In order to revoke SRKs in platforms with AHAB we need to set a mask
during the signing/encryption process.
Create new TRUSTFENCE_SRK_REVOKE_MASK variable to export the
SRK_REVOKE_MASK variable required by the imx-boot signing script.
The revoke mask is not necessary for signing/encryption of other artifacts,
so set it by default to 0x0.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add support to sign and encrypt OS artifacts for AHAB devices.
https://jira.digi.com/browse/DEL-7371
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The 'source file system' was removed as an argument from the
'update' command in U-Boot v2020.04.
For platforms using such version, remove it from the update fw
scripts.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-983
This command isn't essential and might not be available on all systems, so
remove it. Use the "oflag=sync" dd parameter instead.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
A similar change was done in the dey-3.0/maint branch for the uSD installation
scripts, but since USB scripts were added in dey-3.0/master, apply the same
to them as well.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since this component pulls in Optee dependencies, which in turn depend on
packages from meta-python2, add this layer to the ccimx8mn-dvk's default
bblayers.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7025
Since there is only 1 supported version of cst, the include file is
only used once.
Move all the recipe implementation to the *.bb recipe and remove the
*.inc file.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Since cst-3.3.1 is now distributed with a BSD-3-Clause license, it is allowed
to distribute its source code from the Digi FTP.
Fetch the tarball from that location.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
CC8X SOMs code the RAM size on the OTP bits so this fall-back table
shouldn't be necessary, but update it with latest variants just
in case.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This machine was not building the 512MB 16bit U-Boot.
While on it, and for consistency, re-order to make the 2GB 32bit
the default (same as the SBC Pro), since the SBC Express was
discontinued as a product.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7363
Add Compliance Test Limits (CTL) information for FCC, CE and TELEC
certifications to the CC8MN US Board Data File.
The rest of the file (calibration, target power levels, etc.) remains
intact.
Updated file:
- bdwlan30_US.bin (MD5SUM: f9600f7bf4d601494b9bbe1ccbe94d6a)
https://jira.digi.com/browse/DEL-7359
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
CST was being built linking to the openssl libcrypto library from the host.
When the openssl version in the host didn't match the version in the SDK,
the SDK build failed like this:
Error:
Problem 1: package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
- conflicting requests
- nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
Problem 2: package nativesdk-packagegroup-qt5-toolchain-host-1.0-r0.0.x86_64_nativesdk requires nativesdk-packagegroup-sdk-host, but none of the providers can be installed
- package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
- conflicting requests
- nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
Fix that by adding the native dependencies include and lib folders to
the CST build. Also add openssl-native as a dependency for the SDK build,
otherwise it wont link to the SDK libcrypto library.
Additionally, to allow running CST in a host machine where the openssl version
does not match the version in the SDK, libcrypto library is statically linked.
https://jira.digi.com/browse/DEL-7346
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
(cherry picked from commit a95b3ad602)
CST was being built linking to the openssl libcrypto library from the host.
When the openssl version in the host didn't match the version in the SDK,
the SDK build failed like this:
Error:
Problem 1: package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
- conflicting requests
- nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
Problem 2: package nativesdk-packagegroup-qt5-toolchain-host-1.0-r0.0.x86_64_nativesdk requires nativesdk-packagegroup-sdk-host, but none of the providers can be installed
- package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
- conflicting requests
- nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
- nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
Fix that by adding the native dependencies include and lib folders to
the CST build. Also add openssl-native as a dependency for the SDK build,
otherwise it wont link to the SDK libcrypto library.
Additionally, to allow running CST in a host machine where the openssl version
does not match the version in the SDK, libcrypto library is statically linked.
https://jira.digi.com/browse/DEL-7346
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Create scripts to install DEY firmware using a USB stick.
https://jira.digi.com/browse/DEL-6802
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
U-Boot v2020.04 for the CC6UL supports the fastboot protocol.
Create scripts to install DEY firmware via USB using uuu
tool.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Update file:
- bdwlan30_US.bin (388da992fdf0bd25e62060247a0606e5)
This file was generated by calibrating several v3 CC8MN SOMs and
merging their resulting BDF files into a Golden file.
It also encodes the Target output powers tables.
Reference calibration file is obtained from 'qca6574au-le-2-2-2_qca_oem' repo
at tag 'r00005.1' under path
'wlanfw/cnss_proc/wlan/fw/target/sdio_dst/qc6174/bdwlan30.bin':
- bdwlan30.bin (8a40d95698825e1718bee640b1f7982a)
Target output powers respect the maximum EVM for every data rate.
https://jira.digi.com/browse/DEL-7290
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Includes:
imx-vpu: Fix selected version for 6Q and 6DL [LF-1816]
An older version of imx-vpu, from upstream, is being selected
for the image instead of the current one. The problem is
the override imxvpucnm used for the COMPATIBLE_MACHINE
is no longer being used. Update the recipe to use SOC
overrides instead.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
imx-seco-libs: Switch branch to imx_5.4.47_2.2.0
multilib: imx-seco-libs: Fix LIBDIR
imx-seco.inc: use c0 for 8dxl phantom with new c0 boards
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
imx-boot_1.0.bb: Update M4 binary name for i.MX 8QM [YOCIMX-4866]
8QM M4 demos unified the binary name.
Change name make it more easy for understanding.
imx-boot: Update the build option for iMX 8DXL Phantom C0 new boards [YOCIMX-4663]
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Build the U-Boot for variants with 1GB of memory and make the installation and
boot scripts recognize all of the current variants.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since this overlay is only used in the SBC Pro bootscript, have a separate
bootscript for the SBC Express.
https://jira.digi.com/browse/DEL-7276
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update file:
- bdwlan30_US.bin (8c8b575fb9a65714df0b7c6cb3399ed6)
This file was generated by calibrating several CC8MN SOMs from spin 3
and merging their resulting BDF files into a Golden file.
It also encodes the Target output powers.
Reference calibration file is obtained from 'qca6574au-le-2-2-2_qca_oem' repo
at tag 'r00005.1' under path
'wlanfw/cnss_proc/wlan/fw/target/sdio_dst/qc6174/bdwlan30.bin':
- bdwlan30.bin (8a40d95698825e1718bee640b1f7982a)
Target output powers respect the maximum EVM for every data rate.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add the ccimx6/6qp and update the ccimx8x supported U-Boot version. Even though
older versions of U-Boot can be built for the 8X, the dependencies with the
SCFW only make it possible to use the latest version of U-Boot to avoid
unexpected behaviour.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The boot script appends values to certain variables such as
$extra_bootargs and $overlays.
If the final instruction of the boot script (dboot command)
fails, these variables contain the new values, plus the original
one. Since the user recovers the prompt, he may do a 'saveenv'
to save the environment, and the modified variables will be
saved, only to be enlarged again on the next boot.
This can lead to repeated strings on such variables.
Save the original value and restore it in case of failure on
the dboot command.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Follow the syntax:
_ov_<som|board>_<functionality>[_<hardware>].dts
where:
_ov_ identifies the file as an overlay.
som|board identifies whether the overlay applies to the SOM
or to the carrier board.
functionality identifies the function of the overlay.
hardware identifies the hardware to which the overlay
applies.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Wrapping unterminated lines doesn't work for scripts (even
if they contain the backslash).
Substitute with full non-wrapped if/elif sentences.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7252
In the ccimx6sbc, since each SOC has a separate set of device trees, we can use
the soc_family environment variable when generating the name of the final
device tree in the bootscript. However, for the ccimx6qpsbc, there is only one
set of device trees with the "imx6qp" prefix, even though there are SOC
variants such as the imx6dp. Running the bootscript on a ccimx6qpsbc with an
imx6dp SOC assembled will result in a failure, since it will look for a
non-existing device tree starting with a "imx6dp" prefix.
Stop using the soc_family variable and hardcode "imx6qp" instead.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
With the latest version of imx-mkimage, the original dtb file is being
removed at the end of the build.
Add a patch to preserve it and be able to run several builds during the
same compile run, like we do for imx-boot signing.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
With this change, the ccimx6sbc and ccimx6qpsbc default images will now use the
xwayland backend instead of x11.
https://jira.digi.com/browse/DEL-7221
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Remove all v4.9 recipes and build Linux using the same branch on all platforms.
The .inc files were only needed because of the existence of multiple Linux
versions, but that's not the case anymore, so remove them.
https://jira.digi.com/browse/DEL-7221
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The CST package requires byacc to compile, and even though this dependency is
met when building images for the target, said dependency needs to be made
explicit when the package is built for the SDK in order to avoid build errors.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
With the previous solution we would need to generate
multiple overlays for each soc_type, so if we have a
new soc type (for example the solo), we would need
to generate 3 different overlays.
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
This commit fixed the sdcard generation when encryption is enabled.
In the sdcard image always is included the signed image instead of the
encrypted.
https://jira.digi.com/browse/DEL-7200
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This version supports encryption for devices with Advanced High Assurance Boot
(AHAB) capabilities. This commit also updates and simplifies Digi custom
patches.
https://jira.digi.com/browse/DEL-7175
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add running 'mmc partconf 0 1 1 1' command to the uuu scripts after
writing the new U-Boot into the internal eMMC.
This is required for blank eMMCs on CC8MN and CC8X SOMs where the
'update' command has never been run to be able to boot from eMMC.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.
This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.
It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit 8ced362766)
The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.
This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.
It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
The Cortex-M7 uses the UART4 as debug console, and it is
shared with the Cortex-A53. This commit disables it for the
ConnectCore 8M Nano DVK board to avoid conflicts.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Store mkimage log for every built target so it can be later used by the
signing script to create the correct CSF file for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The mkimage.log file is required by the signing script to create the CSF file.
Since there is one mkimage log file per target, update the mkimage.log symlink
right before signing the imx-boot file to ensure creating the CSF with the
corresponding mkimage log for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the M7 demos to new package version v2.8.0
of the new NXP release imx-5.4.24-2.1.0.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates the M4 demos to new package version v2.8.0
of the new NXP release imx-5.4.24-2.1.0.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Gonzalo Ruiz
Arturo Buzarra
Hector Palacios
Gabriel Valcazar
Mike Engel
Francisco Gil Martinez
Hector Bujanda