The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.
This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.
It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit 8ced362766)
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit f6a8de0067)
The old fsl_otp driver is deprecated and we need to determine
if the device is closed using a new property of the device tree
called 'digi,tf-closed'.
Assume the device is open if the property is not found.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.
This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.
It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
By default, we generate SWU files which update both the linux and rootfs
partitions. This, along with the fact that platforms using NAND as the storage
media require a reboot for the rootfs partition's "enc" flag to take effect,
makes it safe to format the NAND's rootfs partition before performing an
update, regardless of having to encrypt the rootfs or not.
However, customers that wish to use the swupdate feature to update just the
linux partition will find that the rootfs is completely erased after the update
is finished, because a new rootfs hasn't been written in its place.
To avoid this scenario, parse the SWU package's description to verify that it
contains a rootfs image before formatting the partition.
https://jira.digi.com/browse/DEL-7067
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The Cortex-M7 uses the UART4 as debug console, and it is
shared with the Cortex-A53. This commit disables it for the
ConnectCore 8M Nano DVK board to avoid conflicts.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Store mkimage log for every built target so it can be later used by the
signing script to create the correct CSF file for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The mkimage.log file is required by the signing script to create the CSF file.
Since there is one mkimage log file per target, update the mkimage.log symlink
right before signing the imx-boot file to ensure creating the CSF with the
corresponding mkimage log for every target.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the M7 demos to new package version v2.8.0
of the new NXP release imx-5.4.24-2.1.0.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates the M4 demos to new package version v2.8.0
of the new NXP release imx-5.4.24-2.1.0.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Upgrade GST version from 1.16.0 to 1.16.1
The headerfix.patch in gst-plugins-good needes to be removed
as these changes are already included in 1.16.1
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates the imx-gpu-viv to the next version.
It includes the following improvments and fixes
* The work-around that moves .so for OpenCL, OpenVX, and Vulkan
to the main packages triggers the QA Issue for dev-so:
ERROR: imx-gpu-viv-1_6.4.0.p2.4-aarch64-r0 do_package_qa:
QA Issue: non -dev/-dbg/nativesdk- package contains symlink .so:
libvulkan-imx path '/work/aarch64-mx8m-poky-linux/imx-gpu-viv/1_6.4.0.p2.4-aarch64-r0/packages-split/libvulkan-imx/usr/lib/libvulkan_VSI.so' [dev-so]
Suppress the QA check.
* Add versions for OpenCL, OpenVX, and Vulkan.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit removes the mesa-gl_%.bbappend file because that latest version
of the recipe is available in the zeus branch of meta-freescale.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates to the NXP imx-5.4.24-2.1.0 BSP.
Including following changes
In M4 MCUX SDK 2.8.0, it added PMS demo for CM40 to support Partition
reboot feature besides rpmsg pingpong. So change the m40 default image
to imx8qm_m4_0_TCM_power_mode_switch_m40.bin
Build i.MX 8DXL flash_linux_m4 with V2X off
Use option V2X=NO to switch V2X off.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
imx-boot files for target flash_regression_linux_m4 fail the signature
process, so skip them while signing the rest of the targets.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Busybox's device manager mdev was originally meant to be set up by writing its
path to /proc/sys/kernel/hotplug before launching it, but that entry no longer
exists in Linux v5.4's procfs and mdev can be launched directly.
Since mdev is the element in the recovery initramfs that is in charge of
mounting all partitions where .swu packages can be found (update partition on
the eMMC/MTD, uSD and USB), checking for the existence of the hotplug entry in
the procfs before launching mdev in v5.4 was preventing the partitions from
being mounted, and causing all software updates to fail.
While at it, move the two second delay to before mdev is launched, so all
partitions can be mounted. Otherwise, some devices such as the USB might not
be ready when mdev is launched, causing its partition to not be mounted.
https://jira.digi.com/browse/DEL-7143
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe was originally ported from the zeus branch of poky into the dey-2.6
meta-digi branch to support the pkcs11 feature in cryptoauthlib. Now that we've
migrated to zeus, the recipe is now duplicated and no longer necessary.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The cryptoauthlib package is being added in digi-defaults.inc, which is parsed
before this file. Setting the variable here overwrites its previous value,
causing the cryptoauthlib package to be left out of the rootfs. Append to the
variable instead of overwriting it to avoid this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Aside from adding the wireless-regdb-static support, this NXP package needs to
be included in the rootfs so the regulatory fw gets loaded in userspace.
https://jira.digi.com/browse/DEL-7133
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Starting with Linux v4.15, regulatory domains are no longer handled via CRDA,
but via the kernel and a flexible database instead. Said database is included
in the wireless-regdb-static package, which conflicts with the old
wireless-regdb package.
To accomodate for this new package, add CRDA as a dependency for ccimx6
platforms only, and incorporate wireless-regdb-static for the rest of the
platforms. Additionally, the ccimx6 kernel should inherit the
kernel_wireless_regdb .bbclass so the plaintext database is copied to the
kernel sources, but since we use the same recipe for all kernel versions and
ccimx6 platforms are not yet supported in zeus, omit this change for now.
Remove the package-base .bbappend, since only ccimx6ulstarter images include
that packagegroup and they require wireless-regdb-static, anyway.
By adding the regulatory database, we avoid delays when going to suspend,
caused by the kernel waiting for the database to appear.
https://jira.digi.com/browse/DEL-7133
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When loading the wireless driver in test mode, the UTF firmware file
is loaded.
On pcie chips, the UTF file is expected to be named 'utf.bin'.
On sdio chips, the UTF file is expected to be named 'utf30.bin'.
Rename the pcie UTF file to match this requirement.
md5sum
----------------------------------------------------------
qca65X4_pcie: utf.bin -> 41cfb4e50613cd0eeb0fa99a005131bd
qca65X4_sdio: utf30.bin -> 4743dee015047752e433e69f4db89974
https://jira.digi.com/browse/DEL-7086
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Hector Palacios
Francisco Gil Martinez
Gabriel Valcazar
Mike Engel
Gonzalo Ruiz
Arturo Buzarra