Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,205 Commits 3 Branches 0 Tags 196 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
Arturo Buzarra 7692d0ed4a ccmp25: add Cortex-M33 signed firmware support 
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.

https://onedigi.atlassian.net/browse/DEL-9813

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-11-03 17:06:30 +01:00
Mike Engel 8d26062700 optee-client: fix default secure storage path 
This commit fixes the default secure storage path
to /mnt/data/tee instead of /var/lib/tee. This will
store all secure storage keys in that path and will
keep them even during rootfs updates.

Signed-off-by: Mike Engel <Mike.Engel@digi.com>
 2025-07-29 11:16:39 +02:00
Hector Palacios 5d11be4d2b optee-client: change secure storage and TEE log paths 
The default secure storage (/var/lib/tee) is a tmpfs and not persistent
across reboots. Change it to the data partition (/mnt/data/tee) when
TrustFence file system encryption enabled

For the log file, do use the /var/log/ directory instead of default
/data

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

https://onedigi.atlassian.net/browse/DEL-9683
 2025-06-27 08:32:18 +02:00
Arturo Buzarra 8644348fed stm-st-stm32mp: optee-os: remove CFG_OTP_HUK for Trustfence 
Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.

https://onedigi.atlassian.net/browse/DEL-9634

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-05-26 09:48:00 +02:00
Arturo Buzarra 30751b0eef stm-st-stm32mp: add optee-client recipe based on v4.0.0 
This commit integrates optee-client support from the meta-st-openstlinux layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.03.19 tag.

https://onedigi.atlassian.net/browse/DEL-9442

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-03-26 08:53:12 +01:00
Arturo Buzarra f27c3364cb meta-digi-arm: Add custom sign-stm32mp bbclass to fix build issue 
This commit imports the sign-stm32mp bbclass from the meta-st-stm32mp layer to
allow customization. The main customization ensures that the search_path()
function does not raise a build exception if the signing tool or keys are not
present in the PATH before starting the build process.

In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.

https://onedigi.atlassian.net/browse/DEL-9442

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-03-26 08:53:12 +01:00
Arturo Buzarra 37517dcbe0 Merge tag 'dey-5.0-r1.3' into dey-5.0/master 
Digi Embedded Yocto 5.0-r1.3

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-03-10 11:26:31 +01:00
Arturo Buzarra 829cca1214 meta-digi: update revisions for dey-5.0-r1.3 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-03-06 21:04:25 +01:00
Arturo Buzarra 8f126dc060 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-02-26 12:56:25 +01:00
Arturo Buzarra 8180e53e83 meta-digi: update revisions for dey-5.0-r1.2 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-02-26 12:56:24 +01:00
Arturo Buzarra 440fd0e20f meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-02-24 13:52:13 +01:00
Arturo Buzarra ba0b696a75 meta-digi: update revisions for dey-5.0-r1.1 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-02-24 13:52:13 +01:00
Arturo Buzarra 3175ccdb53 switch to building from maintenance branches for dey-5.0 
https://onedigi.atlassian.net/browse/DEL-9503

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2025-02-17 13:55:32 +01:00
Arturo Buzarra da6311bb3b stm-st-stm32mp: scp-firmware: remove recipe integrated in optee-os v4.0.0 
This commit removes the scp-firmware recipe, as it has been integrated into the
optee-os recipe with the latest v4.0.0 from the ST BSP release. This update is
based on the openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0
(Scarthgap).

https://onedigi.atlassian.net/browse/DEL-9381

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-12-10 10:19:50 +01:00
Arturo Buzarra 13a12520fe stm-st-stm32mp: optee-os: sync optee-os-stm32mp2 recipe with v4.0.0 
This commit removes all outdated OPTEE-OS recipes and synchronizes the Digi custom
.bbappend with the latest v4.0.0 from the ST BSP release, based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).

https://onedigi.atlassian.net/browse/DEL-9381

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-12-10 10:19:50 +01:00
Javier Viguera bdbe657578 Merge branch 'dey-4.0/maint' into dey-4.0/master 
This merges back release 'dey-4.0-r7.2' + a few more fixes after the
tag.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 2024-10-16 16:28:40 +02:00
Arturo Buzarra ed8113d99b meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-10-08 12:00:57 +02:00
Arturo Buzarra 46f15efff2 meta-digi: update revisions for dey-4.0-r7.2 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-10-08 12:00:57 +02:00
Francisco Gil d9ef21b3d0 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2024-09-30 16:39:57 +02:00
Francisco Gil c179cd862c meta-digi: update revisions for dey-4.0-r7.1 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2024-09-30 16:38:44 +02:00
Hector Palacios 1624ec2bc2 optee-os-stm32: reduce verbosity of SCP firmware 
The SCP firmware introduces too much verbosity (with
timestamp included) in the middle of the boot log
between the TF-A and U-Boot.
Reduce the log and remove compiler flags for errors
on unused variables (banner strings).

This removes the following messages from SCP firmware:

  [    0.000000] SCP-firmware v2.12.0-dev
  [    0.000000]
  [    0.000000] [FWK] Module initialization complete!

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 2024-09-30 10:55:03 +02:00
Hector Palacios 33ca8bc914 optee-os-stm32mp: reduce verbosity 
ST_OPTEE_DEBUG_TRACE is set to 0 if ST_DEBUG_TRACE is set to 0.
However, on the optee source code, if ST_OPTEE_DEBUG_TRACE=0 the
log level is automatically set to 3 (INFO) resulting in a very
verbose optee log.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
 2024-09-30 10:55:03 +02:00
Arturo Buzarra 5fabf75615 switch to building from maintenance branches 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-09-25 16:36:48 +02:00
Arturo Buzarra 53b9fd076d Merge branch 'dey-4.0/master' into dey-4.0/maint 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-09-25 15:53:50 +02:00
Arturo Buzarra 7d660349e8 stm-st-stm32mp: optee: add support to ConnectCore MP25 DVK platform 
Add support based on v3.19.0 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.

https://onedigi.atlassian.net/browse/DEL-8995

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-07-22 17:12:33 +02:00
Hector Palacios 9ef54b7b8e optee-os-stm32mp: use OTP HUK when TrustFence enabled 
When TrustFence is enabled, use the HUK programmed on the OTP
bits for the ccmp15 platform.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

https://onedigi.atlassian.net/browse/DEL-9121
 2024-07-16 08:09:56 +02:00
Isaac Hermida 0c642ed7ec Update Digi Copyright header 
Standarize the Copyright header according to company policy.

Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
 2024-07-15 09:28:58 +02:00
Francisco Gil ee26f14423 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2024-07-02 12:06:59 +02:00
Francisco Gil 35cf4d61bc meta-digi: update revisions for dey-4.0-r6.1 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2024-07-02 10:19:59 +02:00
Javier Viguera 17658bdffa Merge branch 'dey-4.0/master' into dey-4.0/maint 
Merges Trustfence file-based encryption support.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 2024-06-28 12:14:26 +02:00
Javier Viguera ac23714967 optee-client: change secure storage path when TF is enabled 
By default, the secure storage path in the REE is "/var/lib/tee". It is
part of the rootfs, and thus, it gets lost on a firmware update.

This commit changes that path to a different partition "/mnt/data/tee"
when Trustfence file-based encryption is enabled.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 2024-06-27 15:41:00 +02:00
Javier Viguera 18c0c69314 Merge branch 'dey-4.0/master' into dey-4.0/maint 
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 2024-06-21 14:44:59 +02:00
Arturo Buzarra 8e63e52435 stm32mp: optee: add optee-client support by default 
Optee-client provides the TEE Client API as defined by the GlobalPlatform TEE standard.
It is required to communicate with a Trusted Application (TA) running in a Trusted OS.

https://onedigi.atlassian.net/browse/DEL-8970

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-04-22 11:33:41 +02:00
Arturo Buzarra e0193228ad meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-02-06 18:11:28 +01:00
Arturo Buzarra bdf80833dc meta-digi: update revisions for dey-4.0-r5.2 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-02-06 18:07:48 +01:00
Arturo Buzarra 7fb5205e73 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-01-30 16:52:26 +01:00
Arturo Buzarra 04a00b2bd0 meta-digi: update revisions for dey-4.0-r5.1 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2024-01-30 16:51:33 +01:00
Francisco Gil ff071a17be meta-digi: revert revisions to AUTOREV 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2023-09-15 16:42:58 +02:00
Francisco Gil c7b6a9d637 meta-digi: update revisions for dey-4.0-r4.1 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2023-09-15 16:41:49 +02:00
Arturo Buzarra 8db6c71a95 Merge branch 'dey-4.0/master' into dey-4.0/maint 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-09-08 10:33:10 +02:00
Arturo Buzarra a9176f53d3 Revert "optee-os-stm32mp: enable OTP program support" 
Commit 92969f0c4 ("plat-stm32mp1: Remove CFG_STM32_BSEC_WRITE dependency with
debug configuration OP-TEE") on OP-TEE source code, removed the link between
the BSEC WRITE feature with DEBUG feature, so now by default it is enabled.

This reverts commit 2395378ec4.

https://onedigi.atlassian.net/browse/DEL-8657
 2023-08-18 09:06:01 +02:00
Arturo Buzarra e679d3821d meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-05-17 15:34:53 +02:00
Arturo Buzarra 04f8e54400 meta-digi: update revisions for dey-4.0-r3.2 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-05-17 15:30:24 +02:00
Arturo Buzarra e45edb7f56 meta-digi: revert revisions to AUTOREV 2023-05-11 23:10:41 +02:00
Arturo Buzarra d780711b17 meta-digi: update revisions for dey-4.0-r3.1 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-05-11 22:58:31 +02:00
Francisco Gil 27414d3420 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2023-03-10 15:48:01 +01:00
Francisco Gil b59f31c114 meta-digi: update revisions for dey-4.0-r2.2 
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
 2023-03-10 15:46:34 +01:00
Arturo Buzarra 358a7cc414 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-03-08 18:59:27 +01:00
Arturo Buzarra de3ba53ef3 meta-digi: update revisions for dey-4.0-r2.1 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2023-03-08 18:58:58 +01:00
Arturo Buzarra 93a4dd2db5 meta-digi: revert revisions to AUTOREV 
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
 2022-11-29 16:35:27 +01:00