Commit 998598415a moved this logic to the
trustfence.bbclass file, but in doing so, it removed the TRUSTFENCE_SIGN check
it used to have. The check is needed for two reasons:
* The signing of SWU packages only occurs when TRUSTFENCE_SIGN is enabled, so
there's no need to copy the key if it's disabled
* When building a project from scratch that has Trustfence enabled but
TRUSTFENCE_SIGN disabled, a PKI is never generated and the key doesn't exist.
Because of this, the key won't be found and an error will occur. Note that
if your project is already pointing to a populated PKI, the error won't
happen, only if there's no PKI to begin with.
Although the PKI is guaranteed to exist by the time the rootfs is populated,
make sure to check that it has been properly generated and create it if it
doesn't exist. This logic depends on the trustfence-gen-pki.sh from
trustfence-sign-tools-native, so add it as a dependency for
dey-image-recovery-initramfs. The dependency is already there for another
feature in the dey-image recipes, so simply reflect this new dependency in a
comment.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 8e52c27d5a8e8071c3a17754e91c1819bcceee15)
This commit adds the initramfs into the FIT recovery
image. If the RAM disk image is included in the FIT
image we need to create a initramfs file that doesn't
include the u-boot header, because the FIT descriptor
contains all the necessary information to use the
initramfs file.
https://onedigi.atlassian.net/browse/DEL-9168
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This package is purely vestigial and hasn't been used at all in any of our
initramfs images for over 7 years. It was used in the first implementation
of the trustfence initramfs (commit 4dd7d438af)
to securely erase the key used by cryptsetup, but two weeks later, that logic
was moved to trustfence-tool (commit a8c50c16ea)
and "wipe" was no longer needed. However, the package remained in the
dependencies of the trustfence initramfs, which were then used as reference for
the recovery initramfs, even though this initramfs didn't even need "wipe" to
begin with.
Removing this package saves 30.8 KiB in the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is added as a recommendation for libcrypto and only contains legacy
ciphers which are deemed outdated or unsafe. If any of the packages in the
image actually required this module, they would depend on it explicitly, but
this isn't the case. This saves 66.8 KiB on the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
On recovery based devices, the swupdate process is executed in the
recovery, so there is no need to have the swupdate daemon running on the
rootfs.
Add a on-target post installation script to disable the swupdate
bootscript on the normal rootfs. This has the side effect of failing in
the recovery initramfs because the initramfs does not have a complete
SysV init system. For that case add a rootfs postprocess function to
delete the postinst script.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Modify the recovery-utils code to reflect the change (change in C header and
linked libraries)
https://jira.digi.com/browse/DEL-7410
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package was being included as a RRECOMMENDS from libcrypto, but we don't
need it in the initramfs at all. Since our recovery image is already pretty big
compared with the recovery partition size on ccimx6ul platforms with 256 MB of
storage, remove it to make sure the image can fit.
https://jira.digi.com/browse/DEL-7253
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since commit 4b41d9072a304fadbe1cc37c94575f12a2a47fd3 in poky
busybox removes the RRECOMENDS dependency with busybox-syslog,
then we need to explicitly add this dependency in the recipes.
https://jira.digi.com/browse/DEL-6443
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This class no longer exists, it has been merged with images_types.
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
Turns out that the busybox' fdisk applet is also able to parse the GPT
partition tables. This saves around 0.5 MiB of space.
https://jira.digi.com/browse/DEL-4565
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This commit adds mdev support into the recovery ramdisk to
mount/unmount storage devices for the firmware up tool.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-3692
This recipe is expected to create just an initramfs image, so force the
image FSTYPE with a python anonymous function, so there is no way to
change/append/override it from any other configuration file.
This prevents build failures due to circular dependences if for example
you add:
IMAGE_FSTYPES_append = " recovery.vfat"
to your project's local.conf.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- Include psplash package in the recovery initramfs recipe.
- Start psplash in the recovery init.
- Add new methods to communicate with psplash from the init script.
- Show psplash progress information from the init script.
- Start progress binary to update psplash during a firmware update.
https://jira.digi.com/browse/DEL-3356
Signed-off-by: David Escalona <david.escalona@digi.com>
- This recipe generates the recovery ramdisk image with the contents of the
recovery ramdisk tree (recovery-initramfs) and other packages.
Signed-off-by: David Escalona <david.escalona@digi.com>
Gabriel Valcazar
Mike Engel
Javier Viguera
Arturo Buzarra
Jose Diaz de Grenu
David Escalona