In previous versions of swupdate, only one SIGALG_* option could be chosen at
build-time, with SIGALG_RAWRSA being the default option. However, in 2025.12,
multiple SIGALG_* options can now be configured at build-time, allowing users
to choose the signature verification algorithm used at runtime via the
"digest-provider" parameter. We weren't explicitly setting any of these
algorithms in our defconfig, so the resulting builds didn't have any digest
providers, causing swupdate to fail early on when signed images are enabled.
To restore the behavior of previous swupdate versions, explicitly enable
SIGALG_RAWRSA when signed images are enabled. Since we only enable one digest
provider, it will be chosen automatically, without having to explicitly set the
"digest-provider" parameter at runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This patch includes code that only gets compiled for platforms that use a NAND
as the internal storage. Recent changes in swupdate's "copyfile" API caused
this code to stop building.
Using the normal rdiff handler code as reference, update our custom handler to
fix the build errors. While at it, include another change to prevent a warning.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In this version, Config.in files have been renamed to Kconfig, which prevented
one of our patches from applying correctly. Rework the patch to account for
this name change and while at it, update its context.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Our distribution is Digi Embedded Yocto (DEY), so use that to mark the
upstream status of the patches in our layer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit enables SWU image authentication when TrustFence
is enabled instead of when signing of images is enabled.
This allows the system to authenticate SWU images on images that
have been externally signed.
https://onedigi.atlassian.net/browse/DEL-8891
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The patch we were using comes from the time during dualboot support development
where said feature was selectable at build time. The patch adds a new build
option, giving the impression that it only gets enabled under certain
circumstances, when in reality:
* The option is never enabled anywhere in our code
* It's a string option that is treated like a boolean, meaning its
respective conditional compilation is always getting compiled even when
disabled
Our current dualboot support is enabled at runtime, so it doesn't make sense to
have a build-time option related to it, especially one that's broken. Replace
the patch with a functionally equivalent one that is less confusing. Also,
remove the related config option from our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The current log level is very verbose and generates way too much output in some
cases, such as a binary diff update. Reduce the default log level to avoid
this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We were using the .cfg suffix for both the build-time config fragments and the
runtime configuration file. During do_configure(), all files in SRC_URI ending
in .cfg were being merged together to create the final build configuration,
including said runtime file, which has a completely different syntax. In most
cases, the contents of this file were being ignored, but when tweaking
swupdate's configuration and re-building the package, sometimes strange errors
would prevent the build from finishing.
Change the runtime file's suffix entirely to separate it from the config
fragments and prevent it from being treated as such, and reflect the name
change in the defconfig and the recovery script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The 'mtd-blacklist' parameter prevents swupdate from acting upon those
partitions that we consider sensitive.
Make such list platform-dependent.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The swupdate recipe installs by default a systemd service
and a socket to listen for updates coming from a web server.
DEY only makes use of such service during on-the-fly updates from Cloud
Connector web service.
The default swupdate service fails on images with TrustFence because it's
called with no arguments and there doesn't exist a configuration file.
This commit installs a default configuration file and, if TrustFence is
enabled, sets the parameter 'public-key-file' to point to the public
certificate to use to authenticate SWU packages.
While on it, it removes the same file from the recovery-initramfs recipe
that was the only recipe that was adding such config file for recovery
images only.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 429125cce0 created a minimal version 'defconfig'
that doesn't include all the default configuration options
of swupdate.
However, an anonymous python function inside the swupdate
repository establishes dependencies basing on configuration
switches it finds (or not) in the 'defconfig' file and any
additional configuration fragments.
For this reason, a minimal 'defconfig' cannot be used in
this recipe and a full configuration file (that also includes
default options) must be used instead.
Reported-by: Stephan Klatt
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Writing directly into UBI volumes is not allowed, so a special 'rdiff' handler capable of
write data in UBI volumes is required. This commits adds the new handler and enables it in
MTD based systems.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
The 'RDIFF' handler allows to apply incremental updates using rdiff delta files in the
swu update package. This functionallity is only recommended for read-only file systems,
where the source partition cannot be modified externally by users.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
Building swupdate with '-j1' fails with:
swupdate$ make -j1
scripts/kconfig/conf --silentoldconfig Kconfig
CC ipc/network_ipc.o
CC ipc/network_ipc-if.o
CC ipc/progress_ipc.o
LD ipc/built-in.o
LD libswupdate.so.0.1
Failed:
aarch64-dey-linux/11.3.0/ld: cannot find ipc-static/lib.a: No such file or directory
collect2: error: ld returned 1 exit status
That's due to trying to link a static library that has not been compiled
yet. That dependence seems spurious and we added it in a patch, so
remove it to fix non-parallel builds.
https://onedigi.atlassian.net/browse/DEL-8445
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Make the 'defconfig' file a real defconfig by including only differences with respect default
values. While on it, improve the recipe:
- Enable 'BOOTLOADERHANDLER' by default in the 'defconfig'. We were unconditionally setting
this value to 'y' in the recipe, so move it to the default configuration.
- Move 'UBI' configuration values to 'mtd.cfg' file to be added only when device filesystem is
MTD based. Until now, 'UBI' support was always added by default.
- Move the 'SIGNED_IMAGES' configuration entry to a '.cfg' file like we are doing with the rest
of the functionallity. Use 'oe.utils.conditional' checking 'TRUSTFENCE' feature for this.
Signed-off-by: David Escalona <david.escalona@digi.com>
meta-swupdate updated swupdate to version v2022.12, so we need to update
our bbappend to apply to that version. Otherwise firmware update is
failing due to some missing swupdate handlers.
As our bbappend is generic enough, use a wildcard bbappend so it applies
to all swupdate versions.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the on-target post installation function for read-only rootfs,
as it will fail trying to edit files.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The variable dualboot might not be defined or well have an invalid
value. Just keep the service running if it is a dualboot model.
https://onedigi.atlassian.net/browse/DEL-8264
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
On recovery based devices, the swupdate process is executed in the
recovery, so there is no need to have the swupdate daemon running on the
rootfs.
Add a on-target post installation script to disable the swupdate
bootscript on the normal rootfs. This has the side effect of failing in
the recovery initramfs because the initramfs does not have a complete
SysV init system. For that case add a rootfs postprocess function to
delete the postinst script.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Since commit 554b97a ("swupdate: Set service type to notify") in meta-swupdate
layer, the swupdate service fails on boot due to the following timeout error:
swupdate.sh[2708]: [TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/swupdateprog
swupdate.sh[2708]: [TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/sockinstctrl
systemd[1]: swupdate.service: start operation timed out. Terminating.
systemd[1]: swupdate.service: Failed with result 'timeout'.
systemd[1]: Failed to start SWUpdate daemon.
This commit adds a config fragment to enable systemd support to swupdate daemon.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
One patch adds support for building the library statically and the other is a
fix for performing firmware update on the fly. These patches have been moved
from the meta-digi-dualboot layer
https://onedigi.atlassian.net/browse/DEL-7903
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 94018f7402586b916c5c7836eb355a19a78a9c51)
In meta-openembedded commit 35d249bb9a575a5a48491052896e121266d515f0,
libconfig, one of swupdate's dependencies, was split into two packages: one for
the C library and another for the C++ one. swupdate depends only on the C
library, but the C++ library was implicitly pulling in other dependencies, such
as libgcc.
After the commit mentioned above, libgcc stopped being pulled into our recovery
image, causing the following error to appear when swupdate terminates:
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborting
Even if the action carried out by swupdate is successful, our recovery script
detects this as an error and aborts the update operation. Avoid this by
explicitly adding libgcc as a runtime dependency for swupdate.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Without this call, swupdate will be built with a default configuration which
is incompatible with our package format. Even though this function is already
called in the original recipe, it was done in the package's "git" directory.
Make sure the function is called at least once so that our defconfig is used in
the build.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Rename recipe and fix the path of the progress binary. Also on the
rocko branch of meta-swupdate several signing mechanisms are
supported, and the value is used as a string to determine which one
to use.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
- The 'sign/verify' feature of swupdate can only be enabled/disabled at
compile time, it cannot be configured at run time.
- The 'sign/verify' defconfig file is only used when the images to
build are configured with 'TRUSTFENCE_SIGN=1'
- This change implies that all swupdate packages generated will have a
hash for the images to install and will be verified. Sign support is
only enabled for trustfence images.
https://jira.digi.com/browse/DEL-3773
Signed-off-by: David Escalona <david.escalona@digi.com>
- In Jethro, swupdate recipe was using 'swupdate_git.bb' as the main recipe to
build. In morty that recipe has been disabled and the '2017.01' one is used
instead, so we have to append to this new recipe by renaming our existing one.
- Our bbappend will now point to the same SHA1 that is being used, so we can
remove the SRCREV.
- The new code already includes the progress client patch, so it has been removed.
Signed-off-by: David Escalona <david.escalona@digi.com>
- This patch comes from the sw-update upstream and adds command line support
to the progress client binary.
a11e6f2b80https://jira.digi.com/browse/DEL-3356
Signed-off-by: David Escalona <david.escalona@digi.com>
There is new functionality in that version that we need for our firmware
update solution, so append the git-based recipe and set the revision to
the 2016.10 version.
Also provide a customized build configuration file. Notice that the
defconfig file is actually a full '.config'. It needs to be a full
config file because otherwise the anonymous python function in the
recipe is not able to gather all the build time dependences.
https://jira.digi.com/browse/DEL-3355
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Gabriel Valcazar
Javier Viguera
Mike Engel
Isaac Hermida
Hector Palacios
David Escalona
Arturo Buzarra
Jose Diaz de Grenu