DEK_PATH option.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Unlike the rest of the NXP platforms, in u-boot, the ccimx93 allows
configuring a GPIO name to activate the console when secure console is
enabled. Those u-boot options were not translated to the trustfence code
in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9063
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit adds some basic TSN support to DEY.
It includes the kernel configuration fragment with
the IEEE 802.1 support and the some user space tools
necessary to configure the network.
https://onedigi.atlassian.net/browse/DEL-9026
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit adds real time test tools to the system.
The hwlatedetct is a program that controls the kernel
hardware latency detector module. This is used to detect
large system latencies independent of Linux itself.
The rt-tests package is a test suite that includes the cyclictest
tool to measure the difference between a thread's intended
wake-up time and the time at which it actually wakes up.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Rework commit c5c9838e54 to only limit ML
packages for our ccimx93 and not for other imx93-based devices.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Trustfence class was setting the TRUSTFENCE_PASSWORD_FILE variable using the
old keys format where a unique key_pass.txt file contains all the key
passwords. However, in the new format there are one key_pass file for each
key, so using a PKI tree with the new format throws an unexpected error in the
FIP generation due to it is not able to find the required key password.
This commit sets the TRUSTFENCE_PASSWORD_FILE variable for the ccmp1 platforms
on different way.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a check on the existence of the "temp-fitimg-loaded" environment
variable before setting it. It is needed, as with encrypted FIT images,
we need to decrypt them before accessing the boot script. In such cases,
u-boot sets that variable to "no" so the boot script does not override it,
and the FIT image is loaded again before the final boot to the OS.
https://onedigi.atlassian.net/browse/DEL-8945
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This patch fixes the hang issue with EiQ demos using multiple tflite files,
for instance the gesture_detection demo.
https://onedigi.atlassian.net/browse/DEL-8949
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This recipe is not supported anymore. If you need to add that package
for aarch64, a solution is include pip3 in your image and install it
using the pip3 install manager.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Trustfence class was setting the TRUSTFENCE_PASSWORD_FILE variable using the
old keys format where a unique key_pass.txt file contains all the key
passwords. However, in the new format there are one key_pass file for each
key, so using a PKI tree with the new format throws an unexpected error in the
FIP generation due to it is not able to find the required key password.
This commit sets the TRUSTFENCE_PASSWORD_FILE variable for the ccmp1 platforms
on different way.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.
Rename the variables so that it's easier to identify the platforms/vendors they
affect:
* Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
* Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP
Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We rely on FIT support to implement boot artifact authentication on ccmp1
platforms, but our implementation made it impossible to enable FIT support
outside of the context of Trustfence/secure boot.
Change this so that it's possible to enable FIT support without having to sign
the FIT artifacts. Also, modify the linux-dey 5.15 recipe so that the U-Boot
DTBs with signatures get copied only when FIT signing is enabled.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit updates the required firmware binaries for Bluetooth and Wireless
interfaces, hostapd and wpa_supplicant recipes based on the Cypress Linux WiFi
Driver (FMAC) release v5.15.58-2023_1128 (Wireless firmware v13.10.246.334).
This change also includes a custom defconfig file for the hostapd and
wpa_supplicant recipes including the changes from the patches and the Digi
customizations.
Also are updated the Murata firmware repositories to match with the latest
Murata release imx-kirkstone-hedorah_r1.0, which is based in the same Cypress
Linux Wifi Driver release v5.15.58-2023_1128.
https://onedigi.atlassian.net/browse/DEL-8667
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Not installing all the ML packages but just tensorflow-lite saves space.
We are not including onnxruntime and torchvision, which are not supported
by the i.mx93 (see NXP user guide for details).
The ext4.gz size is decreased from 430MB to 217MB.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The patch we were using comes from the time during dualboot support development
where said feature was selectable at build time. The patch adds a new build
option, giving the impression that it only gets enabled under certain
circumstances, when in reality:
* The option is never enabled anywhere in our code
* It's a string option that is treated like a boolean, meaning its
respective conditional compilation is always getting compiled even when
disabled
Our current dualboot support is enabled at runtime, so it doesn't make sense to
have a build-time option related to it, especially one that's broken. Replace
the patch with a functionally equivalent one that is less confusing. Also,
remove the related config option from our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The current log level is very verbose and generates way too much output in some
cases, such as a binary diff update. Reduce the default log level to avoid
this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit fixes a build issue using meta-digi layer with a different distro
than "dey". Also simplified the bbappend to avoid creating a custom
do_patch_png() task before do_configure().
Reported-by: Stephan Klatt <skladd@users.noreply.github.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This reverts commit c5b53c9765.
The HCI reset interface is fixed inside each BT power calibration shell
script, so this workaround is not needed anymore.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
for the IW61x, when the FW is instructed with an hci reset command, the
LE stack is not correctly reset.
It can be workaround-ed by SW doing a SW power cycle.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This is an NXP change that reverts a mainline weston commit form v9.0.0, in
which the mouse cursor only gets activated when there is mouse movement. This
change was only being included in the weston v10.0.X i.MX forks.
For platforms that don't use these weston forks (ccimx93 uses the v11.0.X fork
and ccmp15 uses mainline weston), the mouse cursor doesn't load right away when
booting the system, which causes apps that are automatically launched (such as
the LVGL demo) to not register the mouse, rendering said apps unresponsive to
it.
Port NXP's change to all of the weston versions we currently use to avoid this
problem.
https://onedigi.atlassian.net/browse/DEL-8865
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The display for the cc93 is 'wayland-1'.
Use backslashes before the curly braces to avoid potential expansion by
bitbake variables.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This is to avoid duplicating names with variable DEMO_DISPLAY inside
the lvgl-demo-init script itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
There are some cases in which the loading of the Wi-Fi modules may be
problematic due to timing conditions:
- when a suspend operation in progress is aborted
- when Bluetooth is disabled
The Wi-Fi needs some time for the system to be ready before loading the
modules.
This commit:
- Stops the Bluetooth before bringing down the Wi-Fi on suspend
- Starts the Bluetooth (or adds a small delay) before bringing up the
Wi-Fi on resume
- Reworks the way the resume operations are programmed, to do them in
reverse order (first load the Wi-Fi modules, then bring the interfaces
up (if required). It does so by appending/prepending actions into a
variable and dumping the contents finally to a temp file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit c4f2fce4d3 added logic to do_install()
that saves space by removing board image files that don't match the machine
name. However, the ccimx6qpsbc uses the ccimx6sbc board image file, and it was
being removed from the demo, breaking the demo's landing page.
Avoid this by specifying the correct filename for the ccimx6qpsbc.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ccimx6ul platform uses the fbdev backend to run LVGL graphical applications,
the mouse input device is not supported by default on this platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit sets the default LVGL demo dimensions to match with the resolution
of the supported LVDS display, showing the application at fullscreen.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds a systemd service and a sysvinit script to initialize the LVGL
demo automatically on boot.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
LVGL graphical library has support for different backends, in the case of the
ccimx6ul we use the fbdev directly, so we don't need the x11 support.
This commit removes x11 support for the ccimx6ul platform for the
dey-image-lvgl image.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Javier Viguera
Mike Engel
Arturo Buzarra
Isaac Hermida
Gabriel Valcazar
Stephan Klatt
David Escalona
Hector Palacios