Starting in poky commit 8791c77a4098d62080ecad09d94718eccd7f1a47, there is
now a check to make sure TEMPLATECONF follows specific rules. If we don't abide
by them, an error will occur when creating a project with our mkproject.sh
script. Move the templates to the place they're supposed to be in and reflect
the change in mkproject.sh.
https://onedigi.atlassian.net/browse/DEL-9011
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The SCP firmware introduces too much verbosity (with
timestamp included) in the middle of the boot log
between the TF-A and U-Boot.
Reduce the log and remove compiler flags for errors
on unused variables (banner strings).
This removes the following messages from SCP firmware:
[ 0.000000] SCP-firmware v2.12.0-dev
[ 0.000000]
[ 0.000000] [FWK] Module initialization complete!
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ST_OPTEE_DEBUG_TRACE is set to 0 if ST_DEBUG_TRACE is set to 0.
However, on the optee source code, if ST_OPTEE_DEBUG_TRACE=0 the
log level is automatically set to 3 (INFO) resulting in a very
verbose optee log.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The ccimx91 is a headless platform. Disabling those distro features
prevents building/installing packages that are useless (e.g. gstreamer)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit changes the linux and recovery UUID when booting
the system in single mode.
https://onedigi.atlassian.net/browse/DEL-9244
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Some settings were incorrectly set. Align the card settings with the
same values used in our other platforms.
https://onedigi.atlassian.net/browse/DEL-8703
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
These are files for programming images with STM32CubeProgrammer tool. We don't
use the tool or the files. Disable the task to avoid build warnings, just like
we do for the ccmp1 platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of manually disabling the task, use the ENABLE_FLASHLAYOUT_CONFIG
variable which is meant for that exact purpose.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This removes the psplash package from "core-image" images, which
prevents this failure onn boot:
[FAILED] Failed to start Start psplash boot splash screen.
psplash[454]: Error opening /dev/fb0
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Based on the environment variable emulate-cc91:
* Limit the ram memory to 512MB
* Enable the overlay _ov_som_emulate-ccimx91_ccimx93.dtbo
* Disable the npu node
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit adds the initramfs into the FIT recovery
image. If the RAM disk image is included in the FIT
image we need to create a initramfs file that doesn't
include the u-boot header, because the FIT descriptor
contains all the necessary information to use the
initramfs file.
https://onedigi.atlassian.net/browse/DEL-9168
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
When EXTRA_IMAGE_FEATURES += "overlayfs-etc" is added these
configurations are needed to compile. They are provided with
the default configuration to work with our software.
https://onedigi.atlassian.net/browse/DEL-9186
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
DEY generates the ccmp25 boot artifacts on subdirectories of the main
deploy folder. The firmware installation script expects to have them on
the deploy directory, so create the proper symlinks.
https://onedigi.atlassian.net/browse/DEL-9120
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Both CC93 and CCMP2 store the environment at the end of BOOT1 partition
and the redundant environment at the end of BOOT2 partition. Reuse the
'fw_env.config' file defined for CC93 for both platforms, and also include
CC91 in the process.
https://onedigi.atlassian.net/browse/DEL-9119
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
In CCMP2 the HWID is stored in 3 consecutive fuse words, now the third word has
the following scheme:
| 31..18 | 17 | 16 |15..12| 11..7 |6..3| 2..0 |
+--------+----+-------+------+---------+----+------+
| -- | BT | Wi-Fi | RAM | Variant | HV | Cert |
+--------+----+-------+------+---------+----+------+
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The main recipe already contains this file on the SRC_URI.
No need to append for every platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Add support based on v6.1.28 kernel version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add open-source implementation of the OpenGL API support based on v23.0.3
version from STM release openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add GPU support based on v6.4.15 version from STM release
openstlinux-6.1-yocto-mickledore-mpu-v24.06.26.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v2.8 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support based on v3.19.0 version from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add initial support cloned from ccmp15, based on v2022.10 from STM release
openstlinux-6.1-yocto-mickledore-mp2-v23.12.06.
https://onedigi.atlassian.net/browse/DEL-8995
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
When TrustFence is enabled, use the HUK programmed on the OTP
bits for the ccmp15 platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9121
When running the installation script on variants with larger NANDs, two of the
script's commands take longer than our intended timeouts under specific
circumstances:
* When the variant has a NAND with 512 MiB or more and singlemtdsys is set
to "yes", running ubivolscipt takes longer than our 10 second timeout.
The larger the NAND storage size, the longer this command takes.
* When the variant has a 1 GiB NAND, singlemtdsys is set to "yes" and
dualboot is set to "no", the update of the recovery UBI volume takes
longer than our 15 second timeout.
In both of these cases, the script fails and the installation process cannot
continue. Apply the following changes to prevent this:
* Increase the ubivolscript timeout from 10 seconds to 30
* Increase the recovery update timeout from 15 seconds to 20
Also, remove the command immediately before ubivolscript is run, since said
command is already being run at the beginning of ubivolscript.
https://onedigi.atlassian.net/browse/DEL-9097
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
By default, the secure storage path in the REE is "/var/lib/tee". It is
part of the rootfs, and thus, it gets lost on a firmware update.
This commit changes that path to a different partition "/mnt/data/tee"
when Trustfence file-based encryption is enabled.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Building Optee trusted applications (TA) depends on optee_client and the TA
devkit provided by optee_os. Our toolchain provides those dependencies, but
the SDK script which configures the environment for standalone building,
is not configuring some variables needed to build trusted applications.
This commit extends the SDK environment script to allow building TAs.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Occassionally, the loading the WiFi driver might fail, because of the
MMC node was not correctly initialized.
Fix that by rebinding the MMC node. This fix implements a similar workaround
as in c30b947408.
https://onedigi.atlassian.net/browse/DEL-9083
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
One of the conditions used to determine the U-Boot file was missing its
terminator, breaking the script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 26dc437a25)
On devices with NAND as storage media, a post install script
modifies the fw_env.config file basing on the NAND geometry.
This only happens once after deployment, typically on production
environments. If the power is removed soon after the post install
script runs (which is a normal procedure on manufacturing
environments), there are chances that pending file system
operations have not been flushed, which may occasionally lead
to the fw_env.config file end up empty on the next reboot.
This commit adds a sync at the end of the post-install script
to guarantee the changes are written to the file system.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9059
There is a corner case that wasn't cover by the script, if you
use the script using a -k -t the "-t" would be the name of the
dek.bin.
This new implementation solves the issue.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
By default is trying to install an artifact imx-boot--<platform>
if trustfence is not enabled.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Some variables in the script belong to u-boot, not to the shell
running the script. Escape those variables so the shell does not
expand them.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit removes the Cortex-M4 overlay because the M4 has
been enabled now in the DTSI file.
https://onedigi.atlassian.net/browse/DEL-9056
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The patches have been backported from the lf-6.1.36-2.1.0 release of
imx-mkimage.
https://onedigi.atlassian.net/browse/DUB-1081
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds some basic TSN support to DEY.
It includes the kernel configuration fragment with
the IEEE 802.1 support and the some user space tools
necessary to configure the network.
https://onedigi.atlassian.net/browse/DEL-9026
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The command trustfence update doesn't require the partition argument.
Besides of that, remove extra fi on the cc8m platforms.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
* Move Digi code out of the upstream files to minimize conflicts in
version migrations.
* Remove all the TEE client copied code and use the libteeclient library.
* Some fixes in the Optee-based environment encryption
* Some simplifications in CAAM-based environment encryption.
https://onedigi.atlassian.net/browse/DUB-1079
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
At the moment, this overlay adds RTC calibration to compensate
the drift observed in the 32kHz input frequency of hardware
version 1 of the SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8987
Update BDF file used on CC8MN and CC8MM with a new calibration
(GOLDEN3) to obtain a flatter frequency response and a better EVM
performance.
Reference calibration file is obtained from 'qca6574au-le-2-2-2_qca_oem'
repo at tag 'r00005.1' under path
'wlanfw/cnss_proc/wlan/fw/target/sdio_dst/qc6174/bdwlan30.bin'
(MD5SUM: 8a40d95698825e1718bee640b1f7982a).
Target output powers tables and CTL tables remain intact.
Changes required to pass the EN 300 328 V2.2.2 blocking test also remain
intact.
New BDF file:
- bdwlan30_US.bin (86180198440e6ab53734aabf0112c6ba)
https://onedigi.atlassian.net/browse/DEL-9001
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit adds RT functionality to CCMP1. The patches
have been extracted from STM RT expansion package and
includes the maineline RT patches and the STM RT driver
patches and RT Kernel defconfig changes.
https://onedigi.atlassian.net/browse/DEL-8880
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit adds RT functionality to the CCiMX93
platform. The patches have been extracted from the
NXP real time edge BSP and include the maineline RT
patches and the NXP RT driver patches and RT Kernel
defconfig changes.
https://onedigi.atlassian.net/browse/DEL-8881
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Use the generic sys class to check if a mtd device is attached.
The virtual node may not be present in some kernel versions.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit fixes u-boot Trustfence naming for signed and
encrypted images used in the installation script removing
the a duplicated dash in the u-boot name.
https://onedigi.atlassian.net/browse/DEL-8271
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Optee-client provides the TEE Client API as defined by the GlobalPlatform TEE standard.
It is required to communicate with a Trusted Application (TA) running in a Trusted OS.
https://onedigi.atlassian.net/browse/DEL-8970
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Several things were wrong after the latest update to version 4.0: the
tee-supplicant path, some settings in the systemd unit, etc.
This commit fixes the installation so the optee test suite completes again.
https://onedigi.atlassian.net/browse/DEL-8989
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes a race condition where, if you have an existing PKI tree with
the new format (one key_pass file for each key), the script detects that the
PKI tree is incomplete because it is always trying to find the key_pass.txt
file with the old format. This commit adds an additional validation step to
verify the new keys format.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add a check on the existence of the "temp-fitimg-loaded" environment
variable before setting it. It is needed, as with encrypted FIT images,
we need to decrypt them before accessing the boot script. In such cases,
u-boot sets that variable to "no" so the boot script does not override it,
and the FIT image is loaded again before the final boot to the OS.
https://onedigi.atlassian.net/browse/DEL-8945
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The signing tools have a dependency of libQt5Core.so.5, which implies that this
library must to be installed on the native PC. This commit includes all the
required shared libraries for the signing tools inside the own package to avoid
external dependencies. With this change there is not needed any more the qtbase
dependency at build time.
Package version has been bumped to 1.2.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the set_fip_sign_key() function to match the new keys format
where there is a key_pass file for each key, no longer needing to search with
the key index.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes a race condition where, if you have an existing PKI tree with
the new format (one key_pass file for each key), the script detects that the
PKI tree is incomplete because it is always trying to find the key_pass.txt
file with the old format. This commit adds an additional validation step to
verify the new keys format.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
- For Qualcomm QCA65x4 platforms:
Add support to create the 'World' board data file for the QCA65x4 Wi-Fi
chip to operate on World regulatory domain.
Kernel wireless driver already supports selecting the correct file based
on the configured Regulatory Domain via Kernel command line argument
'wlan.regdmn', which allows the following parameters:
* "US", for U.S.A. (default)
* "World", for worldwide
- For Murata type2AE platforms:
Add World CLM blob file for the wireless interface and JRL hcd file for
the Bluetooth interface. Also add the autocountry ininitialization script
and systemd service.
World CLM blob file:
- cyfmac4373-sdio_World.clm_blob (1abe7f3fa86d4123b0586cbbf0ec91ac)
Kernel wireless and bluetooth drivers already support selecting the correct
files based on the configured Regulatory Domain via Kernel command line
arguments 'brcmfmac.regdmn' and 'btbcm.regdmn' respectively, which allow the
following parameters:
'brcmfmac.regdmn':
* "US", for U.S.A. (default)
* "World", for worldwide
'btbcm.regdmn':
* "FCC.CE", for U.S.A., Europe and the rest of the world (default)
* "JRL", for Japan
https://onedigi.atlassian.net/browse/DEL-8905
Co-authored-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Different mechanisms are used to sign FIT images on the ccmp1 platforms and the
ccimx93, and we manage each mechanism via a different variable. The variable
names don't really reflect which platform they affect, which makes maintenance
harder.
Rename the variables so that it's easier to identify the platforms/vendors they
affect:
* Replace TRUSTFENCE_FIT_IMG with TRUSTFENCE_SIGN_FIT_STM
* Replace TRUSTFENCE_SIGN_FIT_ARTIFACT with TRUSTFENCE_SIGN_FIT_NXP
Don't rename TRUSTFENCE_FIT_IMG_SIGN_KEYNAME
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Unless we have a use case in which we need to apply these fragments separately,
we can merge them both into a single fragment.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This logic was fixed in commit e915a14b4b, so we
no longer have to manually copy the bootscript to generate FIT images.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We rely on FIT support to implement boot artifact authentication on ccmp1
platforms, but our implementation made it impossible to enable FIT support
outside of the context of Trustfence/secure boot.
Change this so that it's possible to enable FIT support without having to sign
the FIT artifacts. Also, modify the linux-dey 5.15 recipe so that the U-Boot
DTBs with signatures get copied only when FIT signing is enabled.
https://onedigi.atlassian.net/browse/DEL-8946
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit updates the required firmware binaries for Bluetooth and Wireless
interfaces, hostapd and wpa_supplicant recipes based on the Cypress Linux WiFi
Driver (FMAC) release v5.15.58-2023_1128 (Wireless firmware v13.10.246.334).
This change also includes a custom defconfig file for the hostapd and
wpa_supplicant recipes including the changes from the patches and the Digi
customizations.
Also are updated the Murata firmware repositories to match with the latest
Murata release imx-kirkstone-hedorah_r1.0, which is based in the same Cypress
Linux Wifi Driver release v5.15.58-2023_1128.
https://onedigi.atlassian.net/browse/DEL-8667
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The standard string split() function does not support splitting a string
by spaces but preserving quoted strings, so it does not work for build
options disabling functionality, as they have this format:
"# CONFIG_OPTION is not set"
On the other hand, the "shlex" module provides a split function that
allows splitting strings by spaces and, at the same time, preserves
quoted strings.
In Trustfence, we need this functionality to disable default options that
would allow the booting of non-authenticated images.
https://onedigi.atlassian.net/browse/DEL-8704
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The script to sign the boot artifacts lacked the support to configure the
revocation mask. The at-the-moment supported platforms did not need it,
but the ccimx93 does need it, so implement it in this commit.
https://onedigi.atlassian.net/browse/DEL-8704
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
With the introduction of the ccimx93 support in the following commits, the
srktool parameters not only differ for HAB/AHAB devices but also between
devices using AHAB (for example, different parameters for ccimx8x and
ccimx93). Thus, move this information to the platform-specific data table.
https://onedigi.atlassian.net/browse/DEL-8704
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
It is a cosmetic change, as there is no change in functionality, but
convert the if..elif..fi structure to a table with the platform-specific
data, so it's easier to maintain and extend.
https://onedigi.atlassian.net/browse/DEL-8704
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
expand the docker defconfig excerpt to add more default options, as some
of them might be enable in some platform defconfigs but not in other ones,
so just set all of them, as it is safe, and nothing happens if they are
already set in the original default defconfig.
To check if all LXC/docker options are enabled for a kernel,
run lxc-checkconfig in the system.
https://onedigi.atlassian.net/browse/DEL-8924
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
When we use a fitImage kernel type, all the boot artifacts are inside the
FIT image, so there is no need to add them to the boot image additionally.
We were using TRUSTFENCE_FIT_IMG to do this filtering, which uses
a fitImage kernel type underneath. This commit uses KERNEL_IMAGETYPE
instead, as this way, we can use kernel FIT images out of Trustfence and
still prevent polluting the boot images with not-needed artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Other recipes may access SYSROOT_DIRS content by adding a dependence
on do_populate_sysroot.
We need this specific directory for the kernel fitImage support.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This update fixes an initialization issue with devices without HWID programmed.
https://onedigi.atlassian.net/browse/DUB-1066
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes a build issue when this script is installed but not shipped
in the u-boot-tools package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Not only install the US but all the FW files.
Apart of that, some scripts need a little adjustement such as:
* Modify the BT baudrate to 3Mbps for EU power configuration, as it is the
baudrate used by the btnxpuart driver.
* Replace the way to reset the interface on each hcitool command to
avoid missleading BT behaviour.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit implements the support to sign the different memory configurations for
the CCMP1 platforms, when trustfence is enabled, using FIT images.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit implements the support to allow different memory configurations for
the CCMP1 platforms, adding support to 512MB and 1GB memory variants for the CCMP15.
https://onedigi.atlassian.net/browse/DEL-8752
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Command 'bootz' allows boot unsigned Linux zImages, so disable it when secure
boot is enabled using FIT images.
https://onedigi.atlassian.net/browse/DEL-8769
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Replace the US-only default CLM blob with the latest one, generated by
Infineon based on the results from Digi Certification of the CCMP1.
New file:
- cyfmac4373-sdio_US.clm_blob (92225a8bccf0c7c9d7df6cdd64670fa1)
https://onedigi.atlassian.net/browse/DEL-8598
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Some minor fixes:
* return error code if installation fails
* cosmetic: update comment with options
* just exit after error and do not execute boolimit command
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Murata provides this FW recipe for the infineon chip on the ccmpx products.
Now we are going to have more FW provided by Murata, but for other chips
which recipe is completely different.
Therefore, rename the recipe to explicitily indicate the FW it provides.
https://onedigi.atlassian.net/browse/DEL-8458
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This is an NXP change that reverts a mainline weston commit form v9.0.0, in
which the mouse cursor only gets activated when there is mouse movement. This
change was only being included in the weston v10.0.X i.MX forks.
For platforms that don't use these weston forks (ccimx93 uses the v11.0.X fork
and ccmp15 uses mainline weston), the mouse cursor doesn't load right away when
booting the system, which causes apps that are automatically launched (such as
the LVGL demo) to not register the mouse, rendering said apps unresponsive to
it.
Port NXP's change to all of the weston versions we currently use to avoid this
problem.
https://onedigi.atlassian.net/browse/DEL-8865
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Up until recently, we were only generating dey-image-qt images for the
ccimx93-dvk. Now that we are generating dey-image-lvgl images as well, make
sure to print the helper message to set image-name when installing said images.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
One of the conditions used to determine the U-Boot file was missing its
terminator, breaking the script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
New AR6233 chips from Qualcomm require a power reduction in the 2.4GHz
band to maintain a good EVM.
Generate new board data files with this optimized target power
configuration, but do not replace the original board data files so this
change does not affect CC6 modules with the original AR6233 chip.
The new AR6233 will be populated in modules with Hardware Version=6 or
higher. Load one board data file or the other based on the Hardware
Version field of the HWID via a post-installation script.
Board data files with optimized TX Power ('b' files):
- Digi_6203-6233-US_b.bin (MD5SUM: 53db0fba1eea22d5c7248b35669234bd)
- Digi_6203-6233-World_b.bin (MD5SUM: 307ea9e9364c46a243a36124c92cddc2)
- Digi_6203_2_ANT-US_b.bin (MD5SUM: 741f69584f43258ec15bfccaebdb8896)
- Digi_6203_2_ANT-World_b.bin (MD5SUM: 9f89d081aaef7f26292d42ad193c188d)
https://onedigi.atlassian.net/browse/DEL-8851
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The ccimx93 bootloader signing requires this version of the sign script,
but at the moment, the updated script is not compatible with the other
AHAB-based module (ccimx8x), so we cannot just update the recipe for
all modules.
Thus, create a new version of the recipe and use that for the ccimx93
while we still use the old version for the rest of the platforms.
https://onedigi.atlassian.net/browse/DUB-1068
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
An additional line was added to a comment block without the '#' character,
resulting in the following error when running the script:
Unknown command '-' - try 'help'
Nonetheless, this error is harmless and the script continues as expected, which
is the reason why we hadn't found it until now.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In case a HWID is not set or the variant is unknown, do not set it to a default
U-Boot file but ask the user for the proper file.
This case should not happen, but cover it for safety.
https://onedigi.atlassian.net/browse/DEL-8855
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The support to update U-Boot in the redundant partition must be enabled in the project
configuration file by setting the variable "SWUPDATE_UBOOTIMG_REDUNDANT" to "true":
SWUPDATE_UBOOTIMG_REDUNDANT = "true"
This feature is only available for the newer platforms: ccmp13, ccmp15 and ccimx93. Trying to
enable it in older platforms will display a warning and fallback to non-redundant update.
Signed-off-by: David Escalona <david.escalona@digi.com>
Backport of multimedia package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of multimedia
recipes from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
https://onedigi.atlassian.net/browse/DEL-8840
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
libubootenv treats negative offsets as backwards offset from the end of
the block device, so use that to move the environment to the last 16KiB
of the hardware boot partitions.
https://onedigi.atlassian.net/browse/DUB-1064
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This new variable establishes the number of 1Kb blocks to skip before writing U-Boot in the
bootloader partition.
Signed-off-by: David Escalona <david.escalona@digi.com>
With the update of the ethos-u firmware for the NPU in previous commit,
this overlay is no longer required.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: bd5506ddba364ad04602d5009b77077f78450b97
Source: NXP's MCUXpresso SDK_2.14.2_MIMX9352xxxxM
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The result of the modprobe operation doesn't guarantee the driver loaded
correctly. The module may succeed and be loaded, but failures during the
probe may not propagate and result in an error of modprobe.
The valid condition is to check the existence of the interface in
/sys/class/net/wlan0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8821
In commit a84d011 this was fixed for mount_digiparts.sh, but
was missing the fix in the mount.sh script.
In that commit there is a full explanation about why this
solves the issue.
https://onedigi.atlassian.net/browse/DEL-8721
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
With this new rule, only the medias that contain a filesystem
on them are mounted, filtering several calls to mount.sh.
I have checked that this change doesn't increase the boot time
at all.
https://onedigi.atlassian.net/browse/DEL-8826
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The TF-A and OP-TEE images have different suffixes depending
on whether TrustFence is enabled or not, but the suffix variables
themselves must exist independently of whether TF is enabled.
Currently, they were defined on the trustfence.bbclass, and the
variables did not exist when TF was disabled, which caused build
problems, for example, building the SWU file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This compression method has a better compression ratio than the default (lzo),
but the (de)compression speed is slower, leading to slower read/write speeds.
However, the recovery partition only gets accessed in specific use cases such
as software updates and partition encryption, and it contains an initramfs. The
UBIFS will only be read at boot time to load its elements, but once the
initramfs is loaded in RAM, there are no more read/write operations to the
UBIFS during runtime, so the speed penalty is minimal.
Take advantage of the improved compression ratio to reduce the size of the
recovery image. On the ccimx6ul, the size is reduced by 248 KiB.
https://onedigi.atlassian.net/browse/DEL-8819https://onedigi.atlassian.net/browse/DEL-8825
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For signing SWU files we need to set a couple of variables:
- SWUPDATE_PRIVATE_KEY_TEMPLATE to the private key file
- SWUPDATE_PASSWORD_FILE to the password of the private key
The latter must only contain one password, whereas the current key_pass.txt
file had (for the ccmp13) the eight keys separated by a white space.
This commit:
- If the file key_pass.txt exists, it extracts each key into a separate
file key_pass0X.txt.
- If the keys don't exist, generates separate files per key.
- Changes the permissions of password files to 400.
- Adapts the sign script to use the single password files.
- Fixes a few quotes
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting with NXP release "lf-6.1.55-2.2.0" the IMX optee fork (based on
version 4.0.0) does not support SOC revision A0. This commit recovers
support to build a bootloader for A0, extending the optee patch for
ccimx93 to support A0 with a build time option, and then extending the
optee-os and imx-boot recipes to build two optee binaries and using them
to generate bootloaders for both SOC revisions.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This includes also an update and rename of the Edgelock Enclave firmware
package (firmware-ele-imx).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Commit d3f3cfdb62 removed the inclusion of STM's
linux-stm32mp.inc from meta-st-stm32mp in our linux-dey recipe, but this
inadvertently removed the logic in do_configure() necessary to use our custom
ccmp1_defconfig. Since this commit, the kernel was being built with the default
ARM defconfig, which is very different from our custom defconfig and doesn't
even boot on MP1 platforms.
Rework the logic used to copy our platform's defconfigs to prevent this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit removes the BOOTLOADER_SEEK_OFFSER, because it has been
moved into the swupdate class and renamed into SWUPDATE_UBOOT_OFFSET.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit adds u-boot swupdate support for all platforms.
Now u-boot can be updated with all our supported update
options. Currently it will only update first partition
u-boot partition.
https://onedigi.atlassian.net/browse/DEL-8749
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
The 'mtd-blacklist' parameter prevents swupdate from acting upon those
partitions that we consider sensitive.
Make such list platform-dependent.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The LEGACY_IMAGE_FORMAT defaults to 'y' if there is no FIT
support, which happens after applying the default configuration.
Then, the FIT support is added in a config fragment, but the
LEGACY_IMAGE_FORMAT is not disabled.
Disabling this is recommended to avoid the possibility to boot
unsigned legacy images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: a0352b0cf7267c896b55980dedd08daddc780733
Source: NXP's MCUXpresso SDK_2.14.0_MIMX9352xxxxK
And, drop deepview-rt support for ccimx93, as NXP has done the same in
6.1.36-2.1.0 release.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The U-Boot bootscript loads the fitImage into RAM memory to run
this bootscript. This bootscript ends up calling 'dboot' command
to run the FIT default configuration.
To avoid 'dboot' re-loading again the fitImage into RAM memory,
set this temporary variable that will be immediately reset
by 'dboot'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
An anonymous function in linux-stm32mp.inc produces a bbfatal error when
KERNEL_DEVICETREE variable contains more than one device tree. This is our
case since we build the main DT plus a number of DT overlays.
This commit removes the dependency to this include file since we have our
own recipe to build the kernel and it is not needed at all.
It also removes the build of a uImage and the need to provide a
LOADADDR.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Notice, that the new version of weston used now by the ccimx93 requires
a different profile file (weston-socket.sh). This profile supercedes the
old 'weston.sh'.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport of multimedia package for ccimx93 from NXP's Mickledore-based
6.1.36-2.1.0 release. Mainly copies and appends of multimedia recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
In commit 2fd1dbfed7, we accidentally removed some changes needed to
build imx-boot with Trustfence enabled, which were added in commit
1ce17da864.
This partially reverts commit 2fd1dbfed7
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
LVGL is a free and open-source embedded graphics library that is able to run
in environments with limited resources.
This image includes a desktop environment and an LVGL widget demo (lvgl_demo)
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds several overlays for DVK v2 and modifies the boot script to apply it
based on the board_version variable.
https://onedigi.atlassian.net/browse/DEL-8746
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The nodes "/dev/ramX" and "/dev/loopX" are mounted on boot.
Each node calls the mount.sh script, but they are not mounted
because these nodes are blacklisted in the "blacklist.conf" file.
In the ccmp13 adding this modification in the rule saves
around 4 seconds per boot.
In the ccmp15 and ccimx6ul around 2 seconds are saved.
https://onedigi.atlassian.net/browse/DEL-8725
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 961acf48de)
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
(cherry picked from commit 019deb6313)
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
(cherry picked from commit 918a9caf1d)
Use the intention of installing dual boot firmware as a condition to set
bootlimit=3 so that the bootcount mechanism is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1058
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
These binaries are installed in subdirectories by default. The uuu
installer expects to find all binaries on the same folder where the script
is. By creating symlinks, the uuu installer can find all the binaries it
needs directly on the deploy folder.
NOTE: variables in 'for' clauses are intentionally without quotes to skip
whitespaces in them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
New NXP's release is based on upstream v2.8. Use this only for ccimx93,
and keep using the previous Kirkstone release (based on upstream v2.6)
for the rest of the platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 2fd1dbfed7)
Recently, meta-freescale backported the support to build multiple boot
artifacts. This clashes with the changes in our imx-boot bbappend,
so update the bbappend to make it compatible with the latest changes
in meta-freescale.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Through the inclusion of 'nand-4-256' in BOOTDEVICE_LABELS, the include
file 'st-machine-common-stm32mp.inc' adds strings to MULTIUBI_BUILD and
IMAGE_FSTYPES that result in building ubi and ubifs images.
These are redundant and not needed since meta-digi's
'image_types_digi.bbclass' already generates the needed ubifs images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8714
The STM signtools are precompiled binaries with a fixed RPATH to look for
dynamic libraries.
When the binaries are installed to the regular ${bindir} (either native or
nativesdk), additional toolchain libraries in the regular ${libdir} folder
confuse the binaries, resulting in segmentation faults when running them
or missing symbols.
The package has been reworked to place the directory structure expected
by the binaries, in a subfolder "stm" within the ${bindir}.
Two wrapper scripts with the names of the binaries (STM32MP_KeyGen_CLI and
STM32MP_SigningTool_CLI) have been created to run the binaries in the new
subfolder.
Package version has been bumped to 1.1.
While on it, remove the 'do_install' from trustfence-stm-signtools.inc
which is not needed because the 'bin_package' class already provides the
same functionality.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
The appropriate way to add STM signtools to the SDK is via RDEPENDS on
nativesdk-packagegroup-sdk-host, not through the parent recipe of STM
signtools recipe itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
Through the inclusion of 'nand-4-256' in BOOTDEVICE_LABELS, the include
file 'st-machine-common-stm32mp.inc' adds strings to MULTIUBI_BUILD and
IMAGE_FSTYPES that result in building ubi and ubifs images.
These are redundant and not needed since meta-digi's
'image_types_digi.bbclass' already generates the needed ubifs images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8714
The STM signtools are precompiled binaries with a fixed RPATH to look for
dynamic libraries.
When the binaries are installed to the regular ${bindir} (either native or
nativesdk), additional toolchain libraries in the regular ${libdir} folder
confuse the binaries, resulting in segmentation faults when running them
or missing symbols.
The package has been reworked to place the directory structure expected
by the binaries, in a subfolder "stm" within the ${bindir}.
Two wrapper scripts with the names of the binaries (STM32MP_KeyGen_CLI and
STM32MP_SigningTool_CLI) have been created to run the binaries in the new
subfolder.
Package version has been bumped to 1.1.
While on it, remove the 'do_install' from trustfence-stm-signtools.inc
which is not needed because the 'bin_package' class already provides the
same functionality.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
The appropriate way to add STM signtools to the SDK is via RDEPENDS on
nativesdk-packagegroup-sdk-host, not through the parent recipe of STM
signtools recipe itself.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ARM64 generic overrides where in the middle of the chain with more
precedence than IMX overrides.
From:
MACHINEOVERRIDES="imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:aarch64:armv8-2a:use-nxp-bsp:ccimx93-dvk"
To:
MACHINEOVERRIDES="aarch64:armv8-2a:use-nxp-bsp:imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:ccimx93-dvk"
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
mkimage output provides some information (basically image offsets) that
cst (code signing tool) uses to sign imx-boot images.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This version supports i.MX8ULP and i.MX9x devices.
NOTICE: changed the "srk_ca" parameter in ahab_pki_tree.sh from "yes" to
"no". This script is shared between cc8x and ccimx93. The imx93 does not
support that option at the moment (generation of subordinate SGK certs)
and for the cc8x we were generating them but never used them to sign
the artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Merge the patches for the PKI tree generation scripts, to ease
maintenance (still keeping two separate patches for HAB4/AHAB).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ARM64 generic overrides were in the middle of the chain with more
precedence than IMX overrides.
From:
MACHINEOVERRIDES="imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:aarch64:armv8-2a:use-nxp-bsp:ccimx93-dvk"
To:
MACHINEOVERRIDES="aarch64:armv8-2a:use-nxp-bsp:imx-generic-bsp:imx-nxp-bsp:imxdrm:imxpxp:mx9-generic-bsp:mx9-nxp-bsp:mx93-generic-bsp:mx93-nxp-bsp:ccimx93:ccimx93:ccimx93-dvk"
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Gabriel Valcazar
Javier Viguera
Arturo Buzarra
Francisco Gil
Hector Palacios
Mike Engel
Isaac Hermida
Gonzalo Ruiz
David Escalona
Hector Bujanda