Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ARM64 generic overrides where in the middle of the chain with more
precedence than IMX overrides.
From:
MACHINEOVERRIDES="imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:aarch64:armv8-2a:use-nxp-bsp:ccimx93-dvk"
To:
MACHINEOVERRIDES="aarch64:armv8-2a:use-nxp-bsp:imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:ccimx93-dvk"
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
mkimage output provides some information (basically image offsets) that
cst (code signing tool) uses to sign imx-boot images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This version supports i.MX8ULP and i.MX9x devices.
NOTICE: changed the "srk_ca" parameter in ahab_pki_tree.sh from "yes" to
"no". This script is shared between cc8x and ccimx93. The imx93 does not
support that option at the moment (generation of subordinate SGK certs)
and for the cc8x we were generating them but never used them to sign
the artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Merge the patches for the PKI tree generation scripts, to ease
maintenance (still keeping two separate patches for HAB4/AHAB).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ARM64 generic overrides were in the middle of the chain with more
precedence than IMX overrides.
From:
MACHINEOVERRIDES="imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:aarch64:armv8-2a:use-nxp-bsp:ccimx93-dvk"
To:
MACHINEOVERRIDES="aarch64:armv8-2a:use-nxp-bsp:imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:ccimx93-dvk"
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
If the default r/w rootfs is not found it will try to do a
fallback to the squashfs image.
In the nand devices additionally we need to set the rootfstype
to squashfs.
https://onedigi.atlassian.net/browse/DEL-8638
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When booting from a microSD, the variable 'boot_device' is
set to "mmc". Check this to fall back to booting Linux from
the microSD partitions.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These are files for programming images with STM32CubeMX tool.
We don't use the tool or the files. Remove the task to avoid build
warnings.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
BOOTDEVICE_LABELS defines the supported boot device (NAND by default).
BOOTSCHEME_LABELS defines the which kind of boot is supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We will use BOOTDEVICE_LABELS as a means to add 'sdcard'
configuration to TF_A_CONFIG within meta-st-stm32 so there
is no need to have a wrapper variable in meta-digi.
This reverts commit 7cf314ba80.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We will use BOOTDEVICE_LABELS as a means to add 'sdcard'
configuration to TF_A_CONFIG within meta-st-stm32 so there
is no need to have a wrapper variable in meta-digi.
This reverts commit c6f19a099c.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Digi's mechanism to use a custom Linux kernel defconfig is
based on setting the variable KERNEL_DEFCONFIG, however ST
implements their own mechanism with a custom variable
KERNEL_EXTERNAL_DEFCONFIG. When providing an external defconfig,
the variable needs to be set, otherwise a build error
will be generated. So to keep compatibility with NXP
platforms, this commit weakly assigns KERNEL_EXTERNAL_DEFCONFIG
to a default value "defconfig".
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
ConnectCore Cloud Services examples are included in 'dey-examples' repository
so they can be built from here and also imported in Eclipse/Digi Application
Development Environment for Linux with the samples wizard.
The example 'upload_file' has been removed since currently there is no support
for binary data points in the CCCS daemon/client model.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This recipe generates several packages:
* 'cccs' includes the CCCS shared library
* 'cccs-daemon' includes the binary and resources to execute the CCCS daemon
(daemon, service and init scripts, configuration file)
* 'cccs-cert' includes the required certificate to use CCCS daemon
* 'cccs-gs-demo' includes the binary and resources to execute the CCCS get
started demo (binary, service and init scripts)
* 'cccs-legacy' includes the binary (all-in-one) application to execute
the legacy CCCS application (aka cloud-connector) and the configuration
file
* 'cccs-legacy-dev' includes resources to develop legacy CCCS applications
(all-in-one) (header files inside 'cloud-connector' and 'cloudconnector.pc'
pkg config file)
* 'cccs-legacy-staticdev' includes static resources to develop legacy CCCS
applications (all-in-one) (static library)
This commit also renames:
* 'CLOUDCONNECTOR_PKGS' variable to 'CCCS_PKGS'.
* 'CC_DEVICE_TYPE' variable to 'CCCS_DEVICE_TYPE'.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Until now, for dualboot systems, all boot variables were calculated on each boot depending on the value of the
'active_system'. These variables are used to boot the device but were not saved, which could lead to a missmatch
between their value in the environment and their required values to correctly boot the system. This commit
simplifies a bit the variables calculation and adds a block to synchronize their value in the environment.
Signed-off-by: David Escalona <david.escalona@digi.com>
All the 'altboot' script functionality has been moved directly to the 'altbootcmd' command
in U-Boot, so this script is no longer necessary. Remove it for all platforms.
https://onedigi.atlassian.net/browse/DEL-8674
Signed-off-by: David Escalona <david.escalona@digi.com>
The install scripts from SD/USB use a fixed image name.
If you are trying to install a different image you need to set
the env variable 'image-name' first.
Add a helper message if default files are not found to
avoid needing to go to the documentation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Now in the ccmp1X platform the index for the data partition is
hosted in the ubi1 volume instead of the ubi0.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The ccmp1 has two MTD partitions (UBI, UBI_2) with different system
volumes.
Previously, the fact of having two ubi devices was taken as proof of
being on a multi-MTD system (one that has one UBI volume per partition).
Instead, this commit reformulates the condition to having a partition of
the same name than the UBI volume.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
PKI tree generation for the STM32MP15 cpu provides the undesired file
"publicKeysHashHashes.bin", which is only required by STM32MP13. This commit
generates the PKI tree according to the KeyGen tool documentation to avoid
generate this extra file and avoid confusing the end user.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Any errors in the PKI tree generation are not reported to bitbake, so the
script fails silently. This commit adds a validation of the script execution,
and if it fails, it aborts the execution and notifies to bitbake.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The KeyGen tool to generate 8 key pairs requires 8 consecutive passwords,
however, when the shell expands the passwords variable, it interprets it as a
single string instead of 8 different strings and fails.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The 'bootcount' value is now incremented and stored in the system on every boot and
not only then the 'upgrade_available' flag is set. Also, ensure the value is cleared
when the 'altboot' script is executed by running the new U-Boot command 'bootcount reset'.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
This branch contains the latest BSP changes from STM's v5.15-stm32mp-r2.1
release.
https://onedigi.atlassian.net/browse/DEL-8659
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The STM32MP15 SoC can only use one sign key.
Forcibly set TRUSTFENCE_KEY_INDEX on the machine conf so
that it cannot be overriden by mistake on the local.conf.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When TrustFence is enabled, a PKI tree is generated.
In the case of NXP platforms, the PKI contains public certificates
from which the public key needs to be extracted using an openssl
command.
In the case of STM platforms, the PKI contains directly the
public key.
In all cases, we need the public key to be installed in the
rootfs /etc/ssl/certs/ folder, so that it can be used by
swupdate to authenticate signed SWU packages.
Up to now, this was being done on the dualboot recipe, but the
installation of the public key should really be only dependant
on the fact of TF being enabled.
This commit:
- Removes the generation of the public key from dualboot.bb.
- Generates a patch to extract the public key from the certificate
as part of the PKI tree generation (on NXP platforms).
- Installs the public key during a post install function after
the final rootfs has been created.
- For NXP platforms, extracts the public key using openssl if
it does not exist (for backwards compatibility).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When booting from recovery sdcard, in the imx93 the dualboot is yes by
default, so the mmcroot variable was not set correctly for the uSD.
If we boot from uSD, just assume all the system is in the uSD card, whether
it is a recovery system or a prepared uSD card for demo.
https://onedigi.atlassian.net/browse/DEL-8461
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Commit 92969f0c4 ("plat-stm32mp1: Remove CFG_STM32_BSEC_WRITE dependency with
debug configuration OP-TEE") on OP-TEE source code, removed the link between
the BSEC WRITE feature with DEBUG feature, so now by default it is enabled.
This reverts commit 2395378ec4.
https://onedigi.atlassian.net/browse/DEL-8657
Create a new script for the generation of PKI tree for STM platforms
and leave the trustfence-sign-artifact script exclusively for signing.
The new gen-pki script only requires the platform as an argument and the
path to where to save the tree (if it doesn't exist) in
CONFIG_SIGN_KEYS_PATH.
This commit also reverts commit 13c136dbc5 by getting rid of the
trustfence-genpki-native.bb recipe and moving back the PKI generation
functions into trustfence.bbclass. This recipe didn't quite guarantee
that the PKI was generated on time for the recipes that required the
keys to exist, anyway.
Instead, the PKI generation function must be called right after
do_compile() of recipe tf-a-stm32mp to be ready for do_deploy() where
the key is used.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting at kernel 6.1, the maxim98088 driver has been migrated
from the old imx-max98088.c driver to NXP’s new audio framework
fsl-asoc-card.c.
Update the sound stuff to match the new audio card and some of
the new controls.
https://onedigi.atlassian.net/browse/DEL-8596
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Commit 7cf314ba80 made a weak assignment of TF_A_CONFIG in the machine
config file, so that it could be overriden from conf/local.conf with a
straight assignment. However, this variable already has a weak assignment
on include files for the tf-a-stm32mp recipe, which apparently take
precedence over the machine files.
This commit creates a new variable DEY_TF_A_CONFIG in the machine config,
and then uses a straight assignment of TF_A_CONFIG to the new variable on the
tf-a-stm32mp.bbappend.
This allows users to override the machine default and avoids the STM recipe
weak assignment.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Do not install the combo FW and install the WiFi and BT FW as separated FWs,
so they are managed independently.
Md5sums are:
44cf5535f3b40784296843544eae159e sd_w61x_v1.bin.se
300c739a4e126a8f430001c41e5b3a5f uartspi_n61x_v1.bin.se
Note: currently these FW files are copied manually here, till the github FW
files are updated.
These firmware files come from the package IW612_18.99.2.p19.5.zip provided
by NXP support page.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The btnxpuart driver is used for the bluetooth chip. We want to control
when to load and unload it, and when power/unpower the chip.
Therefore, blacklist it, so we can manage it in our scripts.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This wks file creates the required GPT and partition layout
to have a bootable SD card with the following partitions:
- fsbl1
- fsbl2
- metadata1
- metadata2
- fip-a
- fip-b
- u-boot-env
- linux
- rootfs
- data
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8120
This includes NXP's code from the SCFW porting kit v1.15.0, support for
variants with 4 GiB of RAM and a fix for an issue when resuming from suspend.
https://onedigi.atlassian.net/browse/DEL-8604
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP1 platform in Linux.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Equivalent commits in meta-freescale:
71d2a1ad49a3e04d0d401d4e9c52d5a50105b6dc
995f2f0a86da9428af348e72e51beb5063ebd729
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When the system runs as read-only with '/etc' overlayfs enabled, '/sbin/init' is not a symlink
to 'systemd', but '/sbin/init.orig' is. This causes the script to wrongly think than 'systemd'
is not being used. The outcome is that partitions are not being automatically mounted in R/O
systems running in mmc with '/etc' overlayfs enabled, as the specific '/usr/bin/systemd-mount'
binary needs to be invoked in these cases.
The proposed fix performs a second check with '/sbin/init.orig' to determine whether systemd is
being used or not. While on it, add an early check to determine if the partition is already
mounted to exit the script.
Signed-off-by: David Escalona <david.escalona@digi.com>
Make a series of changes to make sure the imx-boot signing process works:
* Store separate mkimage logs for each imx-boot build. In our case, this
means storing one log per SoC revision. Each SoC revision has a different
SECO fw binary with varying sizes, which causes offsets of specific
signing regions to differ among revisions. Since we parse the offsets
from the logs, we need to make sure the offset information is correct in
each case.
* Remove u-boot-atf-container.img in each mkimage iteration, otherwise the
ATF offset information will be missing from subsequent logs.
* Implement a separate trustfence_sign_imxboot() function for the ccimx8x
to iterate through all SoC revisions.
Note that the SPL+AHAB signing script doesn't support imx-boot encryption yet.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When building imx-boot images with SPL on the ccimx8x, a different signing
procedure is required. We already have a script for this use case in our U-Boot
fork, so make use of it.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Regulatory domain is now provided as a Kernel parameter, and the
wlan driver uses it to select the correct BDF file, so we don't
need to change the symbolic links to point to one file or another
anymore.
https://onedigi.atlassian.net/browse/DEL-8360
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We can't run a post installation script in a readonly file system.
We need to provide a configuration file beforehand.
https://onedigi.atlassian.net/browse/DEL-8556
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When EXTRA_IMAGE_FEATURES += "overlayfs-etc" is added these
configurations are needed to compile. They are provided with
the default configuration to work with our software.
The user can modify them in their local.conf if needed.
https://onedigi.atlassian.net/browse/DEL-8552
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When the swu package is generated it needs the right
extension of the rootfs to be formed.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We no longer need logic to determine the SOM's RAM size and bus width, we only
need to know the SOC revision, which is info that is always available.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now that both U-Boot and the SCFW can autodetect the RAM configuration, we can
simplify the imx-boot build process to generate two binaries (one per SOC
revision) instead of eight. Build "flash_spl" imx-boot images and use only one
global defconfig for u-boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This update includes automatic RAM configuration detection, and only one SCFW
binary is needed for all ccimx8x variants. Adapt the imx-boot recipe
accordingly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Use our custom compile/install/deploy functions from DEY 3.2. NXP's imx-boot
recipe assumes only one U-Boot config and SOC revision, but we have multiple,
so we have to rewrite all of these functions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
For the ccimx8x, we changed the order of the steps in do_deploy() from:
Deploy -> Rename files -> Move binaries
To:
Deploy -> Move binaries -> Rename files
When it's time to rename the files, they won't be in their original place and
the process will fail. Make sure we move the files after they've been renamed
to avoid errors.
Also, one move operation is enough for all artifacts, so remove the second
operation.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
(cherry picked from commit 92ca458e4f)
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Backport from NXP's lf-6.1.1-1.0.0 release for the ccimx93 (meta-ml
layer).
This version of flatbuffers is needed for ethos-u-vela version 3.6.0
(backported in following commit).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There are two different firmware files for Bluetooth on Murata's type2AE
module:
- JRL: It configures a Bluetooth TxPower of 7dB, to be used in Japan
only.
- FCC.CE: It configures a Bluetooth TxPower of 5dB, to be used in the
rest of the world.
To comply with the FCC requirement that it should not be possible to
configure different regulatory domains, or in this case configurations,
than FCC, only deploy the FCC.CE file by default:
- BCM4373A0_FCC.CE.hcd (md5sum: 1e287a3ab7f83e59352cb321315ea80f)
This file reports the following information during boot time:
Bluetooth: hci0: 89373 UART 37.4 MHz wlbga_BU sLNA muRata Type 2EA 5dBm 20220608-0103
Bluetooth: hci0: BCM4373A0 (001.001.025) build 0155
JRL file will be added via the Worldwide DEY patch addon that customers
can request from Digi.
https://onedigi.atlassian.net/browse/DEL-8453
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The only user of 'linux-dey-src.inc' was the linux recipe itself, so
instead rename that file to a more generic 'linux-dey.inc' and include
more common code in that renamed file.
This is in preparation for the new linux 6.1.1 recipe for the ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove patch file "0001-Makefile-Suppress-array-bounds-error.patch"
for ccimx93, as it is already included in the lf-6.1.1_1.0.0 revision.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Replace the CLM blob file from Github, which supports several countries
with a custom US-only CLM blob file. This way, default images will only
have support for US regulatory domain, therefore complying with FCC
requirements.
The Worldwide CLM blob file will be provided by Digi International on
request.
https://onedigi.atlassian.net/browse/DEL-8453
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We can't run a post installation script in a readonly file system.
We need to provide a configuration file beforehand.
https://onedigi.atlassian.net/browse/DEL-8556
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When EXTRA_IMAGE_FEATURES += "overlayfs-etc" is added these
configurations are needed to compile. They are provided with
the default configuration to work with our software.
The user can modify them in their local.conf if needed.
https://onedigi.atlassian.net/browse/DEL-8552
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When the swu package is generated it needs the right
extension of the rootfs to be formed.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
These variables are used to generate .sdcard images, and without them, said
generation will fail.
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We still need to use this downgraded version of dtc to be able to build
U-Boot v2017.03, so backport this patch to be able to build dtc with the latest
version of gcc
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit modifies the boot script condition to apply the overlay for MCA
based on HWID MCA field.
https://onedigi.atlassian.net/browse/DEL-8521
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, the sw-description used for non-dualboot systems will be missing
these values and the software update process will fail.
https://onedigi.atlassian.net/browse/DEL-8513
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We accidentally used "mx8mm" instead of "mx8mn" in commit
9b165196bb, which caused several elements to stop
working on the target (including the optee-os).
https://onedigi.atlassian.net/browse/DEL-8512
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The tools STM32MP_KeyGen_CLI and STM32MP_SigningTool_CLI have
a dependency of libQt5Core.so.5 which is provided by qtbase.
Add this dependency to avoid errors during SDK generation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit disables the uSD mounting, due to issues
detected during the boot process when UBIFS starts
with the wear-leveling process to erase NAND blocks.
https://onedigi.atlassian.net/browse/DEL-8415
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The FIP image is signed internally by this recipe. The password must be
set in FIP_SIGN_KEY_PASS. With the signing script, the password is
randomly generated and saved in key_pass.txt.
This prefunc obtains the password(s) from the file to set FIP_SIGN_KEY_PASS
so that the FIP can be properly signed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This script can be called stand-alone or from DEY.
Syntax is :
trustfence-sign-artifact.sh -p <platform> [-t input-unsigned-image> <output-signed-image>]
If files are omitted, it at least generates random keys if they do not
exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The do_deploy:append did three things:
- adapt the U-Boot filenames to 'u-boot-<platform>-<config>.<ext>'
- sign/encrypt the U-Boot files (only for iMX6 family)
- sign the boot scripts
Convert the first two actions into functions (the third already was) and
call them conditionally as postfuncs.
Also skip the signing of U-Boot files if the platform is not based on
iMX6 family.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This recipe downloads a tarball that contains the binaries:
- STM32MP_KeyGen_CLI
- STM32MP_SigningTool_CLI
from ST Microelectronics STM32CubeProgrammer v2.12.0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This is in preparation of using the same script name for different SOC
vendors (NXP and STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Dependencies of this recipe are run-time dependencies, not build-time.
While on it, move them to specific native/nativesdk recipe.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This recipe builds the script (that depends on cst-tool) that is used to
sign the images. It's only run natively.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The name of the variable was not very intuitive of what
it contains. This variable expands to the SoC vendor
(NXP or STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 065cf3e9 ("kirkstone migration: general update to the new override
syntax") incorrectly renamed binaries in a massive change. This commit restores
the binary names to the original.
https://onedigi.atlassian.net/browse/DEL-8478
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
By default, our 'cloudconnector' package is installed.
This can be overriden by defining 'CLOUDCONNECTOR_PKG' in the 'local.conf'
with the custom package that includes this application.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
These are recipes we created to support Google Coral on i.MX platforms. ST's
machine learning layer provides similar recipes, so to avoid conflicts, move
the recipes meant for i.MX platforms to a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This dependency is only required if you wish to build ST's reference images,
which isn't our case. Add said reference images' recipes to the BBMASK to
avoid build errors.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
rename interface sta_name to be "wlan0" instead of "mlan0", so it keeps
compatibility with other platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
OPTEE_PKGS variable must have a default (empty) value to prevent bitbake
parsing errors.
This fixes a build failure for MP1 platforms where the variable was
undefined in the commit that added the support.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
A recipe may generate different runtime packages, with names other than
PN. This commit allows removing the ontarget postinst script for those
other runtime package names. To do so, just define REMOVE_POSTINST_RPN
before including this class in the recipe.
The first user is in the following commit.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Javier Viguera
Francisco Gil
Hector Palacios
Arturo Buzarra
Mike Engel
Tatiana Leon
David Escalona
Gabriel Valcazar
Isaac Hermida
Gonzalo Ruiz