Otherwise, the name of the file will be "u-boot-dey-initial-env", causing
errors when reading the default environment from userspace, since libubootenv
expects "u-boot-initial-env" instead.
https://onedigi.atlassian.net/browse/DEL-7566
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update version from 2.28.1 to 2.32.0, remove patch that is already included in
the source tarball and stop removing the qtwpe PACKAGECONFIG, since it's no
longer being included by default.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update the version from 0.7.1 to 0.8.0 and remove two patches that are already
being applied in meta-webkit.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds the sdma-firmware.service to the rootfs
to load the SDMA firmware during boot, that is necessary
for some drivers to work correctly.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Before using the encrypted partition functionality, users have to manually
install the encryption key in the system. Failing to install said key will
result in errors later on.
Even though the installation isn't a difficult operation from a user's point of
view, the recovery script has the necessary logic to detect cases where a
partition is going to be encrypted with no key installed. Automatically
generate a key in these cases to avoid undesired behavior and to improve the
overall user experience.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version adds new functionality to check if an encryption key is installed
as well as a fix for an issue that happens when encrypting partitions with long
names (over 12 characters).
https://onedigi.atlassian.net/browse/DEL-7535
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we trigger a key change while there are partitions that are encrypted,
print a warning and ask for confirmation so users know that the operation will
erase the contents of said partitions.
Like in the partition (un)encryption mechanism, add the possibility to skip
both the warning message and the confirmation prompt.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This initramfs only makes sense in platforms with an eMMC as the internal
storage, due to how the partition encryption support is implemented. In
plaatforms that use NAND instead, ths initramfs offers no functionality and
increases the recovery image size, so remove it.
https://onedigi.atlassian.net/browse/DEL-7534
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we allow users to manually change the encryption status of the rootfs
partition, we run the risk of wiping it without flashing a proper replacement
image. Because of this, rootfs encryption status should be determined
automatically using information from the update package.
Have the recovery script parse the update package's description to determine
whether to encrypt the rootfs or not.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partition isn't blacklisted, but it should only be (un)encrypted when
providing an update package. Make it so that manual encryption status changes
for this partition aren't possible from the recovery library.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the recovery script checks the update package before installing it, use
the package's description to indicate if the package is meant to encrypt the
rootfs or not. Also, remove the pre-install script from the ccimx6ul packages,
since the logic in the script to remove the encryption flag from the rootfs is
now in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the update partition might be involved during a software update, we need
to make sure that its contents are accesible and safe when using the partition
encryption feature at the same time.
Mount and unmount the partition correctly if it's encrypted and cancel any
operations that will result in the deletion of the update package.
https://onedigi.atlassian.net/browse/DEL-7174https://onedigi.atlassian.net/browse/DEL-7422
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a new function to the recovery library to be able to encrypt/unencrypt any
partition on the internal storage media. Since it's a destructive operation,
add a warning message and a confirmation prompt that can be skipped if needed.
Reflect this new functionality in the recovery-reboot app. Change the logic so
that an encryption key can be set even if there's no update package, because
now it's possible to encrypt other partitions while leaving the rootfs intact.
Also change the logic so that the app doesn't reboot into recovery mode if
there's no recovery command set.
Implement the same blacklist as the one in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The partition encryption system now uses dynamically generated names for the
decrypted block devices, which are based on the partition name. Reflect this
change in places where the encrypted rootfs is referenced.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Modify the recovery and trustfence initramfs scripts to be able to encrypt any
partition on the internal storage media, not just the rootfs.
To implement this functionality, add a new recovery command called
'encrypt_partitions'. When used, this command must contain a comma-separated
list of the partitions that are to be encrypted by the end of the recovery
process, including partitions that were already encrypted beforehand. Any
partition that isn't in the list will be unencrypted. If the command is absent,
no changes will be made, but it's possible to pass an empty command to
unencrypt all partitions.
Include a blacklist to avoid encrypting partitions that shouldn't be encrypted,
such as partitions that need to be accessed by the ROM code/U-Boot or
partitions that contain encryption keys.
While at it, remove unnecessary "get_kernel_version" function from the script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Non-graphical images (core-image-base, dey-image-aws) don't contain the
graphic-backend on their filenames.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- Determine first the filenames and abort if any does not exist.
- Print a warning message about the erasing of the media with a list
of partitions and files to use for the update
- Sync the different scripts so they look more similar
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7333
Similar to how it's done on the ccimx6ul, create a function for updating
a partition with a file, that also prints a message.
Rename the function to be the same in all scripts.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7333
Previously, this script only allowed the U-Boot filename as parameter.
This commit makes use of getopts() to pass the following options to the
script:
-h, for help
-i, to pass the dey image name that prefixes the firmware filenames
-n, to skip the 10 seconds delay that allow you to cancel the process
-u, to pass the U-Boot filename
The default image name (if none passed) keeps being 'dey-image-qt' but the
new option allows reusing this script to install dey-image-webkit or
dey-image-aws images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7385
The matchbox-terminal provides a GTK+ terminal application on the sato desktop,
however it has a dependeency of the virtual terminal emulator GTK+ widget
library (vte) that recently introduced a dependency with the icu package that
increase the rootfs size in 20MB. Since this is a sample application, remove it
to save space on the rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package adds a dependency of python3-xml that includes the python3 core
package, increasing the size of rootfs by 8MB.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
packagegroup-core-x11-sato has a dependency on the gst-examples package and
adds a RRECOMMENDS for several packages including many codecs, enconders, etc.
We remove this package for the cc6ul platform to save space in rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add just one qt demo by default and move all of them to platforms with gpu
support, as platforms like cc6ul have few space available.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The prebuilt 'athtestcmd' binary allows you to test tx/rx of the
Wi-Fi MAC, when the driver is loaded in test mode.
This is required for certifying Wi-Fi in products, so add it by
default for the ccimx6sbc.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7444
(cherry picked from commit acb402fdcfa54d8d5519580ff7fcfb76fbed3f49)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Now libgpiod is not added automatically and we need to add the
dependence manually.
For more info see commit 4339c28ff4aa0264c34f4f183349aea20a5ff127 in
meta-openembedded layer.
https://jira.digi.com/browse/DEL-7522
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
This commit backports a patch to fix the following build issue with
the GCC v10:
dtc-parser.tab.c:1069: multiple definition of `yylloc'
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since this feature was introduced in newer versions of U-Boot, we need
to disable it for v2017.03 to avoid several compilation issues.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In the free meta-scale layer, the same entry "use-g2d = 1" is uncommented for
mx6dl and mx6q, however our ccimx6 platform has both machines in its
definition, so the same entry is uncommented twice and throws an unexpected
error. This commit adds a append in the install process to uncomment this entry
for the ccimx6 platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This version is only required to build U-Boot 2017.X, so since CC6UL was moved
to a new U-Boot version it is not necessary and also fixes a build issue.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Update US Board Data File to use the new GOLDEN2 calibration.
The new BDF is:
- bdwlan30_US.bin (328f970444b5eaaa48c0188cea1685e3)
https://jira.digi.com/browse/CC6UL-1210
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
(cherry picked from commit 373b3958bad9d0c462349d89ef5832e843624b01)
vulkan has a dependency of vulkan-headers package that is not available
for the mx8mm platforms.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Recipe system-monitor has a dependency with systemd package, however it was
added unconditionally for all platforms. This commit adds a protection to
include this recipe only when systemd is present in the DISTRO_FEATURES
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 98d76037("recipes-qt: qt5: Update recipes to new BSP release
imx_5.4.70_2.3.0") removes the definition of the PACKAGECONFIG_MX8_GPU
variable, but its use had to be removed. This commit completely removes the
undefined variable.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the following warning:
WARNING: meta-digi/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.3.1.bb:
Recipe trustfence-cst sets S variable with trailing slash '/tmp/work/aarch64-dey-linux/trustfence-cst/3.3.1-r0/cst-3.3.1/',
remove it
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Simplify the structure of the recipe folder, if one version is not supported
we must use the COMPATIBLE_MACHINE overwrite
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit f7a354d("Generate image headers from their PNG source, while still
including them in dist tarball") provides a default PNG files removing the image
generation in build time. This commit overwrites the default PNG with one
customized by Digi.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This default environment is needed by packages like libubootenv.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Gabriel Valcazar
Mike Engel
Hector Palacios
Gonzalo Ruiz
Arturo Buzarra
Francisco Gil Martinez