DEY generates the ccmp25 boot artifacts on subdirectories of the main
deploy folder. The firmware installation script expects to have them on
the deploy directory, so create the proper symlinks.
https://onedigi.atlassian.net/browse/DEL-9120
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add support based on STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add open-source implementation of the OpenGL API support based on v23.0.3
version from STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add GPU support based on v6.4.15 version from STM release
openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v2.8 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v3.19.0 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
When TrustFence is enabled, use the HUK programmed on the OTP
bits for the ccmp15 platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9121
By default, the secure storage path in the REE is "/var/lib/tee". It is
part of the rootfs, and thus, it gets lost on a firmware update.
This commit changes that path to a different partition "/mnt/data/tee"
when Trustfence file-based encryption is enabled.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Building Optee trusted applications (TA) depends on optee_client and the TA
devkit provided by optee_os. Our toolchain provides those dependencies, but
the SDK script which configures the environment for standalone building,
is not configuring some variables needed to build trusted applications.
This commit extends the SDK environment script to allow building TAs.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Optee-client provides the TEE Client API as defined by the GlobalPlatform TEE standard.
It is required to communicate with a Trusted Application (TA) running in a Trusted OS.
https://onedigi.atlassian.net/browse/DEL-8970
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Several things were wrong after the latest update to version 4.0: the
tee-supplicant path, some settings in the systemd unit, etc.
This commit fixes the installation so the optee test suite completes again.
https://onedigi.atlassian.net/browse/DEL-8989
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This is an NXP change that reverts a mainline weston commit form v9.0.0, in
which the mouse cursor only gets activated when there is mouse movement. This
change was only being included in the weston v10.0.X i.MX forks.
For platforms that don't use these weston forks (ccimx93 uses the v11.0.X fork
and ccmp15 uses mainline weston), the mouse cursor doesn't load right away when
booting the system, which causes apps that are automatically launched (such as
the LVGL demo) to not register the mouse, rendering said apps unresponsive to
it.
Port NXP's change to all of the weston versions we currently use to avoid this
problem.
https://onedigi.atlassian.net/browse/DEL-8865
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: bd5506ddba364ad04602d5009b77077f78450b97
Source: NXP's MCUXpresso SDK_2.14.2_MIMX9352xxxxM
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting with NXP release "lf-6.1.55-2.2.0" the IMX optee fork (based on
version 4.0.0) does not support SOC revision A0. This commit recovers
support to build a bootloader for A0, extending the optee patch for
ccimx93 to support A0 with a build time option, and then extending the
optee-os and imx-boot recipes to build two optee binaries and using them
to generate bootloaders for both SOC revisions.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This includes also an update and rename of the Edgelock Enclave firmware
package (firmware-ele-imx).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Notice, that the new version of weston used now by the ccimx93 requires
a different profile file (weston-socket.sh). This profile supercedes the
old 'weston.sh'.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 019deb6313)
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 2fd1dbfed7)
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
mkimage output provides some information (basically image offsets) that
cst (code signing tool) uses to sign imx-boot images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We will use BOOTDEVICE_LABELS as a means to add 'sdcard'
configuration to TF_A_CONFIG within meta-st-stm32 so there
is no need to have a wrapper variable in meta-digi.
This reverts commit c6f19a099c.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 92969f0c4 ("plat-stm32mp1: Remove CFG_STM32_BSEC_WRITE dependency with
debug configuration OP-TEE") on OP-TEE source code, removed the link between
the BSEC WRITE feature with DEBUG feature, so now by default it is enabled.
This reverts commit 2395378ec4.
https://onedigi.atlassian.net/browse/DEL-8657
Create a new script for the generation of PKI tree for STM platforms
and leave the trustfence-sign-artifact script exclusively for signing.
The new gen-pki script only requires the platform as an argument and the
path to where to save the tree (if it doesn't exist) in
CONFIG_SIGN_KEYS_PATH.
This commit also reverts commit 13c136dbc5 by getting rid of the
trustfence-genpki-native.bb recipe and moving back the PKI generation
functions into trustfence.bbclass. This recipe didn't quite guarantee
that the PKI was generated on time for the recipes that required the
keys to exist, anyway.
Instead, the PKI generation function must be called right after
do_compile() of recipe tf-a-stm32mp to be ready for do_deploy() where
the key is used.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 7cf314ba80 made a weak assignment of TF_A_CONFIG in the machine
config file, so that it could be overriden from conf/local.conf with a
straight assignment. However, this variable already has a weak assignment
on include files for the tf-a-stm32mp recipe, which apparently take
precedence over the machine files.
This commit creates a new variable DEY_TF_A_CONFIG in the machine config,
and then uses a straight assignment of TF_A_CONFIG to the new variable on the
tf-a-stm32mp.bbappend.
This allows users to override the machine default and avoids the STM recipe
weak assignment.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Do not install the combo FW and install the WiFi and BT FW as separated FWs,
so they are managed independently.
Md5sums are:
44cf5535f3b40784296843544eae159e sd_w61x_v1.bin.se
300c739a4e126a8f430001c41e5b3a5f uartspi_n61x_v1.bin.se
Note: currently these FW files are copied manually here, till the github FW
files are updated.
These firmware files come from the package IW612_18.99.2.p19.5.zip provided
by NXP support page.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Make a series of changes to make sure the imx-boot signing process works:
* Store separate mkimage logs for each imx-boot build. In our case, this
means storing one log per SoC revision. Each SoC revision has a different
SECO fw binary with varying sizes, which causes offsets of specific
signing regions to differ among revisions. Since we parse the offsets
from the logs, we need to make sure the offset information is correct in
each case.
* Remove u-boot-atf-container.img in each mkimage iteration, otherwise the
ATF offset information will be missing from subsequent logs.
* Implement a separate trustfence_sign_imxboot() function for the ccimx8x
to iterate through all SoC revisions.
Note that the SPL+AHAB signing script doesn't support imx-boot encryption yet.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Now that both U-Boot and the SCFW can autodetect the RAM configuration, we can
simplify the imx-boot build process to generate two binaries (one per SOC
revision) instead of eight. Build "flash_spl" imx-boot images and use only one
global defconfig for u-boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This update includes automatic RAM configuration detection, and only one SCFW
binary is needed for all ccimx8x variants. Adapt the imx-boot recipe
accordingly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Use our custom compile/install/deploy functions from DEY 3.2. NXP's imx-boot
recipe assumes only one U-Boot config and SOC revision, but we have multiple,
so we have to rewrite all of these functions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
(cherry picked from commit 92ca458e4f)
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Remove patch file "0001-Makefile-Suppress-array-bounds-error.patch"
for ccimx93, as it is already included in the lf-6.1.1_1.0.0 revision.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The FIP image is signed internally by this recipe. The password must be
set in FIP_SIGN_KEY_PASS. With the signing script, the password is
randomly generated and saved in key_pass.txt.
This prefunc obtains the password(s) from the file to set FIP_SIGN_KEY_PASS
so that the FIP can be properly signed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These are recipes we created to support Google Coral on i.MX platforms. ST's
machine learning layer provides similar recipes, so to avoid conflicts, move
the recipes meant for i.MX platforms to a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
By launching in system mode it is possible to play music from a shell using
pulseaudio. With change all platforms and images (with or without graphical
support) have pulseaudio working.
https://onedigi.atlassian.net/browse/DEL-8417
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit creates a new launcher group in the '/etc/xdg/weston/weston.ini' to
have access to the QT cinematicexperience.
This is done for QT5 (ccmp15, ccimx8mm, ccim8mn) and QT6 (ccimx93).
https://onedigi.atlassian.net/browse/DEL-8379
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is a machine specific setting, and moving it to the machine config
allows to get rid of the recipe bbappends.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit adds additional library links that are require to
make weston working with the new kernel version of the STM
BSP 22_11_23.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit changes the wayland user from weston to root. That
makes video and audio playback possible for the root user.
https://onedigi.atlassian.net/browse/DEL-8211
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
meta-freescale started updating the recipes to NXP's
rel_imx_5.15.71_2.2.0 release, so now we have a bunch of overlayed
recipes we can clean up.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is a verbatim copy of the recipe in meta-imx. It is required to
build Wayland based graphical images for ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Crank storyboard engine has runtime dependencies on libELG.so and
libGLESv2.so, which usually are just symlinks that go to the "-dev"
package. As they are needed at runtime, move the files to the normal
(not -dev) package.
Also add explicit RPROVIDES for those libraries, as otherwise the build
fails with:
QA Issue:
/usr/share/crank/sbengine/plugins/librender-plugin-opengles_2.0.so
contained in package crank-sbengine requires libEGL.so, but no providers
found in RDEPENDS:crank-sbengine? [file-rdeps]
QA Issue:
/usr/share/crank/sbengine/plugins/librender-plugin-opengles_2.0.so
contained in package crank-sbengine requires libGLESv2.so, but no providers
found in RDEPENDS:crank-sbengine? [file-rdeps]
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Although in theory, you can use any label to name the different u-boot
build configurations, we have them coupled to machine names in the
boot-artifacts bbclass, and also in the default boot artifact filename
in the firmware installation scripts.
So fix that up for the ccimx93 in the machine config, and create the
proper symlinks in the do_deploy imx-boot recipe.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Both recipes (imx-boot and imx-mkimage) use the same source code
repository, so update both of them to the new NXP release, by copying
with minimal changes the recipes in meta-imx.
Also convert the original 'imx-mkimage' recipe, which was only for
native class, to a full target, native, nativesdk recipe. We need this
to be able to include the nativesdk one in our toolchain.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Also:
* Support ccimx93
* Add all the patches regardless of the platform (remove overrides). The
patches do not clash, so adding all of them eases the maintanance and
the migration to new versions of the imx-atf.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The poky recipes were updated on the minor version to 1.20.4
but the bbappends were 1.20.3 specific so they did not apply.
Use a wildcard to have them apply even if the minor version
changes upstream.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 0c73b31cf5)
The poky recipes were updated on the minor version to 1.20.4
but the bbappends were 1.20.3 specific so they did not apply.
Use a wildcard to have them apply even if the minor version
changes upstream.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This allows the user 'weston', which is running the video
backend, to access files on external media, such as USB
disks and microSD card.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8208
This commit changes the arm-trusted-firmware build configuration to only build
one ATF artifact.
It will create an image that boot over USB and NAND.
https://onedigi.atlassian.net/browse/DEL-8187
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
meta-freescale updated the base recipe and that broke the build:
ERROR: No recipes in default available for:
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx_8.16.bbappend
The differences in our bbappend are simple enough that we can make a
version agnostic bbappend.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add extra configuration 'CFG_STM32_BSEC_WRITE=y' to the make line to
enable OTP write support.
https://onedigi.atlassian.net/browse/DEL-8074
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
These are available in 'meta-freescale'.
The only difference is that meta-freescale's recipes deletes de SDMA
firmware so the generic one provided by linux-firmware package is used.
We create a minimal bbappend to use the NXP provided SDMA firmware.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The crank storyboard engine is provided in binary format. The RPM
package manager that creates the rootfs needs and explicit runtime
provider for 'libEGL.so', which in the ccmp15 is provided by the
'libegl-gcnano' runtime package.
Fix build failure:
--> Finished dependency resolution
Error:
Problem: package packagegroup-dey-crank-1.0-r0.0.ccmp15_dvk requires crank-sbengine, but none of the providers can be installed
- conflicting requests
- nothing provides libEGL.so needed by crank-sbengine-7.1-r0.3.ccmp15_dvk
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We don't want the FIPS version of wolfssl to be used by default, so
the recipe is configured as:
DEFAULT_PREFERENCE = "-1"
Unfortunately, DEFAULT_PREFERENCE has lower precedence than the layer
priority, so we need to put the recipe in a layer with priority less
or equal to the other layers having wolfssl recipes (meta-openembedded,
meta-wolfssl). This means in our case using 'meta-digi-arm' instead of
'meta-digi-dey', in which conceptually would fit better.
https://onedigi.atlassian.net/browse/DEL-8036
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Base recipe in Poky has been updated to that version, so we need to
update the bbappend to prevent a bitbake parsing failure.
NOTE: to review the patches once they are updated in
'meta-st-openstlinux'.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Not needed anymore in our layer, as this has been fixed in meta-st-stm32mp.
This reverts commit 786e5c9e56.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
gstreamer recipes was updated to v1.20.3 in poky layer, so this commit updates
the recipe version for custom bbappends.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
weston recipe was updated to v10.0.1 in poky layer, so this commit updates the
recipe version and refresh a custom STM patch.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove deprecated versions of recipes updated in other general layers
(poky, meta-openembedded). Also remove duplicated IMX specific recipes that
are available in other BSP layers (meta-freescale, meta-fsl-demos, etc).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
An outdated 'mesa' bbappend on meta-st-stm32mp is making mesa package
fail to build, due to incorrect configure options.
mesa-22.0.0/meson.build:614:2: ERROR: Problem encountered: kmsro requires dri3 for X11 support
Override the build configuration in our layer until the bbappend gets
fixed in ST layer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Javier Viguera
Arturo Buzarra
Mike Engel
Hector Palacios
Isaac Hermida
Francisco Gil
Gabriel Valcazar
David Escalona
Tatiana Leon
Gonzalo Ruiz