Add also 'e2fsprogs-tune2fs' to the image, as busybox's version of
tune2fs command does not support setting the "encrypt" feature of the
EXT4 filesystem.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit adds real time test tools to the system.
The hwlatedetct is a program that controls the kernel
hardware latency detector module. This is used to detect
large system latencies independent of Linux itself.
The rt-tests package is a test suite that includes the cyclictest
tool to measure the difference between a thread's intended
wake-up time and the time at which it actually wakes up.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit fixes a build issue using meta-digi layer with a different distro
than "dey". Also simplified the bbappend to avoid creating a custom
do_patch_png() task before do_configure().
Reported-by: Stephan Klatt <skladd@users.noreply.github.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
There are some cases in which the loading of the Wi-Fi modules may be
problematic due to timing conditions:
- when a suspend operation in progress is aborted
- when Bluetooth is disabled
The Wi-Fi needs some time for the system to be ready before loading the
modules.
This commit:
- Stops the Bluetooth before bringing down the Wi-Fi on suspend
- Starts the Bluetooth (or adds a small delay) before bringing up the
Wi-Fi on resume
- Reworks the way the resume operations are programmed, to do them in
reverse order (first load the Wi-Fi modules, then bring the interfaces
up (if required). It does so by appending/prepending actions into a
variable and dumping the contents finally to a temp file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
LVGL graphical library has support for different backends, in the case of the
ccimx6ul we use the fbdev directly, so we don't need the x11 support.
This commit removes x11 support for the ccimx6ul platform for the
dey-image-lvgl image.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
When switching off the 3.3V supply from the Wi-Fi during suspend,
around a 10% of the times, when resuming the Wi-Fi driver fails to load.
It was verified that a rebind operation over the mmc interface (which
eventually calls the script that loads the Wi-Fi module) makes it
load successfully, which denotes a timing issue during resume.
Adding a small delay on the resume operation before running the script
makes the Wi-Fi driver load at the first try.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8821
We removed this package from the recovery initramfs, but it was getting added
as a recommendation to the trustfence initramfs as well.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package is purely vestigial and hasn't been used at all in any of our
initramfs images for over 7 years. It was used in the first implementation
of the trustfence initramfs (commit 4dd7d438af)
to securely erase the key used by cryptsetup, but two weeks later, that logic
was moved to trustfence-tool (commit a8c50c16ea)
and "wipe" was no longer needed. However, the package remained in the
dependencies of the trustfence initramfs, which were then used as reference for
the recovery initramfs, even though this initramfs didn't even need "wipe" to
begin with.
Removing this package saves 30.8 KiB in the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is added as a recommendation for libcrypto and only contains legacy
ciphers which are deemed outdated or unsafe. If any of the packages in the
image actually required this module, they would depend on it explicitly, but
this isn't the case. This saves 66.8 KiB on the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We were using the .cfg suffix for both the build-time config fragments and the
runtime configuration file. During do_configure(), all files in SRC_URI ending
in .cfg were being merged together to create the final build configuration,
including said runtime file, which has a completely different syntax. In most
cases, the contents of this file were being ignored, but when tweaking
swupdate's configuration and re-building the package, sometimes strange errors
would prevent the build from finishing.
Change the runtime file's suffix entirely to separate it from the config
fragments and prevent it from being treated as such, and reflect the name
change in the defconfig and the recovery script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 7e81e706a1 modified the logic used to
determine if a NAND is using multi-MTD or single-MTD, but single quotes were
used in the grep pattern, which prevents the variable inside from expanding.
This makes the script always enter the single-MTD code path, even in multi-MTD
systems, which breaks partition formatting in these cases.
Replace the single quotes with double quotes so the variable can expand and the
condition can be properly checked.
https://onedigi.atlassian.net/browse/DEL-8773
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The swupdate recipe installs by default a systemd service
and a socket to listen for updates coming from a web server.
DEY only makes use of such service during on-the-fly updates from Cloud
Connector web service.
The default swupdate service fails on images with TrustFence because it's
called with no arguments and there doesn't exist a configuration file.
This commit installs a default configuration file and, if TrustFence is
enabled, sets the parameter 'public-key-file' to point to the public
certificate to use to authenticate SWU packages.
While on it, it removes the same file from the recovery-initramfs recipe
that was the only recipe that was adding such config file for recovery
images only.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
LVGL is a free and open-source embedded graphics library that is able to run
in environments with limited resources.
This image includes a desktop environment and an LVGL widget demo (lvgl_demo)
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe generates several packages:
* 'cccs' includes the CCCS shared library
* 'cccs-daemon' includes the binary and resources to execute the CCCS daemon
(daemon, service and init scripts, configuration file)
* 'cccs-cert' includes the required certificate to use CCCS daemon
* 'cccs-gs-demo' includes the binary and resources to execute the CCCS get
started demo (binary, service and init scripts)
* 'cccs-legacy' includes the binary (all-in-one) application to execute
the legacy CCCS application (aka cloud-connector) and the configuration
file
* 'cccs-legacy-dev' includes resources to develop legacy CCCS applications
(all-in-one) (header files inside 'cloud-connector' and 'cloudconnector.pc'
pkg config file)
* 'cccs-legacy-staticdev' includes static resources to develop legacy CCCS
applications (all-in-one) (static library)
This commit also renames:
* 'CLOUDCONNECTOR_PKGS' variable to 'CCCS_PKGS'.
* 'CC_DEVICE_TYPE' variable to 'CCCS_DEVICE_TYPE'.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The ccmp1 has two MTD partitions (UBI, UBI_2) with different system
volumes.
Previously, the fact of having two ubi devices was taken as proof of
being on a multi-MTD system (one that has one UBI volume per partition).
Instead, this commit reformulates the condition to having a partition of
the same name than the UBI volume.
For the case of the ccmp1, add a new for loop to iterate across any number
of UBI devices.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The P2P interface may have a different name, for instance, in the ccimx93 it
is wfd (wifi direct).
Generalize Digi P2P scripts to use the name from the platform config file.
https://onedigi.atlassian.net/browse/DEL-8468
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
While on it, remove the block of the 'dualboot' script that was taking care of this action.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
There is a corner case in the cc6ul where the update from
recovery was failing.
If the u-boot variable rootfstype is set to squashfs u-boot
modify the bootargs adding "root=/dev/ubiblock1_0". The grep
of the command line was failing and detecting the device as
mmc and making the firmware update process fail.
Modify the grep to use the same system that we are using in
the update-firmware script.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This allows to set RTC configuration parameters. For example, the rv3028
RTC included in ccmp1 and ccimx93 has the "backup switching mode"
configuration in a register that is saved to an eeprom. By default the
BSM value is 00, which means backup switchover disabled. This means that
even if you connect a coin cell to our DVK, the RTC will ignore it.
With this commit, the BSM can be configured to direct switching mode
(DSM) or level switching mode (LSM) so the RTC uses the battery when the
device is powered off.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The btnxpuart driver uses internally the serial port to manage the chip, and
loads the BT FW independently of the WiFi subsystem.
While on it, add support in the bluetooth-init script to be able to power the
chip when the WiFi support is not present.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This reuses the same variable from sysvinit (USE_VT) to disable running
getty/login on virtual terminals.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This variable is not defined in ccmp1 platforms, making the
swupdate for single mtd failing.
Instead of reading this variable from uboot environment,
determine if the system is multimtd checking the existence
of /dev/ubi1.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
By default, our 'cloudconnector' package is installed.
This can be overriden by defining 'CLOUDCONNECTOR_PKG' in the 'local.conf'
with the custom package that includes this application.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
rename interface sta_name to be "wlan0" instead of "mlan0", so it keeps
compatibility with other platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Check if the bluetooth-init service is running before going to suspend,
just in case has stopped or disabled it on purpose.
https://onedigi.atlassian.net/browse/DEL-8497
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We need to take in account if the IW612 chip (WiFi/Bt) is going to be powered
off on suspend state. In such a case, we need to unload the driver modules and
restore the expected tty speed for Bluetooth, so that functionality is restored
back on resume.
https://onedigi.atlassian.net/browse/DEL-8489
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit bdece7102b)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With platform overrides we need to use ':append' operand. Otherwise, we
are overriding the previous content of the variable and not adding to it.
In this case, for example, we removed some postprocessing functions that
allow SSH into the device with an empty password.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit creates a new launcher group in the '/etc/xdg/weston/weston.ini' to
have access to the QT cinematicexperience.
This is done for QT5 (ccmp15, ccimx8mm, ccim8mn) and QT6 (ccimx93).
https://onedigi.atlassian.net/browse/DEL-8379
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The SW encryption is much faster than decicated HW in our platforms.
The HW encryption is limited to the use of CAAM which is used through
blob calls, therefore the cryptodev module is not required.
https://onedigi.atlassian.net/browse/DEL-8371
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit adds a custom config file to handle the KEY_POWER events on systemd.
https://onedigi.atlassian.net/browse/DEL-8207
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Mike Engel
Arturo Buzarra
Hector Palacios
Gabriel Valcazar
Isaac Hermida
Javier Viguera
Tatiana Leon
David Escalona
Francisco Gil