Since the update partition might be involved during a software update, we need
to make sure that its contents are accesible and safe when using the partition
encryption feature at the same time.
Mount and unmount the partition correctly if it's encrypted and cancel any
operations that will result in the deletion of the update package.
https://onedigi.atlassian.net/browse/DEL-7174https://onedigi.atlassian.net/browse/DEL-7422
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add a new function to the recovery library to be able to encrypt/unencrypt any
partition on the internal storage media. Since it's a destructive operation,
add a warning message and a confirmation prompt that can be skipped if needed.
Reflect this new functionality in the recovery-reboot app. Change the logic so
that an encryption key can be set even if there's no update package, because
now it's possible to encrypt other partitions while leaving the rootfs intact.
Also change the logic so that the app doesn't reboot into recovery mode if
there's no recovery command set.
Implement the same blacklist as the one in the recovery script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The partition encryption system now uses dynamically generated names for the
decrypted block devices, which are based on the partition name. Reflect this
change in places where the encrypted rootfs is referenced.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Modify the recovery and trustfence initramfs scripts to be able to encrypt any
partition on the internal storage media, not just the rootfs.
To implement this functionality, add a new recovery command called
'encrypt_partitions'. When used, this command must contain a comma-separated
list of the partitions that are to be encrypted by the end of the recovery
process, including partitions that were already encrypted beforehand. Any
partition that isn't in the list will be unencrypted. If the command is absent,
no changes will be made, but it's possible to pass an empty command to
unencrypt all partitions.
Include a blacklist to avoid encrypting partitions that shouldn't be encrypted,
such as partitions that need to be accessed by the ROM code/U-Boot or
partitions that contain encryption keys.
While at it, remove unnecessary "get_kernel_version" function from the script.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The matchbox-terminal provides a GTK+ terminal application on the sato desktop,
however it has a dependeency of the virtual terminal emulator GTK+ widget
library (vte) that recently introduced a dependency with the icu package that
increase the rootfs size in 20MB. Since this is a sample application, remove it
to save space on the rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This package adds a dependency of python3-xml that includes the python3 core
package, increasing the size of rootfs by 8MB.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
packagegroup-core-x11-sato has a dependency on the gst-examples package and
adds a RRECOMMENDS for several packages including many codecs, enconders, etc.
We remove this package for the cc6ul platform to save space in rootfs.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add just one qt demo by default and move all of them to platforms with gpu
support, as platforms like cc6ul have few space available.
https://jira.digi.com/browse/DEL-7524
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The prebuilt 'athtestcmd' binary allows you to test tx/rx of the
Wi-Fi MAC, when the driver is loaded in test mode.
This is required for certifying Wi-Fi in products, so add it by
default for the ccimx6sbc.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7444
(cherry picked from commit acb402fdcfa54d8d5519580ff7fcfb76fbed3f49)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Now libgpiod is not added automatically and we need to add the
dependence manually.
For more info see commit 4339c28ff4aa0264c34f4f183349aea20a5ff127 in
meta-openembedded layer.
https://jira.digi.com/browse/DEL-7522
Signed-off-by: Francisco Gil Martinez <francisco.gilmartinez@digi.com>
In the free meta-scale layer, the same entry "use-g2d = 1" is uncommented for
mx6dl and mx6q, however our ccimx6 platform has both machines in its
definition, so the same entry is uncommented twice and throws an unexpected
error. This commit adds a append in the install process to uncomment this entry
for the ccimx6 platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
vulkan has a dependency of vulkan-headers package that is not available
for the mx8mm platforms.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Recipe system-monitor has a dependency with systemd package, however it was
added unconditionally for all platforms. This commit adds a protection to
include this recipe only when systemd is present in the DISTRO_FEATURES
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 98d76037("recipes-qt: qt5: Update recipes to new BSP release
imx_5.4.70_2.3.0") removes the definition of the PACKAGECONFIG_MX8_GPU
variable, but its use had to be removed. This commit completely removes the
undefined variable.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Simplify the structure of the recipe folder, if one version is not supported
we must use the COMPATIBLE_MACHINE overwrite
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit f7a354d("Generate image headers from their PNG source, while still
including them in dist tarball") provides a default PNG files removing the image
generation in build time. This commit overwrites the default PNG with one
customized by Digi.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit ae479d86d1("libical: add PACKAGECONFIG glib and enable it by default")
introduces a workaround to fix the build with glib support and enables it
by default, but this support is unstable and this workaround is not needed on
v3.0.8. Added original recipe without that workaround to avoid the build issue.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The "dhcp" software package has become unmaintained and thus has been
functionally replaced by "dhcpcd" (client) and "kea" (server).
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Modify the recovery-utils code to reflect the change (change in C header and
linked libraries)
https://jira.digi.com/browse/DEL-7410
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Sync with BSP release rel_imx_5.10.9_1.0.0 and remove unnecesary files
after most of them were updated in meta-freescale layer.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Sync with BSP release rel_imx_5.10.9_1.0.0 and remove unnecessary files
after most of them were updated in poky layer.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The 'distro_features_check' class has had its functionality expanded, as
a result the class has now been renamed to 'features_check'
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit a04e0ed79 ("libsoc: use python3 for python bindings") moves python
support to use python3.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
NetworkManager recipe split the command line util in a different package, so we
added it in our default images.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Refresh custom patches and removed all Fast Roaming patch series due to it is
already integrated in this version.
https://jira.digi.com/browse/DEL-7508
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds the support for the cryptodev
engine into OpenSSL. So OpenSSL can use hardware
accelerated support through the CAAM driver.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7439
The previous SHA1 has been completely removed from NXP's opencv repo, so the
recipe must point to a new revision. Update to the revision used in the
zeus-5.4.47-2.2.0 branch of meta-imx.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Include by default support to Simultaneous Authentication of Equals (SAE) and
the standard IEEE 802.11w to Protected Management Frames, both required to
support the standard WPA3.
https://jira.digi.com/browse/DEL-7301
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Remove outdated wayland patch and remove NXP workaround for mx8mq platforms in
the weston-init recipe. These changes don't affect our platforms, but it's to
make sure that we're in sync with the latest version of NXP's recipes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Most 8M families have the same GLES3 support, with 8M Mini being the exception.
See NXP commit cbb1793f1 ("imx-gpu-viv: Simplify GLES3_HEADER_REMOVALS").
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the same common files for both ConnectCore 8M platforms
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the same common files for both ConnectCore 8M platforms
https://jira.digi.com/browse/DEL-7397
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Aside from code improvements, this version includes fixes for the following
vulnerabilities:
* CVE-2020-25681
* CVE-2020-25682
* CVE-2020-25683
* CVE-2020-25684
* CVE-2020-25685
* CVE-2020-25686
* CVE-2020-25687
While at it, remove files that were inherited from an older vulnerability fix.
These files consist of scripts, patches and configuration files that already
exist in the original meta-openembedded recipe directory.
Remake lua.patch, since the diff context has changed in v2.83.
https://jira.digi.com/browse/DEL-7389
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These changes were originally applied to the ccimx6 to fix a trailing effect in
the desktop, but we've recently discovered an HDMI hotplug issue on the
ccimx6qp that is also solved when using the g2d backend. Apply the workarounds
to both platforms.
https://jira.digi.com/browse/DEL-7380
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In order to revoke SRKs in platforms with AHAB we need to set a mask
during the signing/encryption process.
Create new TRUSTFENCE_SRK_REVOKE_MASK variable to export the
SRK_REVOKE_MASK variable required by the imx-boot signing script.
The revoke mask is not necessary for signing/encryption of other artifacts,
so set it by default to 0x0.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The landing page for the WebKit examples has gone through a visual overhaul to
improve the overall user experience, so adapt its recipe accordingly. Since the
page now contains resources that are relatively large (such as images and
extensive stylesheets), remove its elements from the recipe directory and
obtain them from Digi's FTP server instead.
https://jira.digi.com/browse/DEL-7365
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The Qt WPE plugin has an implicit dependency with libgbm, which is only
available on i.MX8 platforms. Also, it pulls in several Qt dependencies,
increasing the total rootfs image size by about 50MiB. Remove said plugin to
completely separate Qt and WebKit functionality.
https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe installs some videos that can be used to test the WebKit's hardware
acceleration during video decoding. Modify the landing page to be able to
access these videos.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe installs the main page of the WebKit examples, from which all other
examples can be accessed. For now, only include the WebGL examples.
Since the landing page recipe needs to know which WebGL demos are being
installed and the webserver path where everything is installed, move some of
the variables used in the webglsamples recipe into an *.inc file to be able to
re-use said variables in different recipes.
Use the Digi embedded documentation CSS file for now, so the landing page looks
more on-brand.
https://jira.digi.com/browse/DEL-7314https://jira.digi.com/browse/DEL-7339
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Gabriel Valcazar
Arturo Buzarra
Hector Palacios
Francisco Gil Martinez
Mike Engel
Hector Bujanda
Gonzalo Ruiz