The support to update U-Boot in the redundant partition must be enabled in the project
configuration file by setting the variable "SWUPDATE_UBOOTIMG_REDUNDANT" to "true":
SWUPDATE_UBOOTIMG_REDUNDANT = "true"
This feature is only available for the newer platforms: ccmp13, ccmp15 and ccimx93. Trying to
enable it in older platforms will display a warning and fallback to non-redundant update.
Signed-off-by: David Escalona <david.escalona@digi.com>
Backport of multimedia package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of multimedia
recipes from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
https://onedigi.atlassian.net/browse/DEL-8840
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The JIRA in the patch description describes a problem in the CC6UL, so
do not use the patches on other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
If 'CCCS_CONF_PATH' is defined, the specified file is installed as CCCS
configuration file without any modification.
It it is not defined or it is empty, the configuration file in cc_dey
('cc_dey/cccs-daemon/cfg_files/cccs.conf') is installed and modified if
required.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
libubootenv treats negative offsets as backwards offset from the end of
the block device, so use that to move the environment to the last 16KiB
of the hardware boot partitions.
https://onedigi.atlassian.net/browse/DUB-1064
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Rework the script so that it has a similar structure as the MMC leaving it ready
to integrate new platforms.
Signed-off-by: David Escalona <david.escalona@digi.com>
This variable is only required to enable the bootcount feature after an update when the bootcount value is
stored in the environment. This only happens in the CCIMX6 products, so it makes no sense to use it for the
CCMP1 devices.
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, enable support to update encrypted U-Boot for all mmc platforms
supporting it. The install script extracts the DEK blob from the installed
U-Boot and appends it to the new U-Boot before flashing it.
Signed-off-by: David Escalona <david.escalona@digi.com>
This new variable establishes the number of 1Kb blocks to skip before writing U-Boot in the
bootloader partition.
Signed-off-by: David Escalona <david.escalona@digi.com>
EGLFS is a platform plugin for running single Qt applications in full-screen
mode, without a windowing system like X11 or Wayland.
https://onedigi.atlassian.net/browse/DEL-8802
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
To work in a dualboot memory layout out of the box, the most
common use case of the firmware update through the cloud should
be on the fly because in nand platforms there is not enough
memory to keep the update file in the system.
https://onedigi.atlassian.net/browse/DEL-8305
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
With the update of the ethos-u firmware for the NPU in previous commit,
this overlay is no longer required.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
As part of the integration of the new ML package, also update the
ethos-u-firmware binary built from Stash:
Repo: emp/ethos_u_firmware.git
Revision: bd5506ddba364ad04602d5009b77077f78450b97
Source: NXP's MCUXpresso SDK_2.14.2_MIMX9352xxxxM
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Backport a new version of cmake-native from Poky's mickledore release. This
is required by the new version of the onnxruntime package (updated in
the following commit).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Our fork contains the same patches that were originally applied in this recipe.
This makes it easier for customers to identify the modifications necessary to
get LVGL working on our platforms.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When switching off the 3.3V supply from the Wi-Fi during suspend,
around a 10% of the times, when resuming the Wi-Fi driver fails to load.
It was verified that a rebind operation over the mmc interface (which
eventually calls the script that loads the Wi-Fi module) makes it
load successfully, which denotes a timing issue during resume.
Adding a small delay on the resume operation before running the script
makes the Wi-Fi driver load at the first try.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8821
The result of the modprobe operation doesn't guarantee the driver loaded
correctly. The module may succeed and be loaded, but failures during the
probe may not propagate and result in an error of modprobe.
The valid condition is to check the existence of the interface in
/sys/class/net/wlan0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8821
In commit a84d011 this was fixed for mount_digiparts.sh, but
was missing the fix in the mount.sh script.
In that commit there is a full explanation about why this
solves the issue.
https://onedigi.atlassian.net/browse/DEL-8721
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
With this new rule, only the medias that contain a filesystem
on them are mounted, filtering several calls to mount.sh.
I have checked that this change doesn't increase the boot time
at all.
https://onedigi.atlassian.net/browse/DEL-8826
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Backport of graphics package for ccimx93 from NXP's Mickledore-based
lf-6.1.55-2.2.0 release. Mainly copies and appends of graphics recipes
from the new release, and restricted to ccimx93 by changing the
COMPATIBLE_MACHINE, so it does not affect other platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We removed this package from the recovery initramfs, but it was getting added
as a recommendation to the trustfence initramfs as well.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We use cryptsetup in both the recovery and trustfence initramfs to handle block
device encryption on platforms that use eMMC as the internal storage. In
meta-openembedded commit 1ce71d6ec31195280073adec0e400dda7c0dd8a7 (between
DEY 2.6 and 3.0), a lot of PACKAGECONFIG options were added to the cryptsetup
recipe, all of them enabled by default. One of these options is "udev", which
adds a runtime dependency with udev that in turn pulls in a lot of other
dependencies with it. This is unnecessary because we already use mdev in our
recovery image, and the other packages simply take up space as they aren't
needed at all.
Our eMMC partition encryption functionality, which is the reason why we need
cryptsetup to begin with, is unaffected by this change and still works as
expected. Keep in mind that it was working properly without udev in DEY 2.6 and
older DEY releases, so removing udev isn't an issue.
Remove this PACKAGECONFIG option to get rid of udev and its dependencies in
the recovery and trustfence initramfs.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In theory, libcap's pam_cap module should use libpam's dlopen runtime linking
mechanism, but starting in libcap 2.53, this changed in order to support
distros that can only link it at build-time. Then, in 2.54, a compile-time
option was added (FORCELINKPAM) to allow users to force the link or not. In the
poky recipe for libcap, this option isn't set, so the library was getting
linked by default, dragging all of its dependencies with it.
For more info: https://bugzilla.kernel.org/show_bug.cgi?id=214023
Set the flag to "no" to avoid linking against libpam, removing its dependency
from the recovery image and saving some space.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The TF-A and OP-TEE images have different suffixes depending
on whether TrustFence is enabled or not, but the suffix variables
themselves must exist independently of whether TF is enabled.
Currently, they were defined on the trustfence.bbclass, and the
variables did not exist when TF was disabled, which caused build
problems, for example, building the SWU file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This compression method has a better compression ratio than the default (lzo),
but the (de)compression speed is slower, leading to slower read/write speeds.
However, the recovery partition only gets accessed in specific use cases such
as software updates and partition encryption, and it contains an initramfs. The
UBIFS will only be read at boot time to load its elements, but once the
initramfs is loaded in RAM, there are no more read/write operations to the
UBIFS during runtime, so the speed penalty is minimal.
Take advantage of the improved compression ratio to reduce the size of the
recovery image. On the ccimx6ul, the size is reduced by 248 KiB.
https://onedigi.atlassian.net/browse/DEL-8819https://onedigi.atlassian.net/browse/DEL-8825
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package is purely vestigial and hasn't been used at all in any of our
initramfs images for over 7 years. It was used in the first implementation
of the trustfence initramfs (commit 4dd7d438af)
to securely erase the key used by cryptsetup, but two weeks later, that logic
was moved to trustfence-tool (commit a8c50c16ea)
and "wipe" was no longer needed. However, the package remained in the
dependencies of the trustfence initramfs, which were then used as reference for
the recovery initramfs, even though this initramfs didn't even need "wipe" to
begin with.
Removing this package saves 30.8 KiB in the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is added as a recommendation for libcrypto and only contains legacy
ciphers which are deemed outdated or unsafe. If any of the packages in the
image actually required this module, they would depend on it explicitly, but
this isn't the case. This saves 66.8 KiB on the ccimx6ul recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We depend on libarchive so that swupdate can perform updates with .tar.gz
files, but by default, libarchive is configured to support a lot of additional
features that pull in even more dependencies. This increases the size of the
recovery image, which barely fits on platforms with limited internal storage
like the ccimx6ul. We already removed zstd support to mitigate this, but the
image size increased again after adding imx-kobs to it in commit
aa2480d1de.
Since libarchive isn't used by any other package in our system, remove the
configurations that bloat the recovery image and are not needed at all for
our file update use case. Note that removing the "lzo" packageconfig doesn't
remove its respective library from the image because mtd-utils also depends on
it, but it still reduces the size of libarchive. On the ccimx6ul, this removes
193 KiB worth of libraries and trims libarchive down by 20.5 KiB in the
recovery image.
https://onedigi.atlassian.net/browse/DEL-8819
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These fields were added to default files, but not to the
special sw-description files for ccmp1 and cc6ul platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When TrustFence is enabled, the boot artifacts (TFA and FIP)
have a 'signed' suffix. Handle this case so that the correct
symlinks are created and the correct artifacts are put into the
SWU file.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For signing SWU files we need to set a couple of variables:
- SWUPDATE_PRIVATE_KEY_TEMPLATE to the private key file
- SWUPDATE_PASSWORD_FILE to the password of the private key
The latter must only contain one password, whereas the current key_pass.txt
file had (for the ccmp13) the eight keys separated by a white space.
This commit:
- If the file key_pass.txt exists, it extracts each key into a separate
file key_pass0X.txt.
- If the keys don't exist, generates separate files per key.
- Changes the permissions of password files to 400.
- Adapts the sign script to use the single password files.
- Fixes a few quotes
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Starting with NXP release "lf-6.1.55-2.2.0" the IMX optee fork (based on
version 4.0.0) does not support SOC revision A0. This commit recovers
support to build a bootloader for A0, extending the optee patch for
ccimx93 to support A0 with a build time option, and then extending the
optee-os and imx-boot recipes to build two optee binaries and using them
to generate bootloaders for both SOC revisions.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This includes also an update and rename of the Edgelock Enclave firmware
package (firmware-ele-imx).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
We were using the .cfg suffix for both the build-time config fragments and the
runtime configuration file. During do_configure(), all files in SRC_URI ending
in .cfg were being merged together to create the final build configuration,
including said runtime file, which has a completely different syntax. In most
cases, the contents of this file were being ignored, but when tweaking
swupdate's configuration and re-building the package, sometimes strange errors
would prevent the build from finishing.
Change the runtime file's suffix entirely to separate it from the config
fragments and prevent it from being treated as such, and reflect the name
change in the defconfig and the recovery script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
meta-swupdate recently added support for swupdate 2023.12 and libubootenv
0.3.5. This upgrade conflicts with our custom functionality in both packages,
so keep using 2023.05 and 0.3.2 respectively so DEY 4.0 can be built without
introducing possible functionality changes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
meta-swupdate recently added support for swupdate 2023.12 and libubootenv
0.3.5. This upgrade conflicts with our custom functionality in both packages,
so keep using 2023.05 and 0.3.2 respectively so DEY 4.0 can be built without
introducing possible functionality changes.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Arturo Buzarra
David Escalona
Javier Viguera
Tatiana Leon
Isaac Hermida
Francisco Gil
Gabriel Valcazar
Mike Engel
Hector Palacios
Hector Bujanda