This configuration is required to sign and encrypt U-Boot images during
build time, as it is done for ccimx6ul platform.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit adds a installation script that uses fastboot support to
update the target firmware.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-6845
Environment encryption is not yet supported in U-Boot.
Unset TRUSTFENCE_ENCRYPT_ENVIRONMENT on the machine configuration
and remove the platform conditional on the class.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
* prefix TRUSTFENCE_ to variable SIGN_MODE for DEY
* prefix CONFIG_ to variable SIGN_MODE for script
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Some configuration files inside of the SDK make use of the default SDK
installation path, so some tools might break unless the SDK is installed in said
default path.
Recently, we modified the default installation path to include the platform and
the image type, but the image type was added after the SDK was created, so even
though the environment script's paths include the image type, the "original"
default path in the config files inside of the SDK doesn't include the image
type. A side effect of this is that Qt5 apps cannot be built, since the qmake
and Qt configuration files are pointing to the "original" SDK path.
Remove the image type from the path so that the paths in the SDK's config files
match the real default installation path.
This partially reverts commit be0fe088e3.
https://jira.digi.com/browse/DEL-6972
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the final image name is not available in a global scope, append it to the
default installation path in the SDK extraction script once it has been
packaged.
The new default installation path format is:
/opt/dey/<version>/<platform>/<image>
https://jira.digi.com/browse/DEL-5264
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Trustfence is not yet fully supported for the CC8X.
Retore the warning.
This reverts commit 78534ca779.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The artifacts that must go inside the installer ZIP image are not anymore
the ones in UBOOT_CONFIG. For CC8X, the artifacts are combinations of
UBOOT_CONFIG and RAM_CONFIGS.
This commit adds a function 'get_bootable_artifacts()' to boot-artifacts class
to generate a new variable BOOTABLE_ARTIFACTS with the list of bootable
artifacts DEY produces.
The installer recipe can then simply iterate on that list, rather than
needing to calculate it by itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-6641
A variable called IMAGE_BOOTLOADER was being used without distinction for
referring to two different things:
- the recipe that builds the bootable artifacts
- the prefix of those artifacts
The value of this is "u-boot" for most platforms, but "imx-boot" for the
CC8X based platforms.
The name of the variable is misleading, so this commit splits it into two:
- BOOTLOADER_IMAGE_RECIPE, to refer to the recipe
- UBOOT_PREFIX, to refer to the prefix of the bootable artifact
With the separation, the variable UBOOT_SYMLINK becomes a generic formed
one, so it is moved to digi-defaults.inc.
While on it, fix the image_types_digi.bbclass which was not making use of
the original variable to establish all the dependencies.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The generate_installer_zip() function had a hardcoded "u-boot" filename when adding
the bootloader to the list of files that are put in the installer .zip.
https://jira.digi.com/browse/DEL-6174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Rename recipe and fix the path of the progress binary. Also on the
rocko branch of meta-swupdate several signing mechanisms are
supported, and the value is used as a string to determine which one
to use.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
This commit creates a new file called 'dey-version-${REAL_MULTIMACH_TARGET_SYS}'
(for example, 'dey-version-cortexa7hf-neon-dey-linux-gnueabi') at the same level
as 'version-${REAL_MULTIMACH_TARGET_SYS}',
'site-config-${REAL_MULTIMACH_TARGET_SYS}', and
'environment-setup-${REAL_MULTIMACH_TARGET_SYS}' files.
The file contains the following parameters:
* Machine. The name of the platform the toolchain was built for (ccimx6sbc,
ccimx6ulsbc, ccimx6ulstarter).
* Version: A versioning system for the generated toolchains. Currently is the
distro version followed by the timestamp on which the current build started.
* Image: The name of the image that triggered the population of the SDK
(core-image-base, dey-image-aws, dey-image-qt-${GRAPHICAL_BACKEND})
The purpose of the 'dey-version-*' file is to be parsed by Eclipse so toolchains
can be autodetected.
This file is packaged with the rest of SDK/toolchain resources ('version-*',
'site-config-*', and 'environment-setup-*' files, and 'sysroots' directory)
when creating the SDK tarball and later the installation script.
The 'dey-version-*' file could also be created in a 'meta-environment.bbappend'
appending to the 'create_sdk_files()'. But from this recipe there is no access
to the name of the image that triggers the creation of the SDK (core-image-base,
dey-image-aws, dey-image-qt, etc.).
Currently, we are redefining 'SDK_POSTPROCESS_COMMAND' (from
'poky/meta/classes/populate_sdk_base.bbclass') to insert the generation of the
'dey-version-*' file just before creating the SDK tarball.
https://jira.digi.com/browse/DEL-5074
Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
If values are provided in the local.conf, the package will have the
'config.json' file preconfigured.
https://jira.digi.com/browse/DEL-4274
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Rename the class so it's not specific to the C version of the AWS IoT
Device SDK, and can be used for anything related with AWS IOT (for
example Greengrass).
https://jira.digi.com/browse/DEL-4274
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Variable 'AWS_IOT_LOGGING_LEVEL' can be used from the project 'local.conf' to
establish the logging level of the AWS IoT Device SDK.
There are 6 incremental levels: none, error, warn, info, debug, and trace.
Default is 'debug'.
https://jira.digi.com/browse/DEL-4101
Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
With the migration to Morty, some of the paths to the artifacts (boot
and rootfs images) need to be updated.
While on it, also remove the temporary README.txt file which is not
needed after it has been packed in the zip installer.
https://jira.digi.com/browse/DEL-4013
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- Trying to set the complete SWU packages signature key in the
TrustFence class was causing a build error when keys were not
yet generated. To avoid this, set only the key wildcard in the
TrustFence class and expand the variable in the SWU packages
recipes, when keys already exist.
https://jira.digi.com/browse/DEL-3913
Signed-off-by: David Escalona <david.escalona@digi.com>
- Enabled signing support while generating the swupdate
packages for 'core-image-base' and 'dey-image-qt'. The
signing support is only enabled when 'TUSTFENCE_SIGN=1'
and requires the recipe to set the private key that will
be used to generate the signature.
- Enabled hash support while generating the swupdate
packages for 'core-image-base' and 'dey-image-qt'. The
hash support requires the sw-description files to include
a new line for each image and/or file that will be added
to the update package. The hash is automatically calculated
and replaced in the sw-description files.
https://jira.digi.com/browse/DEL-3774
Signed-off-by: David Escalona <david.escalona@digi.com>
It's not enabled by default. It's controlled by DEY_IMAGE_INSTALLER
variable in the project's local.conf.
https://jira.digi.com/browse/DEL-3591
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When encryption is enabled, the signed U-Boot image will be used for the uSD.
This allows the uSD image to boot the device and recover it from the U-Boot
console, which is its main purpose. Nevertheless, the uSD image will not be
able to boot Linux.
https://jira.digi.com/browse/DEL-2877
This reverts commit 2e13e194d9.
Currently we don't support booting encrypted images from an SDCARD, so
just disable the generation of such images.
https://jira.digi.com/browse/DEL-2876
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
By default, on closed devices you cannot revoke any key. To do so, it is
required to compile a U-Boot which instructs the HAB not to set the sticky
bit which write protects that field in the OCOTP controller.
This patch introduces a Yocto macro which allows to configure U-Boot in
that way.
In the ConnectCore 6, the value of this settings is ignored, because HAB never
sets the sticky bit which write protects that field.
https://jira.digi.com/browse/DUB-665
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
While performing usability testing on the TrustFence documentation, it has
been noted that in order to follow the secure boot instructions the
console needs to be enabled.
We have now moved the secure console section to the end of the
documentation so that disabling the console is the last configuration to
make in a secure system.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
When Trustfence is enabled, this adds a dependence on the TF initramfs,
so it's built and added to the boot image.
It also modifies the u-boot boot script on the fly, to boot correctly
using the Trustfence initramfs.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The TRUSTFENCE_UBOOT_DEK_SIZE Yocto macro maps to the UBOOT_DEK_SIZE U-Boot
Kconfig entry, which is defined as a choice entry. This makes necessary
to explicitly define the choice Kconfig entry for the configuration to
work.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
There are several possible values for TRUSTFENCE_UBOOT_ENV_DEK:
* Not defined: if the trustfence support is not included.
Should not include the feature.
* 32 characters: when defining a valid key.
Should include the feature.
* "0": when explicitly disabling the feature.
Should not include the feature
* <other>: Invalid value, should trigger the error.
This commits fixes the logic so that 'None' (no defined) is taken as a valid
value.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This commit changes the CONFIG_CCIMX6SBC_CONSOLE_ENABLE_GPIO_NR define
into a platform independent setting.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-2641
https://jira.digi.com/browse/DEL-2603
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
Implement the set of TRUSTFENCE_ macros to configure each secure boot feature
available in U-Boot.
https://jira.digi.com/browse/DUB-570
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
This commit adds a trustfence class to encapsulate all trustfence
configurations.
https://jira.digi.com/browse/DEL-2257
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
The meta-qt5 layer provides a 'populate_sdk_qt5' class with all what's
needed to build a SDK based on an image recipe.
Inherit the class here so it's available for all DEY image recipes
depending on 'dey-qt' image feature.
https://jira.digi.com/browse/DEL-1973
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This was used just for SARES testing and according to the SA team it is
not needed anymore, so just remove it.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This simplifies the code and as an extra allows to override the default
root password from the project's local.conf (setting MD5_ROOT_PASSWD
variable)
https://jira.digi.com/browse/DEL-1558
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Poky added a new class that provides the same functionality we
implemented in our 'dey-image' class. So just use that class instead
of reimplementing it in our layer.
https://jira.digi.com/browse/DEL-1558
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove 'dey-test' image feature and create a SARES bbclass with the
same functionality. This makes easier the creation of images suitable
for SARES testing just adding:
INHERIT += "sares-image"
to your project's local.conf
https://jira.digi.com/browse/DEL-1558
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
After the upstream commit in d63c8a1597c9bd0a838cb59ca461ac432b630a90,
bitbake checks to see if the image feature has a valid packagegroup
associated.
For this check to work dey features need to be defined for all images,
not only dey images, so the definitions need to move to the distro
configuration file.
https://jira.digi.com/browse/DEL-852
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
SERIAL_CONSOLE variable has been deprecated in poky. The new
SERIAL_CONSOLES allows to configure multiple devices.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The final product will be called "Digi Embedded for Yocto" or DEY for
short.
This commit renames all relevant files.
https://jira.digi.com/browse/DEL-474
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Gonzalo Ruiz
Mike Engel
Hector Palacios
Gabriel Valcazar
Jose Diaz de Grenu
Arturo Buzarra
Tatiana Leon
Javier Viguera
David Escalona
Alex Gonzalez
Jose Diaz de Grenu de Pedro