Add the ccimx95dvk flavor to OP-TEE, define the UART6 base and DDR
settings, and update the machine mappings using OPTEEMACHINE as the base
recipe does.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95 platform cloned from mx95lp5. Provide DDR configuration,
configure the console on lpuart6, and update ccimx95-dvk.conf to select
the new board.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the LPDDR4 firmware list from the shared ccimx9 include into the
machine configurations for the ccimx91/93 DVK, allowing the upcoming
ccimx95 to utilize its own distinct values.
Also, remove the redundant IMXBOOT_TARGETS and BOOTLOADER_SEEK_USERDATA
overrides in ccimx91-dvk, as they are duplicated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Commit b581ac2a3b ("u-boot: rework deploy
symlinks using uboot_deploy_config") removed u-boot symlinks as part of cleanup
process. However, the main symlink is still required for the ccimx6 and
ccimx6qp platforms to generate bootable SD card images.
This commit keeps the symlink for those specific platforms to fix the SD card
image creation process.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The Digi commits on the optee-os repository are part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the update of the recipe in meta-freescale this patch
(which exists in meta-freescale) does no longer need to
live in meta-digi.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The Digi commits on the imx-atf repository are now part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on U-Boot v2024.04, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on Linux kernel v6.6, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Move OpenSSL dependency from the common include file to the specific
recipes:
- trustfence-cst-native: openssl-native
- nativesdk-trustfence-cst: nativesdk-openssl
https://onedigi.atlassian.net/browse/DEL-9760
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
With the updated firmware-ele-imx recipe, the installation logic now
requires SECOEXT_FIRMWARE_NAME to be empty when no extra firmware is
to be installed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
meta-freescale updated the base recipe for NXP's release 6.6.52_2.2.1,
so our overrides in the bbappend are no longer needed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces a custom export_binaries() function to resolve a
deployment issue affecting the final TF-A artifact path. The issue occurs when
the SoC name does not match the TF-A device tree name.
This fix is required due to changes introduced in commit f0b4d0d02a
("ccmp15: enable secure_system_service for CCMP15"), which modified the TF-A
artifact generation process.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the Digi custom .bbappend recipes for FIP and TF-A to align
with the latest ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11
tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the default secure storage path
to /mnt/data/tee instead of /var/lib/tee. This will
store all secure storage keys in that path and will
keep them even during rootfs updates.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Update the STM32MP-specific kernel branch to Linux v6.6.78, aligned with the
latest ST release: openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
mwifiex driver is not able to automatically download the corresponding
rgpower binary after receiving CountryIE beacon information from country
XX, so we have to do it manually running "iw reg set XX".
However, the driver considers country XX is already configured and
ignores the rgpower download request.
Fix it by not processing the countryIE information in the driver by
adding a patch from NXP that will be integrated in their next
official release.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add service to automatically detect changes in the global regulatory
domain and force a PHY regulatory domain change.
This allows detecting regulatory domain changes based on beacon
information when 802.11d is enabled and instructing the wireless
driver to download the rgpower firmware file corresponding to the
selected country.
If the selected country is not one of the supported ones, Worldwide
rgpower_WW.bin file will be downloaded by default.
Run the check service every 5 seconds through a systemd timer.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
On the multi-MTD layout (default) the 'data' UBI volume is never created
and thus not mounted by the system. This is because with this layout, the
creation of the UBI volume is done by the 'update' command, but nobody
updates this partition cause DEY doesn't generate an image for it.
We want the 'data' UBI volume to be created so that the CC6UL can connect
to the regular Remote Manager URI and store the certificate in it.
As long as a UBI volume is created, Linux will mount it, so this commit
erases the partition and creates the UBI volume.
The same goes for the 'update' partition. The installer was relying on the
recovery mechanism to wipe this partition, but this is not longer required
with UBI. As long as the installer erases the partition and creates the
volume, Linux will be able to mount it, so the boot in recovery mode has
been removed from the script.
Note: the formatting is only done for multi-MTD layout; the ubivolscript
creates all volumes for single-MTD layout.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set V2 TX power method for regulatory management on the iw612 init
and remove the 'txpwrlimit_cfg' and 'init_hostcmd_cfg' driver
parameters which are only used for V1 TX power method.
This allows the driver to load a specific rgpower_XX.bin binary file
contained in the rootfs whenever command "iw reg set XX" is executed,
updating the TX power settings and allowed frequencies list to those
contained in the file. 'XX' stands for the 2-character ISO3166-1
alpha-2 country code.
If the selected rgpower_XX.bin file does not exist, or no country is
selected, the driver will load rgpower_WW.bin (Worldwide) by default.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Do not install 'txpower' and 'rutxpower' files from the Murata repo,
which are used for the V1 TX power method, and replace them with custom
'rgpower' files, required for the V2 TX power method.
These files encode the TxPower limitations obtained during the
ConnectCore 93 Certification tests, and there is one file per supported
country. There is a common file for all the European countries, so
create links for each of them, based on the CEPT REC7003E recommendation.
New 'rgpower' files:
- rgpower_CA.bin (MD5SUM: 7c012351f0521a02e3d78615fed5eb54)
- rgpower_EU.bin (MD5SUM: 4d1a54b3c1f12a7d0bb44d0337786a0b)
- rgpower_JP.bin (MD5SUM: b7706bb2718997d933b2bdf1e53e64b4)
- rgpower_US.bin (MD5SUM: 16555f962b025e0426098decd0147f1f)
- rgpower_WW.bin (MD5SUM: 505223c56527e849d4b1e5800c8613b5)
Take the opportunity to just install bt_power_config scripts and prevent
the installation of other unused files (db.txt, ed_mac_ctrl_V2_nw61x.conf
and regulatory.db) from the Murata repository.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Commit ac69566ecd mistakenly removed
the command of cc9, cc8x, and cc8m media installers that sets the
variable that contains the U-Boot file to install.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9720
At the point of saving the bootcmd for the second stage of the install
process we want to use the variable value, not the variable name
since this variable doesn't exist after the environment is reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9711
This commit enables building dey-image-flutter for the ConnectCore MP15
platform. It integrates the necessary configurations to support Flutter-based
graphical applications on this platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the existing uboot_deploy(_spl)_config function to clean up and rework
the symlinks created in the deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On NXP platforms, the signed/encrypted bootloader images are not
included on the installer ZIP. This prevents from using the installer
when TrustFence is enabled.
This commit adds to the installer:
- If encryption is enabled
- encrypted bootloader
- signed bootloader (for USB recovery boot)
- If encryption is disabled
- signed bootloader
- If TrustFence is disabled
- non-signed bootloader
It also treats the ccimx6ul special, as this has a dedicated file for
USB recovery boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9698
This gets substituted when TrustFence is enabled to "signed/encrypted"
or removed when TrustFence is disabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Programming an encrypted bootloader can only be done after the
secure keys have been programed on the OTP bits, and the device
has been closed. Programming on an open device would result in a
non-secure configuration or a non-bootable device after the
close operation.
Create functions to detect the current TrustFence status and exit
the install script if the device is open and the artifacts are
encrypted.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9699
The `-t` option to program images with TrustFence didn't make
much sense because the install script is dynamically generated
at build-time with the name of the boot artifacts containing
"signed/encrypted" on their filenames.
This commit:
- Removes `-t` option to simplify the script.
- Determines if programming a signed/encrypted bootloader by
looking at the bootloader filename.
- For NXP platforms, reworks the function that updates the
bootloader to properly program only-signed bootloaders (currently
wrongly using `trustfence update`)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
fix missing option to include the required kernel options for tsn support.
That support was added in commit 37f5db42ac for kernel 6.1, but it
was missed for kernel 6.6.
Add the support to include the required fragment, regardless the kernel
version.
While on it, update the tsn config to match kernel 6.6.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The default secure storage (/var/lib/tee) is a tmpfs and not persistent
across reboots. Change it to the data partition (/mnt/data/tee) when
TrustFence file system encryption enabled
For the log file, do use the /var/log/ directory instead of default
/data
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9683
As the OmniVision OV5640 camera is now deprecated and no longer supported by
most vendors, this commit moves its support to a separate Device Tree overlay,
allowing it to be used if needed.
Instead, the Sony IMX335 MIPI camera is integrated into the default device
tree as the default supported camera for the CCMP25-DVK platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Moved deploy_symlinks_atf from SYSROOT_PREPROCESS_FUNCS to do_deploy task
to ensure symlinks are created correctly even when rebuilding from the
shared state after a "bitbake -c clean tf-a-stm32mp".
Override do_deploy[sstate-outputdirs] from the original recipe to allow
installing both the deploy artifacts (binaries and symlinks) to the
package deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the address where the fitImage is loaded after the addresses
where the binaries in it are decompressed. This way, the fitImage
can grow without size restrictions.
The memory map now looks like this:
0xC0000000 Start of memory
|
| (32 MiB)
v
0xC2000000 Kernel loadaddr ($loadaddr)
|
| (32 MiB)
v
0xC4000000 DTB/DTBO load address ($fdt_addr)
| (4 MiB)
v
0xC4400000 Init ram disk ($initrd_addr)
|
|
| (64 MiB)
|
v
0xC8400000 ZIP/fitImage address ($fit_addr_r)
|
~
|
v
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- The TF-A binaries now have ${BOOTSCHEME_DEFAULT} in them (optee or
opteemin)
- The FIP binaries now have ${BOOTSCHEME_DEFAULT}-sdcard in them
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9678
The login prompt appears before Wayland is fully initialized and
has created a wayland socket.
Logging in too early as root in this scenario caused the
WAYLAND_DISPLAY environment variable to be left empty. As a
consequence, gstreamer failed to use waylandsink to print contents
in the display.
Introduce a 10-seconds polling loop to wait for the wayland socket to
be available before proceeding with the login.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
* Delete custom wolfssl_5.4.0-fips.bb recipe and README.
* Removed WolfSSL dynamic layer registration.
FIPS support is now managed through the external meta-wolfssl layer,
making this implementation unnecessary in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The new version in meta-wolfssl does build properly, so this append is
no longer needed.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Yocto added kernel local version support by using the KERNEL_LOCALVERSION
variable. It conflicts with the "fsl-kernel-localversion" class from
the meta-freescale layer, resulting in a duplicated local version in the
kernel release label (uname -r). Use the current Yocto support to avoid
that duplication instead of meta-freescale's class.
This enables further simplification of the 'copy_defconfig' task for NXP
and STM platforms using common code.
https://onedigi.atlassian.net/browse/DEL-9669
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
IMAGE_FSTYPES was declared on each platform config file, but it has the
same values for all platforms depending on the storage media (mmc or mtd)
and whether read-only is enabled.
Move the conditional weak assignment to digi-default.inc and remove it from
each platform config.
In the case of STM platforms, since IMAGE_FSTYPES is weak-assigned by STM
layer, we still need to append/remove from it inside the platform config,
but move it to the family includes, rather than declaring it on each
specific platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The generation of the sdcard image takes time and resources, and
it's not involved in the Get Started.
This can be easily re-enabled by appending the variable in the
project local.conf.
Append the variable in the build scripts, to facilitate its usage
on release builds.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The USB and SD installers are U-Boot scripts that are practically
identical.
Merge them into a single template with a couple of machine variables that
determine the default device index in U-Boot for the USB or the microSD
card.
Do dynamic substitutions to create the two installers out of the template.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The installer uses the regular rootfs filename or falls back to search
for a squashfs (read-only) rootfs image.
The UUU installers of eMMC-based platforms use an if/elif/else structure
to determine which file exist (in order of preference). Replicate this
structure on the rest of platforms and installers.
This avoids printing an error message if the default rootfs does not exist
but the read-only one does.
Also, reset 'rootfstype' variable if the default rootfs file exists, which
allows to install regular images over a previous read-only system.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We reverted the stub that didn't allow PM when serial boot
was enabled on TF-A. Restore the part of the recipe that
includes USB boot support on NAND boot images.
This reverts commit 24aef482ef.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
Fixes commit b143804dbb, since in nativesdk
context MACHINE_FEATURES is reset to SDK_MACHINE_FEATURES, causing OP-TEE
building tools to be missing from the generated SDK.
https://onedigi.atlassian.net/browse/DEL-9663
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Adding STM32MP_USB_PROGRAMMER=1 to TF-A NAND build allows the images to
boot from either NAND or USB (recovery) however, the source code of TF-A
disallows correct resuming from suspend when either STM32MP_USB_PROGRAMMER
or STM32MP_UART_PROGRAMMER are defined.
Remove this support so that the system can correctly resume from suspend.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
This commit fixes the rm command in the adapt_uboot_filenames function to
prevent build failures when the target artifact does not exist, ensuring the
operation is safe in all cases.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since commit 29d32063ac0abb1017756f62f94aec22ce305b60 ("u-boot: kernel-fitimage:
Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled") in Poky layer,
the `kernel-fitimage` and `uboot-sign` classes are no longer explicitly
dependent. This change introduced a race condition when inserting the signed
RSA keys into the U-Boot DTB for FIT image verification.
This commit introduces a new step for `do_uboot_assemble_fitimage`, which is
now responsible for injecting the keys into the U-Boot DTB. This logic was
previously handled in the Linux kernel recipe via the `do_assemble_fitimage`
function in previous Yocto versions.
Additionally, a build-time dependency is added between the `do_uboot_assemble_fitimage()`
function and the kernel's `do_kernel_generate_rsa_keys()` task, which is
responsible for generating the RSA keys used to sign the FIT image.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the memory layout to properly allocate space for the
different FIT image components, while ensuring total memory usage stays below
128 MiB. This avoids overlaps and ensures correct loading on memory-constrained
variants.
Final memory map:
Start of memory: # 0xC0000000
# |
# | 32 MiB reserved
# v
FIT image load address: # 0xC2000000
# |
# | 32 MiB for FIT image
# v
Kernel load address: # 0xC4000000
# |
# | 32 MiB for Kernel
# v
DTB/DTBO load address: # 0xC6000000
# |
# | Size for DTB/DTBO
# v
Total memory mapped: 96 MiB
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In theory, we already had the necessary changes to remove these images, but
two things needed tweaking:
* MULTIUBI_BUILD values use underscores instead of hyphens, so use
underscores to properly remove the default value inherited from
BOOTDEVICE_LABELS.
* STM used to incorporate a custom "stmultiubi" image type in the stm32mp
builds, but they've replaced this with the upstream "multiubi" type.
Reflect this change to avoid generating additional UBI/UBIFS images in
our builds.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are several recipes in meta-digi related to features that we haven't
tested in a long time and don't appear in the DEY 5.0 documentation. Remove
them to avoid unexpected behavior.
Said features are:
* Coral TPU support (only supported in DEY 3.2)
* AWS support (removed from default images and docs in DEY 4.0)
* dey-image-tiny (hasn't been maintained since DEY 2.0)
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add the following countries to the CLM Blob file:
- Brazil
- Mexico
- Saudi Arabia
- Hong Kong
- Singapore
- Malaysia
- Taiwan
- Korea
This is the new World CLM Blob file:
- cyfmac4373-sdio_World.clm_blob (11d5fab6659eff491aca1a219ad33b00)
https://onedigi.atlassian.net/browse/DEL-9438
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This overlay contains a workaround to make the USB-OTG
work as USB device when connected to a host.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9610
(cherry picked from commit ec92f5fdd10a61e37ac3778d0d3aa1816bc6b0aa)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
STM's st-machine-common-stm32mp.inc file automatically incorporates "optee" to
MACHINE_FEATURES as long as BOOTSCHEME_LABELS contains "optee". Since we
recently modified the ccmp15's labels to only contain "opteemin", this is no
longer the case, which leads to:
* optee packages (optee-client, optee-os) not getting installed in images and
SDKs
* optee patches for environment encryption not being applied to libubootenv
Add the feature manually to fix these two issues
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
OP-TEE comes in two flavors: optee and opteemin
For NAND-boot images, add support for USB boot as well,
so that the default tf-a image is valid for booting from
either NAND or USB.
We had this for 'optee' flavor but not for 'opteemin'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 9c3916da94 added INSANE_SKIP
"32bit-time" to certain recipes that use 32bit APIs on the ccmp1
SOMs, but forgot to include the `pn-` prefix to really apply to
those recipes.
While on it, add two additional ones on recipes used by NXP 32-bit
platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.97-2025_0219.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.387.16
- 2AE Wireless chip: v13.10.246.356
These updates are included as part of the imx-scarthgap-jaculus_r1.1 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
That includes several CVE patches not present of meta-freescale's
23.2.5.imx recipe (which is based in exactly the same revision).
Similar change was done in NXP's meta-imx (see commit
99ceb057fcfdc8151c1488089d5f22363dfdb6d7).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the installer scripts to support CCMP1 platforms under
Yocto 5.0, aligning them with the current behavior used for CCMP2.
Changes include:
- Adding support for the metadata partition, which is now required
- Including the optee/opteemin flavors in boot artifact filenames
- Ensuring the script structure and logic remain consistent with CCMP2 install scripts
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently, the final metadata symlink is composed using the TF-A Device Tree
configuration, which includes memory variant details. However, these variants
are not relevant for the metadata binary.
To avoid generating multiple redundant metadata files or using confusing names,
this commit updates the symlink to be composed using the MACHINE variable
instead.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In Yocto 5.0, the boot artifacts for CCMP1 platforms are compiled using the
opteemin flavor. This commit updates the BOOTABLE_ARTIFACTS definition to
reflect that change and properly integrate the boot artifacts into the ZIP
installer.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
After more in-depth testing, we discovered that the flv/ogv video issues on the
ccmp25-dvk don't happen when playing videos with standard resolutions. Since
the workaround consisted of reverting a patch backported from upstream
gstreamer, and it only fixed flv video playback anyway, revert said workaround
and test using videos with standard formats.
This reverts commit e09eff7e1a.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The binaries of certain recipes use 32-bit APIs (ioctl, stat) that produce
build warnings. Add INSANE_SKIP to prevent the warnings.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
ALSA_LIST variable is weakly set through an override (stm32mp1common or
stm32mp2common). When the override is in place, the hard assignment of
the plain variable is not enough, and the value weakly set in
meta-st-stm32mp layer takes precedence over the plain variable hard
assignment.
Clear the variable with the override and move it from machine config files
to the include file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Move BOOTSCHEME_LABELS from common include to platform config
Default to:
- 'opteemin' for ccmp15
- 'optee' for ccmp13
This doesn't change the behavior present in DEY-4.0, where OPTEE in ccmp15
was minimal and running on non-secure DDR.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This override sets other variables, such as STM32MP_SOC_NAME which is used
on the build of the FIP image.
It also makes ST layer append a new UBOOT_CONFIG (default_stm32mp15/13)
that we must remove.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
On the new BSP the configuration is called 'optee-nand' and the build
parameters have changed.
We do this override in meta-digi only to incorporate
`STM32MP_USB_PROGRAMMER=1`
parameter, which allows to boot the nand image from USB, too.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The function had into account the memory variants when copying U-Boot
device trees, but not the U-Boot binaries themselves.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit removes kernel headers from the SDK package list to
prevent overwriting the default ones, as there are currently no
ST-specific headers required.
Reference: ebadb27d60
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When a WiFi card adds additional interfaces (for AP or WiFi direct),
it generates udev triggers that lead the wifi card to fail.
Ignore those events.
The reason of this new behavior is due to poky commit 1e8b49999ad8.
https://onedigi.atlassian.net/browse/DEL-9600
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Configure the FIT_CONF_DEFAULT_DTB in the machine settings to define the
default configuration for the generated FIT image.
https://onedigi.atlassian.net/browse/DEL-9595
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
STM patch nº8 was causing memory mapping errors when playing .flv videos on the
ccmp25-dvk, so revert it.
https://onedigi.atlassian.net/browse/DEL-9466
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.0.1 software package from the meta-st-x-linux-ai
layer.
The update removes support that is now provided directly by the ST layer in
this new version and adapts existing recipes to align with the updated
mechanisms for AI application integration. These changes ensure compatibility
with platforms that feature hardware acceleration (NPU), as well as those that
rely solely on CPU-based inference.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Enable CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF when using docker, as it
is needed for a correct network interoperability.
Some kernels may have it enabled by default, but others not, so just enable
it for any platform.
https://onedigi.atlassian.net/browse/DEL-9592
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Enable CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF when using docker, as it
is needed for a correct network interoperability.
Some kernels may have it enabled by default, but others not, so just enable
it for any platform.
https://onedigi.atlassian.net/browse/DEL-9592
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.0.1 software package from the meta-st-x-linux-ai
layer.
The update removes support that is now provided directly by the ST layer in
this new version and adapts existing recipes to align with the updated
mechanisms for AI application integration. These changes ensure compatibility
with platforms that feature hardware acceleration (NPU), as well as those that
rely solely on CPU-based inference.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the default integration of the Flutter framework from the
SDK due to its significant impact on toolchain size, build time, and reliability.
Including Flutter increases the build complexity exponentially, often resulting
in timeouts or failures caused by the large number of recipes involved.
Customers who require Flutter can still enable it manually if needed.
https://onedigi.atlassian.net/browse/DEL-9380
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
* Set the OP-TEE base address to 0x7e000000 (32MiB below the first gigabyte
of DDR).
* Update the ATF and OP-TEE memory maps to support up to 4GiB DDR.
This ensures OP-TEE runs reliably across all ccimx8mm memory configurations.
https://onedigi.atlassian.net/browse/DEL-9502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Flutter is an open source framework for building multi-platform applications
without a graphical backend running. This commit adds support to create a new
DEY image type based on Flutter ready to use for the users.
https://onedigi.atlassian.net/browse/DEL-9380
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a unique patch with the RT functionality between NXP tags (sha1)
'lf-6.6.36-2.1.0' (d23d64eea5111e1607efcce1d601834fceec92cb)
'Real-Time-Edge-v3.1-202503' (f03af81d60b7ae14e03fafa8f4c4289c30a73f93)
https://onedigi.atlassian.net/browse/DEL-9324
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The btnxpuart is the driver used to manage the bluetooth for our i.mx9
modules, so only specify it for the affected platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The patch was recently added to meta-freescale, remove it from our layer to
avoid build errors.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 907531b55c)
The patch was recently added to meta-freescale, remove it from our layer to
avoid build errors.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add UYVY support in order to be aligned with stateful v4l2 codecs
such as v4l2jpegenc.
https://onedigi.atlassian.net/browse/DEL-9546
Change-Id: I8c8e0b328aa3ea2325085d26cad0c14549b25f5a
Reviewed-on: https://gerrit.st.com/c/oeivi/oe/st/meta-opensdk/+/436381
ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Tested-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Reviewed-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add also BGRA, ARGB, ABGR formats in order to be aligned with stateful
v4l2 codecs such as v4l2jpegenc.
https://onedigi.atlassian.net/browse/DEL-9546
Change-Id: Ia51f7a93b0a6fbccb3222230e9f0936d2293cbbb
Reviewed-on: https://gerrit.st.com/c/oeivi/oe/st/meta-opensdk/+/436379
Reviewed-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
ACI: CITOOLS <MDG-smet-aci-reviews@list.st.com>
Tested-by: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit conditionally selects the appropriate boot artifacts to include in
the ZIP installer, depending on whether Trustfence is enabled or not.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Both boot artifacts now use the same signed label, so this commit removes
unnecessary logic and updates the UUU install script to support the new boot
artifact naming. It also fixes the detection of signed artifacts by checking
for the presence of the FIP artifact, instead of relying on a U-BOOT artifact
that does not exist on this platform.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates optee-client support from the meta-st-openstlinux layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.03.19 tag.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit simplifies the recipe by integrating the symlink generation
directly into the main do_deploy() function, removing the need to maintain
both a do_deploy() and a do_deploy:append().
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit addresses two issues in the symlink deployment function:
- do_deploy() should not write directly to DEPLOY_DIR_IMAGE. Instead,
it now uses DEPLOYDIR.
- Expands do_deploy() instead of using SYSROOT_PREPROCESS_FUNCS to ensure that
the original FIP artifacts are created and properly regenerated on each build.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit generalizes the symlink generation to allow creating a final
symlink in the deploy directory, supporting different artifact flavors:
regular, signed or encrypted.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Assembling a FIT image requires that all artifacts are ready before calling
assemble_fitimage(), which occurs before do_install() and after do_compile().
To ensure the Linux kernel recipe provides the final artifacts in the correct
location, this commit replaces the additional do_install() step with an
additional do_compile() step, ensuring that all necessary artifacts are
available before assemble_fitimage().
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the sign-stm32mp bbclass from the meta-st-stm32mp layer to
allow customization. The main customization ensures that the search_path()
function does not raise a build exception if the signing tool or keys are not
present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces the necessary settings for the kernel-fitimage class to
enable FIT image generation.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The kernel-fitimage class sets the default configuration using the first
element from the kernel device tree list. This commit ensures that the main DTB
is listed first to enforce the correct default configuration.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces a custom do_compile() function to resolve a signing
issue affecting the final TF-A artifact, where the SoC name does not match the
TF-A device tree name.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit corrects an issue in the sign key processing when the SoC name does
not match the FIP device tree name.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates secure boot support based on the STM32 MPU Ecosystem v6.0
and integrates support for the ConnectCore MP2 platform.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The FIP flavor for OP-TEE + USB is managed in the meta-st-stm32mp layer through
the "optee-programmer-usb". However, since we do not require the additional
overhead introduced by the STM32CubeProgrammer tool, this commit introduces a
new FIP configuration based on OP-TEE for booting from USB.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the trustfence-stm-signtools package with the latest
versions from the STM32 MPU ecosystem v6.0:
- STM32MP_KeyGen_CLI v2.19.0
- STM32MP_SigningTool_CLI v2.19.0
These tools are deployed as part of STM32CubeProgrammer v2.19.0, adding support
for STM32MP2x processors.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates the X-LINUX-RT expansion package from the
meta-st-x-linux-rt layer, based on the tag
"openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06", for Yocto Scarthgap.
Currently only the STM CCMP2 is supported in kernel 6.6.
https://onedigi.atlassian.net/browse/DEL-9507
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit integrates the X-LINUX-RT expansion package from the
meta-st-x-linux-rt layer, based on the tag
"openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06", for Yocto Scarthgap.
Currently only the STM CCMP2 is supported in kernel 6.6.
https://onedigi.atlassian.net/browse/DEL-9507
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Assignment of variable 'force_erase' was done without escaping quotes
which led to wrong assignment and the script not forcing the erasure of
NAND partitions.
While on it, remove it from ccmp1 scripts where its use makes no sense
as the 'ubivolscript' script takes care of erasing the partitions.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
(cherry picked from commit 96e1e8351d)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Assignment of variable 'force_erase' was done without escaping quotes
which led to wrong assignment and the script not forcing the erasure of
NAND partitions.
While on it, remove it from ccmp1 scripts where its use makes no sense
as the 'ubivolscript' script takes care of erasing the partitions.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit updates several binaries, including the NVRAM and Bluetooth patch
file, based on the latest Murata release imx-scarthgap-jaculus_r1.0. This release
is still based on the Cypress Linux WiFi Driver (FMAC) v6.1.97-2024_1115
(Wireless firmware v28.10.387.10), keeping the wireless firmware unchanged.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit makes the following changes over the original wks file:
- Fixes binary names to match the OP-TEE sdcard flavor
- Fixes the fip-a/b partition UUIDs
- Set a valid rootfs size that allows flash default images
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit defines the device tree file variable used to generate the SD card
image, fixing the build of the bootloader flavor intended for booting from an
SD card.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The sign script has been updated to support AHAB-based modules like the CCIMX8X.
As a result, there is no longer a need to maintain two separate recipes for the
signing scripts. This commit unifies them into a single recipe.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Due to a change in systemd the default home directory is now "/root".
Modify our recipes to match with this change.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We had a SYSROOT_PREPROCESS_FUNCS on the tf-a-stm32mp recipe to
create symlinks to both TF-A and FIP binaries, but the FIP binaries
are now produced by fip-stm32mp recipe.
This had the effect that the files might not be ready.
Duplicate the function in the fip-stm32mp recipe and create the
symlinks for the FIP images there.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Also, add the wifi driver patch and binaries included in
NXP's incremental release to fix the issues on release
'lf-6.6.52-2.2.0'.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Update to 5.9.4.1 version following 'lf-6.6.52_2.2.0' NXP release.
This has not been released in meta-freescale yet, so reuse the 5.9.4
recipe and apply the changes from meta-imx.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Update to 4.4.0 version following 'lf-6.6.52_2.2.0' NXP release.
This has not been released in meta-freescale yet, so reuse 4.2.0
recipes and apply the changes from meta-imx commit
900356ea1bf71854053266eec4b92adf4552624c.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
imx-boot includes the 'imx-mkimage_git.inc' from meta-freescale, so
redefine the SRCBRANCH and SRCREV for every platform in the bbappend.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Device tree overlays now have the extension 'dtso' that
distinguishes them from board 'dts' files, so there is
no need for a prefix '_ov_' to tell if a file contains
a DT overlay.
To make them shorter and easier to tell the platform they
are for, change the filename format to:
<platform-name>_<functionality>.dtso
where <platform-name> can be the name of the SOM or the
name of the DVK, so there is no need either to specify
'som' or 'board' on the filename.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This recipe extracts a small set of UAPI header files form the linux-imx tree.
However, the revision these headers are extracted from is already present in
our linux fork, so bitbake is currently fetching the linux-imx repo to obtain
some files that it can also obtain from our fork. This is impractical because
the repo in question is quite large (~2.80 GiB) and only getting larger with
time.
By modifying the recipe to use our linux fork instead of NXP's, we avoid having
to fetch NXP's repo.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This doesn't change the behavior of the linux-dey recipe, all it does is make
the LINUX_GIT_URI variable accessible to any meta-digi recipe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now all platforms support setting the GPIO name instead of an index
as the configuration for the GPIO-enabled secure console.
Repurpose the TRUSTFENCE_GPIO_ENABLE macro to directly set the GPIO
name.
Also take the opportunity to remove TRUSTFENCE_GPIO_ENABLE and
TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE commented definitions from bbclass
and conf files, and remove a duplicated TRUSTFENCE_CONSOLE_DISABLE
definition from ccmp1.inc.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When ST_OPTEE_DEBUG_TRACE=0, the source code default to a LOG_LEVEL=2
which prints a lot of messages on the boot log.
Reduce it to LOG_LEVEL=1.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the rework in 61eb1bfbe6 the metadata
file inside the fip/ subfolder has the default filename 'metadata.bin'.
Use the new symlinks that now live on the deployimgdir.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These are clones of 'optee-programmer-uart' and
'optee-programmer-usb' defined in tf-a-stm32mp-config.inc but
do not require to have the STM32MP_DEVICETREE_PROGRAMMER_ENABLE=1
which causes build problems in U-Boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9483
bluez5-init is a Digi custom recipe to collect the init script
needed to bring up the specific platform bluetooth hardware.
CCMP1s do not require any bluetooth init extra action.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The BT interface initialization is occasionally failing with the hci0
interface not being fully up.
Adding the retry solves all those initialization failures.
https://onedigi.atlassian.net/browse/DEL-9287
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This avoids the next warning when builing for STM platforms
WARNING: No recipes in default available for:
meta-digi/meta-digi-arm/recipes-kernel/kernel-modules/kernel-module-nxp-wlan_git.bbappend
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The following TF-A artifacts are deployed to subdirectories of
the image deploydir:
- arm-trusted-firmware/tf-a-<platform>-<bootconfig>.stm32
- arm-trusted-firmware/metadata-<platform>.bin
- fip/fip-<platform>-<bootconfig>.bin
- fip/fip-<platform>-ddr-<bootconfig>.bin
These binaries are not copied to the image deploy dir during
the regular do_deploy(), instead, they are deployed by script
tf_a_sysroot_populate() which is added to SYSROOT_PREPROCESS_FUNCS.
To follow this logic, change the previously wrong do_deploy:append
into a new function and append it also to SYSROOT_PREPROCESS_FUNCS,
so that it is called after the artifacts have really been deployed.
In the existing code, fix the paths and commands, which had some
errors.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9461
Javier Viguera
Mike Engel
Arturo Buzarra
Hector Palacios
Gabriel Valcazar
Gonzalo Ruiz
Isaac Hermida
Christophe Priouzeau
Francisco Gil