This commit add secure storage service and helper
script to setup the secure storage at boot up.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-9891
Add IEEE 802.11ax (HE) support to enable High Efficiency capabilities when
operating in the 6 GHz band.
https://onedigi.atlassian.net/browse/DEL-9952
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Optimize the script to remove unneeded code.
As the BT_REG_ON is managed by the driver, the REG_POWER_ON is not
needed at all.
Loading the hci_uart pulls btbcm, so no need to load it explicitly.
https://onedigi.atlassian.net/browse/DEL-9949
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Consolidate the init script for platforms based on the same driver with
the same logic.
The btbmc and hciuart drivers are used in the ccmp1 and cc95.
The btnxpuart driver is used in the cc91 and cc93.
The btdigi driver is used in the cc8 platforms with the qca65x4 driver.
https://onedigi.atlassian.net/browse/DEL-9949
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The ConnectCore 95 SOM v2 uses the Murata 2EC wireless combo chip, so this
confirmation includes the firmware recipe for Bluetooth initialization.
https://onedigi.atlassian.net/browse/DEL-9949
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
ccimx6 was the only platform using wpa_supplicant instead of hostapd for
SoftAP configuration, requiring additional platform-specific logic.
Since SoftAP works correctly with hostapd, drop the wpa_supplicant path
and unify the AP implementation across platforms.
https://onedigi.atlassian.net/browse/DEL-9923
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Enable signed firmware to prevent unauthenticated code on the Cortex-M4
co-processor by verifying images against custom public key from OP-TEE.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds a retry to the swu_package_path function of
the recovery-initramfs-init script. It has been seen that
with some USB memory stick a retry is necessary to mount
the external storage device containing the SWU package.
If the SWU package file is found before the max retries
is reached the loop will be exited and the SWU installation
will start. If max retry is reached and the SWU package
wasn't found it finishes with an error.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-9908
Introduce a dynamic layer to integrate X-LINUX-ISP v6.1.0 ST layer into DEY,
providing ISP image quality software, tools, and example applications for
STM32MP25x series.
https://onedigi.atlassian.net/browse/DEL-9890
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In previous versions of swupdate, only one SIGALG_* option could be chosen at
build-time, with SIGALG_RAWRSA being the default option. However, in 2025.12,
multiple SIGALG_* options can now be configured at build-time, allowing users
to choose the signature verification algorithm used at runtime via the
"digest-provider" parameter. We weren't explicitly setting any of these
algorithms in our defconfig, so the resulting builds didn't have any digest
providers, causing swupdate to fail early on when signed images are enabled.
To restore the behavior of previous swupdate versions, explicitly enable
SIGALG_RAWRSA when signed images are enabled. Since we only enable one digest
provider, it will be chosen automatically, without having to explicitly set the
"digest-provider" parameter at runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 619ca8b2a8 changed the ccimx6ul's default endpoint URL and client cert
path in order to prevent performance issues if the client cert is erased before
registering the device.
In reality, the client cert path doesn't really matter after this change since
the remotemanager.digi.com endpoint won't make use of it, and we now ensure
that /mnt/data is writable; so we might as well keep using that path.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In these platforms, /dev/fb0 corresponds to the LVDS display, so change the
demo's output framebuffer to /dev/fb3 to use the HDMI display instead.
https://onedigi.atlassian.net/browse/DEL-9878
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
lv-conf.inc is a general configuration file, meant for any LVGL application,
while lvgl-demo_9.3.0.bb is the recipe for our example demo. Make sure any
modification made to the demo or its initscript is made in its corresponding
recipe.
This is cosmetic, no functional change.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In platforms that support wayland/xwayland, dey-image-lvgl images have most
weston/wayland packages removed from the filesystem, save for the main wayland
package (because DISTRO_FEATURES still contains "wayland"). Because of this,
the wait_for_wayland() function is called in lvgl-demo-init, but the wayland
display never gets created, causing the function to time out after 20 seconds.
Get rid of this check to have the lvgl-demo launch as soon as possible.
While at it, get rid of other wayland-related logic, since we only use LVGL's
drm or fbdev backends at the moment.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If a target's DRM certificate is lost/erased before registering said target,
the CCCS server will reject all connection attempts from the target. This
can happen during development, as our installer scripts format the data
partition where the certificate is stored by default (see commit c17af3fd47).
Since the ccimx6ul uses sysvinit, we respawn the cccsd daemon via inittab if
process ends unexpectedly (see commit b154154a7e). When the server always
rejects connections due to a missing certificate, the cccsd daemon is
constantly respawning and terminating prematurely. Said daemon is very
CPU-intensive during initialization, so this causes the overall system's
performance to be hindered.
For now, to avoid this situation, use the CCCS endpoint that doesn't require
a certificate in order to ensure stable connections even if the data partition
gets formatted.
https://onedigi.atlassian.net/browse/DEL-9892https://onedigi.atlassian.net/browse/DEL-9894
This reverts commit 4f8ed2d434.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a check to avoid disabling read-only protection on partitions that don't
support it, and refine logging to print the specific bootloader partition being
flashed (instead of the generic "U-Boot" label).
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Do not append the encryption key to the bootloader on STM platforms, it’s not
required and triggers an installation error.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Correct the bootloader artifact names (TF-A and FIP) for CCMP1/CCMP2 during
.swu generation with TrustFence enabled.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit b1800736af ("trustfence: update support to
STM platforms and integrate CCMP2") renamed several variables like FIP_SIGN_KEY
to SIGN_KEY, but missed updating the `SWUPDATE_PRIVATE_KEY_TEMPLATE` assignment.
This broke .swu signing on STM targets.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Introduce a configurable variable to enable/disable secure co-processor
firmware when TrustFence is enabled.
https://onedigi.atlassian.net/browse/DEL-9813
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Retrieve the Bluetooth MAC address from the device tree (DT) node
rather than from the environment.
U-Boot will populate this address by default, but it can be
overridden with a custom MAC address specified directly in the DT,
which then takes priority.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Version 1.6.4 is no longer available, as meta-openembedded updated it
to version 1.6.5. Update our preferred version using a wildcard as our
libdigiapix depends on the 1.6.x series.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 06175c3c26)
Commit 87b73f3f5d consolidated all connectcore-demo-example recipes into a
single recipe with multiple packages. Even though we choose which of these
packages to install depending on the image type, all packages (along with their
dependencies) get built regardless of which package ends up getting installed.
This means that the browsers (webkit/chromium) will get built as long as their
respective layer is in the bblayers, regardless of the image type.
For example:
* wpewebkit will get built for all platforms with webkit support,
regardless of the image (qt, flutter, core-image-base...)
* chromium-ozone-wayland will get built for the ccimx95-dvk, even for qt
and flutter images
Since we already include the main webkit and chromium packages in their
respective image's packagegroup, simply remove the dependencies from the
connectcore-demo-example recipe to avoid build overhead and unexpected errors.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The new image runs the local ConnectCore demo application using chromium
on the ccimx95.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This comes from NXP's 'walnascar-6.12.34.2.1.0' release.
It depends on "meta-chromium" layer (which is part of meta-browser
repository.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Replace the standalone connectcore-demo-example-webkit recipe with
a bbappend extending the main demo recipe. This is in preparation for
adding support for chromium-based connectcore demo.
While on it, merge the .inc file into the main recipe as there is only a
consumer of that inc file. Also minor cosmetic fixes to make the recipe
more Yoct-ish.
https://onedigi.atlassian.net/browse/DEL-9838
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Version 1.6.4 is no longer available, as meta-openembedded updated it
to version 1.6.5. Update our preferred version using a wildcard as our
libdigiapix depends on the 1.6.x series.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Integrate ST libcamera recipe from meta-st-openstlinux layer at
openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11 tag. This recipe is required by
the NPU demos in meta-st-x-linux-ai.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ccimx95 does not share most of the configuration with the ccimx91/93,
so use a specific configuration file.
At the moment only the GPIO's configuration is updated for the ccimx95
(user LEDs and BUTTONs).
https://onedigi.atlassian.net/browse/DEL-9809
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Use ${servicedir} instead of hardcoded /srv, disable unnecessary
configure/compile steps and reorder the recipe according to Yocto coding
style.
No functional change.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Out of the three patches we currently apply to v2.44.4, two are no longer
needed for v2.46.7:
* 0001-Build-fix-when-LAYER_BASED_SVG_ENGINE-is-off.patch is already
included in v2.46.X releases
* 0001-DMABufVideoSinkGStreamer-disable-sink-unconditionall.patch is no
longer needed, since the GL sink is chosen by default in v2.46.7
Only port 0001-UIProcess-WebProcessPool-always-swap-process-when-us.patch to
avoid performance issues on platforms with memory restrictions.
Keep the v2.44.4 patches in case customers want to use said version, and
clearly separate the patchsets for both versions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partially reverts commit 6a7e9fa9e4. We initially downgraded to v2.44.4
to fix an issue with mouse clicks in our ConnectCore demo, but these issues
have been fixed after cog was upgraded to v0.18.5 in meta-webkit.
Remove the downgrade to use the newest v2.46.X versions of wpewebkit in the
scarthgap branch of meta-webkit, currently at v2.46.7.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Use an HCI vendor-specific command from Infineon on bluetooth-init
to set a custom MAC address every time the interface is started.
Valid for both CCMP1 (Murata 2AE) and CCMP2 (Murata 2FY) devices.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the dcmipp-isp-ctrl recipe to align with the version
provided in OpenSTLinux v6.1.0. This new version includes support for histogram
handling in the ISP controller.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package is specially required for configuring the camera
paths on the newest kernels and capture drivers.
Include it by default in all platforms that support video.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Let customers decide if they only want to generate SBOMs for a subset of their
images, or none at all
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit b010285f785706635b6a765a529d6d4d0e087ddc)
This is the version supporting the i.MX95. This library is a dependence
of the gputop package.
As a requirement to allow building this library for the ccimx95-dvk,
update the fsl-eula-graphics bbclass with the latest changes in meta-imx.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This .bbclass allows to generate a .zip file per image, each containing all of
the necessary information to run a CVE scan using the Digi ConnectCore Security
Services' CVE analysis tool.
https://onedigi.atlassian.net/browse/DEL-9632
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit fabce3a881454c8a7346538127da5f22862654b6)
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently, the patch is identical for all ccimx9 platforms, so move it
to a generic override folder to be used also for ccimx95.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit removes the wayland backend use directly the video
interface and reduce image size. In this version the wayland
support is still not fully suport or similar how it was in the
previous verison we used.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit upgrades our LVGL support to v9.3.0.
We used the meta-openembedded implementation, reference
and reused the lv_conf.inc file for the demo configuration.
https://onedigi.atlassian.net/browse/DEL-9222
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
STM recently updated their AI layer from v6.1.0 to v6.1.1, so our v6.1.0
bbappend wasn't being applied anymore. Use a wildcard for the hotfix version
number in case this happens again in the future.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
While on it, remove the third argument to write_artifact_emmc function,
as write access is always needed to write in U-Boot partitions, otherwise
they would be 'ro' protected.
https://onedigi.atlassian.net/browse/DEL-9735
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
(cherry picked from commit 5001419caf)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Since commit 7f1a3011521c955760b2fec24e64a721d22eaa91 ("applications: replace
camera source v4l2src with libcamera") in the meta-st-x-linux-ai layer, the
setup camera script has been replaced by libcamera. As a result, these patches
are no longer applicable.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
While on it, remove the third argument to write_artifact_emmc function,
as write access is always needed to write in U-Boot partitions, otherwise
they would be 'ro' protected.
https://onedigi.atlassian.net/browse/DEL-9735
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Until DEY 5.0, the ccimx6ul platform was the only one that did not include a
`data` partition.
As a result, `cccsd` had to store the client certificate from Remote Manager in
the root filesystem, under `/etc/ssl/certs` by default.
This setup caused issues after a software update, as the received client
certificate would be lost, making the device unable to reconnect to the server
until the certificate was manually reset from Remote Manager.
The same problem occurred in dual-boot systems, since the certificate was stored
in the rootfs of the current bank and was not accessible from the other bank.
To avoid this situation, the ccimx6ul used the `remotemanager.digi.com` endpoint
instead of `edp12.devicecloud.com`, as the former does not support or deliver
client certificates.
Now that DEY 5.0 includes a `data` partition in the ccimx6ul partition table, we
can remove this exception and allow the use of `edp12.devicecloud.com`, storing
the certificates persistently in the `data` partition.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The latest X-LINUX-AI v6.0.1 release consolidated the config_board_npu.sh
script across all STM32MP2x platforms with NPU support. As part of this
consolidation, the supported video resolutions were unified under a single
default setting, which does not work correctly with USB webcams.
This commit updates Digi’s custom patch to adjust the internal resolution used
for processing video streams from webcams, ensuring proper support and
functionality.
https://onedigi.atlassian.net/browse/DEL-9721
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since the release of X-LINUX-AI v6.0.1, AI support has been split between
devices with NPU and those relying solely on CPU. As a result, the Digi custom
patch to enable USB webcam support was no longer applied, because the
config_board_npu.sh script is now handled by the new config-npu.bb recipe.
This commit addresses the issue by introducing a new bbappend for config-npu,
ensuring that the webcam-related patch is correctly applied for NPU-enabled
platforms.
https://onedigi.atlassian.net/browse/DEL-9721
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Systemd-based systems do not use the global /etc/sysctl.conf file. Instead,
they read configuration from individual files under /etc/sysctl.d. This
change installs our sysctl settings as /etc/sysctl.d/console.conf when
systemd is enabled.
For systems that do not use systemd, the configuration file is still
installed at /etc/sysctl.conf. The CONFFILES entry is also updated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On NXP platforms, the signed/encrypted bootloader images are not
included on the installer ZIP. This prevents from using the installer
when TrustFence is enabled.
This commit adds to the installer:
- If encryption is enabled
- encrypted bootloader
- signed bootloader (for USB recovery boot)
- If encryption is disabled
- signed bootloader
- If TrustFence is disabled
- non-signed bootloader
It also treats the ccimx6ul special, as this has a dedicated file for
USB recovery boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9698
The vsftpd-cert init script was previously starting too late,
causing vsftpd to start before the certificates were generated.
The priority has been increased (to 70) so that vsftpd-cert
runs earlier during boot.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Removed curl_%.bbappend which forced the use of ares over the default
threaded-resolver. We did this customization for NetworkManager long
ago in the context of network failover. Later we dropped it from NM,
but the customization in curl remained.
This saves approx. 100KB in the rootfs (libcares.so).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Hector Palacios
Mike Engel
Arturo Buzarra
Isaac Hermida
Francisco Gil
Javier Viguera
Gabriel Valcazar
Gonzalo Ruiz
Tatiana Leon