The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
By default, our 'cloudconnector' package is installed.
This can be overriden by defining 'CLOUDCONNECTOR_PKG' in the 'local.conf'
with the custom package that includes this application.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
rename interface sta_name to be "wlan0" instead of "mlan0", so it keeps
compatibility with other platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Check if the bluetooth-init service is running before going to suspend,
just in case has stopped or disabled it on purpose.
https://onedigi.atlassian.net/browse/DEL-8497
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We need to take in account if the IW612 chip (WiFi/Bt) is going to be powered
off on suspend state. In such a case, we need to unload the driver modules and
restore the expected tty speed for Bluetooth, so that functionality is restored
back on resume.
https://onedigi.atlassian.net/browse/DEL-8489
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit bdece7102b)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With platform overrides we need to use ':append' operand. Otherwise, we
are overriding the previous content of the variable and not adding to it.
In this case, for example, we removed some postprocessing functions that
allow SSH into the device with an empty password.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit creates a new launcher group in the '/etc/xdg/weston/weston.ini' to
have access to the QT cinematicexperience.
This is done for QT5 (ccmp15, ccimx8mm, ccim8mn) and QT6 (ccimx93).
https://onedigi.atlassian.net/browse/DEL-8379
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The SW encryption is much faster than decicated HW in our platforms.
The HW encryption is limited to the use of CAAM which is used through
blob calls, therefore the cryptodev module is not required.
https://onedigi.atlassian.net/browse/DEL-8371
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit adds a custom config file to handle the KEY_POWER events on systemd.
https://onedigi.atlassian.net/browse/DEL-8207
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This custom config file applies not only the NXP platforms so this commit
renames it.
https://onedigi.atlassian.net/browse/DEL-8207
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
accel-video was being used only for including or not gstreamer in the
different DEY images. But then we had exceptions to include gstreamer for
machines that do not define accel-video, so just follow what the ccmp15
does, and use a generic 'gstreamer' distro feature to add 'dey-gstreamer'
support to the images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
'package-management' allows to install packages in runtime. This feature is not
usually utilize by customers so we are removing this support from all images.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In order to reduce the final size in the rootfs, this commit removes the
package manager for the core-image-base images.
https://onedigi.atlassian.net/browse/DEL-8335
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For 'wayland' enabled distro features, 'weston' is added as image
feature. This is later used in poky to change the SYSTEMD_DEFAULT_TARGET
to 'graphical.target' which is the correct systemd default target for
graphical images.
This allows to delete the workaround we have in 'weston-init'
recipe to start weston automatically on boot.
Also delete some packages from CORE_IMAGE_EXTRA_INSTALL:
- weston-init and weston-examples are included as part of the 'weston'
image feature.
- gtk+3-demo: removed from the default images, as it is a graphic framework
we are not promoting.
- xterm: removed as weston does already provide a terminal (weston-terminal).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
v4l-utils contains tools to manage the camera.
We have also documented all these commands in our
documentation
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
On systems with a single MTD system partition and multiple UBI
volumes, the initramdisk doesn't mount the 'update' partition
because mdev rules only trigger events for MTD partitions.
This commit adds a rule to trigger an event for every /dev/ubi0_x
(every UBI volume on ubi0 device) and call the new automount_ubi.sh
script. The script checks if the volume is called 'update' and if
so, it creates /mnt/update mountpoint and mounts the volume.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8297
(cherry picked from commit df9c622b1bf0a7307c61deda12cf1f67d4f630f0)
(cherry picked from commit 8b8f9560af)
Make the script send the resume actions to the background
so that console returns to the user without having to wait
for the Wi-Fi module to load and the Bluetooth to attach.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8262
The following files were duplicated across platforms but were
identical or almost identical.
Only used on SysVinit (currently only by default on the CC6UL).
- standby
- acpid.map
Only used on SystemD
- standby-actions
Notes:
- The triggering of udev actions are harmless if the interfaces
don't exist.
- The value of KEY_POWER on acpid.map for CC6/CC6Plus was originally
0 instead of 1, but this file is not currently used in systemd.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These are just a verbatim copy of the ccimx8mm ones, so the project is
buildable. This file list should be revisited and adapted for the
ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a new parameter '-i' to update-firmware to let the user
select a specific image_set of the sw-description file to
use during the swu update.
This allows adding different image_sets on the sw-description
and reduce the number of images to build. It also adds more
future-proof flexibility.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8199
In previous line we are launching the mdev in daemon mode. One of the
first tasks the daemon mode performs is a cold scan, so there is no need
to repeat it afterwards.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On recovery based devices, the swupdate process is executed in the
recovery, so there is no need to have the swupdate daemon running on the
rootfs.
Add a on-target post installation script to disable the swupdate
bootscript on the normal rootfs. This has the side effect of failing in
the recovery initramfs because the initramfs does not have a complete
SysV init system. For that case add a rootfs postprocess function to
delete the postinst script.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There is a problem when building the SDK because two binaries
have the same name (update-firmware) and makes the compilation
to fail.
Change the name to update-firmware.recovery and create a wrapper
over the update-firmware to check if the system is not dual boot
to call it.
Rework the code to make it more reliable.
Remove the umount of the alternative linux partition, now it is
not needed because only the active linux partition is mounted now.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Now in the file descriptor we have three different names:
platform, primary and secondary.
Also a link from 'platform' to 'single' to keep backward
compatibility.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
All the dualboot logic will be checked in run time.
To do this:
* Include the altboot.src by default in all the images
* Create a post installation script to change the
firmware_download_path in the cloud connector
* Unify the swupdate file descriptor for dual and single boot
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
As a result of the dualboot support we may end up with two
'update-firmware' commands in the rootfs. To prevent file name clashing,
we may need to install the recovery-utils update-firmware as
update-firmware.recovery, and then the current command mode check would
fail.
Relax the check, by just looking at the first character.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Generated Crank rootfs image for the ConnectCore MP15 is too big to fit in a
dual boot system. This commit removes gstreamer and package-management features.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
- create dualboot.bbclass that
- sets DUALBOOT_ENABLED variable
- defines partition names and function for changing the sw-description
for swupdate
- move files from layer into meta-digi
https://onedigi.atlassian.net/browse/DEL-7962
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
If we add the demo to the graphical images (dey-image-qt) the resulting
image does not fit on the rootfs partition for the smallest variant.
https://onedigi.atlassian.net/browse/DEL-8004
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The ConnectCore Demo web page will be the new default landing page for all products,
so remove the default landing page that was created for the ccimx6ulsbc platform.
Signed-off-by: David Escalona <david.escalona@digi.com>
Since Yocto 3.4 the package "clutter-1.0" was considered a legacy component,
and moved to meta-gnome.
https://onedigi.atlassian.net/browse/DEL-7981
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Hector Palacios
Arturo Buzarra
Tatiana Leon
Isaac Hermida
Javier Viguera
Francisco Gil
David Escalona