This fixes the following CVEs:
* CVE-2021-3711
* CVE-2021-3712
Port the recipe and patches from the dunfell poky branch, since the hardknott
version contains additional changes aside from the revision update.
https://onedigi.atlassian.net/browse/DEL-7647
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package includes a script that is executed by a udev rule that we
currently include in our sysvinit images. Without it, the regulatory firmware
mechanism is broken and an error appears when booting the system.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When we added the SDMA fw systemd service, we accidentally made it so that all
scripts were installed only when using systemd. These files are still needed
when using sysvinit, so correct this change.
While at it, include the SDMA fw service in firmware-imx-sdma's FILES.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The function uboot_getenv() is a wrapper over libuboot_get_env() and
requires that the returned strings are freed when no longer in use.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
- The function is only used internally in this file, so make it static.
- Convert the function from 'int' to 'bool', since no other values are
evaluated.
- Only return true if the variable 'dualboot' is set to 'yes'. Before,
the function returned true if 'dualboot' was different than 'no'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The use of this function, which is a wrapper over libuboot_get_env(),
requires checking if the returned string is NULL.
Manipulations of such string without checking whether it's NULL may lead
to segfault errors.
This was seen during firmware update on a device that didn't have the
'dualboot' variable set.
Reported-by: Chandrababu Pigilam <chandrababu.pigilam@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
NetworkManager's main library went through a major overhaul in v1.22, changing
the way it interacts with glib among other things. When using a NetworkManager
version equal or newer than v1.22 along with a glib version between 2.63.3 and
2.65, a race condition can happen, randomly causing segmentation faults.
Since Yocto 3.2 uses NetworkManager 1.22.14 and glib 2.64.5, the race condition
is reproducible, but it can be fixed with the patch introduced in this commit.
The patch in question is commit e4a690f5dd959e74b2d6054826f61509892c8aa7 in the
glib git repo.
https://onedigi.atlassian.net/browse/DEL-7523
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit add a verification into the recovery library to avoid
that it is executed when in dualboot mode.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7580
Add scfw, mca-tool and trustfence-tool version updates to changelog.
Update OpenSSL version to v1.1.1k in the changelog.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This command was already present on the script used for CC8X. Add it here
so the scripts are as much alike as possible.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Fastboot is configured on boot with the current MMC configuration.
If we create a GPT partition table, we need to restart fastboot before we
try to program any partition with the 'flash' fastboot command.
Set 'fastboot_dev' to a different device, 'sata' for example an back to 'mmc'
to trigger a fastboot restart after creating the partition table on blank
devices.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Includes:
- add support for getting properties from the ROM bootloader.
- flash layout extra check by asking flash size to the MCA bootloader.
- flash layout extra check by asking flash size to the MCA.
Signed-off-by: Hector Bujanda <hector.bujanda@digi.com>
The current syntax only works properly when running the script through bash.
Change this so that it works for other shells as well.
While at it, fix a typo in the message that appears when the variant can't be
detected in the 6UL script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We document how to use this script from the Yocto image directory. Now that the
*.ext4 files are compressed by default, the script needs to automatically
decompress said files before starting the update process.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
swupdate has the necessary logic to handle compressed images, so take advantage
of this to save space and reduce update package transfer times.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These images are comprised of the bootloader, linux and rootfs images. Since
the rootfs images are highly compressable, we can compress the .sdcard file as
well to reduce the space taken up by build artifacts.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since these images are highly compressable, this greatly reduces the amount of
space taken up by build artifacts.
Modify the code used to generate the .sdcard and .installer.zip files so that
they contain the decompressed .ext4 image.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds the Edge TPU simple camera examples to exercise the Google
Coral devices with Digi Embedded Yocto.
https://onedigi.atlassian.net/browse/DEL-7547
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds the required libraries and packages to exercise the Google
Coral devices with Digi Embedded Yocto.
https://onedigi.atlassian.net/browse/DEL-7547
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The install script of cc8x had errors (using double '==' instead
of single on comparisions).
Besides fixing this typo, this commit changes the logic to:
- default to 2GB U-Boot for variants other than the ones in the
list.
- consider variant code 0x00 (not programmed HWID) as a failure.
thus forcing the user to specify the file on the command line.
This second action is done also on the cc6ul script.
Reported-by: Hector Bujanda <hector.bujanda@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
'mdev -s' run on ramfs initialization is able to mount external media already
detected but fails to automatically mount any media detected afterwards.
Running it as a daemon first it will also be able to mount any media detected
after 'mdev -s' is run.
Use argument '-d' to first run mdev as daemon in background.
Move 2 seconds delay to after mdev has been initialized to give external
hardware all the time possible to be successfully detected and mounted.
https://onedigi.atlassian.net/browse/DEL-7285
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Otherwise, Yocto will use the recipes in meta-webkit, which are slightly older.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
By default, we only support the latest versions of the webkit packages anyway,
so use a wildcard so we don't have to update the recipes every time a new
version is available.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Igalia has included performance improvements for i.MX platforms in the latest
versions of different packages related to webkit. Even though the recipes for
these versions are not yet available in meta-webkit, we can add our own to
meta-digi to take advantage of these improvements.
Update the cog patches so they apply cleanly over v0.9.90.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update US Board Data File to include the changes required to pass the
EN 300 328 V2.2.2 blocking test.
The new BDF is:
- bdwlan30_US.bin (24140b5c28256cadfd95bc28fc574733)
https://onedigi.atlassian.net/browse/DEL-7576
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
install_abort is a temp variable so 'test -n' doesn't work on it.
This was fixed in all scripts except the USB script of ccimx6sbc.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds some swupdate parameter to select the sw-description
configuration depending on the used platform.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
By default is enabled the reproducible builds feature and to provide a real
timestamp for the build system, we include it in our local.conf file.
https://onedigi.atlassian.net/browse/DEL-7574
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Without this call, swupdate will be built with a default configuration which
is incompatible with our package format. Even though this function is already
called in the original recipe, it was done in the package's "git" directory.
Make sure the function is called at least once so that our defconfig is used in
the build.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 28d9e025ea used += to append
a dependency to RDEPENDS but this was not working fine and was removing
previous dependencies.
Use instead _append override.
Reported-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, swupdate will treat the update process like it's an OTA one and it
will try to store the package contents in /tmp, which won't fit.
swupdate commit 8b70ae5796e75c2ff856e8c46b3a3c09cb8fcccd states that all local
SWU packages should include this flag, since the old implementation had this
information implicitly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Francisco Gil
Gabriel Valcazar
Hector Palacios
Mike Engel
Gonzalo Ruiz
Hector Bujanda
Arturo Buzarra