Add RSA key generation support for the Cortex-M4 co-processor on
ConnectCore MP15 platforms as part of DEY TrustFence framework.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Select the proper OP-TEE board configuration in the optee-os-stm32mp recipe so
trusted applications are built/exported correctly in the SDK. Without this
change, the build may choose a different MACHINE and trigger unexpected
compilation issues.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a dynamic layer to integrate X-LINUX-ISP v6.1.0 ST layer into DEY,
providing ISP image quality software, tools, and example applications for
STM32MP25x series.
https://onedigi.atlassian.net/browse/DEL-9890
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For both wireless and Bluetooth regulatory domain files, install the
files as is and create symlinks for the different regulatory domains.
Then, the drivers are responsible of loading the default files (US for
wireless, FCC for Bluetooth) or other files when specified through the
'regdmn' module parameters.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.110-2025_0718.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.522.8
- 2FY Bluetooth chip: v1.2.32.40.33 FCC and CE.JP
These updates are included as part of the imx-scarthgap-kraken_r1.0 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Correct the bootloader artifact names (TF-A and FIP) for CCMP1/CCMP2 during
.swu generation with TrustFence enabled.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Distribute all the required bootloader artifacts required for USB recovery
as part of the ZIP installer. That way, every pre-compiled set of images
is enough for starting development.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
As the HWID support is not implemented yet, is needed to fill
the wireless information in the DT structure to have Wi-Fi and
Bluetooth working.
This is just a temporal patch for initial prototypes.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Other platforms that have flutter support use clang to build the flutter-engine
recipe, so do the same with the ccmp15. meta-flutter uses clang for a set of
its recipes (mainly flutter-engine) as long as meta-clang is in the bblayers,
so all we need to do is add said layer.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Updated error guidance to use `./install_linux_fw_uuu.sh -u <uboot_file>`
instead of setting INSTALL_UBOOT_FILENAME manually.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We originally removed GUI-related layers from headless platforms in commit
ef26e935d0, but we left meta-webkit in the ccimx91's bblayers due to a
spurious selinux dependency. Since we recently removed both the webkit and
selinux layers from the ccimx95's bblayers in commit 2aaa76c963, do the same
for the ccimx91.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
GPIO1 port access was not enabled on ATF because NXP
reserved it to have exclusive access from the secure
world on their EVK.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9839
The new image runs the local ConnectCore demo application using chromium
on the ccimx95.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
At the moment, webkit does not work well on the ccimx95. Running cog on
wayland crashes with:
eglCreateWaylandBufferFromImageWL not found
cog-platform-wl.c:1731:on_export_wl_egl_image: assertion failed: (wpe_view_data.buffer)
So just delete the layer from the project's config file. Selinux layer
depends on meta-webkit, so we need to remove it as well.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Fix runtime undefined symbol by wrapping Awb::queueRequest() call to
configureAwbAlgo() with EVISION_ALGO_ENABLED.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Integrate ST libcamera recipe from meta-st-openstlinux layer at
openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 tag. This recipe is required by
the NPU demos in meta-st-x-linux-ai.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Sync STM32MP-specific RT kernel patches, aligned with the latest
ST release openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 from
meta-st-x-linux-rt layer.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
i.MX6 platforms use an older version of weston, 10.0.5.imx, which sets the
wayland socket to wayland-0 by default. Without this change, our demo launcher
scripts/services will fail on ccimx6/6qp platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Exposing these regulators makes the SM disable them during
a reboot process, which leaves the SoC without power, preventing
it from resetting.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9804
We support only B0 silicon revision and that is already set on
"imx-digi-base.inc" for all mx95 based machines.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a patch with the DDR calibration for B0 generated with NXP's config
tool version 2025.09.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the virtual OP-TEE syntax for the CCMP1 and CCMP2 platforms
to align with the changes introduced in the meta-st-stm32mp layer. Specifically,
it mirrors the update made in commit ded46c7d24addf91ec81c9f64309e6376689977a
("Adapt to virtual optee changes").
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ConnectCore MP2 DVK does not include an external STM32G0 component.
This commit removes the 'usbg0' entry from MACHINE_FEATURES to prevent
the installation of the unnecessary stm32mp-g0 firmware.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the trustfence-stm-signtools package with the latest
versions from the STM32 MPU ecosystem v6.1.0:
- STM32MP_KeyGen_CLI v2.20.0
- STM32MP_SigningTool_CLI v2.20.0
These tools are deployed as part of STM32CubeProgrammer v2.20.0, adding support
for STM32MP21x processors and bug fixing.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vfat images need U-Boot scripts, which are always provided by the U-Boot
recipe, even for imx-boot-based machines. Replace the machine-dependent
BOOTLOADER_IMAGE_RECIPE with virtual/bootloader (which is provided by
u-boot recipes).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove obsolete SD card image creation logic and related variables. We
will use WIC images for bootable SD cards.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Notice that we need to create u-boot and imx-boot symlinks in the deploy
directory, as they are required for the bootloader of the wic images.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Replace the hard-coded '/etc' with ${sysconfdir}
* Extend the mmcblk check to prevent updating the environment configuration
when booting from the EMMC (even though the kernel command line root
passed is in the form of /dev/mmcblk).
* Switch the conditional inherit to inherit_defer as it depends on
IMAGE_FEATURES to avoid parse-time ordering issues.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Different platforms use different Cortex-M processors, so instead of
using the M4_DEFAULT_IMAGE_MX95 (as meta-imx does) for an M7 processor,
generalize to the CORTEXM_DEFAULT_IMAGE variable name. Also, move it
to the imx-boot recipe (where it is used) and deploy that image to
the imx-boot-tools directory, so the imx-boot image can be regenerated
externally (without yocto).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Arturo Buzarra
Javier Viguera
Gonzalo Ruiz
Isaac Hermida
Gabriel Valcazar
Francisco Gil
Hector Palacios