Enable scripting support during the installation of system images with SWU. A new shell
script is included by default in all the SWU update packages that will be executed just
before the update starts and just after it finishes. The script is empty and contains two
place-holders that will be called in the two scenarios mentioned before.
Users can customize this script to execute specific actions based on their final product
needs or provide their own one by setting its location in the 'SWUPDATE_SCRIPT' variable.
While on it, rename the 'sw-description_template' file to 'sw-description-images_template'
as it is more accurate with the update mechanism it is used for.
Signed-off-by: David Escalona <david.escalona@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The fact of including both storage types (mtd and mmc) in the same 'sw-description' file is not providing any kind
of benefit. Instead, it makes the file larger, complex and harder to maintain. Additionally, most of the images
entries share the same structure and contents, changing only names and mount points. This commit simplifies the
'sw-description' file by configuring the storage type and the images to include in the SWU package at build
time, using a generic 'sw-description' template and template files for 'mmc' and 'mtd' images.
While on it, use the new 'DEY_FIRMWARE_VERSION' variable for SWU package version and fix the recipe to not include
all 'SRC_URI' files in the SWU update image, but only the required files for the update. Also, make use of variable
substitution provided by SWU class in the 'sw-description' file.
Note: SWU U-Boot update will be broken after this change. Waiting for official support with a robust implementation.
https://onedigi.atlassian.net/browse/DEL-8537https://onedigi.atlassian.net/browse/DEL-8538
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, rename the old "Firmware" variable to "DEY version", as it refers explicity to the DEY
distribution version.
https://onedigi.atlassian.net/browse/DEL-8539
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CC_DEVICE_TYPE' is not defined or it is empty use 'MACHINE' as the device
type in the Cloud Connector configuration file.
This commit also limits its length to a maximum of 255 characters.
https://onedigi.atlassian.net/browse/DEL-8531
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit syncs the device request code to match with the latest 'cc_api'
layer implementation.
See commit 99a2ff39b771f0e36af8d15d40f970462352e0b6 in 'cc_api' repository and
commit d8c848fc2f516a6c2197181f7540c9c23feaf44f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Connector creates detached threads and calling to 'wait_for_ccimp_threads()' is
not required.
See commit d34ddfb719932ae59774b388579b7d6a77472c4f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
* Remove 'MAX_RESPONSE_SIZE' define and allocate required memory in
'device_request_listener' example.
* Create 'free_timestamp()' function in 'upload_data_points' example.
* Use some sorter variable names.
* Use '__func__' to log function names.
* Remove line feed from log messages.
* Remove not required curly braces for single line loops.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Cloud Connector configuration file sets:
* 'edp12.devicecloud.com' as the URL to connect to (this end point uses client
certificates)
* '/mnt/data' as the directory to store downloaded certificates, now that
this is also available in emmc platforms (see
62d937df42)
This commit:
* reverts a0842cbcfd to keep
'edp12.devicecloud.com' URL that uses certificates for ccimx8m platforms.
* reverts fd94f10c0b since now the cloud connector
configuration file sets '/mnt/data' as the place to store downloaded
certificates, so no need to modify it for ccmp1 platforms.
* It also configures '/etc/ssl/certs' as the certificates directory for cc6ul
devices. Although by default, these devices are connecting to
'remotemanager.digi.com' that not uses certificates, we prefer to use an
existing directory in that setting. See commit
063a946e7c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
'environment' partition is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if the 'rootfs' is
'ubifs' mounted.
Related to commits 7c07b15370 and
678eaaf0fc4ce74e67682387e3465eb29659bd47
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit adds a new function to get the active system in a dualboot device
without using 'active_system' U-Boot variable.
This way the script always knows the real active system even when the variable
'active_system' has the value of the next boot active system, for example, after
performing a 'update-firmware --swap-active-system'.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This option combined with '-a' ('--active') only prints the active block: a or b
The purpose an output to be consumed by other scripts or programs.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Check the second ('/') and third ('ubifs') field of 'rootfs' entry in
'/proc/mounts' as the first one ('rootfs_a' or 'rootfs_b') may be changed by
custormers:
root@ccmp15-dvk:~# cat /proc/mounts
ubi0:rootfs_b / ubifs rw,relatime,assert=read-only,ubi=0,vol=5 0 0
[...]
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This is required for the firmware update using Digi Remote Manager. The reboot
is commanded by the server, it that does not happen the update process is not
ended for DRM.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
This commit modifies the cloud connector configuration to use
'remotemanager.digi.com' URL since it does not use certificates for the
connection.
'edp12.devicecloud.com' only allows connections with certificates.
The certificate is downloaded during the first device connection to DRM and
stored in '/etc/ssl/certs' directory inside the 'rootfs' partition.
Following connections must use this certificate.
After a firmware update 'rootfs' partition is re-programmed (standard boot)
or changed to use the corresponding partition of the other block (dual boot). In
any case the certificate downloaded is not available anymore, so the device is
not able to reconnect.
Currently there is no a 'immutable' partition to store the certificate, that is,
a place where the certificate is not removed during a firmware update and can
be used by the cloud connector (similar to the 'data' partition on a ccmp1)
Related to commit 063a946e7c.
https://onedigi.atlassian.net/browse/DEL-8400
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
By launching in system mode it is possible to play music from a shell using
pulseaudio. With change all platforms and images (with or without graphical
support) have pulseaudio working.
https://onedigi.atlassian.net/browse/DEL-8417
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Packages bluez5-init, cloudconnector, and connectcore-demo-example-webkit
provide a launcher script that is used regardless of the init system being
systemd or sysvinit. Those launcher scripts use the '/etc/init.d/functions'
file, which is provided by the 'initscripts-functions' runtime package,
so add that runtime dependence.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On boot, ConnectCore 6UL was failing to start pulse audio since it was trying
to use journalctl as log target when systemd is not included.
Boot error:
Starting Dropbear SSH server: dropbear.
W: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified).
E: [pulseaudio] log.c: Invalid log target.
E: [pulseaudio] cmdline.c: Invalid log target: use either 'syslog', 'stderr' or 'auto' or a valid file name 'file:<path>', 'newfile:<path>'.
E: [pulseaudio] main.c: Failed to parse command line.
Starting bluetooth: bluetoothd.
While on it change the 'connectcore-demo-server' priority to be launched after
pulseaudio when not using systemd.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Move 'video-examples' and 'webglsamples' recipes outside dynamic-layers/webkit
so platforms without 'webkit' support (such as ConnectCore 6UL) are able to
include and build successfully the complete 'connectcore-demo-example'
Related to 0b9b73afc8
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit separates the original 'connectcore-demo-example' package in 3
packages:
1. 'server' package. It contains the 'demoserver.py' script and its
corresponding systemd service and init script.
This script is required for the local demo and to be used with the
Bluetooth application (during the get started process)
2. 'example' package. It contains the html and required resources (images,
javascript, etc.) to use the demo locally, except for the multimedia
resources.
This package depends (in runtime) on the 'server' package.
3. 'multimedia' package. It contains the multimedia html and required
resources (images, javascript, videos, etc.) to use the multimedia demo
features locally.
This package depends (in runtime) on the 'example' package and also on
'video-examples' and 'webglsamples' packages.
This split allows to select the required demo packages per platform and image
type.
By default, the 'multimedia' package is the one included in the webkit images,
but the 'example' package is the one included in the rest of images.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit is similar to those required to launch crank applications on top of
weston in ConnectCore MP 15 platform, it must wait for the socket
'/run/user/0/wayland-1' after weston is initialized.
See commits 7de8270beda64236cdd1c46857906315a37dc4fe and
1ec5cc172c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Several fixes to the runtime dependences:
* Use new override syntax with ':'
* There is not "dualboot-init" package only "dualboot"
* Delete dependence on trustfence-tool
While on it, define do_configure and do_compile as noexec, because those
tasks do not need to execute, and remove the wrong PACKAGE_ARCH entry
(as this package is arch/machine agnostic)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes unused platform images to reduce the final size in the
rootfs.
https://onedigi.atlassian.net/browse/DEL-8335
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the on-target post installation function for read-only rootfs,
as it will fail trying to edit files.
https://onedigi.atlassian.net/browse/DEL-8221
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
These are just a verbatim copy of the ccimx8mm ones, so the project is
buildable. This file list should be revisited and adapted for the
ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There is a problem when building the SDK because two binaries
have the same name (update-firmware) and makes the compilation
to fail.
Change the name to update-firmware.recovery and create a wrapper
over the update-firmware to check if the system is not dual boot
to call it.
Rework the code to make it more reliable.
Remove the umount of the alternative linux partition, now it is
not needed because only the active linux partition is mounted now.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
All the dualboot logic will be checked in run time.
To do this:
* Include the altboot.src by default in all the images
* Create a post installation script to change the
firmware_download_path in the cloud connector
* Unify the swupdate file descriptor for dual and single boot
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit modifies the cloud connector configuration to use
'remotemanager.digi.com' URL since it does not use certificates for the
connection.
'edp12.devicecloud.com' only allows connections with certificates.
The certificate is downloaded during the first device connection to DRM and
stored in '/etc/ssl/certs' directory inside the 'rootfs' partition.
Following connections must use this certificate.
After a firmware update 'rootfs' partition is re-programmed (standard boot)
or changed to use the corresponding partition of the other block (dual boot). In
any case the certificate downloaded is not available anymore, so the device is
not able to reconnect.
Currently there is no a 'immutable' partition to store the certificate, that is,
a place where the certificate is not removed during a firmware update and can
be used by the cloud connector (similar to the 'data' partition on a ccmp1)
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The directory '/etc/ssl/certs' is in the 'rootfs_x' partition for dual boot or
'rootfs' for standard boot. In any case this certificate cannot be used after
updating because it is stored in the other block partition (for dual boot) or
because the whole partition has be re-programmed (for standard boot).
So, after a firmware update the device will not be able to reconnect to DRM
unless the user revokes the certificate.
This commit changes the certificate directory to be '/mnt/data' where 'data'
partition is mounted. This is not erased during a firmware update, so cloud
connector can use the already downloaded certificate and the device is able to
reconnect to DRM.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The partition "environment" is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if
the "rootfs" is "ubifs" mounted.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit fixes the following build warning with the swupdate v2022.05:
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
According to the Yocto reference manual, we need to specify the package name
override to indicate the package to which the value applies.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Cloud Connector opens USER_BUTTON GPIO as an interrupt to listen for rising and
falling edge events and upload them to Remote Manager as data point values.
Having MCA_IO1 as user button and opened by the Cloud Connector (or any other
software) prevents the device to go to sleep when it is not connected (all
MCA GPIOs are wake-up sources when configured as interrupt)
https://onedigi.atlassian.net/browse/DEL-8155
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit exports the environment variable XDG_RUNTIME_DIR if does not exists
for services that require sharing a pulseaudio instance.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Now the cloud connector has all the logic to detect if its
running in a dual_boot system, so it is not needed this anymore.
We need to modify on the fly the path to save the image in a
dualboot system.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Use the same name for both firmware update mechanism.
Add a dependency to only add recovery-utils used by the
non dual-boot firmware update system.
Adding this only one binary/script called update-firmware will
be added.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
- create dualboot.bbclass that
- sets DUALBOOT_ENABLED variable
- defines partition names and function for changing the sw-description
for swupdate
- move files from layer into meta-digi
https://onedigi.atlassian.net/browse/DEL-7962
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The new ConnectCore demo functionality makes use of some new Python libraries. Add these libraries
as a dependency in the demo recipe.
Signed-off-by: David Escalona <david.escalona@digi.com>
This commit improves the sysinfo script to skip error on platforms that don't
provide some variables.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The demo now has a "Play music" feature, which requires pulseaudio to be running in the device.
This commit checks if pulseaudio is running before starting the demo, and starts the service in
the case it is not.
Signed-off-by: David Escalona <david.escalona@digi.com>
The latest ConnectCore demo updates introduced support for audio controls that
use the mpg123 library to manage audio on the device. This commit adds a
runtime dependency for that package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The start/stop script of the service was using "killproc" and "pidofproc" functions from
"/etc/init.d/functions" to find the process PID. These functions rely on "pidof", which does
not work very well with Python scripts. Instead, use "pkill" and "pgrep" which allow to
search the executable in the full command line to retrieve the correct PID with the -f modifier.
Signed-off-by: David Escalona <david.escalona@digi.com>
The library recently added support for Python bindings. This commit
adds support to compile and install these Python bindings using a
new package: 'libdigiapix-python3'.
Signed-off-by: David Escalona <david.escalona@digi.com>
The ConnectCore Demo is launched on startup and starts the web server. Demo can be accessed
by any computer in the LAN by just typing the IP address of the device in the web browser.
Signed-off-by: David Escalona <david.escalona@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: David Escalona <david.escalona@digi.com>
(cherry picked from commit ccc9211d00dad7be6cb2c2d0cf179a62563e26c6)
Recent improvements in the cloudconnector core added a dependency with the
swupdate library, so this commit adds a build dependency with the
swupdate package.
https://onedigi.atlassian.net/browse/DEL-7903
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 654ef8686fd3916ae5ad257f72bd41ed2198d958)
This commit fixes the following build warning with the swupdate v2021.11:
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-xxxxxx.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-xxxxxx.ubifs)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Recent improvements in the cloudconnector core added a dependency with the
libdigiapix library, so this commit adds a build dependency with the
libdigiapix package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
swupdate has the necessary logic to handle compressed images, so take advantage
of this to save space and reduce update package transfer times.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, swupdate will treat the update process like it's an OTA one and it
will try to store the package contents in /tmp, which won't fit.
swupdate commit 8b70ae5796e75c2ff856e8c46b3a3c09cb8fcccd states that all local
SWU packages should include this flag, since the old implementation had this
information implicitly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the recovery script checks the update package before installing it, use
the package's description to indicate if the package is meant to encrypt the
rootfs or not. Also, remove the pre-install script from the ccimx6ul packages,
since the logic in the script to remove the encryption flag from the rootfs is
now in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The partition encryption system now uses dynamically generated names for the
decrypted block devices, which are based on the partition name. Reflect this
change in places where the encrypted rootfs is referenced.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The indexes of the MCA PWM controllers are different in Linux v5.4, so the
default value used by libdigiapix results in an error. Reflect this change and,
while at it, replace the default PWM with an IO connected to a user LED to make
the example more visual.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit c24d1d96 ("sysinfo: adapt script after removal of deprecated fsl_otp
driver") introduced a mistake masking the SEC_CONFIG[1] bit read from the OTP.
This commit fix the read command to force it in hex format and finally match
with the mask in the script.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit c24d1d96 ("sysinfo: adapt script after removal of deprecated fsl_otp
driver") introduced support to determine if a device is closed by checking
a new boolean property on the DT for the CC8X platforms, however the CC8M
platforms use the same mechanism. This commit modifies the sysinfo script to
check also the DT for the CC8M platforms.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit cbb38440 ("meta-digi-dey: sysinfo: Add chip revision sysinfo output")
introduced a new script variable to determine the SOC revision of the module.
However this entry only is available on the CC8X platforms. This commit checks
if the entry exist and then tries to read it to avoid unexpected issues with
devices without this entry.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the GPIO udev rules to change the group owner
and permission of the new gpio char driver. This will allow users
that belong to the digiapix group to access the char driver.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7255
Add systemd auto-getty.service to run agetty on the console defined in the
kernel command line on platforms with systemd support.
This service replaces serial-getty@.service as the one responsible for
opening a tty port and prompting for a login name when
TRUSTFENCE_CONSOLE_DISABLE is configured.
https://jira.digi.com/browse/DEL-7242
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit removes the v4l2 example because they are superseded
by gstreamer examples.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7211
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit f6a8de0067)
David Escalona
Francisco Gil
Tatiana Leon
Arturo Buzarra
Hector Palacios
Isaac Hermida
Javier Viguera
Mike Engel
Gabriel Valcazar
Gonzalo Ruiz
Hector Bujanda