Add missing call to 'uuu' and erase the partition before creating
the UBI volumes.
Also add larger timeouts to erase operations.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
In the cc6ul we are not powering-off the supply of the XBee.
This is making that after a suspend/resume action the XBee
hangs due to ModemManager hasn't been stopped before the suspend.
Stopping ModemManager before going to suspend solves the issue.
https://onedigi.atlassian.net/browse/DEL-7701
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since we added support for compressing rootfs images, we need to manage SWU
packages with a regular rootfs image and with compressed images. That support
was missing in the identification process when the SWU packet was verified.
This commit fixes the identification of compressed rootfs images.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This recipe had a post install script to do the following:
- create runlevel symlinks.
- comment the 'auto' lines of /etc/network/interfaces if running on
a non-Wi-Fi variant.
- add Atheros or QCA bridge examples depending on the detected chip.
- add wlan1 interface only if QCA chip is detected.
This post install cannot run on a read-only-rootfs so the recipe has been
reworked to do the same things at build time:
- the runlevel symlinks have been removed because they are taken care
of by a poky class.
- add a pre-up condition (the existance of a wireless entry on the device
tree) so that the interface is not brought up if the condition is not met.
- for the cc6/cc6n, since the Wi-Fi chip can be Atheros or QCA, add
specific wlan1 and br0 fragments with a pre-up condition basing on the
detected ID of the Wi-Fi chip
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
The access point configuration files are dynamically modified on a post
install script to generate an SSID name based on the last digits of the
MAC address (physical or virtual) assigned to a wlanX interface.
On read-only file systems, this is not possible, so add some conditional
code to the do_install() to use instead the $DIGI_FAMILY name.
Caveat: if several identical SOMs with read-only-rootfs co-exist on the
same network as APs, they will identify with the same SSID.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
The config file /etc/fw_env.config is generated dynamically basing on
the partition table and, in the case of NAND-based SOMs, on the NAND
geometry. This is done on a postinst script that modifies the file on the
first boot of the target. Since this is not allowed on read-only-rootfs,
this commit adds a default fw_env.config file to use instead when
read-only-rootfs is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
Framebuffer support has been removed for all platforms, however it was missing
from the ccimx6ulsbc configuration notes.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Some packages require different scripts, configuration files or installations
depending on the wireless chip assembled on the target. In general, the way
to support both chips in one image is to have the recipes install both
versions of the aforementioned files, then leave only the strictly necessary
version once the wireless chip can be deduced.
In the case of the init-ifupdown recipe, this involves installing temporary
configuration fragments that are later erased. In the case of the standby
script, the logic can be implemented in a single file.
https://onedigi.atlassian.net/browse/DEL-7661https://onedigi.atlassian.net/browse/DEL-7666
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This allows the packages to be included in the ccimx6sbc images. While at it,
include the Qualcomm bluez patches in ccimx6 builds. These patches aren't
destructive, they simply add functionality required by the Qualcomm chip, so
they shouldn't have any secondary effects when using the Atheros chip.
https://onedigi.atlassian.net/browse/DEL-7661https://onedigi.atlassian.net/browse/DEL-7666
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The latest version of psplash changed the default path to store the
communication FIFO with other processes to "/run" to allow keeping the
information between reboots, however we are using this tool from an initramfs
where "/run" does not exist, producing multiple errors trying to write to a
nonexistent path, delaying the update process.
This commit forces psplash to use an existing path like "/tmp" to handle the
communication FIFO, because we don't need to maintain the update information.
https://onedigi.atlassian.net/browse/CC8X-318
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Other layers, such as meta-digi-dualboot, may add scripts to this
list on their layer.conf file. Depending on the order and priority
of layers, using a strict '=' here completely overrides previous
values, which is not desired.
Reported-by: Francisco Gil <francisco.gilmartinez@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- Add the '-m' parameter. Without it, the script doesn't
generate the output merged configuration file, and the
fragments are not applied.
- Fix the if condition. The '*.cfg' expands to a list of
files, but the '-f' only admits one parameter. Use instead
the Python find_cfgs() function.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The variable 'dualboot' (and 'singlemtdsys' for CC6UL) was restored
after the bootcmd that runs the first time after programming U-Boot runs
fastboot again to resume the script.
This is ok for the CC6UL but not for the rest of platforms, that run the
partition script on the bootcmd, *before* running fastboot.
Restore the variables for all platforms in the bootcmd right after
resetting the environment.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
U-Boot has embedded support to handle bootcount tries.
When the limit of tries is reached, U-Boot runs the script
in `altbootcmd` rather than the usual `bootcmd`.
This other script resides on meta-digi-dualboot layer.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Ensure stdout redirection to the USB interface is removed in every case.
Otherwise, it would be left redirected when INSTALL_UBOOT_FILENAME is
manually set.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Install scripts may rework the partition table basing on the value of
env variables. Information of UBI volumes may remain on the NAND that
could later not correspond to the new partition table.
Make sure the MTD partitions are erased prior to updating:
- For Multi-MTD, append '-e' option to the update command.
- For Single-MTD, erase the system partition.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Check the status of 'dualboot' env variable.
If set to "yes", use the dualboot partition table in the script and
restore the variable (default is "no") after resetting the environment.
Also, for dualboot, there's no need to wipe the recovery partition or
boot into recovery mode.
For dualboot, this script programs both systems A and B with the same
images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7649
Commit c33fc8a7fe wrongly used
https protocol when using MTK remote when it should have been
ssh.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This is necessary for images that have SELinux enabled. Aside from changing
some package configurations and including an additional library in the rootfs,
this change has no apparent effects on the core functionality of the system.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These options should only be enabled when using SELinux, so apply them only
when "selinux" is in the DISTRO_FEATURES. The fragment is a copy of the one in
meta-selinux with the addition of DEFAULT_SECURITY_DAC and LSM.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This allows users to apply small changes to our kernel configuration without
having to create a completely new defconfig. Use a simplified version of the
kernel-yocto.bbclass implementation.
https://onedigi.atlassian.net/browse/DEL-6706
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The default policy provided by meta-selinux breaks a lot of the features in
DEY, so adapt it to make most features work. Note that this is simply an
example, end users should create their own policies for their own needs.
Make these changes toggleable so that users can use the reference policy
instead.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This packagegroup includes all of the userspace packages needed to use SELinux.
For now, use the same variant of the packagegroup, which contains all available
packages.
Since the meta-selinux layer isn't available in all platforms, implement this
change via a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This layer has no effect unless "selinux" is in the DISTRO_FEATURES, so it's
safe to add it to our default builds.
https://onedigi.atlassian.net/browse/DEL-7641
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This fixes the following CVEs:
* CVE-2021-3711
* CVE-2021-3712
Port the recipe and patches from the dunfell poky branch, since the hardknott
version contains additional changes aside from the revision update.
https://onedigi.atlassian.net/browse/DEL-7647
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package includes a script that is executed by a udev rule that we
currently include in our sysvinit images. Without it, the regulatory firmware
mechanism is broken and an error appears when booting the system.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When we added the SDMA fw systemd service, we accidentally made it so that all
scripts were installed only when using systemd. These files are still needed
when using sysvinit, so correct this change.
While at it, include the SDMA fw service in firmware-imx-sdma's FILES.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This fixes the following CVEs:
* CVE-2021-3711
* CVE-2021-3712
Port the recipe and patches from the dunfell poky branch, since the hardknott
version contains additional changes aside from the revision update.
https://onedigi.atlassian.net/browse/DEL-7647
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When DualBoot mechanism is enabled and an update is pending,
the boot script needs to change certain variables and save the
environment.
The regular boot script already changes a number of variables,
such as 'extra_bootargs' and 'overlays' by appending strings to
the already existing values. Saving the envionment may make these
grow endlessly with each iteration of the boot script.
For this reason, move the DualBoot check as the first thing in
the script, save the environment if needed, and then continue
with the normal flow, that changes variables before booting
but doesn't save them.
On certain scripts, this allows us to get rid of some instructions
for resetting the overlays variable.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The script required the passing of option '-b' for setting up the
target to use a single MTD partition and multiple UBI volumes.
If a target however already has the variable 'ubisysvols' set to
'yes' but this parameter is forgotten when calling the script, the
partition layout would change to default (several MTD partitions).
Remove the recently added '-b' option and make the script decide
basing on the current value of 'ubisysvols' variable.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Mike Engel
Hector Palacios
Francisco Gil
Arturo Buzarra
Gabriel Valcazar
Javier Viguera
Gonzalo Ruiz