This commit enables SWU image authentication when TrustFence
is enabled instead of when signing of images is enabled.
This allows the system to authenticate SWU images on images that
have been externally signed.
https://onedigi.atlassian.net/browse/DEL-8891
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Add also 'e2fsprogs-tune2fs' to the image, as busybox's version of
tune2fs command does not support setting the "encrypt" feature of the
EXT4 filesystem.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Commit c4f2fce4d3 added logic to do_install()
that saves space by removing board image files that don't match the machine
name. However, the ccimx6qpsbc uses the ccimx6sbc board image file, and it was
being removed from the demo, breaking the demo's landing page.
Avoid this by specifying the correct filename for the ccimx6qpsbc.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The support to update U-Boot in the redundant partition must be enabled in the project
configuration file by setting the variable "SWUPDATE_UBOOTIMG_REDUNDANT" to "true":
SWUPDATE_UBOOTIMG_REDUNDANT = "true"
This feature is only available for the newer platforms: ccmp13, ccmp15 and ccimx93. Trying to
enable it in older platforms will display a warning and fallback to non-redundant update.
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CCCS_CONF_PATH' is defined, the specified file is installed as CCCS
configuration file without any modification.
It it is not defined or it is empty, the configuration file in cc_dey
('cc_dey/cccs-daemon/cfg_files/cccs.conf') is installed and modified if
required.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Rework the script so that it has a similar structure as the MMC leaving it ready
to integrate new platforms.
Signed-off-by: David Escalona <david.escalona@digi.com>
This variable is only required to enable the bootcount feature after an update when the bootcount value is
stored in the environment. This only happens in the CCIMX6 products, so it makes no sense to use it for the
CCMP1 devices.
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, enable support to update encrypted U-Boot for all mmc platforms
supporting it. The install script extracts the DEK blob from the installed
U-Boot and appends it to the new U-Boot before flashing it.
Signed-off-by: David Escalona <david.escalona@digi.com>
To work in a dualboot memory layout out of the box, the most
common use case of the firmware update through the cloud should
be on the fly because in nand platforms there is not enough
memory to keep the update file in the system.
https://onedigi.atlassian.net/browse/DEL-8305
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
These fields were added to default files, but not to the
special sw-description files for ccmp1 and cc6ul platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds u-boot swupdate support for all platforms.
Now u-boot can be updated with all our supported update
options. Currently it will only update first partition
u-boot partition.
https://onedigi.atlassian.net/browse/DEL-8749
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
LVGL is a free and open-source embedded graphics library that is able to run
in environments with limited resources.
This image includes a desktop environment and an LVGL widget demo (lvgl_demo)
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ConnectCore 6 based products require the use of the 'upgrade_available' environment flag to save the
bootcount value between resets. Extend the use of this U-Boot variable for single system updates and
updates based on files.
Signed-off-by: David Escalona <david.escalona@digi.com>
If the system is send to suspend mode, the bluetooth core is reconfigured.
Therefore, restart the service if it is running, to configure the ble
service.
https://onedigi.atlassian.net/browse/DEL-8694
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
There was a missmatch between the configuration file and the
correct adc in the ccmp15 platform.
Also a whitespace is removed from ccmp13 configuration file.
https://onedigi.atlassian.net/browse/DEL-8702
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
ConnectCore Cloud Services examples are included in 'dey-examples' repository
so they can be built from here and also imported in Eclipse/Digi Application
Development Environment for Linux with the samples wizard.
The example 'upload_file' has been removed since currently there is no support
for binary data points in the CCCS daemon/client model.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This recipe generates several packages:
* 'cccs' includes the CCCS shared library
* 'cccs-daemon' includes the binary and resources to execute the CCCS daemon
(daemon, service and init scripts, configuration file)
* 'cccs-cert' includes the required certificate to use CCCS daemon
* 'cccs-gs-demo' includes the binary and resources to execute the CCCS get
started demo (binary, service and init scripts)
* 'cccs-legacy' includes the binary (all-in-one) application to execute
the legacy CCCS application (aka cloud-connector) and the configuration
file
* 'cccs-legacy-dev' includes resources to develop legacy CCCS applications
(all-in-one) (header files inside 'cloud-connector' and 'cloudconnector.pc'
pkg config file)
* 'cccs-legacy-staticdev' includes static resources to develop legacy CCCS
applications (all-in-one) (static library)
This commit also renames:
* 'CLOUDCONNECTOR_PKGS' variable to 'CCCS_PKGS'.
* 'CC_DEVICE_TYPE' variable to 'CCCS_DEVICE_TYPE'.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Now we can't determine if the rootfs is ubifs/squashfs
in the ccmp1X platforms, so we need to add again the rootfstype
parameter but only for ccmp1X platforms.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The CCIMX6 platform is the only one that will keep using the 'bootcount' value stored in the environment.
For this reason, that is the only platform requiring the 'upgrade_available' flag to be set after a
firmware update. For the rest of the platforms, remove it.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, remove the block of the 'dualboot' script that was taking care of this action.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
Add a user space application to manage the bootcount from the running system. This application
allows to read, reset and set the bootcount:
Usage: bootcount [options]
-r --read Read the current bootcount value (Default action)
-s <value> --set=<value> Set current bootcount to a specific value.
-x --reset Reset bootcount value to zero.
The binary checks the running platform underneath to perform the correct system access.
While on it, add a service to automatically execute the binary on boot to reset the bootcount value.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
This commit adds sha256 entry for the script files into
the sw-descrition. It is necessary for the Trustfence
authentication to have the included script files signed.
https://onedigi.atlassian.net/browse/DEL-8649
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This variable is only needed in the cc6ul, that's the reason
to create another sw-description only for the ccimx6ul.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When TrustFence is enabled, a PKI tree is generated.
In the case of NXP platforms, the PKI contains public certificates
from which the public key needs to be extracted using an openssl
command.
In the case of STM platforms, the PKI contains directly the
public key.
In all cases, we need the public key to be installed in the
rootfs /etc/ssl/certs/ folder, so that it can be used by
swupdate to authenticate signed SWU packages.
Up to now, this was being done on the dualboot recipe, but the
installation of the public key should really be only dependant
on the fact of TF being enabled.
This commit:
- Removes the generation of the public key from dualboot.bb.
- Generates a patch to extract the public key from the certificate
as part of the PKI tree generation (on NXP platforms).
- Installs the public key during a post install function after
the final rootfs has been created.
- For NXP platforms, extracts the public key using openssl if
it does not exist (for backwards compatibility).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Hector Palacios
Mike Engel
Francisco Gil
Arturo Buzarra
Isaac Hermida
Stephan Klatt
Gabriel Valcazar
David Escalona
Tatiana Leon