This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently, the patch is identical for all ccimx9 platforms, so move it
to a generic override folder to be used also for ccimx95.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit removes the wayland backend use directly the video
interface and reduce image size. In this version the wayland
support is still not fully suport or similar how it was in the
previous verison we used.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit upgrades our LVGL support to v9.3.0.
We used the meta-openembedded implementation, reference
and reused the lv_conf.inc file for the demo configuration.
https://onedigi.atlassian.net/browse/DEL-9222
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
STM recently updated their AI layer from v6.1.0 to v6.1.1, so our v6.1.0
bbappend wasn't being applied anymore. Use a wildcard for the hotfix version
number in case this happens again in the future.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since commit 7f1a3011521c955760b2fec24e64a721d22eaa91 ("applications: replace
camera source v4l2src with libcamera") in the meta-st-x-linux-ai layer, the
setup camera script has been replaced by libcamera. As a result, these patches
are no longer applicable.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
While on it, remove the third argument to write_artifact_emmc function,
as write access is always needed to write in U-Boot partitions, otherwise
they would be 'ro' protected.
https://onedigi.atlassian.net/browse/DEL-9735
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Until DEY 5.0, the ccimx6ul platform was the only one that did not include a
`data` partition.
As a result, `cccsd` had to store the client certificate from Remote Manager in
the root filesystem, under `/etc/ssl/certs` by default.
This setup caused issues after a software update, as the received client
certificate would be lost, making the device unable to reconnect to the server
until the certificate was manually reset from Remote Manager.
The same problem occurred in dual-boot systems, since the certificate was stored
in the rootfs of the current bank and was not accessible from the other bank.
To avoid this situation, the ccimx6ul used the `remotemanager.digi.com` endpoint
instead of `edp12.devicecloud.com`, as the former does not support or deliver
client certificates.
Now that DEY 5.0 includes a `data` partition in the ccimx6ul partition table, we
can remove this exception and allow the use of `edp12.devicecloud.com`, storing
the certificates persistently in the `data` partition.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The latest X-LINUX-AI v6.0.1 release consolidated the config_board_npu.sh
script across all STM32MP2x platforms with NPU support. As part of this
consolidation, the supported video resolutions were unified under a single
default setting, which does not work correctly with USB webcams.
This commit updates Digi’s custom patch to adjust the internal resolution used
for processing video streams from webcams, ensuring proper support and
functionality.
https://onedigi.atlassian.net/browse/DEL-9721
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since the release of X-LINUX-AI v6.0.1, AI support has been split between
devices with NPU and those relying solely on CPU. As a result, the Digi custom
patch to enable USB webcam support was no longer applied, because the
config_board_npu.sh script is now handled by the new config-npu.bb recipe.
This commit addresses the issue by introducing a new bbappend for config-npu,
ensuring that the webcam-related patch is correctly applied for NPU-enabled
platforms.
https://onedigi.atlassian.net/browse/DEL-9721
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Systemd-based systems do not use the global /etc/sysctl.conf file. Instead,
they read configuration from individual files under /etc/sysctl.d. This
change installs our sysctl settings as /etc/sysctl.d/console.conf when
systemd is enabled.
For systems that do not use systemd, the configuration file is still
installed at /etc/sysctl.conf. The CONFFILES entry is also updated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On NXP platforms, the signed/encrypted bootloader images are not
included on the installer ZIP. This prevents from using the installer
when TrustFence is enabled.
This commit adds to the installer:
- If encryption is enabled
- encrypted bootloader
- signed bootloader (for USB recovery boot)
- If encryption is disabled
- signed bootloader
- If TrustFence is disabled
- non-signed bootloader
It also treats the ccimx6ul special, as this has a dedicated file for
USB recovery boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9698
The vsftpd-cert init script was previously starting too late,
causing vsftpd to start before the certificates were generated.
The priority has been increased (to 70) so that vsftpd-cert
runs earlier during boot.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Removed curl_%.bbappend which forced the use of ares over the default
threaded-resolver. We did this customization for NetworkManager long
ago in the context of network failover. Later we dropped it from NM,
but the customization in curl remained.
This saves approx. 100KB in the rootfs (libcares.so).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Disable GTK-based gstreamer player and connman network manager
* Remove matchbox-terminal to avoid pulling ICU
* Avoid pulseaudio client configuration to prevent duplicate instances
Also, delete the autospawn-for-root package config removal in our bbappend,
as that is not enabled by default in the recipe.
https://onedigi.atlassian.net/browse/DEL-9685
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
* Y2038: compile pulseaudio and alsa-lib with 64bit time flags
* Add patch to fix playback stuck issues on suspend/resume
https://onedigi.atlassian.net/browse/DEL-9681
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
As of Yocto 5.0, Poky includes an equivalent solution for the Y2038 issue,
so drop the redundant code in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9681
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On the CCMP13 platform, the inclusion of pam_systemd in the PAM stack
causes excessive delays during login -close to 10 seconds- and can
even lead to SSH login failures.
Since we do not require per-user systemd services (--user), disable
the pam_systemd session module to improve login responsiveness.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit enables SSL/TLS support in vsftpd, allowing FTP communications to
be encrypted for improved security.
SSL/TLS support is enabled by default, but to preserve compatibility with
clients that do not support encrypted connections, this feature can be disabled
at runtime. Users can simply comment or uncomment a few lines in the
`vsftpd.conf` configuration file to toggle the behavior.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This generates an installer.zip image with all the firmware
images, including install scripts for UUU, SD card, and USB.
This is helpful to share the artifacts with manufacturing
or for deploying to external media such as microSD or USB stick.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
When you create a bridge between Wi-Fi hostap and Ethernet, it's more
convenient to let the bridge take an appropriate dynamic IP from the
DHCP server, than needing to configure a manual one.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit includes a new tarball based on trustfence-fscrypt v0.2,
cross-compiled against libteec v1.0.0, to enable support for STM32MP1x platforms.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
add a new recipe to include nxp prebuilt binaries for:
* mlanutl: WoWLAN support
* nanapp: NAN support
* nmlawls: monitor Wi-Fi events
Included prebuilt version obtained from next release:
SD-WLAN-UART-BT-SPI-OT-Zigbee-DualPAN-IW612-LNX_6_12_3-IMX8-18.99.3.p23.20-18.99.3.p23.20-MM6X18505.p23-GPL.zip
https://onedigi.atlassian.net/browse/DEL-8462
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
poky commit 3c9b461dd0d26a5f6941000d839636ad32cd6f29 added this binary to the
bluez5-noinst-tools package, and it has the same exact path as the one from our
dey-examples-btconfig package. This causes a conflict when both packages are
installed in the same image.
Judging by bluez5's btconfig sources, it's merely a skeleton without any real
functionality, so simply remove it to avoid the conflict.
https://onedigi.atlassian.net/browse/DEL-9612
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Some of our example recipes that are meant to be used on specific platform
subsets are available to be built/installed for all platforms. Even though it's
possible to build/install these recipes for platforms they aren't meant for,
we should restrict them to their intended platforms:
* dey-examples-btconfig: this is only meant for ccimx6 platforms that use
the Atheros wifi/bt chip, so reflect this in the recipe and in the
examples packagegroup.
* dey-examples-tamper: this is only meant for platforms with MCA (ccimx6ul,
ccimx8x and ccimx8m). This requirement was already set in the examples
packagegroup, but the recipe was available to any platform.
https://onedigi.atlassian.net/browse/DEL-9612
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 15f9aeba0e removed the dey-examples-v4l2
recipe, yet we still kept it as a dependency for ccimx6 platforms. Remove this
impossible dependency to be able to build the examples packagegroup for ccimx6
platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 5bdd59a647)
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Like we do for our other supported images, provide a recipe to generate a SWU
package based on dey-image-flutter
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Arturo Buzarra
Javier Viguera
Mike Engel
Gabriel Valcazar
Isaac Hermida
Hector Palacios
Tatiana Leon
Francisco Gil