enabled
There is currently no support on fw_printenv/fw_setenv to access an
encrypted environment.
This commit removes the package if U-Boot environment encryption is
enabled to avoid environment corruption on access.
It also documents the issue as a known issue.
https://jira.digi.com/browse/DEL-2625
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
According to 'grep' manual '\s' is a synonym for [[:space:]] which
matches spaces, TABs, but also newlines, etc. We want to only match
spaces and TABs, so use [[:blank:]] instead.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* set cellular user and password
* stricter replace to not match set values
* only set cellular interface to auto
Internal merge of Github's PR:
https://github.com/digi-embedded/meta-digi/pull/2
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
By default, on closed devices you cannot revoke any key. To do so, it is
required to compile a U-Boot which instructs the HAB not to set the sticky
bit which write protects that field in the OCOTP controller.
This patch introduces a Yocto macro which allows to configure U-Boot in
that way.
In the ConnectCore 6, the value of this settings is ignored, because HAB never
sets the sticky bit which write protects that field.
https://jira.digi.com/browse/DUB-665
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
While performing usability testing on the TrustFence documentation, it has
been noted that in order to follow the secure boot instructions the
console needs to be enabled.
We have now moved the secure console section to the end of the
documentation so that disabling the console is the last configuration to
make in a secure system.
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Down the bluetooth interface before entering suspend and up it after resuming
if it is present and up.
https://jira.digi.com/browse/DEL-2806
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Start syslog earlier (from 20 to 02) so it is running and other init scripts
can use it to log into the system like the S03networking script.
https://jira.digi.com/browse/DEL-2812
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This is needed so the encrypted rootfs is properly resized to the
partition size.
https://jira.digi.com/browse/DEL-2765
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
New functionality has been implemented in trustfence-tool application,
so there is no need to call cryptsetup command.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Get filesystem type of rootfs block device and pass it explicitly to the
mount command to clean following warnings on boot:
EXT4-fs (dm-0): couldn't mount as ext3 due to feature incompatibilities
EXT4-fs (dm-0): couldn't mount as ext2 due to feature incompatibilities
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We need a different configuration file, because the SoftAP functionality is
supported using the hostapd package instead of the wpa_supplicant.
https://jira.digi.com/browse/DEL-2744
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Extend the report with more details about:
- memory usage
- all network ports (-a) with their related PIDs (-p)
- network link details (to determine if interface is up)
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Using module-detect there are some audio reverb problems. Reverting that commit
will make pulseaudio use module-udev-detect again instead, which takes longer
to initialize but does not have that problem.
This reverts commit e021f738ee.
https://jira.digi.com/browse/DEL-2587
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
When module-alsa-sink is used, the audio is sometimes heard with
reverb. We will go back to module-udev-detect, so the functionality
introduced in the commit being reverted won't longer work.
This reverts commit fca507d316.
https://jira.digi.com/browse/DEL-2587
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
Add a couple of bluez patches: one for increasing the number of connection
showed with "hcitool con" command and remove "refresh" option in hcitool
help that is not supported.
The qca6564 chip can support more than 10 simultaneous BLE connections.
https://jira.digi.com/browse/DEL-2735
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
qtwebengine does not support armv5 platforms (for example ccardimx28js),
so we need to restrict that package to the ccimx6sbc
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When Trustfence is enabled, this adds a dependence on the TF initramfs,
so it's built and added to the boot image.
It also modifies the u-boot boot script on the fly, to boot correctly
using the Trustfence initramfs.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This recipe builds the initramfs image that is used to boot from an
encrypted rootfs.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This package adds some files needed by the trustfence initramfs and that
are not included in other packages.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
lvm2 package provides some user-space tools, but also some dynamic
libraries: libdevmapper, libdevmapper-event, etc.
This commit allows to package the LVM2 libraries in a different package
than the LVM2 user-space tools. This way other user-space tools (e.g.
cryptsetup) that runtime depends on the LVM2 libs can only add that libs
package to the rootfs, instead of the whole LVM2 utilities.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The ccimx6ul or ccardimx28 do not have hdmi interface, so do not install the
hdmi hotplug script.
https://jira.digi.com/browse/DEL-2654
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The TRUSTFENCE_UBOOT_DEK_SIZE Yocto macro maps to the UBOOT_DEK_SIZE U-Boot
Kconfig entry, which is defined as a choice entry. This makes necessary
to explicitly define the choice Kconfig entry for the configuration to
work.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
There are several possible values for TRUSTFENCE_UBOOT_ENV_DEK:
* Not defined: if the trustfence support is not included.
Should not include the feature.
* 32 characters: when defining a valid key.
Should include the feature.
* "0": when explicitly disabling the feature.
Should not include the feature
* <other>: Invalid value, should trigger the error.
This commits fixes the logic so that 'None' (no defined) is taken as a valid
value.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The following utilities are supposed to be available on the environment's
PATH:
uptime, uname, cat, zcat, free, ps, mount, netstat, route, ifconfig, gzip
https://jira.digi.com/browse/DEL-2447
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
This commit changes the CONFIG_CCIMX6SBC_CONSOLE_ENABLE_GPIO_NR define
into a platform independent setting.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-2641
The power regulator connected to the qca6554 chip is always on, which causes
the Bluetooth part to not work correctly after a software-reset.
This commit asserts momentarily the BT_EN line during the start-up sequence
to reset the Bluetooth controller so that it is in a predictable state after a
reset.
https://jira.digi.com/browse/DEL-2623
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This function is deprecated in favor of bb.utils.contains. The same
change has been done in other layers.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
https://jira.digi.com/browse/DEL-2603
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
Alex Gonzalez
Javier Viguera
Stephan Klatt
Diaz de Grenu, Jose
Isaac Hermida
Mike Engel
Jose Diaz de Grenu de Pedro