Enable signed firmware to prevent unauthenticated code on the Cortex-M4
co-processor by verifying images against custom public key from OP-TEE.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Fix runtime undefined symbol by wrapping Awb::queueRequest() call to
configureAwbAlgo() with EVISION_ALGO_ENABLED.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Integrate ST libcamera recipe from meta-st-openstlinux layer at
openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 tag. This recipe is required by
the NPU demos in meta-st-x-linux-ai.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the Digi custom version of sign-stm32mp bbclass to ensure
that the search_path() function does not raise a build exception if the signing
tool or keys are not present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit introduces a custom export_binaries() function to resolve a
deployment issue affecting the final TF-A artifact path. The issue occurs when
the SoC name does not match the TF-A device tree name.
This fix is required due to changes introduced in commit f0b4d0d02a
("ccmp15: enable secure_system_service for CCMP15"), which modified the TF-A
artifact generation process.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the Digi custom .bbappend recipes for FIP and TF-A to align
with the latest ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11
tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the default secure storage path
to /mnt/data/tee instead of /var/lib/tee. This will
store all secure storage keys in that path and will
keep them even during rootfs updates.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The default secure storage (/var/lib/tee) is a tmpfs and not persistent
across reboots. Change it to the data partition (/mnt/data/tee) when
TrustFence file system encryption enabled
For the log file, do use the /var/log/ directory instead of default
/data
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9683
Moved deploy_symlinks_atf from SYSROOT_PREPROCESS_FUNCS to do_deploy task
to ensure symlinks are created correctly even when rebuilding from the
shared state after a "bitbake -c clean tf-a-stm32mp".
Override do_deploy[sstate-outputdirs] from the original recipe to allow
installing both the deploy artifacts (binaries and symlinks) to the
package deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The login prompt appears before Wayland is fully initialized and
has created a wayland socket.
Logging in too early as root in this scenario caused the
WAYLAND_DISPLAY environment variable to be left empty. As a
consequence, gstreamer failed to use waylandsink to print contents
in the display.
Introduce a 10-seconds polling loop to wait for the wayland socket to
be available before proceeding with the login.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We reverted the stub that didn't allow PM when serial boot
was enabled on TF-A. Restore the part of the recipe that
includes USB boot support on NAND boot images.
This reverts commit 24aef482ef.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
Adding STM32MP_USB_PROGRAMMER=1 to TF-A NAND build allows the images to
boot from either NAND or USB (recovery) however, the source code of TF-A
disallows correct resuming from suspend when either STM32MP_USB_PROGRAMMER
or STM32MP_UART_PROGRAMMER are defined.
Remove this support so that the system can correctly resume from suspend.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
OP-TEE comes in two flavors: optee and opteemin
For NAND-boot images, add support for USB boot as well,
so that the default tf-a image is valid for booting from
either NAND or USB.
We had this for 'optee' flavor but not for 'opteemin'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Currently, the final metadata symlink is composed using the TF-A Device Tree
configuration, which includes memory variant details. However, these variants
are not relevant for the metadata binary.
To avoid generating multiple redundant metadata files or using confusing names,
this commit updates the symlink to be composed using the MACHINE variable
instead.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
After more in-depth testing, we discovered that the flv/ogv video issues on the
ccmp25-dvk don't happen when playing videos with standard resolutions. Since
the workaround consisted of reverting a patch backported from upstream
gstreamer, and it only fixed flv video playback anyway, revert said workaround
and test using videos with standard formats.
This reverts commit e09eff7e1a.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
On the new BSP the configuration is called 'optee-nand' and the build
parameters have changed.
We do this override in meta-digi only to incorporate
`STM32MP_USB_PROGRAMMER=1`
parameter, which allows to boot the nand image from USB, too.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
STM patch nº8 was causing memory mapping errors when playing .flv videos on the
ccmp25-dvk, so revert it.
https://onedigi.atlassian.net/browse/DEL-9466
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add UYVY support in order to be aligned with stateful v4l2 codecs
such as v4l2jpegenc.
https://onedigi.atlassian.net/browse/DEL-9546
Change-Id: I8c8e0b328aa3ea2325085d26cad0c14549b25f5a
Reviewed-on: https://gerrit.st.com/c/oeivi/oe/st/meta-opensdk/+/436381
ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Tested-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Reviewed-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add also BGRA, ARGB, ABGR formats in order to be aligned with stateful
v4l2 codecs such as v4l2jpegenc.
https://onedigi.atlassian.net/browse/DEL-9546
Change-Id: Ia51f7a93b0a6fbccb3222230e9f0936d2293cbbb
Reviewed-on: https://gerrit.st.com/c/oeivi/oe/st/meta-opensdk/+/436379
Reviewed-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Tested-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates optee-client support from the meta-st-openstlinux layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.03.19 tag.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit simplifies the recipe by integrating the symlink generation
directly into the main do_deploy() function, removing the need to maintain
both a do_deploy() and a do_deploy:append().
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit addresses two issues in the symlink deployment function:
- do_deploy() should not write directly to DEPLOY_DIR_IMAGE. Instead,
it now uses DEPLOYDIR.
- Expands do_deploy() instead of using SYSROOT_PREPROCESS_FUNCS to ensure that
the original FIP artifacts are created and properly regenerated on each build.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit generalizes the symlink generation to allow creating a final
symlink in the deploy directory, supporting different artifact flavors:
regular, signed or encrypted.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the sign-stm32mp bbclass from the meta-st-stm32mp layer to
allow customization. The main customization ensures that the search_path()
function does not raise a build exception if the signing tool or keys are not
present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces a custom do_compile() function to resolve a signing
issue affecting the final TF-A artifact, where the SoC name does not match the
TF-A device tree name.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit corrects an issue in the sign key processing when the SoC name does
not match the FIP device tree name.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates secure boot support based on the STM32 MPU Ecosystem v6.0
and integrates support for the ConnectCore MP2 platform.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The FIP flavor for OP-TEE + USB is managed in the meta-st-stm32mp layer through
the "optee-programmer-usb". However, since we do not require the additional
overhead introduced by the STM32CubeProgrammer tool, this commit introduces a
new FIP configuration based on OP-TEE for booting from USB.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Mike Engel
Arturo Buzarra
Javier Viguera
Gabriel Valcazar
Hector Palacios
Gonzalo Ruiz
Christophe Priouzeau
Isaac Hermida