The tools STM32MP_KeyGen_CLI and STM32MP_SigningTool_CLI have
a dependency of libQt5Core.so.5 which is provided by qtbase.
Add this dependency to avoid errors during SDK generation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
For the moment, do not sign aditional artifacts, such as the ramdisk,
the kernel or the boot scripts for STM platforms.
In the specific case of the ramdisk, simply copy it over with the
expected filename extension.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The do_deploy:append did three things:
- adapt the U-Boot filenames to 'u-boot-<platform>-<config>.<ext>'
- sign/encrypt the U-Boot files (only for iMX6 family)
- sign the boot scripts
Convert the first two actions into functions (the third already was) and
call them conditionally as postfuncs.
Also skip the signing of U-Boot files if the platform is not based on
iMX6 family.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Certain platforms share a processor family but need to be differentiated
between them. DEY was using the variable DIGI_FAMILY as the SOM name
rather than the family. It becomes useful to have both (DIGI_SOM as the
more specific, and DIGI_FAMILY as the more generic).
This is the case, for example, of:
- ccmp1 (family)
- ccmp15 (SOM)
- ccmp13 (SOM)
- ccimx8m (family)
- ccimx8mm (SOM)
- ccimx8mn (SOM)
Both variables are used on the machine overrides.
Where DIGI_FAMILY was used, use now DIGI_SOM.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This recipe downloads a tarball that contains the binaries:
- STM32MP_KeyGen_CLI
- STM32MP_SigningTool_CLI
from ST Microelectronics STM32CubeProgrammer v2.12.0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The name of the variable was not very intuitive of what
it contains. This variable expands to the SoC vendor
(NXP or STM).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 065cf3e9 ("kirkstone migration: general update to the new override
syntax") incorrectly renamed binaries in a massive change. This commit restores
the binary names to the original.
https://onedigi.atlassian.net/browse/DEL-8478
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
These are recipes we created to support Google Coral on i.MX platforms. ST's
machine learning layer provides similar recipes, so to avoid conflicts, move
the recipes meant for i.MX platforms to a dynamic layer.
https://onedigi.atlassian.net/browse/DEL-8308
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The HWID is populated on the device tree by the boot loader.
This can be used as a key modifier when encrypting the U-Boot
environment. Some old U-Boot versions however, did not populate
the HWID on the device tree. When updating firmware from an
old version to a new one, the library may not be able to read
the HWID from the DT and then be unable to unencrypt the
environment.
This patch implements a fall-back function to read the HWID
directly from the nvmem node (sysfs). Implementation has been
done for ccimx6 family only, where this case of old U-Boot
can happen.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8444
(cherry picked from commit 222a91f213)
The HWID is populated on the device tree by the boot loader.
This can be used as a key modifier when encrypting the U-Boot
environment. Some old U-Boot versions however, did not populate
the HWID on the device tree. When updating firmware from an
old version to a new one, the library may not be able to read
the HWID from the DT and then be unable to unencrypt the
environment.
This patch implements a fall-back function to read the HWID
directly from the nvmem node (sysfs). Implementation has been
done for ccimx6 family only, where this case of old U-Boot
can happen.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8444
This commit modifies the boot script condition to apply the overlay for DVK v1
on boards without the board_version variable defined.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds an overlay for DVK v1 and modifies the boot script to apply it
based on the board_version variable.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Partitions 'fip-a' and 'fip-b' are redundant at the moment. They are
not currently part of the dualboot system. In consequence, program
both partitons unconditionally during the install process.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit updates the required firmware binaries for Bluetooth and Wireless
interfaces, based on the Murata release imx-kirkstone-fafnir_r1.0 that matches
with the Cypress Linux WiFi Driver (FMAC) release v5.15.58-2023_0222 (Wireless
firmware v13.10.246.300)
https://onedigi.atlassian.net/browse/DEL-8407
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Set parameter 'greentxConfig__0_0=0x2' to use the optimal TxPower
in MCS7 data rates, improving performance.
Also, adjust maximum TxPower in the 5GHz band to account for
output power tolerances.
The new BDF is:
- bdwlan30_US.bin (53072f8af541a49e4ed9c22698b1912f)
https://onedigi.atlassian.net/browse/CC6UL-1302https://onedigi.atlassian.net/browse/DEL-8364
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Number of bootup logos is now configured using fbcon=logo-count parameter,
so use it instead of our deprecated custom code in the kernel.
For backwards compatibility, we add this parameter in the u-boot boot
script for all platforms but the ccimx93, where this is directly handled
by u-boot (v2022.04).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This reverts commit 2bdfdc92e1.
This suffix was removed on error. The artifact does have the suffix.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This variable was removed from meta-st-stm32mp so we need to get rid of it
in meta-digi, too.
Reported-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8268
Rework the "build_uboot_scripts" to prevent changing the templates in
the WORKDIR, as those are part of the SRC_URI. Instead, change the
deployed scripts by using "sed" and redirection.
Also, removed UBOOT_HAS_FASTBOOT altogether, as there is no platform
that does not support fastboot.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Instead of overriding the whole do_compile function, just to reconfigure
u-boot for Trustfence, create a do_configure pre-function that takes care
of that. This allows the removal of duplicated code.
Also, disable the generation of u-boot environment artifacts. We are
not using them and so many u-boot artifacts in the deploy directory
are confusing.
Finally, adjust the names of the TF u-boot artifacts in the do_deploy
append function.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
These are just a verbatim copy of the ccimx8mm ones, so the project is
buildable. This file list should be revisited and adapted for the
ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add configuration 'BUILD_UBOOT_SCRIPTS' to select whether to build the
boot and install scripts or not, and set it to 'true' by default.
This allows removing the scripts on upper Yocto layers.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
All the dualboot logic will be checked in run time.
To do this:
* Include the altboot.src by default in all the images
* Create a post installation script to change the
firmware_download_path in the cloud connector
* Unify the swupdate file descriptor for dual and single boot
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Increase the timeout from 90 to 120s since it's a large image
and it may take more time on different NANDs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The U-Boot environment resides on a UBI volume. The uuu script
relies on the environment to save part of the commands that
U-Boot needs to execute after reboot in the middle of the
installation. If the UBI volume 'uboot_config' does not exist
the installer fails.
This commit:
- Creates a function -on the uuu script only- for obtaining
the result of running any U-Boot command (0=success, 1=error).
- Checks the existance of 'uboot_config' volume.
- Runs 'ubivolscript' script to create the UBI volumes layout
that generates the environment volume if it doesn't exist.
- Increases the timeout for running the 'ubivolscript' since
there are occasions in which 'ubi part' (which is part of the
script) takes more time (if it cannot find the fastmap).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
By default ccmp1 platforms have dualboot mode by default, however the required
boot script was added to ccmp15 platform only, so this commit fixes it.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The first time the 'dualboot' variable is tested it is directly run in
the script and doesn't need to escape the special characters.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When Dual Boot is not enabled, 'rootfsvol' variable must point to the
single boot system rootfs partition 'rootfs'.
Explicitly set this value. Otherwise the script relays on the default
rootfsvol value, which may be a Dual Boot partition.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
- create dualboot.bbclass that
- sets DUALBOOT_ENABLED variable
- defines partition names and function for changing the sw-description
for swupdate
- move files from layer into meta-digi
https://onedigi.atlassian.net/browse/DEL-7962
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
On the CCMP1 SOMs, we only consider a single system partition called UBI,
with many UBI volumes.
The variable 'singlemtdsys' allowed to change between this and
a system with multiple MTD partitions with one UBI volume each
(old approach on CC6UL).
This commit removes the variable and uses the logic as if it was set.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Use the latest 2AE NVRAM file from the master branch. This file improves
the EVM performance for the 2AE murata module.
MD5SUM:
- cyfmac4373-sdio.2AE.txt: 6301804650847946c79797387eda9c7a
https://onedigi.atlassian.net/browse/DEL-7936
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This commit adds Bluetooth Vulnerability CVE-2019-9506
resolution to the firmware file.
CVE-2019-9506 is a Bluetooth key negotiation vulnerability.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7134
Co-authored-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Reset the FW files to release r00006.3.470144.2a
Verbatim copy of the recipes in DEY-3.2, using command:
git restore -s dey-3.2/master -- meta-digi-arm/recipes-bsp/firmware-qualcomm
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
For the CC6UL 1GB flash variant, the programming of the rootfs exceeds
the current 90 secs timeout, giving following failure:
[Bulk(R):LIBUSB_ERROR_TIMEOUT] fb[-t 90000]: ucmd update rootfs ram ${fastboot_buffer} ${fastboot_bytes} -e
Error: Bulk(R):LIBUSB_ERROR_TIMEOUT
Increase the timeout to prevent the failure.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
As that's an old VM with limited specs, there is no much gain on using
it over the canonical Stash repositories that justifies the code
overhead and the possible errors due to synchronization problems.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the required firmware binaries for bluetooth and wireless
interfaces, based on the release imx-hardknott-drogon_r1.0 (Wireless firmware
v13.10.246.265)
https://onedigi.atlassian.net/browse/DEL-8021
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The recipe fails to build for the target, but that is expected, as this
is a tool you need to run in the host or from the toolchain/SDK, so
rework the recipes to restrict only for native and nativesdk.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Yocto 4.0 only supports OpenSSL 3.0.x while NXP's CST (code signing
tool) is still using OpenSSL 1.1.x. So the build fails when using the
Yocto-build OpenSSL. Instead, build OpenSSL 1.1.1 as part of the build of
the CST and link statically against libcrypto, so the resulting binaries
(cst, srktool) do not depend on any specific OpenSSL version installed
on the development computer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
In order to perform the standalone signature process, it was required
to rebuild the Toolchain with Trustfence support enabled.
CST source code is now available for downloading in the Digi FTP, so add
Trustfence sign scripts and cst/srktool to the default toolchain for it
to be used for standalone signature without rebuilding.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
(cherry picked from commit 2c9b721fb9ce38dcd0034e22d95db6e0ee068955)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
(cherry picked from commit 16eded4f0edcc603de83be7155f7c09718ba5ddd)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit updates the wireless firmware in order to work with the new Linux
qcacld-3.0 wireless driver.
Latest release "r10016.1 - Post-CS3 1.0.016.1" updates the following files from
"qca6574au-le-2-2-1_qca_oem" product branch:
PCIe:
- athwlan.bin (b4fd36922625b7303d006581f6c7cd10)
- utf.bin (0d70048214fea05d1c40b3034e8107cd)
SDIO:
- qwlan30.bin (342cb50ce5c6ff930a65f341c0dfbc77)
- utf30.bin (f94810be89cc2f3e979ab4a57243872b)
https://onedigi.atlassian.net/browse/DEL-7916
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This recipe will download and install the required firmware binaries for
bluetooth and wireless interfaces. This recipe is based on the release
imx-hardknott-cynder_r1.0 (Wireless firmware v13.10.246.261)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds u-boot build support for the CCMP15 platform.
The installation scripts are copies from the CC6UL platform.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7797
The sign mode needed for each platform is invariable, and since the platform
is already a mandatory parameter for the script, we can store this information
implicitly. Reflect this change in every recipe where the script is used, but
keep the variable at the Yocto level since it's still needed in several places.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit updates the US Board Data File (BDF) to include the changes
required to pass the EN 300 328 V2.2.2 blocking test.
The new BDF files are:
- ccimx6/bdwlan30_US.bin (eb3d3cdafd30b30e837974177a281648)
- ccimx8m/bdwlan30_US.bin (72531e6e0870673e4ba2b02bd551925b)
- ccimx8x/bdwlan30_US.bin (1cf667271da33f6eb207360eeb3d4d63)
https://onedigi.atlassian.net/browse/DEL-7773
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This makes it possible to distinguish between two different packages:
* NXP's tensorflow-lite, which contains modifications for i.MX platforms
* Our tensorflow-lite, which is meant to be used with Google Coral
Since tensorflow-lite-coral provides a subset of the files provided by
tensorflow-lite (specifically, the python libraries), make the packages
conflict during runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a small oversight on NXP's part, because this package is pulled in as a
dependency of imx-vpuwrap, but it's only compatible with their EVK board,
making the build fail on any other i.MX8MP board.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
These variables were originally set in NXP's recipes, but they moved their
definitions to each platform's configuration file. Set the appropriate values
where needed. While at it, replace every mention of the SOC_TARGET variable
with its new name, IMX_BOOT_SOC_TARGET.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
NXP now uses the meta-freescale version of the imx-boot recipe as a base, and
applies a .bbappend in meta-imx to apply more customizations. Reflect this
in meta-digi-arm and merge said .bbappend with ours. While at it, omit one of
NXP's operations in their do_deploy, since it breaks our build and doesn't look
essential.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe is only compatible with the i.MX8MP EVK, so it might be
platform-specific or board-specific. Add it for now to be safe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe was missing from our layer, so add it just in case it's needed
by any new package.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update the recipes to v8.14. NXP changed the mechanism used to load the sdma
and regulatory firmware (they now use firmwared), so remove our ccimx8mm sdma
fw service for now and see if we need a similar workaround with the new
mechanism.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Digi Embedded Yocto 3.2-r2.2
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
U-Boot uses partition names instead of partition indexes for the nand devices.
This commit syncs the boot scripts with the new dualboot variables.
https://onedigi.atlassian.net/browse/CC6UL-1254
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Create this symbolics links in build time instead of doing it
in run-time. This simplifies the system and allows it to work
with read only filesystems.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Before this patch the MAC addresses were read from the device
tree in the qualcomm.sh script executed at init, and a creates
a file where the MAC where located.
In 0a92f5d9e8df644de74e74f152ed6ff3dd8d3369 in the qca driver
the support to read these MAC addresses from the filesystem
was added.
This commits creates the simbolic link between the device tree
and the expected path where the MAC addresses where located, and
gets rid of the file with the MAC addresses.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
mkimage logs are required for signature on CC8X and CC8M platforms. Create a
copy in the 'imx-boot-tools' deploy directory so a prebuilt imx-boot file can
be later signed using the standalone signature procedure.
Build the 'print_fit_hab' target unconditionally so the log is available for
future standalone signature processes.
Also, use 'CONFIG_MKIMAGE_LOG_PATH' and 'CONFIG_FIT_HAB_LOG_PATH' variables to
point to the logs before calling the sign scripts. We no longer require
creating a symbolic link of the log files.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add missing call to 'uuu' and erase the partition before creating
the UBI volumes.
Also add larger timeouts to erase operations.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The config file /etc/fw_env.config is generated dynamically basing on
the partition table and, in the case of NAND-based SOMs, on the NAND
geometry. This is done on a postinst script that modifies the file on the
first boot of the target. Since this is not allowed on read-only-rootfs,
this commit adds a default fw_env.config file to use instead when
read-only-rootfs is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7708
Javier Viguera
Arturo Buzarra
Hector Palacios
Gabriel Valcazar
Tatiana Leon
Francisco Gil
Gonzalo Ruiz
Mike Engel
Isaac Hermida