This commit enables SSL/TLS support in vsftpd, allowing FTP communications to
be encrypted for improved security.
SSL/TLS support is enabled by default, but to preserve compatibility with
clients that do not support encrypted connections, this feature can be disabled
at runtime. Users can simply comment or uncomment a few lines in the
`vsftpd.conf` configuration file to toggle the behavior.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The CC6UL SOM doesn't support booting from the SD card.
The STM based SOMs use a wic template to generate the SD card
image.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
* Delete custom wolfssl_5.4.0-fips.bb recipe and README.
* Removed WolfSSL dynamic layer registration.
FIPS support is now managed through the external meta-wolfssl layer,
making this implementation unnecessary in meta-digi.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The new version in meta-wolfssl does build properly, so this append is
no longer needed.
https://onedigi.atlassian.net/browse/DEL-9631
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Yocto added kernel local version support by using the KERNEL_LOCALVERSION
variable. It conflicts with the "fsl-kernel-localversion" class from
the meta-freescale layer, resulting in a duplicated local version in the
kernel release label (uname -r). Use the current Yocto support to avoid
that duplication instead of meta-freescale's class.
This enables further simplification of the 'copy_defconfig' task for NXP
and STM platforms using common code.
https://onedigi.atlassian.net/browse/DEL-9669
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
IMAGE_FSTYPES was declared on each platform config file, but it has the
same values for all platforms depending on the storage media (mmc or mtd)
and whether read-only is enabled.
Move the conditional weak assignment to digi-default.inc and remove it from
each platform config.
In the case of STM platforms, since IMAGE_FSTYPES is weak-assigned by STM
layer, we still need to append/remove from it inside the platform config,
but move it to the family includes, rather than declaring it on each
specific platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The generation of the sdcard image takes time and resources, and
it's not involved in the Get Started.
This can be easily re-enabled by appending the variable in the
project local.conf.
Append the variable in the build scripts, to facilitate its usage
on release builds.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This generates an installer.zip image with all the firmware
images, including install scripts for UUU, SD card, and USB.
This is helpful to share the artifacts with manufacturing
or for deploying to external media such as microSD or USB stick.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The HCI_UART Bluetooth driver does not support suspend-to-RAM operation, so the
driver must be loaded and unloaded manually. This commit adds support for the
Bluetooth initialization script used across Digi platforms, specifically for
ConnectCore MP13 and MP15.
https://onedigi.atlassian.net/browse/DEL-9650
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The USB and SD installers are U-Boot scripts that are practically
identical.
Merge them into a single template with a couple of machine variables that
determine the default device index in U-Boot for the USB or the microSD
card.
Do dynamic substitutions to create the two installers out of the template.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The installer uses the regular rootfs filename or falls back to search
for a squashfs (read-only) rootfs image.
The UUU installers of eMMC-based platforms use an if/elif/else structure
to determine which file exist (in order of preference). Replicate this
structure on the rest of platforms and installers.
This avoids printing an error message if the default rootfs does not exist
but the read-only one does.
Also, reset 'rootfstype' variable if the default rootfs file exists, which
allows to install regular images over a previous read-only system.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
We reverted the stub that didn't allow PM when serial boot
was enabled on TF-A. Restore the part of the recipe that
includes USB boot support on NAND boot images.
This reverts commit 24aef482ef.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
Fixes commit b143804dbb, since in nativesdk
context MACHINE_FEATURES is reset to SDK_MACHINE_FEATURES, causing OP-TEE
building tools to be missing from the generated SDK.
https://onedigi.atlassian.net/browse/DEL-9663
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When you create a bridge between Wi-Fi hostap and Ethernet, it's more
convenient to let the bridge take an appropriate dynamic IP from the
DHCP server, than needing to configure a manual one.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Adding STM32MP_USB_PROGRAMMER=1 to TF-A NAND build allows the images to
boot from either NAND or USB (recovery) however, the source code of TF-A
disallows correct resuming from suspend when either STM32MP_USB_PROGRAMMER
or STM32MP_UART_PROGRAMMER are defined.
Remove this support so that the system can correctly resume from suspend.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9629
This commit fixes the rm command in the adapt_uboot_filenames function to
prevent build failures when the target artifact does not exist, ensuring the
operation is safe in all cases.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since commit 29d32063ac0abb1017756f62f94aec22ce305b60 ("u-boot: kernel-fitimage:
Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled") in Poky layer,
the `kernel-fitimage` and `uboot-sign` classes are no longer explicitly
dependent. This change introduced a race condition when inserting the signed
RSA keys into the U-Boot DTB for FIT image verification.
This commit introduces a new step for `do_uboot_assemble_fitimage`, which is
now responsible for injecting the keys into the U-Boot DTB. This logic was
previously handled in the Linux kernel recipe via the `do_assemble_fitimage`
function in previous Yocto versions.
Additionally, a build-time dependency is added between the `do_uboot_assemble_fitimage()`
function and the kernel's `do_kernel_generate_rsa_keys()` task, which is
responsible for generating the RSA keys used to sign the FIT image.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the memory layout to properly allocate space for the
different FIT image components, while ensuring total memory usage stays below
128 MiB. This avoids overlaps and ensures correct loading on memory-constrained
variants.
Final memory map:
Start of memory: # 0xC0000000
# |
# | 32 MiB reserved
# v
FIT image load address: # 0xC2000000
# |
# | 32 MiB for FIT image
# v
Kernel load address: # 0xC4000000
# |
# | 32 MiB for Kernel
# v
DTB/DTBO load address: # 0xC6000000
# |
# | Size for DTB/DTBO
# v
Total memory mapped: 96 MiB
https://onedigi.atlassian.net/browse/DEL-9634
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit includes a new tarball based on trustfence-fscrypt v0.2,
cross-compiled against libteec v1.0.0, to enable support for STM32MP1x platforms.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
add a new recipe to include nxp prebuilt binaries for:
* mlanutl: WoWLAN support
* nanapp: NAN support
* nmlawls: monitor Wi-Fi events
Included prebuilt version obtained from next release:
SD-WLAN-UART-BT-SPI-OT-Zigbee-DualPAN-IW612-LNX_6_12_3-IMX8-18.99.3.p23.20-18.99.3.p23.20-MM6X18505.p23-GPL.zip
https://onedigi.atlassian.net/browse/DEL-8462
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
poky commit 3c9b461dd0d26a5f6941000d839636ad32cd6f29 added this binary to the
bluez5-noinst-tools package, and it has the same exact path as the one from our
dey-examples-btconfig package. This causes a conflict when both packages are
installed in the same image.
Judging by bluez5's btconfig sources, it's merely a skeleton without any real
functionality, so simply remove it to avoid the conflict.
https://onedigi.atlassian.net/browse/DEL-9612
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Some of our example recipes that are meant to be used on specific platform
subsets are available to be built/installed for all platforms. Even though it's
possible to build/install these recipes for platforms they aren't meant for,
we should restrict them to their intended platforms:
* dey-examples-btconfig: this is only meant for ccimx6 platforms that use
the Atheros wifi/bt chip, so reflect this in the recipe and in the
examples packagegroup.
* dey-examples-tamper: this is only meant for platforms with MCA (ccimx6ul,
ccimx8x and ccimx8m). This requirement was already set in the examples
packagegroup, but the recipe was available to any platform.
https://onedigi.atlassian.net/browse/DEL-9612
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Commit 15f9aeba0e removed the dey-examples-v4l2
recipe, yet we still kept it as a dependency for ccimx6 platforms. Remove this
impossible dependency to be able to build the examples packagegroup for ccimx6
platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 5bdd59a647)
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Like we do for our other supported images, provide a recipe to generate a SWU
package based on dey-image-flutter
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In theory, we already had the necessary changes to remove these images, but
two things needed tweaking:
* MULTIUBI_BUILD values use underscores instead of hyphens, so use
underscores to properly remove the default value inherited from
BOOTDEVICE_LABELS.
* STM used to incorporate a custom "stmultiubi" image type in the stm32mp
builds, but they've replaced this with the upstream "multiubi" type.
Reflect this change to avoid generating additional UBI/UBIFS images in
our builds.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When building DEY 5.0 ccmp15-dvk images with Qt6 instead of Qt5, the rootfs
image is too big for the default settings (512 MiB, dualboot enabled). Make
room by removing the *-examples Qt6 packages, which are over 30 MiB in total.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are several recipes in meta-digi related to features that we haven't
tested in a long time and don't appear in the DEY 5.0 documentation. Remove
them to avoid unexpected behavior.
Said features are:
* Coral TPU support (only supported in DEY 3.2)
* AWS support (removed from default images and docs in DEY 4.0)
* dey-image-tiny (hasn't been maintained since DEY 2.0)
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add the following countries to the CLM Blob file:
- Brazil
- Mexico
- Saudi Arabia
- Hong Kong
- Singapore
- Malaysia
- Taiwan
- Korea
This is the new World CLM Blob file:
- cyfmac4373-sdio_World.clm_blob (11d5fab6659eff491aca1a219ad33b00)
https://onedigi.atlassian.net/browse/DEL-9438
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This overlay contains a workaround to make the USB-OTG
work as USB device when connected to a host.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9610
(cherry picked from commit ec92f5fdd10a61e37ac3778d0d3aa1816bc6b0aa)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
STM's st-machine-common-stm32mp.inc file automatically incorporates "optee" to
MACHINE_FEATURES as long as BOOTSCHEME_LABELS contains "optee". Since we
recently modified the ccmp15's labels to only contain "opteemin", this is no
longer the case, which leads to:
* optee packages (optee-client, optee-os) not getting installed in images and
SDKs
* optee patches for environment encryption not being applied to libubootenv
Add the feature manually to fix these two issues
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
OP-TEE comes in two flavors: optee and opteemin
For NAND-boot images, add support for USB boot as well,
so that the default tf-a image is valid for booting from
either NAND or USB.
We had this for 'optee' flavor but not for 'opteemin'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The patch we applied for the ccimx8x to enable VPU usage when playing
videos under WebKit is also necessary for the ccimx8mm.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The ubihealthd daemon, present in mtd-utils does random
scans of the UBI devices on a given interval. This helps
to deal with 'read disturb' problem on NAND flashes.
The service runs a ubihealthd thread for every UBI device
with a read interval of 1 hour by default.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9571
Commit 9c3916da94 added INSANE_SKIP
"32bit-time" to certain recipes that use 32bit APIs on the ccmp1
SOMs, but forgot to include the `pn-` prefix to really apply to
those recipes.
While on it, add two additional ones on recipes used by NXP 32-bit
platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
* Remove wayland_1.22.0.bbappend, with changes originally added for Crank
UI (commit 25c699e05b), which we no longer support.
* Update wayland_%.bbappend to align with NXP’s rel_imx_6.6.52_2.2.0
release.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the firmware binaries for Bluetooth and Wireless interfaces,
aligned with the Cypress Linux WiFi Driver (FMAC) release v6.1.97-2025_0219.
The updated wireless firmware versions are as follows:
- 2FY Wireless chip: v28.10.387.16
- 2AE Wireless chip: v13.10.246.356
These updates are included as part of the imx-scarthgap-jaculus_r1.1 Murata release.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
That includes several CVE patches not present of meta-freescale's
23.2.5.imx recipe (which is based in exactly the same revision).
Similar change was done in NXP's meta-imx (see commit
99ceb057fcfdc8151c1488089d5f22363dfdb6d7).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the installer scripts to support CCMP1 platforms under
Yocto 5.0, aligning them with the current behavior used for CCMP2.
Changes include:
- Adding support for the metadata partition, which is now required
- Including the optee/opteemin flavors in boot artifact filenames
- Ensuring the script structure and logic remain consistent with CCMP2 install scripts
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Currently, the final metadata symlink is composed using the TF-A Device Tree
configuration, which includes memory variant details. However, these variants
are not relevant for the metadata binary.
To avoid generating multiple redundant metadata files or using confusing names,
this commit updates the symlink to be composed using the MACHINE variable
instead.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
In Yocto 5.0, the boot artifacts for CCMP1 platforms are compiled using the
opteemin flavor. This commit updates the BOOTABLE_ARTIFACTS definition to
reflect that change and properly integrate the boot artifacts into the ZIP
installer.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Arturo Buzarra
Hector Palacios
Javier Viguera
Isaac Hermida
Tatiana Leon
Gabriel Valcazar
Gonzalo Ruiz