When the swu package is generated it needs the right
extension of the rootfs to be formed.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We used to use BAD_RECOMMENDATIONS to remove this package in ccimx6 builds,
we enable the imx-gpu-viv driver as built-in in our kernel, but this method
isn't working anymore. Instead, undo the specific RRECOMMENDS that pulls the
module in.
Apply the change for the aarch32 version of the package only, since this change
is only needed for the ccimx6 platforms.
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These variables are used to generate .sdcard images, and without them, said
generation will fail.
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We still need to use this downgraded version of dtc to be able to build
U-Boot v2017.03, so backport this patch to be able to build dtc with the latest
version of gcc
https://onedigi.atlassian.net/browse/DEL-8540
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This layer provides machine learning functionality, so include it in our
default layers so customers can use it out of the box if wanted.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NXP's machine learning packagegroup now has a dependency for gst-shark, a GPU
profiling tool which is provided by this layer. Since it's a part of a repo
that already exists in our manifest, simply add it to the default layers of all
i.MX platforms that support the machine learning feature to be able to include
its packages out of the box.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit modifies the boot script condition to apply the overlay for MCA
based on HWID MCA field.
https://onedigi.atlassian.net/browse/DEL-8521
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This layer provides machine learning functionality, so include it in our
default layers so customers can use it out of the box if wanted.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NXP's machine learning packagegroup now has a dependency for gst-shark, a GPU
profiling tool which is provided by this layer. Since it's a part of a repo
that already exists in our manifest, simply add it to the default layers of all
i.MX platforms that support the machine learning feature to be able to include
its packages out of the box.
https://onedigi.atlassian.net/browse/DEL-8551
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Instead of depending on library releases in Pypi, update the recipe to compile latest
Github code. This allows to use minor fixes in DEY before a new release of the library
is available. While on it, set the 'SRCREV' to point to the last commit of the repository
for traceability.
Signed-off-by: David Escalona <david.escalona@digi.com>
Main development of the library will be done in Github. The Stash repository will be
used as a "security backup mirror", so update the recipe to always compile from Github.
Signed-off-by: David Escalona <david.escalona@digi.com>
This commits changes the CONFIG_CONSOLE_ENABLE_GPIO_NAME to be a string
and not an integer.
https://onedigi.atlassian.net/browse/DEL-8520
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
By default, the signing script generates a file without 'w'
permission so DEY cannot remove it from the deploy dir on
a clean operation.
Add the 'w' permission so that DEY can remove it on clean
operations and generate a new signed file when required.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise, the sw-description used for non-dualboot systems will be missing
these values and the software update process will fail.
https://onedigi.atlassian.net/browse/DEL-8513
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We accidentally used "mx8mm" instead of "mx8mn" in commit
9b165196bb, which caused several elements to stop
working on the target (including the optee-os).
https://onedigi.atlassian.net/browse/DEL-8512
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The tools STM32MP_KeyGen_CLI and STM32MP_SigningTool_CLI have
a dependency of libQt5Core.so.5 which is provided by qtbase.
Add this dependency to avoid errors during SDK generation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit disables the uSD mounting, due to issues
detected during the boot process when UBIFS starts
with the wear-leveling process to erase NAND blocks.
https://onedigi.atlassian.net/browse/DEL-8415
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Sometimes, it may be desired that the DEY project does not sign the
artifacts, for example, if they are going to be externally signed on a
secure server. In this case, the user sets TRUSTFENCE_SIGN="0".
On STM platforms, all the variables were being set if TRUSTFENCE_SIGN="1"
and authentication support is not enabled on TF_A otherwise.
Set TF_A_SIGN_ENABLE (which adds authentication support to TF_A) always
for STM platforms (as long as the project inherits the trustfence class)
and set FIP_SIGN_ENABLE="0" if its sibling TRUSTFENCE_SIGN="0", so that
DEY doesn't sign the FIP image either.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The FIP image is signed internally by this recipe. The password must be
set in FIP_SIGN_KEY_PASS. With the signing script, the password is
randomly generated and saved in key_pass.txt.
This prefunc obtains the password(s) from the file to set FIP_SIGN_KEY_PASS
so that the FIP can be properly signed.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This script can be called stand-alone or from DEY.
Syntax is :
trustfence-sign-artifact.sh -p <platform> [-t input-unsigned-image> <output-signed-image>]
If files are omitted, it at least generates random keys if they do not
exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The do_deploy:append did three things:
- adapt the U-Boot filenames to 'u-boot-<platform>-<config>.<ext>'
- sign/encrypt the U-Boot files (only for iMX6 family)
- sign the boot scripts
Convert the first two actions into functions (the third already was) and
call them conditionally as postfuncs.
Also skip the signing of U-Boot files if the platform is not based on
iMX6 family.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Francisco Gil
Gabriel Valcazar
Arturo Buzarra
Javier Viguera
Mike Engel
David Escalona
Hector Palacios