We support only B0 silicon revision and that is already set on
"imx-digi-base.inc" for all mx95 based machines.
https://onedigi.atlassian.net/browse/DEL-9811
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the virtual OP-TEE syntax for the CCMP1 and CCMP2 platforms
to align with the changes introduced in the meta-st-stm32mp layer. Specifically,
it mirrors the update made in commit ded46c7d24addf91ec81c9f64309e6376689977a
("Adapt to virtual optee changes").
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ConnectCore MP2 DVK does not include an external STM32G0 component.
This commit removes the 'usbg0' entry from MACHINE_FEATURES to prevent
the installation of the unnecessary stm32mp-g0 firmware.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Adds support for signing and encrypting Cortex-M firmware on STM platforms,
following the STM32 MPU Ecosystem v6.1.0. This update enables secure boot of
co-processor binaries on ConnectCore MP2, enhancing firmware protection.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vfat images need U-Boot scripts, which are always provided by the U-Boot
recipe, even for imx-boot-based machines. Replace the machine-dependent
BOOTLOADER_IMAGE_RECIPE with virtual/bootloader (which is provided by
u-boot recipes).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove obsolete SD card image creation logic and related variables. We
will use WIC images for bootable SD cards.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Notice that we need to create u-boot and imx-boot symlinks in the deploy
directory, as they are required for the bootloader of the wic images.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Different platforms use different Cortex-M processors, so instead of
using the M4_DEFAULT_IMAGE_MX95 (as meta-imx does) for an M7 processor,
generalize to the CORTEXM_DEFAULT_IMAGE variable name. Also, move it
to the imx-boot recipe (where it is used) and deploy that image to
the imx-boot-tools directory, so the imx-boot image can be regenerated
externally (without yocto).
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remove IMAGE_BOOT_FILES and related WKS dependencies from ccimx93-dvk and
ccimx95-dvk machine configs. IMAGE_BOOT_FILES defines the files included
in the boot partition when creating WIC images. The removed files are
the Cortex-M demo firmware that we don't want on the boot partition of
our WIC image.
https://onedigi.atlassian.net/browse/DEL-9768
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit disables the signing and encryption mechanism for the ConnectCore
MP2 platform's co-processor firmware. Currently, this functionality is not yet
supported in DEY, and enabling it causes build failures when TrustFence support
is active. Disabling it ensures successful builds until full support is
implemented.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add the ccimx95 platform cloned from mx95lp5. Provide DDR configuration,
configure the console on lpuart6, and update ccimx95-dvk.conf to select
the new board.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the LPDDR4 firmware list from the shared ccimx9 include into the
machine configurations for the ccimx91/93 DVK, allowing the upcoming
ccimx95 to utilize its own distinct values.
Also, remove the redundant IMXBOOT_TARGETS and BOOTLOADER_SEEK_USERDATA
overrides in ccimx91-dvk, as they are duplicated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on U-Boot v2024.04, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on Linux kernel v6.6, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
With the updated firmware-ele-imx recipe, the installation logic now
requires SECOEXT_FIRMWARE_NAME to be empty when no extra firmware is
to be installed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the Digi custom .bbappend recipes for FIP and TF-A to align
with the latest ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11
tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit enables building dey-image-flutter for the ConnectCore MP15
platform. It integrates the necessary configurations to support Flutter-based
graphical applications on this platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
On NXP platforms, the signed/encrypted bootloader images are not
included on the installer ZIP. This prevents from using the installer
when TrustFence is enabled.
This commit adds to the installer:
- If encryption is enabled
- encrypted bootloader
- signed bootloader (for USB recovery boot)
- If encryption is disabled
- signed bootloader
- If TrustFence is disabled
- non-signed bootloader
It also treats the ccimx6ul special, as this has a dedicated file for
USB recovery boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9698
As the OmniVision OV5640 camera is now deprecated and no longer supported by
most vendors, this commit moves its support to a separate Device Tree overlay,
allowing it to be used if needed.
Instead, the Sony IMX335 MIPI camera is integrated into the default device
tree as the default supported camera for the CCMP25-DVK platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Move the address where the fitImage is loaded after the addresses
where the binaries in it are decompressed. This way, the fitImage
can grow without size restrictions.
The memory map now looks like this:
0xC0000000 Start of memory
|
| (32 MiB)
v
0xC2000000 Kernel loadaddr ($loadaddr)
|
| (32 MiB)
v
0xC4000000 DTB/DTBO load address ($fdt_addr)
| (4 MiB)
v
0xC4400000 Init ram disk ($initrd_addr)
|
|
| (64 MiB)
|
v
0xC8400000 ZIP/fitImage address ($fit_addr_r)
|
~
|
v
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
* Delete custom wolfssl_5.4.0-fips.bb recipe and README.
* Removed WolfSSL dynamic layer registration.
FIPS support is now managed through the external meta-wolfssl layer,
making this implementation unnecessary in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
IMAGE_FSTYPES was declared on each platform config file, but it has the
same values for all platforms depending on the storage media (mmc or mtd)
and whether read-only is enabled.
Move the conditional weak assignment to digi-default.inc and remove it from
each platform config.
In the case of STM platforms, since IMAGE_FSTYPES is weak-assigned by STM
layer, we still need to append/remove from it inside the platform config,
but move it to the family includes, rather than declaring it on each
specific platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The generation of the sdcard image takes time and resources, and
it's not involved in the Get Started.
This can be easily re-enabled by appending the variable in the
project local.conf.
Append the variable in the build scripts, to facilitate its usage
on release builds.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The USB and SD installers are U-Boot scripts that are practically
identical.
Merge them into a single template with a couple of machine variables that
determine the default device index in U-Boot for the USB or the microSD
card.
Do dynamic substitutions to create the two installers out of the template.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Fixes commit b143804dbb, since in nativesdk
context MACHINE_FEATURES is reset to SDK_MACHINE_FEATURES, causing OP-TEE
building tools to be missing from the generated SDK.
https://onedigi.atlassian.net/browse/DEL-9663
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the memory layout to properly allocate space for the
different FIT image components, while ensuring total memory usage stays below
128 MiB. This avoids overlaps and ensures correct loading on memory-constrained
variants.
Final memory map:
Start of memory: # 0xC0000000
# |
# | 32 MiB reserved
# v
FIT image load address: # 0xC2000000
# |
# | 32 MiB for FIT image
# v
Kernel load address: # 0xC4000000
# |
# | 32 MiB for Kernel
# v
DTB/DTBO load address: # 0xC6000000
# |
# | Size for DTB/DTBO
# v
Total memory mapped: 96 MiB
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In theory, we already had the necessary changes to remove these images, but
two things needed tweaking:
* MULTIUBI_BUILD values use underscores instead of hyphens, so use
underscores to properly remove the default value inherited from
BOOTDEVICE_LABELS.
* STM used to incorporate a custom "stmultiubi" image type in the stm32mp
builds, but they've replaced this with the upstream "multiubi" type.
Reflect this change to avoid generating additional UBI/UBIFS images in
our builds.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This overlay contains a workaround to make the USB-OTG
work as USB device when connected to a host.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9610
(cherry picked from commit ec92f5fdd10a61e37ac3778d0d3aa1816bc6b0aa)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
STM's st-machine-common-stm32mp.inc file automatically incorporates "optee" to
MACHINE_FEATURES as long as BOOTSCHEME_LABELS contains "optee". Since we
recently modified the ccmp15's labels to only contain "opteemin", this is no
longer the case, which leads to:
* optee packages (optee-client, optee-os) not getting installed in images and
SDKs
* optee patches for environment encryption not being applied to libubootenv
Add the feature manually to fix these two issues
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 9c3916da94 added INSANE_SKIP
"32bit-time" to certain recipes that use 32bit APIs on the ccmp1
SOMs, but forgot to include the `pn-` prefix to really apply to
those recipes.
While on it, add two additional ones on recipes used by NXP 32-bit
platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
That includes several CVE patches not present of meta-freescale's
23.2.5.imx recipe (which is based in exactly the same revision).
Similar change was done in NXP's meta-imx (see commit
99ceb057fcfdc8151c1488089d5f22363dfdb6d7).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In Yocto 5.0, the boot artifacts for CCMP1 platforms are compiled using the
opteemin flavor. This commit updates the BOOTABLE_ARTIFACTS definition to
reflect that change and properly integrate the boot artifacts into the ZIP
installer.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The binaries of certain recipes use 32-bit APIs (ioctl, stat) that produce
build warnings. Add INSANE_SKIP to prevent the warnings.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
ALSA_LIST variable is weakly set through an override (stm32mp1common or
stm32mp2common). When the override is in place, the hard assignment of
the plain variable is not enough, and the value weakly set in
meta-st-stm32mp layer takes precedence over the plain variable hard
assignment.
Clear the variable with the override and move it from machine config files
to the include file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Move BOOTSCHEME_LABELS from common include to platform config
Default to:
- 'opteemin' for ccmp15
- 'optee' for ccmp13
This doesn't change the behavior present in DEY-4.0, where OPTEE in ccmp15
was minimal and running on non-secure DDR.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This override sets other variables, such as STM32MP_SOC_NAME which is used
on the build of the FIP image.
It also makes ST layer append a new UBOOT_CONFIG (default_stm32mp15/13)
that we must remove.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit removes kernel headers from the SDK package list to
prevent overwriting the default ones, as there are currently no
ST-specific headers required.
Reference: ebadb27d60
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Configure the FIT_CONF_DEFAULT_DTB in the machine settings to define the
default configuration for the generated FIT image.
https://onedigi.atlassian.net/browse/DEL-9595
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.0.1 software package from the meta-st-x-linux-ai
layer.
The update removes support that is now provided directly by the ST layer in
this new version and adapts existing recipes to align with the updated
mechanisms for AI application integration. These changes ensure compatibility
with platforms that feature hardware acceleration (NPU), as well as those that
rely solely on CPU-based inference.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit conditionally selects the appropriate boot artifacts to include in
the ZIP installer, depending on whether Trustfence is enabled or not.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit integrates optee-client support from the meta-st-openstlinux layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.03.19 tag.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the sign-stm32mp bbclass from the meta-st-stm32mp layer to
allow customization. The main customization ensures that the search_path()
function does not raise a build exception if the signing tool or keys are not
present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces the necessary settings for the kernel-fitimage class to
enable FIT image generation.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The kernel-fitimage class sets the default configuration using the first
element from the kernel device tree list. This commit ensures that the main DTB
is listed first to enforce the correct default configuration.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The FIP flavor for OP-TEE + USB is managed in the meta-st-stm32mp layer through
the "optee-programmer-usb". However, since we do not require the additional
overhead introduced by the STM32CubeProgrammer tool, this commit introduces a
new FIP configuration based on OP-TEE for booting from USB.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit defines the device tree file variable used to generate the SD card
image, fixing the build of the bootloader flavor intended for booting from an
SD card.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The sign script has been updated to support AHAB-based modules like the CCIMX8X.
As a result, there is no longer a need to maintain two separate recipes for the
signing scripts. This commit unifies them into a single recipe.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Due to a change in systemd the default home directory is now "/root".
Modify our recipes to match with this change.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Update to 4.4.0 version following 'lf-6.6.52_2.2.0' NXP release.
This has not been released in meta-freescale yet, so reuse 4.2.0
recipes and apply the changes from meta-imx commit
900356ea1bf71854053266eec4b92adf4552624c.
https://onedigi.atlassian.net/browse/DEL-9417
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Device tree overlays now have the extension 'dtso' that
distinguishes them from board 'dts' files, so there is
no need for a prefix '_ov_' to tell if a file contains
a DT overlay.
To make them shorter and easier to tell the platform they
are for, change the filename format to:
<platform-name>_<functionality>.dtso
where <platform-name> can be the name of the SOM or the
name of the DVK, so there is no need either to specify
'som' or 'board' on the filename.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This doesn't change the behavior of the linux-dey recipe, all it does is make
the LINUX_GIT_URI variable accessible to any meta-digi recipe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now all platforms support setting the GPIO name instead of an index
as the configuration for the GPIO-enabled secure console.
Repurpose the TRUSTFENCE_GPIO_ENABLE macro to directly set the GPIO
name.
Also take the opportunity to remove TRUSTFENCE_GPIO_ENABLE and
TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE commented definitions from bbclass
and conf files, and remove a duplicated TRUSTFENCE_CONSOLE_DISABLE
definition from ccmp1.inc.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When ST_OPTEE_DEBUG_TRACE=0, the source code default to a LOG_LEVEL=2
which prints a lot of messages on the boot log.
Reduce it to LOG_LEVEL=1.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the rework in 61eb1bfbe6 the metadata
file inside the fip/ subfolder has the default filename 'metadata.bin'.
Use the new symlinks that now live on the deployimgdir.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
bluez5-init is a Digi custom recipe to collect the init script
needed to bring up the specific platform bluetooth hardware.
CCMP1s do not require any bluetooth init extra action.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
A recent meta-freescale update broke the firmware-ele-imx recipe by setting
a default SECO_FIRWARE_NAME value containing a SoC revision macro we don't
have access to (IMX_SOC_REV_LOWER). Like we do for the ccimx93, use our SoM's
override to overwrite the meta-freescale value with our own.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This override was recently added to meta-freescale's graphical package recipes
to easily distinguish between i.MX platforms that use the Vivante driver and
those that use the Mali one. Without this change, a lot of these recipes are
broken, so sync with the latest changes in meta-freescale's imx-base.inc file.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit increases the maximum rootfs size to 2.5 GB, aligning it with the
default rootfs partition size of 3 GB. This adjustment allows adding all the
functionality required by the user.
https://onedigi.atlassian.net/browse/DEL-9456
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
We tested all tarball compression formats supported by poky, and although bz2
has faster (de)compression time, xz is better in terms of compression ratio:
for all of the rootfs tarballs generated for our currently supported
images/platforms (15 at the moment), the xz format saves an average of 30 MiB
per tarball compared to bz2, totalling up to 450 MiB.
No extra dependencies are pulled in, since xz-native is already being pulled in
for all of our image builds, so the only drawback to this change is the
increased compression time (+7.34s on average per tarball).
https://onedigi.atlassian.net/browse/DEL-9459
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We have these features enabled for our mp1 platforms, and the optee one is
needed in order to pull in the optee-os package to the images/sdk.
https://onedigi.atlassian.net/browse/DEL-9443
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit clears the Cortex-M33 applications list to prevent including all
the Cortex-M33 demo applications from the ST layer. In the future, if we have
custom Digi examples, they should be added here.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
.ext4 files are identical to .ext4.gz, but uncompressed. .tar.xz files are the
exact same as .tar.bz2, but compressed with a different format.
Remove these artifacts to reduce storage overhead and to match the rest of our
platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This replicates meta-imx commit addc08b02f9a, which was added to be able to
re-use packages in i.MX8/i.MX9 builds. Without this change, there are
compilation errors when building recent versions of the onnxruntime package
because some .S files are built with specific -march switches that conflict
with our current tunings. For example, when building for the ccimx8x-sbc-pro:
cc1: error: switch '-mcpu=cortex-a35+crc+crypto' conflicts with '-march=armv8.2-a+fp16' switch [-Werror]
[...]HalfGemmKernelNeon.S:151: Error: selected processor does not support `fmla v20.8h,v16.8h,v0.h[0]'
Using the generic tuning solves this issue, and according to the log in the
original meta-imx commit, this has minimal to no impact on binaries, so use
said tuning in all relevant platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Based on the boot schemes and sources supported for each platform, the boot
artifacts now include this information in their filenames. This commit updates
the filenames accordingly in several recipes.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The value of this variable is always the same within a platform, so it doesn't
make sense to have different variables for it in each recipe that requires it.
While at it, it seems like all currently supported platforms in DEY 5.0 use the
same value of "wayland-1", presumably because they all use similar versions of
wayland/weston. Set this as the default value for all platforms for now. As we
support more platforms, we can adjust this value if needed, but if it ends up
being the same for all platforms, we can just hardcode it.
https://onedigi.atlassian.net/browse/DEL-9404
Co-authored-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Javier Viguera
Arturo Buzarra
Mike Engel
Hector Palacios
Gabriel Valcazar
Isaac Hermida
Francisco Gil
Gonzalo Ruiz