The udev mount script always queried the active system before mounting
any partition. On eMMC systems this lookup used /dev/disk/by-partlabel,
which is populated by udev itself and may still be incomplete and the
script exited for that partition.
Only resolve the active system for linux_a/linux_b, and read the eMMC
root partition name from sysfs instead of the udev-created by-partlabel
links.
https://onedigi.atlassian.net/browse/DEL-10131
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
create_st_fip_binary.sh converts binary encryption keys to hex before
passing them to encrypt_fw. hexdump may collapse repeated binary data
into '*', corrupting the key and causing encrypt_fw to reject it with an
invalid key size.
Add a bbappend to patch the helper from meta-digi and use hexdump -v so
the full key is emitted.
https://onedigi.atlassian.net/browse/DEL-10115
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When TrustFence encryption is enabled, the TF-A recipe converts the
binary FIP encryption key to a hexadecimal string and passes it to the
TF-A build as ENC_KEY.
hexdump suppresses repeated output by default and emits '*' when it folds
duplicate data. If that happens while converting the key, the generated
ENC_KEY contains the '*' marker instead of the full hex string. The
malformed value then breaks the make command line, and make can interpret
the remaining key fragment as a target, failing for example with:
make ... ENC_KEY=13eb911dfcc316b1b99bbbbf10a7000c3055e863* 166d3c8c9cd6f888b720a9 all
make: *** No rule to make target '166d3c8c9cd6f888b720a9'. Stop.
Use hexdump -v so every byte of the binary key is emitted and ENC_KEY is
always a complete, contiguous hex string.
https://onedigi.atlassian.net/browse/DEL-10115
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Drop the imx-m7-demos dependency and build only the A55 boot target,
since Cortex-M firmware is board-specific and should not be selected as
a default SoC artifact. This follows the same cleanup done upstream in
meta-freescale commit 598f047ef112a0c88f699714cd10dc87c8460c5a.
https://onedigi.atlassian.net/browse/DEL-9882
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 81cf596834382f87701d701277e13c97316de978)
This commit generalizes the BT GPIO value used in the bluetooth-init
script for different platforms.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-9668
Install the wl tool by default. It is a useful utility for customers to
perform additional wireless configuration and debugging.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently only the CCMP25 and CC95 will officially support containers.
For these platforms, "/root" is a common path with enough free space.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit replaces systemd-udev-settle from bluetooth-init and
ifupdown service. Systemd recommends not to use that service and
wait for specifc event or service to sync interfaces.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-9338
Enable CONFIG_NETFILTER_XT_MATCH_MULTIPORT in the Docker kernel fragment
so port publishing works.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Switch ccimx8/ccimx9 wic images to a layout with a u-boot-env
partition. Use a fixed PARTUUID for SD rootfs.
https://onedigi.atlassian.net/browse/DUB-1119
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
For consistency, rename LVDS overlays:
- Add display model to ccimx93-dvk LVDS overlay
- Convert underscore to dash on ccimx95-dvk LVDS overlays
(the underscore only to separate platform from functionality)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Update the recipe to pull Infineon firmware binaries from the official Infineon
repository (aligned with imx-scarthgap-longma Murata branch), avoiding
tarball-related build issues. Firmware remains at Infineon 2026_0108.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP2 platform in Linux.
https://onedigi.atlassian.net/browse/DEL-10029
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 9b99c0b073)
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP2 platform in Linux.
https://onedigi.atlassian.net/browse/DEL-10029
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a bootscript for the ConnectCore 95 platform, including the default device
tree overlay names.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This partially reverts commit f6d91b9022. The new
mca-tool v1.26 already installs its binaries to /usr/sbin (instead of /sbin),
so the workaround is no longer needed.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The original do_install() preserves file ownership, which can contaminate the
SDK build and cause "getpwuid(): uid not found: 1000". Adjust the copy command
to not preserve owner/group.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the Digi custom version of sign-stm32mp bbclass to ensure
that the search_path() function does not raise a build exception if the signing
tool or keys are not present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 3fdb245765 ("trustfence: add encrypted
boot artifact support for CCMP13 platform") broke PKI tree generation when
encryption is disabled. Fix it for ccmp15.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 52a1111da6d72446530da26e135b65a34b48e279 ("OPTEE: MANAGE signature,
M33TD") in the ST layer incorrectly enables CFG_REMOTEPROC_PUB_KEY_VERIFY=y for
all platforms when SIGN_ENABLE is set.
However, co-processor public key verification against OTP fuses is not
supported on stm32mp1x platforms and causes the build to fail.
Remove CFG_REMOTEPROC_PUB_KEY_VERIFY for ccmp15.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove the TF-A specific toolchain from SDK generation to avoid build issues
caused by unresolved runtime library dependencies in nativesdk-gcc-aarch64-none-elf,
including libcrypt.so.1, libncursesw.so.6, libpython3.8.so.1.0, and
libtinfo.so.6.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Update secure boot support for Cortex-M processors by refreshing the patch set
and dropping patches already integrated, aligning the implementation with ST
release openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since commit d29b92ed9935 ("CLASS: SIGN: manage signature for coprocessor")
in meta-st-stm32mp from tag openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18, the
SIGN_HEADER_VERSION variable is required.
Set the appropriate SIGN_HEADER_VERSION value for each platform.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Document dey-image-container-manager in meta-digi-containers and
update the ccmp25-dvk and ccimx95-dvk build template notes so the
image is listed during environment setup together with its
virtualization requirement.
https://onedigi.atlassian.net/browse/DEL-9996
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Until now the key modifier was being read from 'hwid_n' device tree
entries, but now those entries reflect the environment HWID, which
could be temporarily overriding the fuse HWID.
Ensure the key modifier is generated from the new 'hwid_fuse_n'
device tree entries created by U-Boot with the contents of the
fuse HWID, just as U-Boot does to encrypt/decrypt the environment.
https://onedigi.atlassian.net/browse/DEL-9123
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We only want to recover the libinput patch that fixes the cursor issue in the
LVGL demo, don't recover the wl_shell patch.
This partially reverts commit 7afc4a67de.
https://onedigi.atlassian.net/browse/DEL-9925
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update the STM32MP-specific kernel branch to Linux v6.6.116, aligned with the
latest ST release: openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18.
https://onedigi.atlassian.net/browse/DEL-10021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
These libraries are required by libcamera when IPA support is enabled.
Import them from the meta-OpenSTLinux layer at the
openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18 tag.
https://onedigi.atlassian.net/browse/DEL-10021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Synchronize the libcamera recipe with the meta-OpenSTLinux layer from the
openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18 tag.
https://onedigi.atlassian.net/browse/DEL-10021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The meta-st-x-linux-ai layer is still based on v6.1.1 and is not compatible
with the OpenSTLinux v6.2 BSP.
Mask the recipes that fail to build with v6.2 while waiting for an official
meta-st-x-linux-ai release aligned with OpenSTLinux v6.2.
https://onedigi.atlassian.net/browse/DEL-10021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The meta-st-stm32mp layer for OpenSTLinux v6.2 introduces the flag
ENABLE_PARTITIONS_IMAGE to generate per-partition images. This breaks the build
for DEY platforms, so disable it by default.
https://onedigi.atlassian.net/browse/DEL-10021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The SMARC module uses both Ethernet controllers, so ENET2 is
no longer optional.
The DVK does no longer have a MikroBUS connector so the
Mikro-E overlays are no longer needed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the ccimx95 SMARC module, the power button is connected
to the MCA, and the MCA is the one that generates the signal
to the ON_OFF input. In the SMARC design, the power button is dedicated
(there is a different button for standby) so we want short key
presses to be treated as a poweroff event right away.
We also want systemd to ignore long presses, as these are absorbed by
the MCA firmware to forcefully power off the PMIC.
When SMARC is disabled, use the default behavior:
- short press: suspend
- long press: graceful poweroff
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Use placeholders and machine-configurable variables to determine systemd
behavior when receiving power key events.
By default, these are:
- short press: suspend
- long press: graceful poweroff
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Isaac Hermida
Javier Viguera
Francisco Gil
Gonzalo Ruiz
Hector Bujanda
Mike Engel
Arturo Buzarra
Hector Palacios
Gabriel Valcazar