Weston is not launched in read-only filesystem because /home/root
is not a writable path.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We can't run a post installation script in a readonly file system.
We need to provide a configuration file beforehand.
https://onedigi.atlassian.net/browse/DEL-8556
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When EXTRA_IMAGE_FEATURES += "overlayfs-etc" is added these
configurations are needed to compile. They are provided with
the default configuration to work with our software.
The user can modify them in their local.conf if needed.
https://onedigi.atlassian.net/browse/DEL-8552
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When the swu package is generated it needs the right
extension of the rootfs to be formed.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Currenlty, the github FW version is a bit old and some functionality does not
work on latest IW61x batches.
Use this FW binary till it is released on github. This is required to
have WiFi and Bt working simultaneously.
0c6d454ea83b1a78b4e60df16f478f43 sduart_nw61x_v1.bin.se
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
(cherry picked from commit 92ca458e4f)
This layer provides machine learning functionality, so include it in our
default layers so customers can use it out of the box if wanted.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NXP's machine learning packagegroup now has a dependency for gst-shark, a GPU
profiling tool which is provided by this layer. Since it's a part of a repo
that already exists in our manifest, simply add it to the default layers of all
i.MX platforms that support the machine learning feature to be able to include
its packages out of the box.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commits changes the CONFIG_CONSOLE_ENABLE_GPIO_NAME to be a string
and not an integer.
https://onedigi.atlassian.net/browse/DEL-8520
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, the sw-description used for non-dualboot systems will be missing
these values and the software update process will fail.
https://onedigi.atlassian.net/browse/DEL-8513
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We accidentally used "mx8mm" instead of "mx8mn" in commit
9b165196bb, which caused several elements to stop
working on the target (including the optee-os).
https://onedigi.atlassian.net/browse/DEL-8512
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The tools STM32MP_KeyGen_CLI and STM32MP_SigningTool_CLI have
a dependency of libQt5Core.so.5 which is provided by qtbase.
Add this dependency to avoid errors during SDK generation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit disables the uSD mounting, due to issues
detected during the boot process when UBIFS starts
with the wear-leveling process to erase NAND blocks.
https://onedigi.atlassian.net/browse/DEL-8415
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Sometimes, it may be desired that the DEY project does not sign the
artifacts, for example, if they are going to be externally signed on a
secure server. In this case, the user sets TRUSTFENCE_SIGN="0".
On STM platforms, all the variables were being set if TRUSTFENCE_SIGN="1"
and authentication support is not enabled on TF_A otherwise.
Set TF_A_SIGN_ENABLE (which adds authentication support to TF_A) always
for STM platforms (as long as the project inherits the trustfence class)
and set FIP_SIGN_ENABLE="0" if its sibling TRUSTFENCE_SIGN="0", so that
DEY doesn't sign the FIP image either.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The FIP image is signed internally by this recipe. The password must be
set in FIP_SIGN_KEY_PASS. With the signing script, the password is
randomly generated and saved in key_pass.txt.
This prefunc obtains the password(s) from the file to set FIP_SIGN_KEY_PASS
so that the FIP can be properly signed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This script can be called stand-alone or from DEY.
Syntax is :
trustfence-sign-artifact.sh -p <platform> [-t input-unsigned-image> <output-signed-image>]
If files are omitted, it at least generates random keys if they do not
exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The do_deploy:append did three things:
- adapt the U-Boot filenames to 'u-boot-<platform>-<config>.<ext>'
- sign/encrypt the U-Boot files (only for iMX6 family)
- sign the boot scripts
Convert the first two actions into functions (the third already was) and
call them conditionally as postfuncs.
Also skip the signing of U-Boot files if the platform is not based on
iMX6 family.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This recipe downloads a tarball that contains the binaries:
- STM32MP_KeyGen_CLI
- STM32MP_SigningTool_CLI
from ST Microelectronics STM32CubeProgrammer v2.12.0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This is in preparation of using the same script name for different SOC
vendors (NXP and STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set TRUSTFENCE_DEK_PATH to "0" for CCMP1 (not using dek.bin), as if this
was disabled.
Set temporarily TRUSTFENCE_ENCRYPT_ENVIRONMENT to "0" for CCMP1 until
environment encryption is fully supported.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Dependencies of this recipe are run-time dependencies, not build-time.
While on it, move them to specific native/nativesdk recipe.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Francisco Gil
Isaac Hermida
Gabriel Valcazar
Javier Viguera
Arturo Buzarra
Mike Engel
Hector Palacios