The sign mode needed for each platform is invariable, and since the platform
is already a mandatory parameter for the script, we can store this information
implicitly. Reflect this change in every recipe where the script is used, but
keep the variable at the Yocto level since it's still needed in several places.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The license checksum and the source branch should be on the properly
versioned bitbake recipes. Otherwise, when we include this common file
in a different version linux recipe (for example, the upcoming 5.10) it
will inherit incorrect values.
While on it, fix the incorrect license checksum values for the linux 5.4
recipes.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- Add the '-m' parameter. Without it, the script doesn't
generate the output merged configuration file, and the
fragments are not applied.
- Fix the if condition. The '*.cfg' expands to a list of
files, but the '-f' only admits one parameter. Use instead
the Python find_cfgs() function.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This allows users to apply small changes to our kernel configuration without
having to create a completely new defconfig. Use a simplified version of the
kernel-yocto.bbclass implementation.
https://onedigi.atlassian.net/browse/DEL-6706
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Enabling DIGI_INTERNAL_GIT defaults to LOG server. The build from local
MTK Digi server was broken.
Fix uboot and linux recipes declaring different repo paths depending on
whether the local remote is LOG or MTK.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit ffeb0556("classes: fsl-kernel-localversion: Fix task dependency") in
meta-freescale layer fixes a task dependency issue, so do_preconfigure() was
renamed to do_kernel_localversion().
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove all v4.9 recipes and build Linux using the same branch on all platforms.
The .inc files were only needed because of the existence of multiple Linux
versions, but that's not the case anymore, so remove them.
https://jira.digi.com/browse/DEL-7221
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The signing script is used for signing multiple artifacts, not just the
kernel, so rename it for a broader use.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signing with AHAB mode only requires an additional prior step, so
reuse as much code as possible.
Also, for Image.gz images, sign the uncompressed Image and later
compress the result.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
imx-mkimage is a host recipe to provide the mkimage_imx8 binaries, required
for the trustfence support with platform based on AHAB (ccimx8x). Since
these binaries are required to the sign process we need to export it in the
SDK to allow the standalone sign mode, and with that we can simplify the
mechanism to share these binaries with another recipes (u-boot, linux).
Also the do_deploy() from imx-mkimage recipe was removed to avoid overriding
the implementation from the native class and allow populating the mkimage
binaries.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Added rsync to the native dependencies, since it is used during
header install to prevent a build issue.
https://jira.digi.com/browse/DEL-7013
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove support to kernel v4.14 and move platforms to use the new
kernel v5.4
https://jira.digi.com/browse/DEL-7013
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In meta-freescale was renamed the linux-imx-headers recipe with the
full linux kernel version "4.14.98". With that change our custom
recipe from meta-digi is not selected. This commit reuses the recipe
from meta-freescale layer and modifies it.
https://jira.digi.com/browse/DEL-7001
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Digi Embedded Yocto 2.6-r3.1
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Mike Engel <mike.engel@digi.com>
This commit adds some dependencies to include the imx-mkimage package
that is needed to use the mkimage_imx8 tool.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
* prefix TRUSTFENCE_ to variable SIGN_MODE for DEY
* prefix CONFIG_ to variable SIGN_MODE for script
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, users that are behind corporate firewalls might not be able to
obtain the package sources.
https://jira.digi.com/browse/DEL-6663
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
All the dependencies of the required symbols are also added.
These are easier to mantain and enable the minimum support. If extra
features are required they shuold be explicitly added.
https://jira.digi.com/browse/DEL-6681
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
When using virtualization, ammend the kernel configuration so that docker
is supported.
https://jira.digi.com/browse/DEL-6681
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
Even though our ccimx6 and ccimx6qp images were using Linux v4.9 sources
correctly, they were using the same recipe as our images with Linux v4.14.
Technically, both recipes are identical (save for the branch name), but each
Linux version should have its own recipe.
Also, make sure that ccimx6/ccimx6qp images are built with our version of the
linux-imx-headers recipe instead of the one in meta-freescale.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The new development branch is based on NXP's v4.14.98 BSP.
https://jira.digi.com/browse/DEL-6603
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe's package is meant for packages that require NXP-specific linux
headers.
https://jira.digi.com/browse/DEL-6603
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Digi Embedded Yocto 2.6-r1.3
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove the linux-v4.20 recipe and use the linux-fslc kernel recipe in
meta-freescale-3rdparty instead.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Device tree files no longer have the kernel type prefixed to their name, so the
trustfence_sign() function must be updated to reflect this change or else
errors will occur.
https://jira.digi.com/browse/DEL-6476
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
KERNEL_IMAGE_BASE_NAME was replaced by KERNEL_IMAGE_NAME for
consistency between variable names.
https://jira.digi.com/browse/DEL-6443
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
new version allows building multiple flavors of the kernel and
module packages by templatizing kernel package names via a new
KERNEL_PACKAGE_NAME variable in kernel.bbclass.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This error only appears when the build host does not have the openssl
development libraries (libssl-dev) installed. If they are, the build
process will use them.
The error is:
|
/home/builder/jenkins/workspace/dey-rocko-use-mainline-bsp/projects/ccimx6ulsbc/tmp/work-shared/ccimx6ulsbc/kernel-source/scripts/extract-cert.c:21:25:
fatal error: openssl/bio.h: No such file or directory
| compilation terminated.
| scripts/Makefile.host:90: recipe for target 'scripts/extract-cert'
failed
| make[3]: *** [scripts/extract-cert] Error 1
| make[3]: *** Waiting for unfinished jobs....
This commit makes openssl-native a dependency and passes the include
path to the build.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Just add the following to the conf/local.conf file:
MACHINEOVERRIDES .= ":use-mainline-bsp"
The defconfig is the mainline imx_v6_v7_defconfig.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Digi Embedded Yocto 2.4-r2.4-beta
Manually changed recipes to use the master branches instead of the
fixed SHA1 from the last release.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This way, other recipes (like the ones for kernel modules) can re-use the
sources if needed.
https://jira.digi.com/browse/DEL-6115
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is our new Linux branch based on the beta 2 BSP for i.MX8 QXP
https://jira.digi.com/browse/DEL-6084
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
- This is an AARCH64 platform that requires to build "Image", so let's
change KERNEL_IMAGETYPE to a weak assignment in imx-digi-base.inc
- The device tree is inside a vendor folder.
- For the moment, this platform builds from a different branch.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-5936
With this patch a user can provide his own kernel 'defconfig' file by:
- setting the variable KERNEL_DEFCONFIG to a custom kernel configuration
file inside the kernel repository.
- setting the variable KERNEL_DEFCONFIG to a kernel configuration file
using the full path to the file.
- clearing the variable KERNEL_DEFCONFIG and providing a kernel
configuration file in the layer (in this case the file must be named
'defconfig').
Otherwise the default platform's kernel configuration file will be taken
directly from the Linux source code tree.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
As a side effect, remove U-Boot entry point variable and LOADADDR
extra parameter from the kernel recipe.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-5554
ConnectCore 6 and ConnectCore 6 UL are now supported in kernel v4.9.
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This functionality is automatically enabled for any recipe that inherits
the kernel class.
https://jira.digi.com/browse/DEL-5518
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This commit adds the defconfig for the platform ccimx6qpsbc
to the kernel v4.9 and modifies the recipe.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit modifies different recipes to support the new platform
ccimx6qpsbc and adapt it to maintain the support to ccimx6sbc.
https://jira.digi.com/browse/DEL-5082
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Tweaked to maintain some recipes' revisions to AUTOREV instead of the
fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Tweaked to maintain some recipes' revisions to AUTOREV instead of the
fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Seems that this is needed for the bluetooth interface to work. Without
this options, the interface is not able to initialice (hciattach command
fails).
https://jira.digi.com/browse/DEL-3855
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Loading firmware by userspace helpers has been deprecated from device
managers (like udev, eudev, etc). Firmware loading is supposed to be
performed by the kernel.
This fixes the loading of an external kernel module (qualcomm wlan.ko)
that was failing to load because of a missing firmware file.
In that case the kernel was requesting the firmware load from userspace:
ar6k_wlan mmc0:0001:1: Direct firmware load for qsetup30.bin failed with error -2
ar6k_wlan mmc0:0001:1: Falling back to user helper
The device manager we are using in DEY-2.2 (eudev) does not support
firmware loading and is not giving an error return value to the kernel
either, so at one point the kernel throws an oops:
Hardware name: Freescale i.MX6 Ultralite (Device Tree)
task: 88228000 ti: 88cbe000 task.ti: 88cbe000
PC is at 0x7f183758
LR is at request_firmware+0x38/0x40
pc : [<7f183758>] lr : [<802f80bc>] psr: 600f0013
sp : 88cbfdb8 ip : 00000000 fp : 88644c00
r10: 0000dac0 r9 : 88cbfefc r8 : 0000000c
r7 : 00007d08 r6 : 88cbfde4 r5 : 88644ea2 r4 : 00000005
r3 : 88cbfde4 r2 : 00000080 r1 : 00000000 r0 : fffffff5
and the wireless driver is not loaded.
https://jira.digi.com/browse/DEL-3856
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The way the kernel artifacts are generated has change as of Yocto 2.2.
Also some of the variables (e.g. KERNEL_IMAGE_SYMLINK_NAME) have changed
their default values.
Thus the trustfence_sign function needed some tweaks to continue working
properly.
https://jira.digi.com/browse/DEL-3834
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
KERNEL_IMAGE_BASE_NAME and KERNEL_IMAGE_SYMLINK_NAME default values have
changed in Yocto 2.2, so now this appended command is failing because
it's translated to:
ln -sf -4.1-r0.2-ccimx6ulstarter-20170216122147.bin ccimx6ulstarter
which fails with:
ln: invalid option -- '4'
Just remove it, because we don't need that symlink anymore. New U-Boot's
'zimage' and 'uimage' environment variables have default values ending in
'.bin' which is what Yocto provides.
https://jira.digi.com/browse/DEL-3451
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This re-enables USB mass storage support that was unintentionally
removed in commit 6851ab23e4.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-713
This updates the kernel configuration to the latest one
which disables unused drivers and options to optimize the
kernel size.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The kernel recipe was modifying the device tree blobs in place within the
kernel build temporal directory. This can cause problems after several
compilations, only the deployed artifacts should be signed/encrypted.
The deployment of the DTBs is done by do_deploy_appends in other layers which
are appended after this recipe, so it is required to use a postfunc to do the
trustfence related process after the deployment of all the artifacts.
https://jira.digi.com/browse/DEL-3388
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The name "ext-eth" seems to indicate "External Ethernet". Rename that variable
and related ones to a more proper name like second ethernet.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of
the fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Do not compile the kernel for supporting the static regulatory domain
but force the system to do that by using crda.
https://jira.digi.com/browse/DEL-2539
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We compile those modules as built in to avoid a mismatch
between the current kernel version and the wlan.ko module.
https://jira.digi.com/browse/DEL-2653
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Mike Engel
Gabriel Valcazar
Javier Viguera
Hector Palacios
Arturo Buzarra
Hector Bujanda
Gonzalo Ruiz
Jose Diaz de Grenu
Alex Gonzalez
David Escalona
Sebastian Pastor
Tatiana Leon
Isaac Hermida