This update fixes an initialization issue with devices without HWID programmed.
https://onedigi.atlassian.net/browse/DUB-1066
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes a build issue when this script is installed but not shipped
in the u-boot-tools package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Not only install the US but all the FW files.
Apart of that, some scripts need a little adjustement such as:
* Modify the BT baudrate to 3Mbps for EU power configuration, as it is the
baudrate used by the btnxpuart driver.
* Replace the way to reset the interface on each hcitool command to
avoid missleading BT behaviour.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit implements the support to sign the different memory configurations for
the CCMP1 platforms, when trustfence is enabled, using FIT images.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit implements the support to allow different memory configurations for
the CCMP1 platforms, adding support to 512MB and 1GB memory variants for the CCMP15.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Command 'bootz' allows boot unsigned Linux zImages, so disable it when secure
boot is enabled using FIT images.
https://onedigi.atlassian.net/browse/DEL-8769
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Replace the US-only default CLM blob with the latest one, generated by
Infineon based on the results from Digi Certification of the CCMP1.
New file:
- cyfmac4373-sdio_US.clm_blob (92225a8bccf0c7c9d7df6cdd64670fa1)
https://onedigi.atlassian.net/browse/DEL-8598
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Some minor fixes:
* return error code if installation fails
* cosmetic: update comment with options
* just exit after error and do not execute boolimit command
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Murata provides this FW recipe for the infineon chip on the ccmpx products.
Now we are going to have more FW provided by Murata, but for other chips
which recipe is completely different.
Therefore, rename the recipe to explicitily indicate the FW it provides.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Up until recently, we were only generating dey-image-qt images for the
ccimx93-dvk. Now that we are generating dey-image-lvgl images as well, make
sure to print the helper message to set image-name when installing said images.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
One of the conditions used to determine the U-Boot file was missing its
terminator, breaking the script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
New AR6233 chips from Qualcomm require a power reduction in the 2.4GHz
band to maintain a good EVM.
Generate new board data files with this optimized target power
configuration, but do not replace the original board data files so this
change does not affect CC6 modules with the original AR6233 chip.
The new AR6233 will be populated in modules with Hardware Version=6 or
higher. Load one board data file or the other based on the Hardware
Version field of the HWID via a post-installation script.
Board data files with optimized TX Power ('b' files):
- Digi_6203-6233-US_b.bin (MD5SUM: 53db0fba1eea22d5c7248b35669234bd)
- Digi_6203-6233-World_b.bin (MD5SUM: 307ea9e9364c46a243a36124c92cddc2)
- Digi_6203_2_ANT-US_b.bin (MD5SUM: 741f69584f43258ec15bfccaebdb8896)
- Digi_6203_2_ANT-World_b.bin (MD5SUM: 9f89d081aaef7f26292d42ad193c188d)
https://onedigi.atlassian.net/browse/DEL-8851
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
An additional line was added to a comment block without the '#' character,
resulting in the following error when running the script:
Unknown command '-' - try 'help'
Nonetheless, this error is harmless and the script continues as expected, which
is the reason why we hadn't found it until now.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In case a HWID is not set or the variant is unknown, do not set it to a default
U-Boot file but ask the user for the proper file.
This case should not happen, but cover it for safety.
https://onedigi.atlassian.net/browse/DEL-8855
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
libubootenv treats negative offsets as backwards offset from the end of
the block device, so use that to move the environment to the last 16KiB
of the hardware boot partitions.
https://onedigi.atlassian.net/browse/DUB-1064
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With the update of the ethos-u firmware for the NPU in previous commit,
this overlay is no longer required.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The LEGACY_IMAGE_FORMAT defaults to 'y' if there is no FIT
support, which happens after applying the default configuration.
Then, the FIT support is added in a config fragment, but the
LEGACY_IMAGE_FORMAT is not disabled.
Disabling this is recommended to avoid the possibility to boot
unsigned legacy images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The U-Boot bootscript loads the fitImage into RAM memory to run
this bootscript. This bootscript ends up calling 'dboot' command
to run the FIT default configuration.
To avoid 'dboot' re-loading again the fitImage into RAM memory,
set this temporary variable that will be immediately reset
by 'dboot'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds several overlays for DVK v2 and modifies the boot script to apply it
based on the board_version variable.
https://onedigi.atlassian.net/browse/DEL-8746
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 961acf48de)
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
(cherry picked from commit 918a9caf1d)
Use the intention of installing dual boot firmware as a condition to set
bootlimit=3 so that the bootcount mechanism is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1058
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
The STM signtools are precompiled binaries with a fixed RPATH to look for
dynamic libraries.
When the binaries are installed to the regular ${bindir} (either native or
nativesdk), additional toolchain libraries in the regular ${libdir} folder
confuse the binaries, resulting in segmentation faults when running them
or missing symbols.
The package has been reworked to place the directory structure expected
by the binaries, in a subfolder "stm" within the ${bindir}.
Two wrapper scripts with the names of the binaries (STM32MP_KeyGen_CLI and
STM32MP_SigningTool_CLI) have been created to run the binaries in the new
subfolder.
Package version has been bumped to 1.1.
While on it, remove the 'do_install' from trustfence-stm-signtools.inc
which is not needed because the 'bin_package' class already provides the
same functionality.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
The STM signtools are precompiled binaries with a fixed RPATH to look for
dynamic libraries.
When the binaries are installed to the regular ${bindir} (either native or
nativesdk), additional toolchain libraries in the regular ${libdir} folder
confuse the binaries, resulting in segmentation faults when running them
or missing symbols.
The package has been reworked to place the directory structure expected
by the binaries, in a subfolder "stm" within the ${bindir}.
Two wrapper scripts with the names of the binaries (STM32MP_KeyGen_CLI and
STM32MP_SigningTool_CLI) have been created to run the binaries in the new
subfolder.
Package version has been bumped to 1.1.
While on it, remove the 'do_install' from trustfence-stm-signtools.inc
which is not needed because the 'bin_package' class already provides the
same functionality.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This version supports i.MX8ULP and i.MX9x devices.
NOTICE: changed the "srk_ca" parameter in ahab_pki_tree.sh from "yes" to
"no". This script is shared between cc8x and ccimx93. The imx93 does not
support that option at the moment (generation of subordinate SGK certs)
and for the cc8x we were generating them but never used them to sign
the artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Merge the patches for the PKI tree generation scripts, to ease
maintenance (still keeping two separate patches for HAB4/AHAB).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Mike Engel
Arturo Buzarra
Gabriel Valcazar
Isaac Hermida
Gonzalo Ruiz
Javier Viguera
Hector Bujanda
Hector Palacios