Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This patch fixes build failures of the virtio_trans driver (Cortex-A9, 32-bit ARM)
when building a PREEMPT_RT-enabled kernel. The errors were caused by
unresolved 64-bit division symbols (__aeabi_uldivmod / __aeabi_ldivmod)
generated when the driver was compiled as a module.
Changes included:
* virtio_trans.c:
- Replace 64-bit modulus operations (`idx % vt->{tx,rx}_vring_size`) with
kernel-safe 64-bit division macros using `div_u64_rem()`.
This prevents implicit calls to non-exported ARM EABI helpers that are not
available to kernel modules on 32-bit ARM.
* fragment-nxp-rt.config:
- Enable the mailbox framework (`CONFIG_MAILBOX=y`) required by virtio
mailbox-based transports.
- Build the virtio transport driver into the kernel (`CONFIG_VIRTIO_TRANS=y`)
instead of as a module, ensuring proper symbol resolution
during link time. Without this a license error is shown when building
the kernel in yocto.
https://onedigi.atlassian.net/browse/DEL-9783
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on Linux kernel v6.6, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Update the STM32MP-specific kernel branch to Linux v6.6.78, aligned with the
latest ST release: openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
fix missing option to include the required kernel options for tsn support.
That support was added in commit 37f5db42ac for kernel 6.1, but it
was missed for kernel 6.6.
Add the support to include the required fragment, regardless the kernel
version.
While on it, update the tsn config to match kernel 6.6.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Yocto added kernel local version support by using the KERNEL_LOCALVERSION
variable. It conflicts with the "fsl-kernel-localversion" class from
the meta-freescale layer, resulting in a duplicated local version in the
kernel release label (uname -r). Use the current Yocto support to avoid
that duplication instead of meta-freescale's class.
This enables further simplification of the 'copy_defconfig' task for NXP
and STM platforms using common code.
https://onedigi.atlassian.net/browse/DEL-9669
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Enable CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF when using docker, as it
is needed for a correct network interoperability.
Some kernels may have it enabled by default, but others not, so just enable
it for any platform.
https://onedigi.atlassian.net/browse/DEL-9592
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Enable CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF when using docker, as it
is needed for a correct network interoperability.
Some kernels may have it enabled by default, but others not, so just enable
it for any platform.
https://onedigi.atlassian.net/browse/DEL-9592
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Add a unique patch with the RT functionality between NXP tags (sha1)
'lf-6.6.36-2.1.0' (d23d64eea5111e1607efcce1d601834fceec92cb)
'Real-Time-Edge-v3.1-202503' (f03af81d60b7ae14e03fafa8f4c4289c30a73f93)
https://onedigi.atlassian.net/browse/DEL-9324
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The btnxpuart is the driver used to manage the bluetooth for our i.mx9
modules, so only specify it for the affected platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Assembling a FIT image requires that all artifacts are ready before calling
assemble_fitimage(), which occurs before do_install() and after do_compile().
To ensure the Linux kernel recipe provides the final artifacts in the correct
location, this commit replaces the additional do_install() step with an
additional do_compile() step, ensuring that all necessary artifacts are
available before assemble_fitimage().
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates the X-LINUX-RT expansion package from the
meta-st-x-linux-rt layer, based on the tag
"openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06", for Yocto Scarthgap.
Currently only the STM CCMP2 is supported in kernel 6.6.
https://onedigi.atlassian.net/browse/DEL-9507
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit integrates the X-LINUX-RT expansion package from the
meta-st-x-linux-rt layer, based on the tag
"openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06", for Yocto Scarthgap.
Currently only the STM CCMP2 is supported in kernel 6.6.
https://onedigi.atlassian.net/browse/DEL-9507
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This doesn't change the behavior of the linux-dey recipe, all it does is make
the LINUX_GIT_URI variable accessible to any meta-digi recipe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update ccmp2 platform to use the latest Linux kernel v6.6.48 based on the
openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit in Poky:
https://git.yoctoproject.org/poky/commit/?id=fbace4111441d36026c3b5cd2ef690250ca8c448
changed the naming/symlinking of the different dtb files installed in
the deploy directory. In Yocto 4.0 we had:
146432 nov 19 14:37 ccimx8x-sbc-pro--5.15-r0.6-ccimx8x-sbc-pro-20241119124717.dtb
61 nov 19 14:37 ccimx8x-sbc-pro-ccimx8x-sbc-pro.dtb -> ccimx8x-sbc-pro--5.15-r0.6-ccimx8x-sbc-pro-20241119124717.dtb
61 nov 19 14:37 ccimx8x-sbc-pro.dtb -> ccimx8x-sbc-pro--5.15-r0.6-ccimx8x-sbc-pro-20241119124717.dtb
while in Yocto 5.0:
19 nov 19 17:57 ccimx8x-sbc-pro--6.6-r0.0-ccimx8x-sbc-pro-20241119164948.dtb -> ccimx8x-sbc-pro.dtb
19 nov 19 17:57 ccimx8x-sbc-pro-ccimx8x-sbc-pro.dtb -> ccimx8x-sbc-pro.dtb
151552 nov 19 17:57 ccimx8x-sbc-pro.dtb
Now, the regular file does not have timestamps or platform name suffixes,
so adjust the signing code to reflect this change.
https://onedigi.atlassian.net/browse/DEL-9325
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Our distribution is Digi Embedded Yocto (DEY), so use that to mark the
upstream status of the patches in our layer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Arturo Buzarra
Francisco Gil
Isaac Hermida
Javier Viguera
Hector Palacios
Gabriel Valcazar