Port the recipe from the dunfell poky branch. This version contains the latest
vulnerability fixes, including CVE-2022-0778.
https://onedigi.atlassian.net/browse/DEL-7868
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit be046db4faae911b2a858d748551c6c91fc54043)
Signed image support in U-Boot has been split into two separate configurations:
one that adds artifact authentication support and another that signs the U-Boot
binary at the end of the build. Reflect this change in meta-digi.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In meta-openembedded commit 35d249bb9a575a5a48491052896e121266d515f0,
libconfig, one of swupdate's dependencies, was split into two packages: one for
the C library and another for the C++ one. swupdate depends only on the C
library, but the C++ library was implicitly pulling in other dependencies, such
as libgcc.
After the commit mentioned above, libgcc stopped being pulled into our recovery
image, causing the following error to appear when swupdate terminates:
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborting
Even if the action carried out by swupdate is successful, our recovery script
detects this as an error and aborts the update operation. Avoid this by
explicitly adding libgcc as a runtime dependency for swupdate.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds power safe and reboot safe script for the MCA
and substitute default reboot and poweroff busybox commands.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7828
We originally included this recipe to fix some vulnerabilities in the dnsmasq
version used in zeus (v2.80), but the recipe has been updated since then. The
current version used by default in hardknott is v2.85.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now that the "--platform" parameter is optional, we don't need to hardcode the
platform anymore, so remove the first patch.
In this version, the FDO platform has been renamed to WL, and since the default
PACKAGECONFIG is meant to work with older cog versions, we need to manually
append the "wl" PACKAGECONFIG to build the wayland platform.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a partial revert of commit 3819ee6672.
NXP simplified the profile script when updating to hardknott-5.10.72-2.2.0, but
since the /run/user/0 directory isn't automatically created in sysvinit
environments, the weston desktop fails to start in these cases. The previous
version of the script automatically creates said directory if it's missing, so
use that version instead.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We already have a copy of NXP's weston.ini, so there's no need to manuallly
append to it in our do_install_append(). Simply add our changes for our custom
desktop background directly in the source file.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In older Yocto versions, weston was launched via a udev rule, but now it gets
launched as part of the "graphical" system target. Since this target isn't
reached automatically on boot, the weston desktop will only appear if you
manually launch said target (or the weston service itself).
To make the desktop launch automatically, change the target to "multi-user",
which is the default target laucnhed on boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This makes it possible to distinguish between two different packages:
* NXP's tensorflow-lite, which contains modifications for i.MX platforms
* Our tensorflow-lite, which is meant to be used with Google Coral
Since tensorflow-lite-coral provides a subset of the files provided by
tensorflow-lite (specifically, the python libraries), make the packages
conflict during runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update a patch so it applies cleanly and remove another one, since it has
already been applied upstream
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package was originally being added via RDEPENDS, and its removal was
missing when porting the newer file from NXP's meta-imx. Re-incorporate the
removal to avoid including the package in our images, but do so by adding it
to our images' BAD_RECOMMENDATIONS.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Even though our busybox recipe (v1.34.1) is backported from poky's honister
branch, it has many elements in common with the recipe provided from poky's
hardknott branch (v1.33.1). To simplify our backport, re-use poky's busybox
files when possible, replacing them only when strictly necessary.
While at it, remove the busybox-inittab recipe, since there are barely any
differences between the honister and hardknott versions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This PACKAGECONFIG existed in gatesgarth, but it's included by default in
hardknott and it pulls in libgbm as a dependency. This package isn't available
for i.MX6 platforms, causing the build to fail immediately. Remove this from
the ccimx6 PACKAGECONFIG and leave it how it was on gatesgarth.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
For packages such as weston or opencv, bitbake will sometimes choose the poky
recipes, causing build errors. Explicitly set the NXP version of these packages
as the preferred version by mimicking the layer.conf configuration in the
meta-bsp layer of meta-imx.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We now use the meta-freescale recipe as a base for our .bbappend, so remove
the filter.
This reverts commit 9e68d61f7c465800d62913c044e43c541f2eacd7.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Aside from the file paths changing, there are a few cosmetic differences
between v1.22.14 and v1.30.4 that prevented the patches from applying, so
re-work them.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a generic package that is currently being used by NXP to load firmware
on the target, so include it in our images as well. Since it only works with
systemd, leave it out of builds that use sysvinit.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
poky now provides glibc v2.33 by default, and there aren't any alternative
versions available, so there's no need for this.
This reverts commit e7921dfd93.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Remove the v3.0.8 version of the recipe to use the v3.0.9 recipe in poky. Also,
adapt our .bbappend since some of its changes are outdated.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Most of the changes are cosmetic (copyright years and whitespace). Update
gstreamer1.0-plugins-good-qt to v1.18.5, remove outdated patch for said package
and sync qtwayland recipe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We initially backported v4.5.2.imx into gatesgarth, but since that version is
already available in meta-freescale, remove the base recipe and keep only the
.bbappend.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add custom NXP daemon.conf, new NXP patch and adapt ccimx6ulsbc patch to apply
cleanly over v14.2
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Sync the .bbappend while keeping our ccimx6 patch and remove the 9.0.0.imx
recipe, since it's already available in meta-freescale.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Remove recipes that are available in the community layers, include a new
.bbappend for python3-matplotlib and update the .bbappend for python3-wheel
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This patch was initially needed for a specific version combination of
NetworkManager (>= v1.22) and glib-2.0 (v2.63.3 - v2.64.X), but since the
hardknott branch of poky now provides glib-2.0 v2.66.7, the patch isn't
needed anymore.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We initially added newer versions of the recipes related to WPE Webkit in order
to incorporate performance improvements, but the hardknott branch of
meta-webkit includes even newer versions, so we can remove our recipes.
Reflect this change in our distro config file.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The weston recipe we ported from NXP's meta-imx layer has the same name,
causing warnings to appear when applying our patches. To avoid confusion,
ignore the meta-freescale version of the recipe so that ours is the only
option.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 9e68d61f7c465800d62913c044e43c541f2eacd7)
Otherwise, the .bbappend applies to all existing weston recipes, and since our
patch is only available in our layer, bitbake will print warnings about the
patch not being found for those other recipes. This is harmless, since DEY
always uses NXP's version of weston, but it can be confusing, so avoid the
warnings altogether.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit d4464a8211bff6b315a8ed5d094b8c25099f4130)
Digi Embedded Yocto 3.2-r2.2
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
SQUASHFS read-only rootfs cannot be unencrypted on-the-fly
so skip encryption if read-only-rootfs is active.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When TrustFence and a read-only rootfs are enabled, U-Boot must
authenticate the SQUASHFS root file system. Add config switch to force
U-Boot to authenticate this image.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This mode is necessary in the recovery initramfs to be able to properly detect
any external storage device that might contain an update package. The
configuration option associated with this mode became explicit after upgrading
busybox to v1.34.1, so enable it in our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The nand devices doesn't need to call the mount_cryptrootfs
script.
Reported-by: Francisco Gil <francisco.gilmartinez@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Some recipes were forcibly removing conflicting packages.
This does not allow to add those packages back for users that
want to use meta-digi layer, but a different distro than 'dey'.
With the 'dey' distro override, such removals are only done
if using this distro.
Reported-by: Michael Burr <michael.burr@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7712
In the cc6ul we are not powering-off the supply of the XBee.
This is making that after a suspend/resume action the XBee
hangs due to ModemManager hasn't been stopped before the suspend.
Stopping ModemManager before going to suspend solves the issue.
https://onedigi.atlassian.net/browse/DEL-7701
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since we added support for compressing rootfs images, we need to manage SWU
packages with a regular rootfs image and with compressed images. That support
was missing in the identification process when the SWU packet was verified.
This commit fixes the identification of compressed rootfs images.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This recipe had a post install script to do the following:
- create runlevel symlinks.
- comment the 'auto' lines of /etc/network/interfaces if running on
a non-Wi-Fi variant.
- add Atheros or QCA bridge examples depending on the detected chip.
- add wlan1 interface only if QCA chip is detected.
This post install cannot run on a read-only-rootfs so the recipe has been
reworked to do the same things at build time:
- the runlevel symlinks have been removed because they are taken care
of by a poky class.
- add a pre-up condition (the existance of a wireless entry on the device
tree) so that the interface is not brought up if the condition is not met.
- for the cc6/cc6n, since the Wi-Fi chip can be Atheros or QCA, add
specific wlan1 and br0 fragments with a pre-up condition basing on the
detected ID of the Wi-Fi chip
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
The access point configuration files are dynamically modified on a post
install script to generate an SSID name based on the last digits of the
MAC address (physical or virtual) assigned to a wlanX interface.
On read-only file systems, this is not possible, so add some conditional
code to the do_install() to use instead the $DIGI_FAMILY name.
Caveat: if several identical SOMs with read-only-rootfs co-exist on the
same network as APs, they will identify with the same SSID.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
Some packages require different scripts, configuration files or installations
depending on the wireless chip assembled on the target. In general, the way
to support both chips in one image is to have the recipes install both
versions of the aforementioned files, then leave only the strictly necessary
version once the wireless chip can be deduced.
In the case of the init-ifupdown recipe, this involves installing temporary
configuration fragments that are later erased. In the case of the standby
script, the logic can be implemented in a single file.
https://onedigi.atlassian.net/browse/DEL-7661https://onedigi.atlassian.net/browse/DEL-7666
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This allows the packages to be included in the ccimx6sbc images. While at it,
include the Qualcomm bluez patches in ccimx6 builds. These patches aren't
destructive, they simply add functionality required by the Qualcomm chip, so
they shouldn't have any secondary effects when using the Atheros chip.
https://onedigi.atlassian.net/browse/DEL-7661https://onedigi.atlassian.net/browse/DEL-7666
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
These options should only be enabled when using SELinux, so apply them only
when "selinux" is in the DISTRO_FEATURES. The fragment is a copy of the one in
meta-selinux with the addition of DEFAULT_SECURITY_DAC and LSM.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The default policy provided by meta-selinux breaks a lot of the features in
DEY, so adapt it to make most features work. Note that this is simply an
example, end users should create their own policies for their own needs.
Make these changes toggleable so that users can use the reference policy
instead.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This packagegroup includes all of the userspace packages needed to use SELinux.
For now, use the same variant of the packagegroup, which contains all available
packages.
Since the meta-selinux layer isn't available in all platforms, implement this
change via a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This fixes the following CVEs:
* CVE-2021-3711
* CVE-2021-3712
Port the recipe and patches from the dunfell poky branch, since the hardknott
version contains additional changes aside from the revision update.
https://onedigi.atlassian.net/browse/DEL-7647
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This fixes the following CVEs:
* CVE-2021-3711
* CVE-2021-3712
Port the recipe and patches from the dunfell poky branch, since the hardknott
version contains additional changes aside from the revision update.
https://onedigi.atlassian.net/browse/DEL-7647
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Adapt the format_ubi_volume() function to wipe out UBI volumes
instead of formatting MTD partitions.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7614
The function uboot_getenv() is a wrapper over libuboot_get_env() and
requires that the returned strings are freed when no longer in use.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
(cherry picked from commit 27ce7a4f20)
- The function is only used internally in this file, so make it static.
- Convert the function from 'int' to 'bool', since no other values are
evaluated.
- Only return true if the variable 'dualboot' is set to 'yes'. Before,
the function returned true if 'dualboot' was different than 'no'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 9a519570ba)
The use of this function, which is a wrapper over libuboot_get_env(),
requires checking if the returned string is NULL.
Manipulations of such string without checking whether it's NULL may lead
to segfault errors.
This was seen during firmware update on a device that didn't have the
'dualboot' variable set.
Reported-by: Chandrababu Pigilam <chandrababu.pigilam@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
(cherry picked from commit 8a4484bbd6)
The function uboot_getenv() is a wrapper over libuboot_get_env() and
requires that the returned strings are freed when no longer in use.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
- The function is only used internally in this file, so make it static.
- Convert the function from 'int' to 'bool', since no other values are
evaluated.
- Only return true if the variable 'dualboot' is set to 'yes'. Before,
the function returned true if 'dualboot' was different than 'no'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The use of this function, which is a wrapper over libuboot_get_env(),
requires checking if the returned string is NULL.
Manipulations of such string without checking whether it's NULL may lead
to segfault errors.
This was seen during firmware update on a device that didn't have the
'dualboot' variable set.
Reported-by: Chandrababu Pigilam <chandrababu.pigilam@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7645
NetworkManager's main library went through a major overhaul in v1.22, changing
the way it interacts with glib among other things. When using a NetworkManager
version equal or newer than v1.22 along with a glib version between 2.63.3 and
2.65, a race condition can happen, randomly causing segmentation faults.
Since Yocto 3.2 uses NetworkManager 1.22.14 and glib 2.64.5, the race condition
is reproducible, but it can be fixed with the patch introduced in this commit.
The patch in question is commit e4a690f5dd959e74b2d6054826f61509892c8aa7 in the
glib git repo.
https://onedigi.atlassian.net/browse/DEL-7523
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NetworkManager's main library went through a major overhaul in v1.22, changing
the way it interacts with glib among other things. When using a NetworkManager
version equal or newer than v1.22 along with a glib version between 2.63.3 and
2.65, a race condition can happen, randomly causing segmentation faults.
Since Yocto 3.2 uses NetworkManager 1.22.14 and glib 2.64.5, the race condition
is reproducible, but it can be fixed with the patch introduced in this commit.
The patch in question is commit e4a690f5dd959e74b2d6054826f61509892c8aa7 in the
glib git repo.
https://onedigi.atlassian.net/browse/DEL-7523
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit sets the GLIBC version to 2.32. The newest
eIQ packages require a newer glibc, but since said packages
are optional, make sure to use the gatesgarth glibc version
by default.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7625
This commit add a verification into the recovery library to avoid
that it is executed when in dualboot mode.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7580
(cherry picked from commit 30aa4a7444)
This commit add a verification into the recovery library to avoid
that it is executed when in dualboot mode.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7580
swupdate has the necessary logic to handle compressed images, so take advantage
of this to save space and reduce update package transfer times.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since these images are highly compressable, this greatly reduces the amount of
space taken up by build artifacts.
Modify the code used to generate the .sdcard and .installer.zip files so that
they contain the decompressed .ext4 image.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds the required libraries and packages to exercise the Google
Coral devices with Digi Embedded Yocto.
https://onedigi.atlassian.net/browse/DEL-7547
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
'mdev -s' run on ramfs initialization is able to mount external media already
detected but fails to automatically mount any media detected afterwards.
Running it as a daemon first it will also be able to mount any media detected
after 'mdev -s' is run.
Use argument '-d' to first run mdev as daemon in background.
Move 2 seconds delay to after mdev has been initialized to give external
hardware all the time possible to be successfully detected and mounted.
https://onedigi.atlassian.net/browse/DEL-7285
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Otherwise, Yocto will use the recipes in meta-webkit, which are slightly older.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
By default, we only support the latest versions of the webkit packages anyway,
so use a wildcard so we don't have to update the recipes every time a new
version is available.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Igalia has included performance improvements for i.MX platforms in the latest
versions of different packages related to webkit. Even though the recipes for
these versions are not yet available in meta-webkit, we can add our own to
meta-digi to take advantage of these improvements.
Update the cog patches so they apply cleanly over v0.9.90.
https://onedigi.atlassian.net/browse/DEL-7578
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds some swupdate parameter to select the sw-description
configuration depending on the used platform.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Without this call, swupdate will be built with a default configuration which
is incompatible with our package format. Even though this function is already
called in the original recipe, it was done in the package's "git" directory.
Make sure the function is called at least once so that our defconfig is used in
the build.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 28d9e025ea used += to append
a dependency to RDEPENDS but this was not working fine and was removing
previous dependencies.
Use instead _append override.
Reported-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, swupdate will treat the update process like it's an OTA one and it
will try to store the package contents in /tmp, which won't fit.
swupdate commit 8b70ae5796e75c2ff856e8c46b3a3c09cb8fcccd states that all local
SWU packages should include this flag, since the old implementation had this
information implicitly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Technically, partition unencryption is safe to do in open devices, although it
implies that at least one partition has already been encrypted. If we aren't
going to encrypt any partitions, there's no need to print the warning.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of checking for the existence of /proc/mtd, which might lead to false
positives, check the "root" parameter in /proc/cmdline. Assume eMMC in case of
any error.
https://onedigi.atlassian.net/browse/DEL-7539
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are some init packages from the poky layer that remain using only a SysV
init script. Systemd converts these init scripts to systemd service format on
boot and shows an ugly warning for each one. To avoid flooding the console with
this kind of messages, we reduce the verbosity of these messages.
https://onedigi.atlassian.net/browse/DEL-7540
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In the libubootenv implementation of fw_setenv, multiple variables can be set
in one call. When setting a variable with a space-separated list, the app
interprets the list as new variable/value tuples, for example:
fw_setenv myvar value1 value2 value3
Results in:
myvar=value1
value2=value3
This was causing the encrypted eMMC partition mechanism to break, because the
list of encrypted partitions is stored as a space-separated list in an
environment variable. Avoid this by enclosing the variable argument of
set_uboot_var() with double quotes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update version from 2.28.1 to 2.32.0, remove patch that is already included in
the source tarball and stop removing the qtwpe PACKAGECONFIG, since it's no
longer being included by default.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update the version from 0.7.1 to 0.8.0 and remove two patches that are already
being applied in meta-webkit.
https://onedigi.atlassian.net/browse/DEL-7545
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Before using the encrypted partition functionality, users have to manually
install the encryption key in the system. Failing to install said key will
result in errors later on.
Even though the installation isn't a difficult operation from a user's point of
view, the recovery script has the necessary logic to detect cases where a
partition is going to be encrypted with no key installed. Automatically
generate a key in these cases to avoid undesired behavior and to improve the
overall user experience.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version adds new functionality to check if an encryption key is installed
as well as a fix for an issue that happens when encrypting partitions with long
names (over 12 characters).
https://onedigi.atlassian.net/browse/DEL-7535
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we trigger a key change while there are partitions that are encrypted,
print a warning and ask for confirmation so users know that the operation will
erase the contents of said partitions.
Like in the partition (un)encryption mechanism, add the possibility to skip
both the warning message and the confirmation prompt.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This initramfs only makes sense in platforms with an eMMC as the internal
storage, due to how the partition encryption support is implemented. In
plaatforms that use NAND instead, ths initramfs offers no functionality and
increases the recovery image size, so remove it.
https://onedigi.atlassian.net/browse/DEL-7534
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
If we allow users to manually change the encryption status of the rootfs
partition, we run the risk of wiping it without flashing a proper replacement
image. Because of this, rootfs encryption status should be determined
automatically using information from the update package.
Have the recovery script parse the update package's description to determine
whether to encrypt the rootfs or not.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This partition isn't blacklisted, but it should only be (un)encrypted when
providing an update package. Make it so that manual encryption status changes
for this partition aren't possible from the recovery library.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the recovery script checks the update package before installing it, use
the package's description to indicate if the package is meant to encrypt the
rootfs or not. Also, remove the pre-install script from the ccimx6ul packages,
since the logic in the script to remove the encryption flag from the rootfs is
now in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since the update partition might be involved during a software update, we need
to make sure that its contents are accesible and safe when using the partition
encryption feature at the same time.
Mount and unmount the partition correctly if it's encrypted and cancel any
operations that will result in the deletion of the update package.
https://onedigi.atlassian.net/browse/DEL-7174https://onedigi.atlassian.net/browse/DEL-7422
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a new function to the recovery library to be able to encrypt/unencrypt any
partition on the internal storage media. Since it's a destructive operation,
add a warning message and a confirmation prompt that can be skipped if needed.
Reflect this new functionality in the recovery-reboot app. Change the logic so
that an encryption key can be set even if there's no update package, because
now it's possible to encrypt other partitions while leaving the rootfs intact.
Also change the logic so that the app doesn't reboot into recovery mode if
there's no recovery command set.
Implement the same blacklist as the one in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The partition encryption system now uses dynamically generated names for the
decrypted block devices, which are based on the partition name. Reflect this
change in places where the encrypted rootfs is referenced.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Modify the recovery and trustfence initramfs scripts to be able to encrypt any
partition on the internal storage media, not just the rootfs.
To implement this functionality, add a new recovery command called
'encrypt_partitions'. When used, this command must contain a comma-separated
list of the partitions that are to be encrypted by the end of the recovery
process, including partitions that were already encrypted beforehand. Any
partition that isn't in the list will be unencrypted. If the command is absent,
no changes will be made, but it's possible to pass an empty command to
unencrypt all partitions.
Include a blacklist to avoid encrypting partitions that shouldn't be encrypted,
such as partitions that need to be accessed by the ROM code/U-Boot or
partitions that contain encryption keys.
While at it, remove unnecessary "get_kernel_version" function from the script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The matchbox-terminal provides a GTK+ terminal application on the sato desktop,
however it has a dependeency of the virtual terminal emulator GTK+ widget
library (vte) that recently introduced a dependency with the icu package that
increase the rootfs size in 20MB. Since this is a sample application, remove it
to save space on the rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package adds a dependency of python3-xml that includes the python3 core
package, increasing the size of rootfs by 8MB.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
packagegroup-core-x11-sato has a dependency on the gst-examples package and
adds a RRECOMMENDS for several packages including many codecs, enconders, etc.
We remove this package for the cc6ul platform to save space in rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add just one qt demo by default and move all of them to platforms with gpu
support, as platforms like cc6ul have few space available.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The prebuilt 'athtestcmd' binary allows you to test tx/rx of the
Wi-Fi MAC, when the driver is loaded in test mode.
This is required for certifying Wi-Fi in products, so add it by
default for the ccimx6sbc.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7444
(cherry picked from commit acb402fdcfa54d8d5519580ff7fcfb76fbed3f49)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Now libgpiod is not added automatically and we need to add the
dependence manually.
For more info see commit 4339c28ff4aa0264c34f4f183349aea20a5ff127 in
meta-openembedded layer.
https://jira.digi.com/browse/DEL-7522
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
In the free meta-scale layer, the same entry "use-g2d = 1" is uncommented for
mx6dl and mx6q, however our ccimx6 platform has both machines in its
definition, so the same entry is uncommented twice and throws an unexpected
error. This commit adds a append in the install process to uncomment this entry
for the ccimx6 platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vulkan has a dependency of vulkan-headers package that is not available
for the mx8mm platforms.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Recipe system-monitor has a dependency with systemd package, however it was
added unconditionally for all platforms. This commit adds a protection to
include this recipe only when systemd is present in the DISTRO_FEATURES
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 98d76037("recipes-qt: qt5: Update recipes to new BSP release
imx_5.4.70_2.3.0") removes the definition of the PACKAGECONFIG_MX8_GPU
variable, but its use had to be removed. This commit completely removes the
undefined variable.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Simplify the structure of the recipe folder, if one version is not supported
we must use the COMPATIBLE_MACHINE overwrite
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit f7a354d("Generate image headers from their PNG source, while still
including them in dist tarball") provides a default PNG files removing the image
generation in build time. This commit overwrites the default PNG with one
customized by Digi.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit ae479d86d1("libical: add PACKAGECONFIG glib and enable it by default")
introduces a workaround to fix the build with glib support and enables it
by default, but this support is unstable and this workaround is not needed on
v3.0.8. Added original recipe without that workaround to avoid the build issue.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The "dhcp" software package has become unmaintained and thus has been
functionally replaced by "dhcpcd" (client) and "kea" (server).
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Modify the recovery-utils code to reflect the change (change in C header and
linked libraries)
https://jira.digi.com/browse/DEL-7410
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Sync with BSP release rel_imx_5.10.9_1.0.0 and remove unnecesary files
after most of them were updated in meta-freescale layer.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Sync with BSP release rel_imx_5.10.9_1.0.0 and remove unnecessary files
after most of them were updated in poky layer.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The 'distro_features_check' class has had its functionality expanded, as
a result the class has now been renamed to 'features_check'
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit a04e0ed79 ("libsoc: use python3 for python bindings") moves python
support to use python3.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
NetworkManager recipe split the command line util in a different package, so we
added it in our default images.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Refresh custom patches and removed all Fast Roaming patch series due to it is
already integrated in this version.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds the support for the cryptodev
engine into OpenSSL. So OpenSSL can use hardware
accelerated support through the CAAM driver.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7439
The previous SHA1 has been completely removed from NXP's opencv repo, so the
recipe must point to a new revision. Update to the revision used in the
zeus-5.4.47-2.2.0 branch of meta-imx.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Include by default support to Simultaneous Authentication of Equals (SAE) and
the standard IEEE 802.11w to Protected Management Frames, both required to
support the standard WPA3.
https://jira.digi.com/browse/DEL-7301
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove outdated wayland patch and remove NXP workaround for mx8mq platforms in
the weston-init recipe. These changes don't affect our platforms, but it's to
make sure that we're in sync with the latest version of NXP's recipes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Most 8M families have the same GLES3 support, with 8M Mini being the exception.
See NXP commit cbb1793f1 ("imx-gpu-viv: Simplify GLES3_HEADER_REMOVALS").
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the same common files for both ConnectCore 8M platforms
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the same common files for both ConnectCore 8M platforms
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Aside from code improvements, this version includes fixes for the following
vulnerabilities:
* CVE-2020-25681
* CVE-2020-25682
* CVE-2020-25683
* CVE-2020-25684
* CVE-2020-25685
* CVE-2020-25686
* CVE-2020-25687
While at it, remove files that were inherited from an older vulnerability fix.
These files consist of scripts, patches and configuration files that already
exist in the original meta-openembedded recipe directory.
Remake lua.patch, since the diff context has changed in v2.83.
https://jira.digi.com/browse/DEL-7389
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These changes were originally applied to the ccimx6 to fix a trailing effect in
the desktop, but we've recently discovered an HDMI hotplug issue on the
ccimx6qp that is also solved when using the g2d backend. Apply the workarounds
to both platforms.
https://jira.digi.com/browse/DEL-7380
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In order to revoke SRKs in platforms with AHAB we need to set a mask
during the signing/encryption process.
Create new TRUSTFENCE_SRK_REVOKE_MASK variable to export the
SRK_REVOKE_MASK variable required by the imx-boot signing script.
The revoke mask is not necessary for signing/encryption of other artifacts,
so set it by default to 0x0.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The landing page for the WebKit examples has gone through a visual overhaul to
improve the overall user experience, so adapt its recipe accordingly. Since the
page now contains resources that are relatively large (such as images and
extensive stylesheets), remove its elements from the recipe directory and
obtain them from Digi's FTP server instead.
https://jira.digi.com/browse/DEL-7365
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The Qt WPE plugin has an implicit dependency with libgbm, which is only
available on i.MX8 platforms. Also, it pulls in several Qt dependencies,
increasing the total rootfs image size by about 50MiB. Remove said plugin to
completely separate Qt and WebKit functionality.
https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe installs some videos that can be used to test the WebKit's hardware
acceleration during video decoding. Modify the landing page to be able to
access these videos.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe installs the main page of the WebKit examples, from which all other
examples can be accessed. For now, only include the WebGL examples.
Since the landing page recipe needs to know which WebGL demos are being
installed and the webserver path where everything is installed, move some of
the variables used in the webglsamples recipe into an *.inc file to be able to
re-use said variables in different recipes.
Use the Digi embedded documentation CSS file for now, so the landing page looks
more on-brand.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We're going to be using the busybox http server to house the WebKit examples,
so we need to get rid of any files that might interfere with it. Keep the files
for the ccimx6ul, since it doesn't support WebKit.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe installs a subset of the samples available at
https://webglsamples.org/ onto the target's web server, to be able to run said
examples locally without needing internet access. Make sure not to install any
source files to avoid making the package too large.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add two patches to improve user experience, such as making the browser
fullscreen and removing the otherwise necessary --platform parameter.
Also, make www.digi.com the default URI to avoid having to explicitly pass a
URI when launching cog.
https://jira.digi.com/browse/DEL-7311https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The i.MX8X video decoder requires a specific NXP video converter, otherwise
videos will appear with several glitches. This patch adds said plugin in the
WPE webkit's internal gstreamer pipeline.
https://jira.digi.com/browse/DEL-7311https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The EGL library provided by NXP in the v5.4.47 BSP has a bug where a NULL
pointer is returned by eglGetProcAddress() when trying to obtain the entrypoint
for a specific function used throughout the cog code. This caused cog to crash
immediately after launching it.
Recently, a fix was made available in the cog repo, so backport it to the
latest available revision of cog in meta-webkit and apply it.
https://jira.digi.com/browse/DEL-7311https://jira.digi.com/browse/DEL-7312https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This image is very similar to dey-image-qt, but it includes the WebKit
packagegroup instead of the Qt one. Said packagegroup contains all of the
elements needed to run a WebKit-based browser environment in DEY.
This image requires the meta-webkit layer, so include it in our default
bblayers template. For now, include all WebKit related recipes in a dynamic
layer, because the ccimx6ul doesn't support WebKit and its projects don't need
meta-webkit at all.
https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Create scripts to install DEY firmware using a USB stick.
https://jira.digi.com/browse/DEL-6802
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
configure power LED for blinking in standby
configure power LED solid on after resume
https://jira.digi.com/browse/DEL-7330
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
xserver-xorg: Upgrade to 1.20.8 version [YOCIMX-4697]
Backport the recipes from poky master as the xserver is already upgraded to 1.20.8.
Signed-off-by: Neena Busireddy <neenareddy.busireddy@nxp.com>
xserver-xorg: Remove comment that is no longer valid
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
xserver-xorg: Fix patch fuzz
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Added FILESEXTRAPATHS_prepend to reuse some recipes from poky layer.
Patches refreshed with devtool finish --force-patch-refresh
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
opencv: Add smaller version of download models script [YOCIMX-4899]
Add a download models script that downloads a subset of the
regular script, reducing the download size from 10 to 1 GB.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
opencv: Fix build break [YOCIMX-4806]
The fix for installing face_landmark_model.dat failed
if test was not in PACKAGECONFIG. In fact we should only
install face_landmark_model.dat if test is configured.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
opencv: Fix patch fuzz
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
imx-gpu-viv-6.inc: Update files in libopencl-imx package
Fix issue:
ERROR: imx-dpu-g2d-1.8.9-r0 do_package_qa: QA Issue: /usr/lib/libg2d-dpu.so
contained in package imx-dpu-g2d requires libOpenCL.so.1()(64bit), but no
providers found in RDEPENDS_imx-dpu-g2d? [file-rdeps]
Signed-off-by: Yuqing Zhu <carol.zhu@nxp.com>
imx-gpu-viv: Update library installation
The packaging model has been reworked so now we can simply
copy the libraries.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
imx-gpu-viv: Integrate recipe updates
Integrate our local recipe updates into the
copied include file.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
imx-gpu-viv: Copy include file from meta-freescale
Changes are extensive enough now that it makes sense to
simply copy what is upstream.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
kernel-module-imx-gpu-viv: Switch branch to imx_5.4.47_2.2.0
Signed-off-by: i.MX Yocto Project Build <imx.build@nxp.com>
imx-gpu-viv: remove wayland as a requirement for i.MX8 platforms
Based on commit ed2c4974 ("imx-gpu-viv: remove wayland as a requirement for
i.MX8 platforms"), this commit removes the requeriment of wayland as a backend
for the i.MX8 platforms to build framebuffer images.
https://jira.digi.com/browse/DEL-7013
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
imx-gpu-viv-v6: remove kernel-module-imx-gpu-viv dependency
This dependency was originally removed in commit
eafa8684a3, but it was erroneously put back in
commit 793e901678 when updating the recipe using
the one in meta-fsl-bsp-release as reference.
Instead of removing the line containing the dependency, in order to avoid the
same situation from happening in the future, comment it out and add an
explanation about why we're removing it.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
Includes:
Revert "weston-init: Fix being underrun with superTile format and video playing on i.mx8dxmek [YOCIMX-4227]"
The setting has been merged into driver [MGS-5713]
This reverts commit bfaf99da16df2b7fd56ec6454406d5a71e90aa9f.
Signed-off-by: Hector Bujanda <Hector.Bujanda@digi.com>
This commit replaces the hardcoded text from the readme file by the environment
variables adding from this way the release version to the file content.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Otherwise, qt5 applications will fail to launch on the 8X and 6/6QP.
https://jira.digi.com/browse/DEL-7281
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The indexes of the MCA PWM controllers are different in Linux v5.4, so the
default value used by libdigiapix results in an error. Reflect this change and,
while at it, replace the default PWM with an IO connected to a user LED to make
the example more visual.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit c24d1d96 ("sysinfo: adapt script after removal of deprecated fsl_otp
driver") introduced a mistake masking the SEC_CONFIG[1] bit read from the OTP.
This commit fix the read command to force it in hex format and finally match
with the mask in the script.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Back when the ccimx6/6qp used Linux v4.9, we needed to use crda because
wireless-regdb-static wasn't supported until v4.15. Now that we use v5.4 on all
platforms, this workaround isn't needed anymore.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit c24d1d96 ("sysinfo: adapt script after removal of deprecated fsl_otp
driver") introduced support to determine if a device is closed by checking
a new boolean property on the DT for the CC8X platforms, however the CC8M
platforms use the same mechanism. This commit modifies the sysinfo script to
check also the DT for the CC8M platforms.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit cbb38440 ("meta-digi-dey: sysinfo: Add chip revision sysinfo output")
introduced a new script variable to determine the SOC revision of the module.
However this entry only is available on the CC8X platforms. This commit checks
if the entry exist and then tries to read it to avoid unexpected issues with
devices without this entry.
https://jira.digi.com/browse/DEL-7263
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This version includes changes needed to reflect the OTP driver update in the
kernel.
https://jira.digi.com/browse/DEL-7261
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds new environment variables to support QT with wayland and
to fix the following error message when executing QT5 applications on the
target.
qt.qpa.plugin: Could not find the Qt platform plugin "eglfs" in ""
This application failed to start because no Qt platform plugin could be initialized.
Reinstalling the application may fix this problem.
Available platform plugins are: minimal, offscreen, vnc, wayland-egl, wayland, xcb.
Aborted.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates the GPIO udev rules to change the group owner
and permission of the new gpio char driver. This will allow users
that belong to the digiapix group to access the char driver.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7255
This package was being included as a RRECOMMENDS from libcrypto, but we don't
need it in the initramfs at all. Since our recovery image is already pretty big
compared with the recovery partition size on ccimx6ul platforms with 256 MB of
storage, remove it to make sure the image can fit.
https://jira.digi.com/browse/DEL-7253
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add systemd auto-getty.service to run agetty on the console defined in the
kernel command line on platforms with systemd support.
This service replaces serial-getty@.service as the one responsible for
opening a tty port and prompting for a login name when
TRUSTFENCE_CONSOLE_DISABLE is configured.
https://jira.digi.com/browse/DEL-7242
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We have specific scripts per platform to export the qt5 environment variables,
because using the default backend-specific scripts ported from the meta-imx
layer results in mismatches in specific cases (for example, 6UL framebuffer
images only support linuxfb, but the qt5-fb.sh script exports eglfs instead).
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We originally ignored the weston-init.bbappend in meta-freescale back in thud
because we were basing our recipe off of NXP's sumo BSP, and NXP's weston-init
customizations were incompatible with the ones in meta-freescale. Remove it
from the BBMASK to be able to incorporate the customizations in meta-freescale.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The ccimx6 uses the g2d weston renderer to avoid graphical glitches, but the
default renderer code doesn't handle suspend/resume cycles properly, causing
other issues (notably in the framerate and the desktop not showing 66% of the
time when resuming from suspend). Add a patch to mitigate these issues.
https://jira.digi.com/browse/DEL-7236
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Without this option, moving any element on the desktop (cursor or windows) will
cause an undesired "trailing" effect, where parts of the moved elements remain
on the desktop.
https://jira.digi.com/browse/DEL-7221
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This workaround is no longer needed since ccimx6/6qp now use Linux v5.4
https://jira.digi.com/browse/DEL-7221
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Recipe from poky layer only provides the native support
but to generate the sdk we need also the nativesdk.
https://jira.digi.com/browse/DEL-7200
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package needs to be installed in the rootfs for the demos to work.
While at it, mark this change as Digi-specific to avoid removing it in future
recipe updates.
Reported-by: Alfonso Martin Rey <alfonso.martinrey@digi.com>
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 07f1fa88f2)
This commit removes the v4l2 example because they are superseded
by gstreamer examples.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7211
The old fsl_otp driver is deprecated and we need to determine
if the device is closed using a new property of the device tree
called 'digi,tf-closed'.
Assume the device is open if the property is not found.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit fc1a736758)
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
(cherry picked from commit f6a8de0067)
The old fsl_otp driver is deprecated and we need to determine
if the device is closed using a new property of the device tree
called 'digi,tf-closed'.
Assume the device is open if the property is not found.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
By default, we generate SWU files which update both the linux and rootfs
partitions. This, along with the fact that platforms using NAND as the storage
media require a reboot for the rootfs partition's "enc" flag to take effect,
makes it safe to format the NAND's rootfs partition before performing an
update, regardless of having to encrypt the rootfs or not.
However, customers that wish to use the swupdate feature to update just the
linux partition will find that the rootfs is completely erased after the update
is finished, because a new rootfs hasn't been written in its place.
To avoid this scenario, parse the SWU package's description to verify that it
contains a rootfs image before formatting the partition.
https://jira.digi.com/browse/DEL-7067
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Upgrade GST version from 1.16.0 to 1.16.1
The headerfix.patch in gst-plugins-good needes to be removed
as these changes are already included in 1.16.1
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit updates the imx-gpu-viv to the next version.
It includes the following improvments and fixes
* The work-around that moves .so for OpenCL, OpenVX, and Vulkan
to the main packages triggers the QA Issue for dev-so:
ERROR: imx-gpu-viv-1_6.4.0.p2.4-aarch64-r0 do_package_qa:
QA Issue: non -dev/-dbg/nativesdk- package contains symlink .so:
libvulkan-imx path '/work/aarch64-mx8m-poky-linux/imx-gpu-viv/1_6.4.0.p2.4-aarch64-r0/packages-split/libvulkan-imx/usr/lib/libvulkan_VSI.so' [dev-so]
Suppress the QA check.
* Add versions for OpenCL, OpenVX, and Vulkan.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Mike Engel
Gabriel Valcazar
Isaac Hermida
Arturo Buzarra
Hector Palacios
Francisco Gil
Javier Viguera
Gonzalo Ruiz
Hector Bujanda
Mattias Lindblad