The caam encryption check was only done from fw_env_write and fw_env_read
functions, which are not called when using the functions exported as a library.
Move the check_caam_encryption() call to fw_env_open(), which is called from
all code paths. A similar check for AES encryption cannot be moved because it
requires the AES key as an argument.
https://jira.digi.com/browse/DEL-3616
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NAND partitions may have pre-existing UBI volume information
and that will tell U-Boot to use 'ubiwrite' to keep UBI wear
leveling information instead of erasing the NAND partition
beforehand. Given that the UBI support in U-Boot is not
particularly complete and stable, and specially if the NAND
partition table has been changed, this could result into
problems during the UBI volume initialization or during the
update process. To prevent such problems it is better that
the NAND partitions are erased.
This loses the UBI wear leveling information but provides
a more reliable deployment install script.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-718
Modify patch to clean compiler warning:
warning: passing argument 1 of 'sysfs_mmcboot_set_protection' discards
'const' qualifier from pointer target type
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Implements functions to get and set variables from U-Boot's environment.
https://jira.digi.com/browse/DEL-3358
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The patch with the same name in 'meta-swupdate' fails to apply cleanly
after the patches we have done in meta-digi. So add here a version of
the patch that applies cleanly and with higher precedence in the search
path (using 'dey' distro override).
https://jira.digi.com/browse/DEL-3355
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
A corner case requires to save the environment so that the
boot command works after reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-681
Also change the image type of dey-image-trustfence-initramfs.
https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The default DEY image recipe for ccimx6ulsbc builds dey-image-qt.
The graphical backend is determined dynamically.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This patch adds the functionality to automatically detect if the enviroment
is encrypted (through the device tree). If it is, the environment is encrypted
and decrypted as required in a transparent way for the user.
https://jira.digi.com/browse/DEL-2836
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
- boot.txt
Sets the device tree filename basing on the SOM variant read from
the HWID and boots from NAND.
- install_linux_fw_sd
Deploys a full system (as generated by Digi Embedded Yocto) from
a FAT formatted micro SD card into the NAND flash.
https://jira.digi.com/browse/DEL-2925
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of
the fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
So the warning message shows the TF variable setting in the correct
syntax that they should be written in the project's local.conf
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The correct U-Boot branch to be used with dey-2.0/master is v2015.04/master, as
it contains the latest development changes (just like dey-2.0/master).
This reverts commit 728619a5bc.
After commit b0a766eafc8 in the U-Boot repository, both signed and
encrypted images will be generated. Copy both of them to the deploy folder
https://jira.digi.com/browse/DUB-642
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
U-Boot environment on the CC6UL NAND is located at partition /dev/mtd1:
- original copy is located at offset 0 in the partition
- redundant copy is located 1 erase block (128K) after the original copy
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2552
At the moment there is no support for rootfs encryption for the CC6UL,
so there is not a ramdisk in the boot image. But with the initial
addition of TF support, the u-boot boot script was being on-the-fly
updated for TF regardless of the platform, making the CC6UL unable to
boot when TF was enabled.
This commit fixes the problem, by just changing the u-boot boot script
when TF is enabled only for the CC6.
https://jira.digi.com/browse/DEL-2754
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
builds.
When building multiple u-boots they get compiled externally into a
directory named after machine defconfigs.
Once there is a directory with the same name as a defconfig it is not
possible to run the defconfig make target.
Fixes https://jira.digi.com/browse/DEL-2644
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
builds.
When building multiple u-boots they get compiled externally into a
directory named after machine defconfigs.
Once there is a directory with the same name as a defconfig it is not
possible to run the defconfig make target.
This change should be only temporary until it gets upstream.
Fixes https://jira.digi.com/browse/DEL-2644
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
When Trustfence is enabled, this adds a dependence on the TF initramfs,
so it's built and added to the boot image.
It also modifies the u-boot boot script on the fly, to boot correctly
using the Trustfence initramfs.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- boot.txt
Sets the device tree filename basing on the SOM variant read from
the HWID and boots from NAND.
- install_linux_fw_sd
Deploys a full system (as generated by Digi Embedded Yocto) from
a FAT formatted micro SD card into the NAND flash.
The u-boot-dey recipe is now fully shared by ccimx6 and ccimx6ul platforms
so we can remove the platform-specific appends.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The setting of 'bootcmd' in the script was done using single quotes, which
doesn't expand variables. As a consequence the following variables must
be defined again (during the execution of the second part of the script):
- mmcdev
- INSTALL_LINUX_FILENAME
- INSTALL_ROOTFS_FILENAME
This patch changes the single quotes with double quotes, so that these
variables are expanded during the setting of 'bootcmd' with the values
assigned at the begining of the installation script (notice these are
not dynamically generated so there is no risk to expand them).
At the same time we need to escape with a backslash:
- double quotes containing strings
- variables that we don't want to expand (like the return value $?)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- Add semi-colons to instructions inside 'setenv' commands
- Remove semi-colons in instructions where they are not needed (for
consistency with the rest of instructions)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
There are several possible values for TRUSTFENCE_UBOOT_ENV_DEK:
* Not defined: if the trustfence support is not included.
Should not include the feature.
* 32 characters: when defining a valid key.
Should include the feature.
* "0": when explicetily disabling the feature.
Should not include the feature
* <other>: Invalid value, should trigger the error.
This commits fixes the logic so that 'None' (no defined) is taken as a valid
value.
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
https://jira.digi.com/browse/DEL-2603
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
Implement the set of TRUSTFENCE_ macros to configure each secure boot feature
available in U-Boot.
https://jira.digi.com/browse/DUB-570
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
COMPATIBLE_MACHINE is a regular expression, so we need to update the current
pattern for ccimx6 due to it will also match with ccimx6ul.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Old versions of u-boot 'v2013.0x' have a bug in the shell's test command
that makes structures like:
if test "${not-existing}" = "0x01"; then ...
if test -z "${not-existing}"; then ...
to fail when the checked variable does not exist.
So implement workarounds in the updater script to overcome this problem.
This is needed because the script may be used in modules with an old
pre-installed u-boot.
https://jira.digi.com/browse/DEL-2231
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The install script allows for an easy deployment of the DEY firmware
artifacts into the eMMC of the ConnectCore 6 by using a micro SD card.
The install script:
- updates U-Boot
- resets the U-Boot environmnet to default values
- formats the User Data partition of the eMMC
- installs the firmware images (linux and rootfs partitions)
- resets/starts the system
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2192
The canonical symlinks created by poky's U-Boot class in u-boot.inc for
the different U-Boot configs are in the form:
u-boot.imx-<config>
u-boot-<machine>.imx-<config>
These symlinks have the .imx file extension hidden in the middle of the
file name, which looks ugly.
For DEY, remove these unused symlinks and generate new ones in the form:
u-boot-<config>.imx
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2192
As the plan is to use the same git objects (SHA1) in the internal and
github repos, also remove that internal/external SRCREV infrastructure.
https://jira.digi.com/browse/DEL-2205
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Carrier board version is determined by U-Boot variable $board_id
which will be defined if a board ID has been burned on certain
OTP bits.
Use the value in this variable to create the $fdt_file variable
using the suffix "-id${board_id}" to point to the device tree
file that matches that board ID.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2160
ERROR: u-boot-dey: md5 data is not matching for file://Licenses/README;md5=0507cd7da8e7ad6d6701926ec9b84c95
ERROR: u-boot-dey: The new md5 checksum is c7383a594871c03da76b3707929d2919
https://jira.digi.com/browse/DEL-1890
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ccimx51js and ccimx53js are not supported in this version of DEY.
Support for those platforms is in previous versions of DEY.
https://jira.digi.com/browse/DEL-1890
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Instead of creating a new recipe for u-boot fw-utils (fw_printenv) just
bbappend the recipe in Poky.
https://jira.digi.com/browse/DEL-1829
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Merge u-boot-dey-rev_2015.04.inc into the recipe. There is no need to
split the recipe, as there is no other recipe using this u-boot code.
* Update uboot configurations to the new format '_defconfig'. Also add
the new 2GB variant.
* Remove PREFERRED_VERSION_u-boot-dey for CC6, as there is only one
version available for this platform.
https://jira.digi.com/browse/DEL-1829
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is a Consumer quad-core 1.2GHz, 4GB eMMC, 2GB DDR3, -20/+85C variant
with bluetooth and wireless, no kinetis.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Adapt u-boot bootscript after latest changes in 'mmcdev' variable
semantics. Now the boot media device is stored in 'mmcbootdev' variable.
Also set the device tree filename depending on the hardware variant.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add post-installation script that runs on first boot to reconfigure the
u-boot environment depending on the media (EMMC,SD) the target is
booting from.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 8486d120355d80ea8ad5864596c8486a1d3c0db2)
This is needed in the context of CC6 variants 0x7 and 0x9 (EMMC-less).
Changes:
* Do not use 'meta-fsl-arm' image generation class: removed include and
override SDCARD generation function
* Use same VFAT boot image for EMMC and SD card. The u-boot bootscript
has been adapted to be able to boot Linux from both SD and EMMC.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 8b8456b8fd90facd92dfc87632effa582ca60475)
Remove the current DEY variants support and framework for CC6 because in
following commits we will add support for all *hardware* variants in
just one set of DEY images for CC6.
https://jira.digi.com/browse/DEL-1569
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The SD card images support added a dependence to mkimage native tool.
Otherwise the build may fail with:
mkimage: not found
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This completes the support for ccimx6sbc variants:
* support device tree variants
* split variants '0x01,0x02,0x04' group in two different groups (with or
without kinetis)
https://jira.digi.com/browse/DEL-1359
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 3f20015411f4e270b2e2c8faf292678c75ff2aff)
Diaz de Grenu, Jose
Alex Gonzalez
Hector Palacios
Javier Viguera
David Escalona
Isaac Hermida
Jose Diaz de Grenu de Pedro