It was added following same change in meta-imx, but meta-imx deleted it
in commit 02a40222adc7.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This is the version supporting the i.MX95. This library is a dependence
of the gputop package.
As a requirement to allow building this library for the ccimx95-dvk,
update the fsl-eula-graphics bbclass with the latest changes in meta-imx.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit disables the signing and encryption mechanism for the ConnectCore
MP2 platform's co-processor firmware. Currently, this functionality is not yet
supported in DEY, and enabling it causes build failures when TrustFence support
is active. Disabling it ensures successful builds until full support is
implemented.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the Digi custom version of sign-stm32mp bbclass to ensure
that the search_path() function does not raise a build exception if the signing
tool or keys are not present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support for the ccimx95 and reorganize the recipe so that all machine
patches are applied for the DEY distribution, regardless of the build
target.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95dvk flavor to OP-TEE, define the UART6 base and DDR
settings, and update the machine mappings using OPTEEMACHINE as the base
recipe does.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95 platform cloned from mx95lp5. Provide DDR configuration,
configure the console on lpuart6, and update ccimx95-dvk.conf to select
the new board.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the LPDDR4 firmware list from the shared ccimx9 include into the
machine configurations for the ccimx91/93 DVK, allowing the upcoming
ccimx95 to utilize its own distinct values.
Also, remove the redundant IMXBOOT_TARGETS and BOOTLOADER_SEEK_USERDATA
overrides in ccimx91-dvk, as they are duplicated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Commit b581ac2a3b ("u-boot: rework deploy
symlinks using uboot_deploy_config") removed u-boot symlinks as part of cleanup
process. However, the main symlink is still required for the ccimx6 and
ccimx6qp platforms to generate bootable SD card images.
This commit keeps the symlink for those specific platforms to fix the SD card
image creation process.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The Digi commits on the optee-os repository are part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the update of the recipe in meta-freescale this patch
(which exists in meta-freescale) does no longer need to
live in meta-digi.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The Digi commits on the imx-atf repository are now part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on U-Boot v2024.04, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on Linux kernel v6.6, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Move OpenSSL dependency from the common include file to the specific
recipes:
- trustfence-cst-native: openssl-native
- nativesdk-trustfence-cst: nativesdk-openssl
https://onedigi.atlassian.net/browse/DEL-9760
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
With the updated firmware-ele-imx recipe, the installation logic now
requires SECOEXT_FIRMWARE_NAME to be empty when no extra firmware is
to be installed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
meta-freescale updated the base recipe for NXP's release 6.6.52_2.2.1,
so our overrides in the bbappend are no longer needed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces a custom export_binaries() function to resolve a
deployment issue affecting the final TF-A artifact path. The issue occurs when
the SoC name does not match the TF-A device tree name.
This fix is required due to changes introduced in commit f0b4d0d02a
("ccmp15: enable secure_system_service for CCMP15"), which modified the TF-A
artifact generation process.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the Digi custom .bbappend recipes for FIP and TF-A to align
with the latest ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11
tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the default secure storage path
to /mnt/data/tee instead of /var/lib/tee. This will
store all secure storage keys in that path and will
keep them even during rootfs updates.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Update the STM32MP-specific kernel branch to Linux v6.6.78, aligned with the
latest ST release: openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
mwifiex driver is not able to automatically download the corresponding
rgpower binary after receiving CountryIE beacon information from country
XX, so we have to do it manually running "iw reg set XX".
However, the driver considers country XX is already configured and
ignores the rgpower download request.
Fix it by not processing the countryIE information in the driver by
adding a patch from NXP that will be integrated in their next
official release.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add service to automatically detect changes in the global regulatory
domain and force a PHY regulatory domain change.
This allows detecting regulatory domain changes based on beacon
information when 802.11d is enabled and instructing the wireless
driver to download the rgpower firmware file corresponding to the
selected country.
If the selected country is not one of the supported ones, Worldwide
rgpower_WW.bin file will be downloaded by default.
Run the check service every 5 seconds through a systemd timer.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
On the multi-MTD layout (default) the 'data' UBI volume is never created
and thus not mounted by the system. This is because with this layout, the
creation of the UBI volume is done by the 'update' command, but nobody
updates this partition cause DEY doesn't generate an image for it.
We want the 'data' UBI volume to be created so that the CC6UL can connect
to the regular Remote Manager URI and store the certificate in it.
As long as a UBI volume is created, Linux will mount it, so this commit
erases the partition and creates the UBI volume.
The same goes for the 'update' partition. The installer was relying on the
recovery mechanism to wipe this partition, but this is not longer required
with UBI. As long as the installer erases the partition and creates the
volume, Linux will be able to mount it, so the boot in recovery mode has
been removed from the script.
Note: the formatting is only done for multi-MTD layout; the ubivolscript
creates all volumes for single-MTD layout.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set V2 TX power method for regulatory management on the iw612 init
and remove the 'txpwrlimit_cfg' and 'init_hostcmd_cfg' driver
parameters which are only used for V1 TX power method.
This allows the driver to load a specific rgpower_XX.bin binary file
contained in the rootfs whenever command "iw reg set XX" is executed,
updating the TX power settings and allowed frequencies list to those
contained in the file. 'XX' stands for the 2-character ISO3166-1
alpha-2 country code.
If the selected rgpower_XX.bin file does not exist, or no country is
selected, the driver will load rgpower_WW.bin (Worldwide) by default.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Do not install 'txpower' and 'rutxpower' files from the Murata repo,
which are used for the V1 TX power method, and replace them with custom
'rgpower' files, required for the V2 TX power method.
These files encode the TxPower limitations obtained during the
ConnectCore 93 Certification tests, and there is one file per supported
country. There is a common file for all the European countries, so
create links for each of them, based on the CEPT REC7003E recommendation.
New 'rgpower' files:
- rgpower_CA.bin (MD5SUM: 7c012351f0521a02e3d78615fed5eb54)
- rgpower_EU.bin (MD5SUM: 4d1a54b3c1f12a7d0bb44d0337786a0b)
- rgpower_JP.bin (MD5SUM: b7706bb2718997d933b2bdf1e53e64b4)
- rgpower_US.bin (MD5SUM: 16555f962b025e0426098decd0147f1f)
- rgpower_WW.bin (MD5SUM: 505223c56527e849d4b1e5800c8613b5)
Take the opportunity to just install bt_power_config scripts and prevent
the installation of other unused files (db.txt, ed_mac_ctrl_V2_nw61x.conf
and regulatory.db) from the Murata repository.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Commit ac69566ecd mistakenly removed
the command of cc9, cc8x, and cc8m media installers that sets the
variable that contains the U-Boot file to install.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9720
At the point of saving the bootcmd for the second stage of the install
process we want to use the variable value, not the variable name
since this variable doesn't exist after the environment is reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9711
This commit enables building dey-image-flutter for the ConnectCore MP15
platform. It integrates the necessary configurations to support Flutter-based
graphical applications on this platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Use the existing uboot_deploy(_spl)_config function to clean up and rework
the symlinks created in the deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On NXP platforms, the signed/encrypted bootloader images are not
included on the installer ZIP. This prevents from using the installer
when TrustFence is enabled.
This commit adds to the installer:
- If encryption is enabled
- encrypted bootloader
- signed bootloader (for USB recovery boot)
- If encryption is disabled
- signed bootloader
- If TrustFence is disabled
- non-signed bootloader
It also treats the ccimx6ul special, as this has a dedicated file for
USB recovery boot.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9698
This gets substituted when TrustFence is enabled to "signed/encrypted"
or removed when TrustFence is disabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Programming an encrypted bootloader can only be done after the
secure keys have been programed on the OTP bits, and the device
has been closed. Programming on an open device would result in a
non-secure configuration or a non-bootable device after the
close operation.
Create functions to detect the current TrustFence status and exit
the install script if the device is open and the artifacts are
encrypted.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9699
The `-t` option to program images with TrustFence didn't make
much sense because the install script is dynamically generated
at build-time with the name of the boot artifacts containing
"signed/encrypted" on their filenames.
This commit:
- Removes `-t` option to simplify the script.
- Determines if programming a signed/encrypted bootloader by
looking at the bootloader filename.
- For NXP platforms, reworks the function that updates the
bootloader to properly program only-signed bootloaders (currently
wrongly using `trustfence update`)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
fix missing option to include the required kernel options for tsn support.
That support was added in commit 37f5db42ac for kernel 6.1, but it
was missed for kernel 6.6.
Add the support to include the required fragment, regardless the kernel
version.
While on it, update the tsn config to match kernel 6.6.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The default secure storage (/var/lib/tee) is a tmpfs and not persistent
across reboots. Change it to the data partition (/mnt/data/tee) when
TrustFence file system encryption enabled
For the log file, do use the /var/log/ directory instead of default
/data
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9683
As the OmniVision OV5640 camera is now deprecated and no longer supported by
most vendors, this commit moves its support to a separate Device Tree overlay,
allowing it to be used if needed.
Instead, the Sony IMX335 MIPI camera is integrated into the default device
tree as the default supported camera for the CCMP25-DVK platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Moved deploy_symlinks_atf from SYSROOT_PREPROCESS_FUNCS to do_deploy task
to ensure symlinks are created correctly even when rebuilding from the
shared state after a "bitbake -c clean tf-a-stm32mp".
Override do_deploy[sstate-outputdirs] from the original recipe to allow
installing both the deploy artifacts (binaries and symlinks) to the
package deploy directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the address where the fitImage is loaded after the addresses
where the binaries in it are decompressed. This way, the fitImage
can grow without size restrictions.
The memory map now looks like this:
0xC0000000 Start of memory
|
| (32 MiB)
v
0xC2000000 Kernel loadaddr ($loadaddr)
|
| (32 MiB)
v
0xC4000000 DTB/DTBO load address ($fdt_addr)
| (4 MiB)
v
0xC4400000 Init ram disk ($initrd_addr)
|
|
| (64 MiB)
|
v
0xC8400000 ZIP/fitImage address ($fit_addr_r)
|
~
|
v
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- The TF-A binaries now have ${BOOTSCHEME_DEFAULT} in them (optee or
opteemin)
- The FIP binaries now have ${BOOTSCHEME_DEFAULT}-sdcard in them
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9678
The login prompt appears before Wayland is fully initialized and
has created a wayland socket.
Logging in too early as root in this scenario caused the
WAYLAND_DISPLAY environment variable to be left empty. As a
consequence, gstreamer failed to use waylandsink to print contents
in the display.
Introduce a 10-seconds polling loop to wait for the wayland socket to
be available before proceeding with the login.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
* Delete custom wolfssl_5.4.0-fips.bb recipe and README.
* Removed WolfSSL dynamic layer registration.
FIPS support is now managed through the external meta-wolfssl layer,
making this implementation unnecessary in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The new version in meta-wolfssl does build properly, so this append is
no longer needed.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Yocto added kernel local version support by using the KERNEL_LOCALVERSION
variable. It conflicts with the "fsl-kernel-localversion" class from
the meta-freescale layer, resulting in a duplicated local version in the
kernel release label (uname -r). Use the current Yocto support to avoid
that duplication instead of meta-freescale's class.
This enables further simplification of the 'copy_defconfig' task for NXP
and STM platforms using common code.
https://onedigi.atlassian.net/browse/DEL-9669
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
IMAGE_FSTYPES was declared on each platform config file, but it has the
same values for all platforms depending on the storage media (mmc or mtd)
and whether read-only is enabled.
Move the conditional weak assignment to digi-default.inc and remove it from
each platform config.
In the case of STM platforms, since IMAGE_FSTYPES is weak-assigned by STM
layer, we still need to append/remove from it inside the platform config,
but move it to the family includes, rather than declaring it on each
specific platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The generation of the sdcard image takes time and resources, and
it's not involved in the Get Started.
This can be easily re-enabled by appending the variable in the
project local.conf.
Append the variable in the build scripts, to facilitate its usage
on release builds.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The USB and SD installers are U-Boot scripts that are practically
identical.
Merge them into a single template with a couple of machine variables that
determine the default device index in U-Boot for the USB or the microSD
card.
Do dynamic substitutions to create the two installers out of the template.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The installer uses the regular rootfs filename or falls back to search
for a squashfs (read-only) rootfs image.
The UUU installers of eMMC-based platforms use an if/elif/else structure
to determine which file exist (in order of preference). Replicate this
structure on the rest of platforms and installers.
This avoids printing an error message if the default rootfs does not exist
but the read-only one does.
Also, reset 'rootfstype' variable if the default rootfs file exists, which
allows to install regular images over a previous read-only system.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We reverted the stub that didn't allow PM when serial boot
was enabled on TF-A. Restore the part of the recipe that
includes USB boot support on NAND boot images.
This reverts commit 24aef482ef.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
Fixes commit b143804dbb, since in nativesdk
context MACHINE_FEATURES is reset to SDK_MACHINE_FEATURES, causing OP-TEE
building tools to be missing from the generated SDK.
https://onedigi.atlassian.net/browse/DEL-9663
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Adding STM32MP_USB_PROGRAMMER=1 to TF-A NAND build allows the images to
boot from either NAND or USB (recovery) however, the source code of TF-A
disallows correct resuming from suspend when either STM32MP_USB_PROGRAMMER
or STM32MP_UART_PROGRAMMER are defined.
Remove this support so that the system can correctly resume from suspend.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
This commit fixes the rm command in the adapt_uboot_filenames function to
prevent build failures when the target artifact does not exist, ensuring the
operation is safe in all cases.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since commit 29d32063ac0abb1017756f62f94aec22ce305b60 ("u-boot: kernel-fitimage:
Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled") in Poky layer,
the `kernel-fitimage` and `uboot-sign` classes are no longer explicitly
dependent. This change introduced a race condition when inserting the signed
RSA keys into the U-Boot DTB for FIT image verification.
This commit introduces a new step for `do_uboot_assemble_fitimage`, which is
now responsible for injecting the keys into the U-Boot DTB. This logic was
previously handled in the Linux kernel recipe via the `do_assemble_fitimage`
function in previous Yocto versions.
Additionally, a build-time dependency is added between the `do_uboot_assemble_fitimage()`
function and the kernel's `do_kernel_generate_rsa_keys()` task, which is
responsible for generating the RSA keys used to sign the FIT image.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the memory layout to properly allocate space for the
different FIT image components, while ensuring total memory usage stays below
128 MiB. This avoids overlaps and ensures correct loading on memory-constrained
variants.
Final memory map:
Start of memory: # 0xC0000000
# |
# | 32 MiB reserved
# v
FIT image load address: # 0xC2000000
# |
# | 32 MiB for FIT image
# v
Kernel load address: # 0xC4000000
# |
# | 32 MiB for Kernel
# v
DTB/DTBO load address: # 0xC6000000
# |
# | Size for DTB/DTBO
# v
Total memory mapped: 96 MiB
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In theory, we already had the necessary changes to remove these images, but
two things needed tweaking:
* MULTIUBI_BUILD values use underscores instead of hyphens, so use
underscores to properly remove the default value inherited from
BOOTDEVICE_LABELS.
* STM used to incorporate a custom "stmultiubi" image type in the stm32mp
builds, but they've replaced this with the upstream "multiubi" type.
Reflect this change to avoid generating additional UBI/UBIFS images in
our builds.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are several recipes in meta-digi related to features that we haven't
tested in a long time and don't appear in the DEY 5.0 documentation. Remove
them to avoid unexpected behavior.
Said features are:
* Coral TPU support (only supported in DEY 3.2)
* AWS support (removed from default images and docs in DEY 4.0)
* dey-image-tiny (hasn't been maintained since DEY 2.0)
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add the following countries to the CLM Blob file:
- Brazil
- Mexico
- Saudi Arabia
- Hong Kong
- Singapore
- Malaysia
- Taiwan
- Korea
This is the new World CLM Blob file:
- cyfmac4373-sdio_World.clm_blob (11d5fab6659eff491aca1a219ad33b00)
https://onedigi.atlassian.net/browse/DEL-9438
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This overlay contains a workaround to make the USB-OTG
work as USB device when connected to a host.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9610
(cherry picked from commit ec92f5fdd10a61e37ac3778d0d3aa1816bc6b0aa)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
STM's st-machine-common-stm32mp.inc file automatically incorporates "optee" to
MACHINE_FEATURES as long as BOOTSCHEME_LABELS contains "optee". Since we
recently modified the ccmp15's labels to only contain "opteemin", this is no
longer the case, which leads to:
* optee packages (optee-client, optee-os) not getting installed in images and
SDKs
* optee patches for environment encryption not being applied to libubootenv
Add the feature manually to fix these two issues
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
OP-TEE comes in two flavors: optee and opteemin
For NAND-boot images, add support for USB boot as well,
so that the default tf-a image is valid for booting from
either NAND or USB.
We had this for 'optee' flavor but not for 'opteemin'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 9c3916da94 added INSANE_SKIP
"32bit-time" to certain recipes that use 32bit APIs on the ccmp1
SOMs, but forgot to include the `pn-` prefix to really apply to
those recipes.
While on it, add two additional ones on recipes used by NXP 32-bit
platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.97-2025_0219.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.387.16
- 2AE Wireless chip: v13.10.246.356
These updates are included as part of the imx-scarthgap-jaculus_r1.1 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
That includes several CVE patches not present of meta-freescale's
23.2.5.imx recipe (which is based in exactly the same revision).
Similar change was done in NXP's meta-imx (see commit
99ceb057fcfdc8151c1488089d5f22363dfdb6d7).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Javier Viguera
Arturo Buzarra
Mike Engel
Hector Palacios
Gabriel Valcazar
Gonzalo Ruiz
Isaac Hermida