This commit enables SWU image authentication when TrustFence
is enabled instead of when signing of images is enabled.
This allows the system to authenticate SWU images on images that
have been externally signed.
https://onedigi.atlassian.net/browse/DEL-8891
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
There is a harmless error when restoring alsa profiles, as it also
attempts to restore UCM profiles.
Since we do not include UCM profiles for our sound cards, skip it.
https://onedigi.atlassian.net/browse/DEL-9066
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
In legacy NAND platforms like the ccimx6ul, it's possible to use a single-MTD
configuration with dualboot disabled, which allows access to the functionality
provided by the recovery partition. However, the partition encryption feature
requires a multi-MTD configuation, so said feature shouldn't be accessible in
this case.
Prevent access to partition encryption in a single-MTD system by:
* Adding the "system" partition to the partition blacklist in both the
recovery-utils library and the recovery initscript.
* Checking the "singlemtdsys" environment variable before using any
functionality related to partition encryption.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Currently, when wiping the update volume via the recovery partition on a
ccimx6ul with singlemtdsys enabled, the procedure fails with this error:
[RECOVERY] Starting recovery...
[RECOVERY] Wipe 'update' partition requested
[RECOVERY] Formatting 'update' ubi volume
ubi0 error: ubi_open_volume.part.0: cannot open device 0, volume 3, error -16
ubiupdatevol: error!: cannot open "/dev/ubi0_3"
error 16 (Device or resource busy)
This is because the logic used to unmount a volume before formatting it is
expecting this entry format when running "mount":
ubi0:update on /mnt/update type ubifs
While this is the format of the "mount" output in userspace for the rootfs
volume, other trivial volumes have this format instead:
ubi0_3 on /mnt/update type ubifs
Adapt the logic to this format so that the "update" volume wipe procedure can
take place.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add also 'e2fsprogs-tune2fs' to the image, as busybox's version of
tune2fs command does not support setting the "encrypt" feature of the
EXT4 filesystem.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On new platforms, trustfence will use file-based encryption instead of
full-disk encryption. Add base variables and platform defaults to allow
implementing file-based encryption.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Encrypting boot artifacts impacts the device's boot time, so disable them
by default. It is still possible to enable it in the project's config
file by setting the TRUSTFENCE_DEK_PATH option.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Unlike the rest of the NXP platforms, in u-boot, the ccimx93 allows
configuring a GPIO name to activate the console when secure console is
enabled. Those u-boot options were not translated to the trustfence code
in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9063
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit adds some basic TSN support to DEY.
It includes the kernel configuration fragment with
the IEEE 802.1 support and the some user space tools
necessary to configure the network.
https://onedigi.atlassian.net/browse/DEL-9026
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit adds real time test tools to the system.
The hwlatedetct is a program that controls the kernel
hardware latency detector module. This is used to detect
large system latencies independent of Linux itself.
The rt-tests package is a test suite that includes the cyclictest
tool to measure the difference between a thread's intended
wake-up time and the time at which it actually wakes up.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Rework commit c5c9838e54 to only limit ML
packages for our ccimx93 and not for other imx93-based devices.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Trustfence class was setting the TRUSTFENCE_PASSWORD_FILE variable using the
old keys format where a unique key_pass.txt file contains all the key
passwords. However, in the new format there are one key_pass file for each
key, so using a PKI tree with the new format throws an unexpected error in the
FIP generation due to it is not able to find the required key password.
This commit sets the TRUSTFENCE_PASSWORD_FILE variable for the ccmp1 platforms
on different way.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a check on the existence of the "temp-fitimg-loaded" environment
variable before setting it. It is needed, as with encrypted FIT images,
we need to decrypt them before accessing the boot script. In such cases,
u-boot sets that variable to "no" so the boot script does not override it,
and the FIT image is loaded again before the final boot to the OS.
https://onedigi.atlassian.net/browse/DEL-8945
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This patch fixes the hang issue with EiQ demos using multiple tflite files,
for instance the gesture_detection demo.
https://onedigi.atlassian.net/browse/DEL-8949
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This recipe is not supported anymore. If you need to add that package
for aarch64, a solution is include pip3 in your image and install it
using the pip3 install manager.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Trustfence class was setting the TRUSTFENCE_PASSWORD_FILE variable using the
old keys format where a unique key_pass.txt file contains all the key
passwords. However, in the new format there are one key_pass file for each
key, so using a PKI tree with the new format throws an unexpected error in the
FIP generation due to it is not able to find the required key password.
This commit sets the TRUSTFENCE_PASSWORD_FILE variable for the ccmp1 platforms
on different way.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.
Rename the variables so that it's easier to identify the platforms/vendors they
affect:
* Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
* Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP
Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We rely on FIT support to implement boot artifact authentication on ccmp1
platforms, but our implementation made it impossible to enable FIT support
outside of the context of Trustfence/secure boot.
Change this so that it's possible to enable FIT support without having to sign
the FIT artifacts. Also, modify the linux-dey 5.15 recipe so that the U-Boot
DTBs with signatures get copied only when FIT signing is enabled.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit updates the required firmware binaries for Bluetooth and Wireless
interfaces, hostapd and wpa_supplicant recipes based on the Cypress Linux WiFi
Driver (FMAC) release v5.15.58-2023_1128 (Wireless firmware v13.10.246.334).
This change also includes a custom defconfig file for the hostapd and
wpa_supplicant recipes including the changes from the patches and the Digi
customizations.
Also are updated the Murata firmware repositories to match with the latest
Murata release imx-kirkstone-hedorah_r1.0, which is based in the same Cypress
Linux Wifi Driver release v5.15.58-2023_1128.
https://onedigi.atlassian.net/browse/DEL-8667
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Not installing all the ML packages but just tensorflow-lite saves space.
We are not including onnxruntime and torchvision, which are not supported
by the i.mx93 (see NXP user guide for details).
The ext4.gz size is decreased from 430MB to 217MB.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The patch we were using comes from the time during dualboot support development
where said feature was selectable at build time. The patch adds a new build
option, giving the impression that it only gets enabled under certain
circumstances, when in reality:
* The option is never enabled anywhere in our code
* It's a string option that is treated like a boolean, meaning its
respective conditional compilation is always getting compiled even when
disabled
Our current dualboot support is enabled at runtime, so it doesn't make sense to
have a build-time option related to it, especially one that's broken. Replace
the patch with a functionally equivalent one that is less confusing. Also,
remove the related config option from our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The current log level is very verbose and generates way too much output in some
cases, such as a binary diff update. Reduce the default log level to avoid
this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit fixes a build issue using meta-digi layer with a different distro
than "dey". Also simplified the bbappend to avoid creating a custom
do_patch_png() task before do_configure().
Reported-by: Stephan Klatt <skladd@users.noreply.github.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This reverts commit c5b53c9765.
The HCI reset interface is fixed inside each BT power calibration shell
script, so this workaround is not needed anymore.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
for the IW61x, when the FW is instructed with an hci reset command, the
LE stack is not correctly reset.
It can be workaround-ed by SW doing a SW power cycle.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This is an NXP change that reverts a mainline weston commit form v9.0.0, in
which the mouse cursor only gets activated when there is mouse movement. This
change was only being included in the weston v10.0.X i.MX forks.
For platforms that don't use these weston forks (ccimx93 uses the v11.0.X fork
and ccmp15 uses mainline weston), the mouse cursor doesn't load right away when
booting the system, which causes apps that are automatically launched (such as
the LVGL demo) to not register the mouse, rendering said apps unresponsive to
it.
Port NXP's change to all of the weston versions we currently use to avoid this
problem.
https://onedigi.atlassian.net/browse/DEL-8865
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The display for the cc93 is 'wayland-1'.
Use backslashes before the curly braces to avoid potential expansion by
bitbake variables.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This is to avoid duplicating names with variable DEMO_DISPLAY inside
the lvgl-demo-init script itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
There are some cases in which the loading of the Wi-Fi modules may be
problematic due to timing conditions:
- when a suspend operation in progress is aborted
- when Bluetooth is disabled
The Wi-Fi needs some time for the system to be ready before loading the
modules.
This commit:
- Stops the Bluetooth before bringing down the Wi-Fi on suspend
- Starts the Bluetooth (or adds a small delay) before bringing up the
Wi-Fi on resume
- Reworks the way the resume operations are programmed, to do them in
reverse order (first load the Wi-Fi modules, then bring the interfaces
up (if required). It does so by appending/prepending actions into a
variable and dumping the contents finally to a temp file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit c4f2fce4d3 added logic to do_install()
that saves space by removing board image files that don't match the machine
name. However, the ccimx6qpsbc uses the ccimx6sbc board image file, and it was
being removed from the demo, breaking the demo's landing page.
Avoid this by specifying the correct filename for the ccimx6qpsbc.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ccimx6ul platform uses the fbdev backend to run LVGL graphical applications,
the mouse input device is not supported by default on this platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit sets the default LVGL demo dimensions to match with the resolution
of the supported LVDS display, showing the application at fullscreen.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds a systemd service and a sysvinit script to initialize the LVGL
demo automatically on boot.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
LVGL graphical library has support for different backends, in the case of the
ccimx6ul we use the fbdev directly, so we don't need the x11 support.
This commit removes x11 support for the ccimx6ul platform for the
dey-image-lvgl image.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This revision disables LVGL's wayland client-side decorations to prevent visual
glitches on some platforms and homogenize the look of the demo regardless of
platforms/backend.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is needed to make the LVGL demo work on the ccimx93, which uses a newer
version of weston that no longer includes wl_shell support. Restore the
wl_shell functionality via a patch and enable it.
https://onedigi.atlassian.net/browse/DEL-8849
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The support to update U-Boot in the redundant partition must be enabled in the project
configuration file by setting the variable "SWUPDATE_UBOOTIMG_REDUNDANT" to "true":
SWUPDATE_UBOOTIMG_REDUNDANT = "true"
This feature is only available for the newer platforms: ccmp13, ccmp15 and ccimx93. Trying to
enable it in older platforms will display a warning and fallback to non-redundant update.
Signed-off-by: David Escalona <david.escalona@digi.com>
Backport of multimedia package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of multimedia
recipes from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
https://onedigi.atlassian.net/browse/DEL-8840
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The JIRA in the patch description describes a problem in the CC6UL, so
do not use the patches on other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
If 'CCCS_CONF_PATH' is defined, the specified file is installed as CCCS
configuration file without any modification.
It it is not defined or it is empty, the configuration file in cc_dey
('cc_dey/cccs-daemon/cfg_files/cccs.conf') is installed and modified if
required.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Rework the script so that it has a similar structure as the MMC leaving it ready
to integrate new platforms.
Signed-off-by: David Escalona <david.escalona@digi.com>
This variable is only required to enable the bootcount feature after an update when the bootcount value is
stored in the environment. This only happens in the CCIMX6 products, so it makes no sense to use it for the
CCMP1 devices.
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, enable support to update encrypted U-Boot for all mmc platforms
supporting it. The install script extracts the DEK blob from the installed
U-Boot and appends it to the new U-Boot before flashing it.
Signed-off-by: David Escalona <david.escalona@digi.com>
This new variable establishes the number of 1Kb blocks to skip before writing U-Boot in the
bootloader partition.
Signed-off-by: David Escalona <david.escalona@digi.com>
EGLFS is a platform plugin for running single Qt applications in full-screen
mode, without a windowing system like X11 or Wayland.
https://onedigi.atlassian.net/browse/DEL-8802
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
To work in a dualboot memory layout out of the box, the most
common use case of the firmware update through the cloud should
be on the fly because in nand platforms there is not enough
memory to keep the update file in the system.
https://onedigi.atlassian.net/browse/DEL-8305
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: bd5506ddba364ad04602d5009b77077f78450b97
Source: NXP's MCUXpresso SDK_2.14.2_MIMX9352xxxxM
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport a new version of cmake-native from Poky's mickledore release. This
is required by the new version of the onnxruntime package (updated in
the following commit).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Our fork contains the same patches that were originally applied in this recipe.
This makes it easier for customers to identify the modifications necessary to
get LVGL working on our platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When switching off the 3.3V supply from the Wi-Fi during suspend,
around a 10% of the times, when resuming the Wi-Fi driver fails to load.
It was verified that a rebind operation over the mmc interface (which
eventually calls the script that loads the Wi-Fi module) makes it
load successfully, which denotes a timing issue during resume.
Adding a small delay on the resume operation before running the script
makes the Wi-Fi driver load at the first try.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8821
Backport of graphics package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We removed this package from the recovery initramfs, but it was getting added
as a recommendation to the trustfence initramfs as well.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We use cryptsetup in both the recovery and trustfence initramfs to handle block
device encryption on platforms that use eMMC as the internal storage. In
meta-openembedded commit 1ce71d6ec31195280073adec0e400dda7c0dd8a7 (between
DEY 2.6 and 3.0), a lot of PACKAGECONFIG options were added to the cryptsetup
recipe, all of them enabled by default. One of these options is "udev", which
adds a runtime dependency with udev that in turn pulls in a lot of other
dependencies with it. This is unnecessary because we already use mdev in our
recovery image, and the other packages simply take up space as they aren't
needed at all.
Our eMMC partition encryption functionality, which is the reason why we need
cryptsetup to begin with, is unaffected by this change and still works as
expected. Keep in mind that it was working properly without udev in DEY 2.6 and
older DEY releases, so removing udev isn't an issue.
Remove this PACKAGECONFIG option to get rid of udev and its dependencies in
the recovery and trustfence initramfs.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In theory, libcap's pam_cap module should use libpam's dlopen runtime linking
mechanism, but starting in libcap 2.53, this changed in order to support
distros that can only link it at build-time. Then, in 2.54, a compile-time
option was added (FORCELINKPAM) to allow users to force the link or not. In the
poky recipe for libcap, this option isn't set, so the library was getting
linked by default, dragging all of its dependencies with it.
For more info: https://bugzilla.kernel.org/show_bug.cgi?id=214023
Set the flag to "no" to avoid linking against libpam, removing its dependency
from the recovery image and saving some space.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The TF-A and OP-TEE images have different suffixes depending
on whether TrustFence is enabled or not, but the suffix variables
themselves must exist independently of whether TF is enabled.
Currently, they were defined on the trustfence.bbclass, and the
variables did not exist when TF was disabled, which caused build
problems, for example, building the SWU file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This package is purely vestigial and hasn't been used at all in any of our
initramfs images for over 7 years. It was used in the first implementation
of the trustfence initramfs (commit 4dd7d438af)
to securely erase the key used by cryptsetup, but two weeks later, that logic
was moved to trustfence-tool (commit a8c50c16ea)
and "wipe" was no longer needed. However, the package remained in the
dependencies of the trustfence initramfs, which were then used as reference for
the recovery initramfs, even though this initramfs didn't even need "wipe" to
begin with.
Removing this package saves 30.8 KiB in the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is added as a recommendation for libcrypto and only contains legacy
ciphers which are deemed outdated or unsafe. If any of the packages in the
image actually required this module, they would depend on it explicitly, but
this isn't the case. This saves 66.8 KiB on the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We depend on libarchive so that swupdate can perform updates with .tar.gz
files, but by default, libarchive is configured to support a lot of additional
features that pull in even more dependencies. This increases the size of the
recovery image, which barely fits on platforms with limited internal storage
like the ccimx6ul. We already removed zstd support to mitigate this, but the
image size increased again after adding imx-kobs to it in commit
aa2480d1de.
Since libarchive isn't used by any other package in our system, remove the
configurations that bloat the recovery image and are not needed at all for
our file update use case. Note that removing the "lzo" packageconfig doesn't
remove its respective library from the image because mtd-utils also depends on
it, but it still reduces the size of libarchive. On the ccimx6ul, this removes
193 KiB worth of libraries and trims libarchive down by 20.5 KiB in the
recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These fields were added to default files, but not to the
special sw-description files for ccmp1 and cc6ul platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For signing SWU files we need to set a couple of variables:
- SWUPDATE_PRIVATE_KEY_TEMPLATE to the private key file
- SWUPDATE_PASSWORD_FILE to the password of the private key
The latter must only contain one password, whereas the current key_pass.txt
file had (for the ccmp13) the eight keys separated by a white space.
This commit:
- If the file key_pass.txt exists, it extracts each key into a separate
file key_pass0X.txt.
- If the keys don't exist, generates separate files per key.
- Changes the permissions of password files to 400.
- Adapts the sign script to use the single password files.
- Fixes a few quotes
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We were using the .cfg suffix for both the build-time config fragments and the
runtime configuration file. During do_configure(), all files in SRC_URI ending
in .cfg were being merged together to create the final build configuration,
including said runtime file, which has a completely different syntax. In most
cases, the contents of this file were being ignored, but when tweaking
swupdate's configuration and re-building the package, sometimes strange errors
would prevent the build from finishing.
Change the runtime file's suffix entirely to separate it from the config
fragments and prevent it from being treated as such, and reflect the name
change in the defconfig and the recovery script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
meta-swupdate recently added support for swupdate 2023.12 and libubootenv
0.3.5. This upgrade conflicts with our custom functionality in both packages,
so keep using 2023.05 and 0.3.2 respectively so DEY 4.0 can be built without
introducing possible functionality changes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
meta-swupdate recently added support for swupdate 2023.12 and libubootenv
0.3.5. This upgrade conflicts with our custom functionality in both packages,
so keep using 2023.05 and 0.3.2 respectively so DEY 4.0 can be built without
introducing possible functionality changes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 7e81e706a1 modified the logic used to
determine if a NAND is using multi-MTD or single-MTD, but single quotes were
used in the grep pattern, which prevents the variable inside from expanding.
This makes the script always enter the single-MTD code path, even in multi-MTD
systems, which breaks partition formatting in these cases.
Replace the single quotes with double quotes so the variable can expand and the
condition can be properly checked.
https://onedigi.atlassian.net/browse/DEL-8773
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 7e81e706a1 modified the logic used to
determine if a NAND is using multi-MTD or single-MTD, but single quotes were
used in the grep pattern, which prevents the variable inside from expanding.
This makes the script always enter the single-MTD code path, even in multi-MTD
systems, which breaks partition formatting in these cases.
Replace the single quotes with double quotes so the variable can expand and the
condition can be properly checked.
https://onedigi.atlassian.net/browse/DEL-8773
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Fixed via commit 311a492c21f0f3643f4b764f8b743c4c6908d31b in meta-st-stm32mp
This reverts commit 09c4645894.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Fixed via commit 311a492c21f0f3643f4b764f8b743c4c6908d31b in meta-st-stm32mp
This reverts commit 09c4645894.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds u-boot swupdate support for all platforms.
Now u-boot can be updated with all our supported update
options. Currently it will only update first partition
u-boot partition.
https://onedigi.atlassian.net/browse/DEL-8749
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The 'mtd-blacklist' parameter prevents swupdate from acting upon those
partitions that we consider sensitive.
Make such list platform-dependent.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The swupdate recipe installs by default a systemd service
and a socket to listen for updates coming from a web server.
DEY only makes use of such service during on-the-fly updates from Cloud
Connector web service.
The default swupdate service fails on images with TrustFence because it's
called with no arguments and there doesn't exist a configuration file.
This commit installs a default configuration file and, if TrustFence is
enabled, sets the parameter 'public-key-file' to point to the public
certificate to use to authenticate SWU packages.
While on it, it removes the same file from the recovery-initramfs recipe
that was the only recipe that was adding such config file for recovery
images only.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
meta-digi layers use many conditionals basing on TRUSTFENCE_SIGN, but this
variable may be disabled when the signing process wants to be isolated
from the image creation.
There are cases when we still need to know if TrustFence is enabled even
if the images are not going to be signed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
In commit df9b1cf329, the UBOOT_SIGN_ENABLE is set for all
platforms, and should be only added for FIT images.
This is making the process failing in cc8mn/cc8mm platforms
due to the UBOOT_SIGN_ENABLE is also used there to use a dtb
patched with the signature node.
https://onedigi.atlassian.net/browse/DEL-8764
Signed-off-by: Francisco Gil francisco.gilmartinez@digi.com
Otherwise, bitbake's git client won't be able to fetch the sources if there are
no mirrors available.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, bitbake's git client won't be able to fetch the sources if there are
no mirrors available.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: a0352b0cf7267c896b55980dedd08daddc780733
Source: NXP's MCUXpresso SDK_2.14.0_MIMX9352xxxxK
And, drop deepview-rt support for ccimx93, as NXP has done the same in
6.1.36-2.1.0 release.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
- Set variables required for FIT signing inside python function, under the
condition of having TRUSTFENCE_SIGN="1".
- Define two sign keys using TRUSTFENCE_ wrapper constants. Default values:
- 'fitcfg' for configuration nodes inside the FIT
- 'fitimg' for image nodes inside the FIT
- Enable FIT_SIGN_INDIVIDUAL to also sign individual images inside the FIT
- Set FIT_GENERATE_KEYS by default (kernel-fitimage.bbclass already checks
if the keys exist before generating new ones)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This change isn't functional, but necessary if we want to be able to separate
the logic in the include file and the demo recipe. This way the include file is
agnostic and can be included into other recipes if needed.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, launching a Qt5 app will result in errors and the QPA platform will
need to be set manually to get it to work.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Otherwise, launching a Qt5 app will result in errors and the QPA platform will
need to be set manually to get it to work.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Notice, that the new version of weston used now by the ccimx93 requires
a different profile file (weston-socket.sh). This profile supercedes the
old 'weston.sh'.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of multimedia package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of multimedia recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is required to build the new version of gstreamer used by NXP for
the ccimx93 and integrated in following commits.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
LVGL is a free and open-source embedded graphics library that is able to run
in environments with limited resources.
This image includes a desktop environment and an LVGL widget demo (lvgl_demo)
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Rename the recipe to lvgl-demo to reflect the generalization and select the
most appropriate backend for each platform. Aside from making sure each backend
builds and runs fine, add some usability improvements:
* Specify the mouse as the default evdev device instead of the touchscreen
* Use common resolution variables to be able to configure the app's
dimensions easily
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
ConnectCore 6 based products require the use of the 'upgrade_available' environment flag to save the
bootcount value between resets. Extend the use of this U-Boot variable for single system updates and
updates based on files.
Signed-off-by: David Escalona <david.escalona@digi.com>
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Note that this change was already done in commit
8979331ef8, but it was accidentally reverted when
upgrading to Qt 6.5 in commit a5c6f2b795.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 0d6d6d219f)
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Note that this change was already done in commit
8979331ef8, but it was accidentally reverted when
upgrading to Qt 6.5 in commit a5c6f2b795.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This fix systemd error on boot:
[ 6.974370] systemd[1]: /lib/systemd/system/connectcore-demo-example.service:3: Failed to add dependency on connectcore-demo-server, ignoring: Invalid argument
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This fix systemd error on boot:
[ 6.974370] systemd[1]: /lib/systemd/system/connectcore-demo-example.service:3: Failed to add dependency on connectcore-demo-server, ignoring: Invalid argument
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Current pattern does not match the SRKs generated for the ccimx93. The
ccimx93 does not support subordinated SGK certs, so the name of the SRKs
do not contain the "_ca_" pattern. So relax the expression used in the
trustfence bbclass to match the SRKs generated for both platforms.
# For the ccimx93
$ ls -1 crts/SRK1*crt.pem
crts/SRK1_sha512_secp521r1_v3_usr_crt.pem
# For the ccimx8x
$ ls -1 crts/SRK1*crt.pem
crts/SRK1_sha512_secp521r1_v3_ca_crt.pem
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
If the system is send to suspend mode, the bluetooth core is reconfigured.
Therefore, restart the service if it is running, to configure the ble
service.
https://onedigi.atlassian.net/browse/DEL-8694
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Bitbake was always copying the public key 1 to the rootfs, no matter what the value specified in
the 'TRUSTFENCE_KEY_INDEX' variable was. This commit fixes the issue by enclosing the variable
between curly braces so that bitbake is able to expand it and calculate the correct key index.
Signed-off-by: David Escalona <david.escalona@digi.com>
Commit 429125cce0 created a minimal version 'defconfig'
that doesn't include all the default configuration options
of swupdate.
However, an anonymous python function inside the swupdate
repository establishes dependencies basing on configuration
switches it finds (or not) in the 'defconfig' file and any
additional configuration fragments.
For this reason, a minimal 'defconfig' cannot be used in
this recipe and a full configuration file (that also includes
default options) must be used instead.
Reported-by: Stephan Klatt
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There was a missmatch between the configuration file and the
correct adc in the ccmp15 platform.
Also a whitespace is removed from ccmp13 configuration file.
https://onedigi.atlassian.net/browse/DEL-8702
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
ConnectCore Cloud Services examples are included in 'dey-examples' repository
so they can be built from here and also imported in Eclipse/Digi Application
Development Environment for Linux with the samples wizard.
The example 'upload_file' has been removed since currently there is no support
for binary data points in the CCCS daemon/client model.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This recipe generates several packages:
* 'cccs' includes the CCCS shared library
* 'cccs-daemon' includes the binary and resources to execute the CCCS daemon
(daemon, service and init scripts, configuration file)
* 'cccs-cert' includes the required certificate to use CCCS daemon
* 'cccs-gs-demo' includes the binary and resources to execute the CCCS get
started demo (binary, service and init scripts)
* 'cccs-legacy' includes the binary (all-in-one) application to execute
the legacy CCCS application (aka cloud-connector) and the configuration
file
* 'cccs-legacy-dev' includes resources to develop legacy CCCS applications
(all-in-one) (header files inside 'cloud-connector' and 'cloudconnector.pc'
pkg config file)
* 'cccs-legacy-staticdev' includes static resources to develop legacy CCCS
applications (all-in-one) (static library)
This commit also renames:
* 'CLOUDCONNECTOR_PKGS' variable to 'CCCS_PKGS'.
* 'CC_DEVICE_TYPE' variable to 'CCCS_DEVICE_TYPE'.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Those bbappends are enabling 'examples' PACKAGECONFIG. This is now done
in the distro config file.
https://onedigi.atlassian.net/browse/DEL-8675
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
QT v6.5 is a long term support (LTS) and is the version used in newer
releases from NXP (based on Yocto 4.2 mickledore)
This commit basically backports the QT v6.5 from meta-freescale community
layer (mickledore) with some recipe's polishing from meta-imx.
https://onedigi.atlassian.net/browse/DEL-8675
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Now we can't determine if the rootfs is ubifs/squashfs
in the ccmp1X platforms, so we need to add again the rootfstype
parameter but only for ccmp1X platforms.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The ccmp1 has two MTD partitions (UBI, UBI_2) with different system
volumes.
Previously, the fact of having two ubi devices was taken as proof of
being on a multi-MTD system (one that has one UBI volume per partition).
Instead, this commit reformulates the condition to having a partition of
the same name than the UBI volume.
For the case of the ccmp1, add a new for loop to iterate across any number
of UBI devices.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The P2P interface may have a different name, for instance, in the ccimx93 it
is wfd (wifi direct).
Generalize Digi P2P scripts to use the name from the platform config file.
https://onedigi.atlassian.net/browse/DEL-8468
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Make sure all packagegroups and examples needed for Qt6 support are accesible
to both NXP and STM-based platforms.
https://onedigi.atlassian.net/browse/DEL-8655
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
PKI tree generation for the STM32MP15 cpu provides the undesired file
"publicKeysHashHashes.bin", which is only required by STM32MP13. This commit
generates the PKI tree according to the KeyGen tool documentation to avoid
generate this extra file and avoid confusing the end user.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The CCIMX6 platform is the only one that will keep using the 'bootcount' value stored in the environment.
For this reason, that is the only platform requiring the 'upgrade_available' flag to be set after a
firmware update. For the rest of the platforms, remove it.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, remove the block of the 'dualboot' script that was taking care of this action.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
Add a user space application to manage the bootcount from the running system. This application
allows to read, reset and set the bootcount:
Usage: bootcount [options]
-r --read Read the current bootcount value (Default action)
-s <value> --set=<value> Set current bootcount to a specific value.
-x --reset Reset bootcount value to zero.
The binary checks the running platform underneath to perform the correct system access.
While on it, add a service to automatically execute the binary on boot to reset the bootcount value.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
This commit adds sha256 entry for the script files into
the sw-descrition. It is necessary for the Trustfence
authentication to have the included script files signed.
https://onedigi.atlassian.net/browse/DEL-8649
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
In the context of the class, we must use ${IMAGE_ROOTFS} instead of ${D}.
Change the calling of the function to POSTPROCESS (after the rootfs has
been created) instead of POSTINSTALL (after the packages have been
installed).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
There is a corner case in the cc6ul where the update from
recovery was failing.
If the u-boot variable rootfstype is set to squashfs u-boot
modify the bootargs adding "root=/dev/ubiblock1_0". The grep
of the command line was failing and detecting the device as
mmc and making the firmware update process fail.
Modify the grep to use the same system that we are using in
the update-firmware script.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This variable is only needed in the cc6ul, that's the reason
to create another sw-description only for the ccimx6ul.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When TrustFence is enabled, a PKI tree is generated.
In the case of NXP platforms, the PKI contains public certificates
from which the public key needs to be extracted using an openssl
command.
In the case of STM platforms, the PKI contains directly the
public key.
In all cases, we need the public key to be installed in the
rootfs /etc/ssl/certs/ folder, so that it can be used by
swupdate to authenticate signed SWU packages.
Up to now, this was being done on the dualboot recipe, but the
installation of the public key should really be only dependant
on the fact of TF being enabled.
This commit:
- Removes the generation of the public key from dualboot.bb.
- Generates a patch to extract the public key from the certificate
as part of the PKI tree generation (on NXP platforms).
- Installs the public key during a post install function after
the final rootfs has been created.
- For NXP platforms, extracts the public key using openssl if
it does not exist (for backwards compatibility).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This allows to set RTC configuration parameters. For example, the rv3028
RTC included in ccmp1 and ccimx93 has the "backup switching mode"
configuration in a register that is saved to an eeprom. By default the
BSM value is 00, which means backup switchover disabled. This means that
even if you connect a coin cell to our DVK, the RTC will ignore it.
With this commit, the BSM can be configured to direct switching mode
(DSM) or level switching mode (LSM) so the RTC uses the battery when the
device is powered off.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Implement a new mechanism to allow users to create update packages based on differences for read-only
systems. The update mechanism requires full knowledge of the current software running on the device in order
to compute a sensitive patch. For this reason, only systems without user modifications in the rootfs/boot
partitions are eligible for this kind of updates. At the moment, only the 'rootfs' partition supports the
read-only squashfs file system type, so it is the only partition supporting incremental updates. The 'boot'
partition will still be updated but as a full image.
This new feature is done making use of the SWUpdate 'rdiff' handler, which applies binary deltas with the
functionallity provided by the rsync library. During the update process, the contents of the active 'rootfs'
partition are read as the base and written to the inactive 'rootfs' partition applying the delta binary patch
on-the-fly. To ensure the delta file is applied using the correct base, the firmware update process verifies
the contents of the 'rootfs' base partition before applying the update.
The binary delta file is automatically generated by the DEY build system using the resulting 'rootfs' squashfs
image as target and the user specified file as source. The file is then packaged with the rest of components in
the SWU update image. Users must specify the base source file in their project configuration file using the
new variable 'SWUPDATE_RDIFF_ROOTFS_SOURCE_FILE'. Also, 'read-only-rootfs' image feature should be set in the
project to generate this new SWU update package.
Since a base and a target 'rootfs' partition is required during the update, only 'dualboot' systems can benefit
from this new feature.
Note: If variable 'SWUPDATE_RDIFF_ROOTFS_SOURCE_FILE' is configured in the project but any of 'SWUPDATE_FILES_LIST'
or 'SWUPDATE_FILES_TARGZ_FILE' variables is also set, the build system will prioritize a SWU update package
based on files instead of a differences package.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
We expect new types of SWU update packages to be created in the future. To avoid splitting
all the code in different classes based on the update type, create the generic class
'dey-swupdate' to hold all the custom code and the 'dey-swupdate-common' class to hold all
the required variables. This basically renames the old 'swupdate-files' and 'swupdate-files-common'
classes.
While on it, reorganize the 'swupdate-images' recipe to move variable declarations and
functionallity to the correct place:
- Move all variable declarations to 'swupdate-digi-common' class and organize them in
functional groups.
- Improve the way files are included in the 'SWUPDATE_IMAGES' by using the update type
variables.
- Move the update script copy to the 'do_swuimage' prepend function. Until now, the copy
process was executed in the 'fill_description' method, which should only touch the
'sw-description' file.
- Rename some variables to use 'SWUPDATE' prefix.
- Minor cosmetic changes.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
Writing directly into UBI volumes is not allowed, so a special 'rdiff' handler capable of
write data in UBI volumes is required. This commits adds the new handler and enables it in
MTD based systems.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
The 'RDIFF' handler allows to apply incremental updates using rdiff delta files in the
swu update package. This functionallity is only recommended for read-only file systems,
where the source partition cannot be modified externally by users.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
Create a new script for the generation of PKI tree for STM platforms
and leave the trustfence-sign-artifact script exclusively for signing.
The new gen-pki script only requires the platform as an argument and the
path to where to save the tree (if it doesn't exist) in
CONFIG_SIGN_KEYS_PATH.
This commit also reverts commit 13c136dbc5 by getting rid of the
trustfence-genpki-native.bb recipe and moving back the PKI generation
functions into trustfence.bbclass. This recipe didn't quite guarantee
that the PKI was generated on time for the recipes that required the
keys to exist, anyway.
Instead, the PKI generation function must be called right after
do_compile() of recipe tf-a-stm32mp to be ready for do_deploy() where
the key is used.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting at kernel 6.1, the maxim98088 driver has been migrated
from the old imx-max98088.c driver to NXP’s new audio framework
fsl-asoc-card.c.
Update the sound stuff to match the new audio card and some of
the new controls.
https://onedigi.atlassian.net/browse/DEL-8596
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Building swupdate with '-j1' fails with:
swupdate$ make -j1
scripts/kconfig/conf --silentoldconfig Kconfig
CC ipc/network_ipc.o
CC ipc/network_ipc-if.o
CC ipc/progress_ipc.o
LD ipc/built-in.o
LD libswupdate.so.0.1
Failed:
aarch64-dey-linux/11.3.0/ld: cannot find ipc-static/lib.a: No such file or directory
collect2: error: ld returned 1 exit status
That's due to trying to link a static library that has not been compiled
yet. That dependence seems spurious and we added it in a patch, so
remove it to fix non-parallel builds.
https://onedigi.atlassian.net/browse/DEL-8445
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The btnxpuart driver uses internally the serial port to manage the chip, and
loads the BT FW independently of the WiFi subsystem.
While on it, add support in the bluetooth-init script to be able to power the
chip when the WiFi support is not present.
https://onedigi.atlassian.net/browse/DEL-8632
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This reuses the same variable from sysvinit (USE_VT) to disable running
getty/login on virtual terminals.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
fill_description copies some artifacts to the images deploy directory,
so that should be created beforehand. Otherwise it may fail on the
'do_unpack' task depending on how bitbake schedules the tasks.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Implement a new mechanism to allow users to create update packages based on files and folders to modify
the active system.
This is done through the new class 'swupdate-files', which creates a tar.gz update file in the image
distribution output directory containing all the files and directories to create/update. The 'tar.gz'
file is used later by the 'swu-images' recipe to generate the final SWUpdate package. The SWU package
installation process extracts the tar.gz file in the root folder ("/") of the active system.
Users can specify the list of files and directories to include in the update package using the
'SWUPDATE_FILES_LIST' variable. These files will be directly copied from the generated system rootfs and
placed in the tar.gz archive. Additionally, users can provide their custom 'tar.gz' file to use in the update
by specifying its location in the 'SWUPDATE_FILES_TARGZ_FILE' variable. In any case, all the paths to include
in the update package must be relative to "/", as it is the base directory where tar.gz file contents are
extracted.
The update process for dual boot systems sets a new u-boot flag so that active bank is not swapped once
installation is complete and system reboots.
The SWU update mechanism based on files provides a custom update script which takes care of preparing the
system for the installation process. Just like in the SWU updates based on images, users can customize this
script or override it with the 'SWUPDATE_SCRIPT' variable, specifying the location of the new script to use.
If both the 'SWUPDATE_FILES_LIST' and 'SWUPDATE_FILES_TARGZ_FILE' variables are empty, a standard images
SWUpdate package will be generated instead.
Signed-off-by: David Escalona <david.escalona@digi.com>
Make the 'defconfig' file a real defconfig by including only differences with respect default
values. While on it, improve the recipe:
- Enable 'BOOTLOADERHANDLER' by default in the 'defconfig'. We were unconditionally setting
this value to 'y' in the recipe, so move it to the default configuration.
- Move 'UBI' configuration values to 'mtd.cfg' file to be added only when device filesystem is
MTD based. Until now, 'UBI' support was always added by default.
- Move the 'SIGNED_IMAGES' configuration entry to a '.cfg' file like we are doing with the rest
of the functionallity. Use 'oe.utils.conditional' checking 'TRUSTFENCE' feature for this.
Signed-off-by: David Escalona <david.escalona@digi.com>
Enable scripting support during the installation of system images with SWU. A new shell
script is included by default in all the SWU update packages that will be executed just
before the update starts and just after it finishes. The script is empty and contains two
place-holders that will be called in the two scenarios mentioned before.
Users can customize this script to execute specific actions based on their final product
needs or provide their own one by setting its location in the 'SWUPDATE_SCRIPT' variable.
While on it, rename the 'sw-description_template' file to 'sw-description-images_template'
as it is more accurate with the update mechanism it is used for.
Signed-off-by: David Escalona <david.escalona@digi.com>
This variable is not defined in ccmp1 platforms, making the
swupdate for single mtd failing.
Instead of reading this variable from uboot environment,
determine if the system is multimtd checking the existence
of /dev/ubi1.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Ensure we leave the Bluetooth interface up after attaching it. If not,
under some circumstances, it could be down.
https://onedigi.atlassian.net/browse/DEL-8608
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The default ethosu_firmware in github reconfigures the uart2 to be used as
debug port. Those pins are used to manage the HW flow control for the Bluetooth
chip.
Build a custom ethosu_firmware that does not reconfigure the uart2 pins.
Compiled from internal "ethos_u_firmware.git" repository on Stash,
with revision 48a4b9e6a0770212aac529fb7f81ed2e6ff51cbd
md5sum: 0bf8686fcabec7378483755106dc6433
https://onedigi.atlassian.net/browse/DEL-8587
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Backport from NXP's lf-6.1.1-1.0.0 release for the ccimx93 (meta-ml
layer).
This version of flatbuffers is needed for ethos-u-vela version 3.6.0
(backported in following commit).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The fact of including both storage types (mtd and mmc) in the same 'sw-description' file is not providing any kind
of benefit. Instead, it makes the file larger, complex and harder to maintain. Additionally, most of the images
entries share the same structure and contents, changing only names and mount points. This commit simplifies the
'sw-description' file by configuring the storage type and the images to include in the SWU package at build
time, using a generic 'sw-description' template and template files for 'mmc' and 'mtd' images.
While on it, use the new 'DEY_FIRMWARE_VERSION' variable for SWU package version and fix the recipe to not include
all 'SRC_URI' files in the SWU update image, but only the required files for the update. Also, make use of variable
substitution provided by SWU class in the 'sw-description' file.
Note: SWU U-Boot update will be broken after this change. Waiting for official support with a robust implementation.
https://onedigi.atlassian.net/browse/DEL-8537https://onedigi.atlassian.net/browse/DEL-8538
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, rename the old "Firmware" variable to "DEY version", as it refers explicity to the DEY
distribution version.
https://onedigi.atlassian.net/browse/DEL-8539
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CC_DEVICE_TYPE' is not defined or it is empty use 'MACHINE' as the device
type in the Cloud Connector configuration file.
This commit also limits its length to a maximum of 255 characters.
https://onedigi.atlassian.net/browse/DEL-8531
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We used to use BAD_RECOMMENDATIONS to remove this package in ccimx6 builds,
we enable the imx-gpu-viv driver as built-in in our kernel, but this method
isn't working anymore. Instead, undo the specific RRECOMMENDS that pulls the
module in.
Apply the change for the aarch32 version of the package only, since this change
is only needed for the ccimx6 platforms.
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of depending on library releases in Pypi, update the recipe to compile latest
Github code. This allows to use minor fixes in DEY before a new release of the library
is available. While on it, set the 'SRCREV' to point to the last commit of the repository
for traceability.
Signed-off-by: David Escalona <david.escalona@digi.com>
Main development of the library will be done in Github. The Stash repository will be
used as a "security backup mirror", so update the recipe to always compile from Github.
Signed-off-by: David Escalona <david.escalona@digi.com>
This commits changes the CONFIG_CONSOLE_ENABLE_GPIO_NAME to be a string
and not an integer.
https://onedigi.atlassian.net/browse/DEL-8520
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Sometimes, it may be desired that the DEY project does not sign the
artifacts, for example, if they are going to be externally signed on a
secure server. In this case, the user sets TRUSTFENCE_SIGN="0".
On STM platforms, all the variables were being set if TRUSTFENCE_SIGN="1"
and authentication support is not enabled on TF_A otherwise.
Set TF_A_SIGN_ENABLE (which adds authentication support to TF_A) always
for STM platforms (as long as the project inherits the trustfence class)
and set FIP_SIGN_ENABLE="0" if its sibling TRUSTFENCE_SIGN="0", so that
DEY doesn't sign the FIP image either.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The name of the variable was not very intuitive of what
it contains. This variable expands to the SoC vendor
(NXP or STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit d2c1494bbf36b6392e47ffd4a75307d29681d190 in poky adds this variable
to EXTRA_OESCONS, which breaks the do_compile() task of this recipe. Remove
the variable to be able to build the package.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 065cf3e9 ("kirkstone migration: general update to the new override
syntax") incorrectly renamed binaries in a massive change. This commit restores
the binary names to the original.
https://onedigi.atlassian.net/browse/DEL-8478
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package was inadvertantly pulling in a lot of dependencies into our
images that make use of Qt6. Most of these packages consisted of *-dev
packages, which are only useful for development with the SDK.
Remove this package along with its dependencies to significantly reduce the
dey-image-qt rootfs image size.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit syncs the device request code to match with the latest 'cc_api'
layer implementation.
See commit 99a2ff39b771f0e36af8d15d40f970462352e0b6 in 'cc_api' repository and
commit d8c848fc2f516a6c2197181f7540c9c23feaf44f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Connector creates detached threads and calling to 'wait_for_ccimp_threads()' is
not required.
See commit d34ddfb719932ae59774b388579b7d6a77472c4f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
* Remove 'MAX_RESPONSE_SIZE' define and allocate required memory in
'device_request_listener' example.
* Create 'free_timestamp()' function in 'upload_data_points' example.
* Use some sorter variable names.
* Use '__func__' to log function names.
* Remove line feed from log messages.
* Remove not required curly braces for single line loops.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
By default, our 'cloudconnector' package is installed.
This can be overriden by defining 'CLOUDCONNECTOR_PKG' in the 'local.conf'
with the custom package that includes this application.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
These examples have a gtk+3 dependency that can't be met on the ccmp13 due to
it being a headless device. Remove these examples from the packagegroups so we
can at least build the rest of the ML packages.
Note that all of ST's ML examples are GUI-based and will not be usable on the
ccmp13, but since the remaining examples don't have an explicit gtk+3
dependency, at least they won't trigger build errors when included in the
image.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ST's onnxruntime recipe moves a file in a way that triggers a QA error due to
file ownership issues. Copy the do_install() function as-is and modify the
offending line to copy the file instead. Create a dynamic layer for stm32mpu-ai
to include the bbappend.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These are recipes we created to support Google Coral on i.MX platforms. ST's
machine learning layer provides similar recipes, so to avoid conflicts, move
the recipes meant for i.MX platforms to a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
rename interface sta_name to be "wlan0" instead of "mlan0", so it keeps
compatibility with other platforms.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Hector Palacios
Mike Engel
Arturo Buzarra
Francisco Gil
Isaac Hermida
Gabriel Valcazar
Javier Viguera
Stephan Klatt
David Escalona
Tatiana Leon