The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The Poky layer defines a default journald conf file that allows log files on
the file system to grow to a maximum of 64 MiB. However, this size on some
platforms is impossible to address, so this commit reduces the maximum size for
runtime logs to 4 MiB.
https://onedigi.atlassian.net/browse/DEL-8419
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit bdece7102b)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With platform overrides we need to use ':append' operand. Otherwise, we
are overriding the previous content of the variable and not adding to it.
In this case, for example, we removed some postprocessing functions that
allow SSH into the device with an empty password.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit creates a new launcher group in the '/etc/xdg/weston/weston.ini' to
have access to the QT cinematicexperience.
This is done for QT5 (ccmp15, ccimx8mm, ccim8mn) and QT6 (ccimx93).
https://onedigi.atlassian.net/browse/DEL-8379
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The SW encryption is much faster than decicated HW in our platforms.
The HW encryption is limited to the use of CAAM which is used through
blob calls, therefore the cryptodev module is not required.
https://onedigi.atlassian.net/browse/DEL-8371
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit adds a custom config file to handle the KEY_POWER events on systemd.
https://onedigi.atlassian.net/browse/DEL-8207
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This custom config file applies not only the NXP platforms so this commit
renames it.
https://onedigi.atlassian.net/browse/DEL-8207
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
accel-video was being used only for including or not gstreamer in the
different DEY images. But then we had exceptions to include gstreamer for
machines that do not define accel-video, so just follow what the ccmp15
does, and use a generic 'gstreamer' distro feature to add 'dey-gstreamer'
support to the images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
'package-management' allows to install packages in runtime. This feature is not
usually utilize by customers so we are removing this support from all images.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In order to reduce the final size in the rootfs, this commit removes the
package manager for the core-image-base images.
https://onedigi.atlassian.net/browse/DEL-8335
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For 'wayland' enabled distro features, 'weston' is added as image
feature. This is later used in poky to change the SYSTEMD_DEFAULT_TARGET
to 'graphical.target' which is the correct systemd default target for
graphical images.
This allows to delete the workaround we have in 'weston-init'
recipe to start weston automatically on boot.
Also delete some packages from CORE_IMAGE_EXTRA_INSTALL:
- weston-init and weston-examples are included as part of the 'weston'
image feature.
- gtk+3-demo: removed from the default images, as it is a graphic framework
we are not promoting.
- xterm: removed as weston does already provide a terminal (weston-terminal).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
v4l-utils contains tools to manage the camera.
We have also documented all these commands in our
documentation
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
On systems with a single MTD system partition and multiple UBI
volumes, the initramdisk doesn't mount the 'update' partition
because mdev rules only trigger events for MTD partitions.
This commit adds a rule to trigger an event for every /dev/ubi0_x
(every UBI volume on ubi0 device) and call the new automount_ubi.sh
script. The script checks if the volume is called 'update' and if
so, it creates /mnt/update mountpoint and mounts the volume.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8297
(cherry picked from commit df9c622b1bf0a7307c61deda12cf1f67d4f630f0)
(cherry picked from commit 8b8f9560af)
Make the script send the resume actions to the background
so that console returns to the user without having to wait
for the Wi-Fi module to load and the Bluetooth to attach.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8262
The following files were duplicated across platforms but were
identical or almost identical.
Only used on SysVinit (currently only by default on the CC6UL).
- standby
- acpid.map
Only used on SystemD
- standby-actions
Notes:
- The triggering of udev actions are harmless if the interfaces
don't exist.
- The value of KEY_POWER on acpid.map for CC6/CC6Plus was originally
0 instead of 1, but this file is not currently used in systemd.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These are just a verbatim copy of the ccimx8mm ones, so the project is
buildable. This file list should be revisited and adapted for the
ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a new parameter '-i' to update-firmware to let the user
select a specific image_set of the sw-description file to
use during the swu update.
This allows adding different image_sets on the sw-description
and reduce the number of images to build. It also adds more
future-proof flexibility.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8199
In previous line we are launching the mdev in daemon mode. One of the
first tasks the daemon mode performs is a cold scan, so there is no need
to repeat it afterwards.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On recovery based devices, the swupdate process is executed in the
recovery, so there is no need to have the swupdate daemon running on the
rootfs.
Add a on-target post installation script to disable the swupdate
bootscript on the normal rootfs. This has the side effect of failing in
the recovery initramfs because the initramfs does not have a complete
SysV init system. For that case add a rootfs postprocess function to
delete the postinst script.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There is a problem when building the SDK because two binaries
have the same name (update-firmware) and makes the compilation
to fail.
Change the name to update-firmware.recovery and create a wrapper
over the update-firmware to check if the system is not dual boot
to call it.
Rework the code to make it more reliable.
Remove the umount of the alternative linux partition, now it is
not needed because only the active linux partition is mounted now.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Now in the file descriptor we have three different names:
platform, primary and secondary.
Also a link from 'platform' to 'single' to keep backward
compatibility.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
All the dualboot logic will be checked in run time.
To do this:
* Include the altboot.src by default in all the images
* Create a post installation script to change the
firmware_download_path in the cloud connector
* Unify the swupdate file descriptor for dual and single boot
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
As a result of the dualboot support we may end up with two
'update-firmware' commands in the rootfs. To prevent file name clashing,
we may need to install the recovery-utils update-firmware as
update-firmware.recovery, and then the current command mode check would
fail.
Relax the check, by just looking at the first character.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Generated Crank rootfs image for the ConnectCore MP15 is too big to fit in a
dual boot system. This commit removes gstreamer and package-management features.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
- create dualboot.bbclass that
- sets DUALBOOT_ENABLED variable
- defines partition names and function for changing the sw-description
for swupdate
- move files from layer into meta-digi
https://onedigi.atlassian.net/browse/DEL-7962
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
If we add the demo to the graphical images (dey-image-qt) the resulting
image does not fit on the rootfs partition for the smallest variant.
https://onedigi.atlassian.net/browse/DEL-8004
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The ConnectCore Demo web page will be the new default landing page for all products,
so remove the default landing page that was created for the ccimx6ulsbc platform.
Signed-off-by: David Escalona <david.escalona@digi.com>
Since Yocto 3.4 the package "clutter-1.0" was considered a legacy component,
and moved to meta-gnome.
https://onedigi.atlassian.net/browse/DEL-7981
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds power safe and reboot safe script for the MCA
and substitute default reboot and poweroff busybox commands.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7828
Even though our busybox recipe (v1.34.1) is backported from poky's honister
branch, it has many elements in common with the recipe provided from poky's
hardknott branch (v1.33.1). To simplify our backport, re-use poky's busybox
files when possible, replacing them only when strictly necessary.
While at it, remove the busybox-inittab recipe, since there are barely any
differences between the honister and hardknott versions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a generic package that is currently being used by NXP to load firmware
on the target, so include it in our images as well. Since it only works with
systemd, leave it out of builds that use sysvinit.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This patch was initially needed for a specific version combination of
NetworkManager (>= v1.22) and glib-2.0 (v2.63.3 - v2.64.X), but since the
hardknott branch of poky now provides glib-2.0 v2.66.7, the patch isn't
needed anymore.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This mode is necessary in the recovery initramfs to be able to properly detect
any external storage device that might contain an update package. The
configuration option associated with this mode became explicit after upgrading
busybox to v1.34.1, so enable it in our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The nand devices doesn't need to call the mount_cryptrootfs
script.
Reported-by: Francisco Gil <francisco.gilmartinez@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Some recipes were forcibly removing conflicting packages.
This does not allow to add those packages back for users that
want to use meta-digi layer, but a different distro than 'dey'.
With the 'dey' distro override, such removals are only done
if using this distro.
Reported-by: Michael Burr <michael.burr@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7712
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since we added support for compressing rootfs images, we need to manage SWU
packages with a regular rootfs image and with compressed images. That support
was missing in the identification process when the SWU packet was verified.
This commit fixes the identification of compressed rootfs images.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This recipe had a post install script to do the following:
- create runlevel symlinks.
- comment the 'auto' lines of /etc/network/interfaces if running on
a non-Wi-Fi variant.
- add Atheros or QCA bridge examples depending on the detected chip.
- add wlan1 interface only if QCA chip is detected.
This post install cannot run on a read-only-rootfs so the recipe has been
reworked to do the same things at build time:
- the runlevel symlinks have been removed because they are taken care
of by a poky class.
- add a pre-up condition (the existance of a wireless entry on the device
tree) so that the interface is not brought up if the condition is not met.
- for the cc6/cc6n, since the Wi-Fi chip can be Atheros or QCA, add
specific wlan1 and br0 fragments with a pre-up condition basing on the
detected ID of the Wi-Fi chip
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
Some packages require different scripts, configuration files or installations
depending on the wireless chip assembled on the target. In general, the way
to support both chips in one image is to have the recipes install both
versions of the aforementioned files, then leave only the strictly necessary
version once the wireless chip can be deduced.
In the case of the init-ifupdown recipe, this involves installing temporary
configuration fragments that are later erased. In the case of the standby
script, the logic can be implemented in a single file.
https://onedigi.atlassian.net/browse/DEL-7661https://onedigi.atlassian.net/browse/DEL-7666
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adapt the format_ubi_volume() function to wipe out UBI volumes
instead of formatting MTD partitions.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7614
The function uboot_getenv() is a wrapper over libuboot_get_env() and
requires that the returned strings are freed when no longer in use.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
(cherry picked from commit 27ce7a4f20)
- The function is only used internally in this file, so make it static.
- Convert the function from 'int' to 'bool', since no other values are
evaluated.
- Only return true if the variable 'dualboot' is set to 'yes'. Before,
the function returned true if 'dualboot' was different than 'no'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 9a519570ba)
The use of this function, which is a wrapper over libuboot_get_env(),
requires checking if the returned string is NULL.
Manipulations of such string without checking whether it's NULL may lead
to segfault errors.
This was seen during firmware update on a device that didn't have the
'dualboot' variable set.
Reported-by: Chandrababu Pigilam <chandrababu.pigilam@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
(cherry picked from commit 8a4484bbd6)
The function uboot_getenv() is a wrapper over libuboot_get_env() and
requires that the returned strings are freed when no longer in use.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
- The function is only used internally in this file, so make it static.
- Convert the function from 'int' to 'bool', since no other values are
evaluated.
- Only return true if the variable 'dualboot' is set to 'yes'. Before,
the function returned true if 'dualboot' was different than 'no'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The use of this function, which is a wrapper over libuboot_get_env(),
requires checking if the returned string is NULL.
Manipulations of such string without checking whether it's NULL may lead
to segfault errors.
This was seen during firmware update on a device that didn't have the
'dualboot' variable set.
Reported-by: Chandrababu Pigilam <chandrababu.pigilam@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
NetworkManager's main library went through a major overhaul in v1.22, changing
the way it interacts with glib among other things. When using a NetworkManager
version equal or newer than v1.22 along with a glib version between 2.63.3 and
2.65, a race condition can happen, randomly causing segmentation faults.
Since Yocto 3.2 uses NetworkManager 1.22.14 and glib 2.64.5, the race condition
is reproducible, but it can be fixed with the patch introduced in this commit.
The patch in question is commit e4a690f5dd959e74b2d6054826f61509892c8aa7 in the
glib git repo.
https://onedigi.atlassian.net/browse/DEL-7523
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NetworkManager's main library went through a major overhaul in v1.22, changing
the way it interacts with glib among other things. When using a NetworkManager
version equal or newer than v1.22 along with a glib version between 2.63.3 and
2.65, a race condition can happen, randomly causing segmentation faults.
Since Yocto 3.2 uses NetworkManager 1.22.14 and glib 2.64.5, the race condition
is reproducible, but it can be fixed with the patch introduced in this commit.
The patch in question is commit e4a690f5dd959e74b2d6054826f61509892c8aa7 in the
glib git repo.
https://onedigi.atlassian.net/browse/DEL-7523
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit add a verification into the recovery library to avoid
that it is executed when in dualboot mode.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7580
(cherry picked from commit 30aa4a7444)
This commit add a verification into the recovery library to avoid
that it is executed when in dualboot mode.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7580
'mdev -s' run on ramfs initialization is able to mount external media already
detected but fails to automatically mount any media detected afterwards.
Running it as a daemon first it will also be able to mount any media detected
after 'mdev -s' is run.
Use argument '-d' to first run mdev as daemon in background.
Move 2 seconds delay to after mdev has been initialized to give external
hardware all the time possible to be successfully detected and mounted.
https://onedigi.atlassian.net/browse/DEL-7285
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit adds some swupdate parameter to select the sw-description
configuration depending on the used platform.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Technically, partition unencryption is safe to do in open devices, although it
implies that at least one partition has already been encrypted. If we aren't
going to encrypt any partitions, there's no need to print the warning.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of checking for the existence of /proc/mtd, which might lead to false
positives, check the "root" parameter in /proc/cmdline. Assume eMMC in case of
any error.
https://onedigi.atlassian.net/browse/DEL-7539
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are some init packages from the poky layer that remain using only a SysV
init script. Systemd converts these init scripts to systemd service format on
boot and shows an ugly warning for each one. To avoid flooding the console with
this kind of messages, we reduce the verbosity of these messages.
https://onedigi.atlassian.net/browse/DEL-7540
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In the libubootenv implementation of fw_setenv, multiple variables can be set
in one call. When setting a variable with a space-separated list, the app
interprets the list as new variable/value tuples, for example:
fw_setenv myvar value1 value2 value3
Results in:
myvar=value1
value2=value3
This was causing the encrypted eMMC partition mechanism to break, because the
list of encrypted partitions is stored as a space-separated list in an
environment variable. Avoid this by enclosing the variable argument of
set_uboot_var() with double quotes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Before using the encrypted partition functionality, users have to manually
install the encryption key in the system. Failing to install said key will
result in errors later on.
Even though the installation isn't a difficult operation from a user's point of
view, the recovery script has the necessary logic to detect cases where a
partition is going to be encrypted with no key installed. Automatically
generate a key in these cases to avoid undesired behavior and to improve the
overall user experience.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version adds new functionality to check if an encryption key is installed
as well as a fix for an issue that happens when encrypting partitions with long
names (over 12 characters).
https://onedigi.atlassian.net/browse/DEL-7535
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we trigger a key change while there are partitions that are encrypted,
print a warning and ask for confirmation so users know that the operation will
erase the contents of said partitions.
Like in the partition (un)encryption mechanism, add the possibility to skip
both the warning message and the confirmation prompt.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This initramfs only makes sense in platforms with an eMMC as the internal
storage, due to how the partition encryption support is implemented. In
plaatforms that use NAND instead, ths initramfs offers no functionality and
increases the recovery image size, so remove it.
https://onedigi.atlassian.net/browse/DEL-7534
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we allow users to manually change the encryption status of the rootfs
partition, we run the risk of wiping it without flashing a proper replacement
image. Because of this, rootfs encryption status should be determined
automatically using information from the update package.
Have the recovery script parse the update package's description to determine
whether to encrypt the rootfs or not.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partition isn't blacklisted, but it should only be (un)encrypted when
providing an update package. Make it so that manual encryption status changes
for this partition aren't possible from the recovery library.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the update partition might be involved during a software update, we need
to make sure that its contents are accesible and safe when using the partition
encryption feature at the same time.
Mount and unmount the partition correctly if it's encrypted and cancel any
operations that will result in the deletion of the update package.
https://onedigi.atlassian.net/browse/DEL-7174https://onedigi.atlassian.net/browse/DEL-7422
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a new function to the recovery library to be able to encrypt/unencrypt any
partition on the internal storage media. Since it's a destructive operation,
add a warning message and a confirmation prompt that can be skipped if needed.
Reflect this new functionality in the recovery-reboot app. Change the logic so
that an encryption key can be set even if there's no update package, because
now it's possible to encrypt other partitions while leaving the rootfs intact.
Also change the logic so that the app doesn't reboot into recovery mode if
there's no recovery command set.
Implement the same blacklist as the one in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Modify the recovery and trustfence initramfs scripts to be able to encrypt any
partition on the internal storage media, not just the rootfs.
To implement this functionality, add a new recovery command called
'encrypt_partitions'. When used, this command must contain a comma-separated
list of the partitions that are to be encrypted by the end of the recovery
process, including partitions that were already encrypted beforehand. Any
partition that isn't in the list will be unencrypted. If the command is absent,
no changes will be made, but it's possible to pass an empty command to
unencrypt all partitions.
Include a blacklist to avoid encrypting partitions that shouldn't be encrypted,
such as partitions that need to be accessed by the ROM code/U-Boot or
partitions that contain encryption keys.
While at it, remove unnecessary "get_kernel_version" function from the script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now libgpiod is not added automatically and we need to add the
dependence manually.
For more info see commit 4339c28ff4aa0264c34f4f183349aea20a5ff127 in
meta-openembedded layer.
https://jira.digi.com/browse/DEL-7522
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
Recipe system-monitor has a dependency with systemd package, however it was
added unconditionally for all platforms. This commit adds a protection to
include this recipe only when systemd is present in the DISTRO_FEATURES
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit f7a354d("Generate image headers from their PNG source, while still
including them in dist tarball") provides a default PNG files removing the image
generation in build time. This commit overwrites the default PNG with one
customized by Digi.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Modify the recovery-utils code to reflect the change (change in C header and
linked libraries)
https://jira.digi.com/browse/DEL-7410
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The 'distro_features_check' class has had its functionality expanded, as
a result the class has now been renamed to 'features_check'
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Hector Palacios
Arturo Buzarra
Javier Viguera
Tatiana Leon
Isaac Hermida
Francisco Gil
David Escalona
Mike Engel
Gabriel Valcazar
Gonzalo Ruiz