Add CLM blob files with power limits based on the CCMP25 Certification
process.
There is a different CLM blob file to be used if the device operates
as STATION or Access point (AP) or if it is meant to be used Indoors or
Outdoors. Every file is deployed into the system, but only
STATION+INDOOR files are selected by default.
For each use case there is a US-only and a Worlwide CLM blob file.
Initial list of countries covered by the Worldwide binaries is:
* US
* Canada
* Europe
* Japan
* Australia
* New Zealand
Files:
- cyfmac55500-sdio_US.APIndoor.clm_blob (MD5SUM: 3e6f5fdcf9a88cf425179c69862ac67f)
- cyfmac55500-sdio_US.APOutdoor.clm_blob (MD5SUM: f8655f59b87ac5a71a2a90f08c52755b)
- cyfmac55500-sdio_US.STAIndoor.clm_blob (MD5SUM: e2bf5ed665876203085bd0cc9c90e590)
- cyfmac55500-sdio_US.STAOutdoor.clm_blob (MD5SUM: ddc81881d8ed0b70e2b843bb7899e758)
- cyfmac55500-sdio_World.APIndoor.clm_blob (MD5SUM: e48416c461469652ef5594a402a596cd)
- cyfmac55500-sdio_World.APOutdoor.clm_blob (MD5SUM: 5c57605395d4e186c58b59e4a57d80cd)
- cyfmac55500-sdio_World.STAIndoor.clm_blob (MD5SUM: 3f54dbf06d633d7b1aad816f6d655b9d)
- cyfmac55500-sdio_World.STAOutdoor.clm_blob (MD5SUM: 9f706f9ae5d833e386ebabc21e7c779b)
https://onedigi.atlassian.net/browse/DEL-9798
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Switch ccimx8/ccimx9 wic images to a layout with a u-boot-env
partition. Use a fixed PARTUUID for SD rootfs.
https://onedigi.atlassian.net/browse/DUB-1119
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Update the recipe to pull Infineon firmware binaries from the official Infineon
repository (aligned with imx-scarthgap-longma Murata branch), avoiding
tarball-related build issues. Firmware remains at Infineon 2026_0108.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP2 platform in Linux.
https://onedigi.atlassian.net/browse/DEL-10029
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 9b99c0b073)
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP2 platform in Linux.
https://onedigi.atlassian.net/browse/DEL-10029
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a bootscript for the ConnectCore 95 platform, including the default device
tree overlay names.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Update secure boot support for Cortex-M processors by refreshing the patch set
and dropping patches already integrated, aligning the implementation with ST
release openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18.
https://onedigi.atlassian.net/browse/DEL-10022
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Until now the key modifier was being read from 'hwid_n' device tree
entries, but now those entries reflect the environment HWID, which
could be temporarily overriding the fuse HWID.
Ensure the key modifier is generated from the new 'hwid_fuse_n'
device tree entries created by U-Boot with the contents of the
fuse HWID, just as U-Boot does to encrypt/decrypt the environment.
https://onedigi.atlassian.net/browse/DEL-9123
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.145-2026_0108.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.590.3
- 2EC Wireless chip: v18.53.546.29
These updates are included as part of the imx-styhead-longma_r1.0 Murata release.
https://onedigi.atlassian.net/browse/DEL-9960
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M4
co-processor by verifying images against custom public key from OP-TEE.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
For both wireless and Bluetooth regulatory domain files, install the
files as is and create symlinks for the different regulatory domains.
Then, the drivers are responsible of loading the default files (US for
wireless, FCC for Bluetooth) or other files when specified through the
'regdmn' module parameters.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.110-2025_0718.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.522.8
- 2FY Bluetooth chip: v1.2.32.40.33 FCC and CE.JP
These updates are included as part of the imx-scarthgap-kraken_r1.0 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Updated error guidance to use `./install_linux_fw_uuu.sh -u <uboot_file>`
instead of setting INSTALL_UBOOT_FILENAME manually.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M33
co-processor by verifying images against OTP-stored keys.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the trustfence-stm-signtools package with the latest
versions from the STM32 MPU ecosystem v6.1.0:
- STM32MP_KeyGen_CLI v2.20.0
- STM32MP_SigningTool_CLI v2.20.0
These tools are deployed as part of STM32CubeProgrammer v2.20.0, adding support
for STM32MP21x processors and bug fixing.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vfat images need U-Boot scripts, which are always provided by the U-Boot
recipe, even for imx-boot-based machines. Replace the machine-dependent
BOOTLOADER_IMAGE_RECIPE with virtual/bootloader (which is provided by
u-boot recipes).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Notice that we need to create u-boot and imx-boot symlinks in the deploy
directory, as they are required for the bootloader of the wic images.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Replace the hard-coded '/etc' with ${sysconfdir}
* Extend the mmcblk check to prevent updating the environment configuration
when booting from the EMMC (even though the kernel command line root
passed is in the form of /dev/mmcblk).
* Switch the conditional inherit to inherit_defer as it depends on
IMAGE_FEATURES to avoid parse-time ordering issues.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit b581ac2a3b ("u-boot: rework deploy
symlinks using uboot_deploy_config") removed u-boot symlinks as part of cleanup
process. However, the main symlink is still required for the ccimx6 and
ccimx6qp platforms to generate bootable SD card images.
This commit keeps the symlink for those specific platforms to fix the SD card
image creation process.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on U-Boot v2024.04, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Move OpenSSL dependency from the common include file to the specific
recipes:
- trustfence-cst-native: openssl-native
- nativesdk-trustfence-cst: nativesdk-openssl
https://onedigi.atlassian.net/browse/DEL-9760
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On the multi-MTD layout (default) the 'data' UBI volume is never created
and thus not mounted by the system. This is because with this layout, the
creation of the UBI volume is done by the 'update' command, but nobody
updates this partition cause DEY doesn't generate an image for it.
We want the 'data' UBI volume to be created so that the CC6UL can connect
to the regular Remote Manager URI and store the certificate in it.
As long as a UBI volume is created, Linux will mount it, so this commit
erases the partition and creates the UBI volume.
The same goes for the 'update' partition. The installer was relying on the
recovery mechanism to wipe this partition, but this is not longer required
with UBI. As long as the installer erases the partition and creates the
volume, Linux will be able to mount it, so the boot in recovery mode has
been removed from the script.
Note: the formatting is only done for multi-MTD layout; the ubivolscript
creates all volumes for single-MTD layout.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Do not install 'txpower' and 'rutxpower' files from the Murata repo,
which are used for the V1 TX power method, and replace them with custom
'rgpower' files, required for the V2 TX power method.
These files encode the TxPower limitations obtained during the
ConnectCore 93 Certification tests, and there is one file per supported
country. There is a common file for all the European countries, so
create links for each of them, based on the CEPT REC7003E recommendation.
New 'rgpower' files:
- rgpower_CA.bin (MD5SUM: 7c012351f0521a02e3d78615fed5eb54)
- rgpower_EU.bin (MD5SUM: 4d1a54b3c1f12a7d0bb44d0337786a0b)
- rgpower_JP.bin (MD5SUM: b7706bb2718997d933b2bdf1e53e64b4)
- rgpower_US.bin (MD5SUM: 16555f962b025e0426098decd0147f1f)
- rgpower_WW.bin (MD5SUM: 505223c56527e849d4b1e5800c8613b5)
Take the opportunity to just install bt_power_config scripts and prevent
the installation of other unused files (db.txt, ed_mac_ctrl_V2_nw61x.conf
and regulatory.db) from the Murata repository.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Commit ac69566ecd mistakenly removed
the command of cc9, cc8x, and cc8m media installers that sets the
variable that contains the U-Boot file to install.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9720
At the point of saving the bootcmd for the second stage of the install
process we want to use the variable value, not the variable name
since this variable doesn't exist after the environment is reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9711
Use the existing uboot_deploy(_spl)_config function to clean up and rework
the symlinks created in the deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This gets substituted when TrustFence is enabled to "signed/encrypted"
or removed when TrustFence is disabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Programming an encrypted bootloader can only be done after the
secure keys have been programed on the OTP bits, and the device
has been closed. Programming on an open device would result in a
non-secure configuration or a non-bootable device after the
close operation.
Create functions to detect the current TrustFence status and exit
the install script if the device is open and the artifacts are
encrypted.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9699
The `-t` option to program images with TrustFence didn't make
much sense because the install script is dynamically generated
at build-time with the name of the boot artifacts containing
"signed/encrypted" on their filenames.
This commit:
- Removes `-t` option to simplify the script.
- Determines if programming a signed/encrypted bootloader by
looking at the bootloader filename.
- For NXP platforms, reworks the function that updates the
bootloader to properly program only-signed bootloaders (currently
wrongly using `trustfence update`)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Gonzalo Ruiz
Mike Engel
Javier Viguera
Arturo Buzarra
Francisco Gil
Hector Palacios