This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit disables the signing and encryption mechanism for the ConnectCore
MP2 platform's co-processor firmware. Currently, this functionality is not yet
supported in DEY, and enabling it causes build failures when TrustFence support
is active. Disabling it ensures successful builds until full support is
implemented.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit imports the Digi custom version of sign-stm32mp bbclass to ensure
that the search_path() function does not raise a build exception if the signing
tool or keys are not present in the PATH before starting the build process.
In our case, we do not need to manually install the tools or generate the keys
beforehand, as this is automatically handled by Yocto in our DEY distribution.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Add support for the ccimx95 and reorganize the recipe so that all machine
patches are applied for the DEY distribution, regardless of the build
target.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95dvk flavor to OP-TEE, define the UART6 base and DDR
settings, and update the machine mappings using OPTEEMACHINE as the base
recipe does.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Add the ccimx95 platform cloned from mx95lp5. Provide DDR configuration,
configure the console on lpuart6, and update ccimx95-dvk.conf to select
the new board.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Move the LPDDR4 firmware list from the shared ccimx9 include into the
machine configurations for the ccimx91/93 DVK, allowing the upcoming
ccimx95 to utilize its own distinct values.
Also, remove the redundant IMXBOOT_TARGETS and BOOTLOADER_SEEK_USERDATA
overrides in ccimx91-dvk, as they are duplicated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes the wl_shell and libweston patche, which
are now not necessary anymore. Becasue we have removed the
wayland backend for the LVGL image.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Commit b581ac2a3b ("u-boot: rework deploy
symlinks using uboot_deploy_config") removed u-boot symlinks as part of cleanup
process. However, the main symlink is still required for the ccimx6 and
ccimx6qp platforms to generate bootable SD card images.
This commit keeps the symlink for those specific platforms to fix the SD card
image creation process.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The Digi commits on the optee-os repository are part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the update of the recipe in meta-freescale this patch
(which exists in meta-freescale) does no longer need to
live in meta-digi.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The Digi commits on the imx-atf repository are now part of the
same branch and apply on top of each other since they do not
collide with each other.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on U-Boot v2024.04, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the CC6 and CC6QP platform configurations to use the latest
NXP BSP based on Linux kernel v6.6, unifying support across all NXP-based
platforms.
https://onedigi.atlassian.net/browse/DEL-9758
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Move OpenSSL dependency from the common include file to the specific
recipes:
- trustfence-cst-native: openssl-native
- nativesdk-trustfence-cst: nativesdk-openssl
https://onedigi.atlassian.net/browse/DEL-9760
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
A recent change in meta-st-x-linux-ai was completely overwriting our default
PACKAGECONFIG values, causing several plugins to be omitted (for example, the
wayland plugin). In turn, this was causing several build errors in many
packages that depend on said plugins.
Use a strict PACKAGECONFIG assignment to prevent this. As a side effect, this
removes the new "uvcsink" PACKAGECONFIG introduced by the recent change in
meta-st-x-linux-ai, so make sure to re-add it to avoid unexpected behavior when
building the brand new people-tracking-heatmap AI example.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
With the updated firmware-ele-imx recipe, the installation logic now
requires SECOEXT_FIRMWARE_NAME to be empty when no extra firmware is
to be installed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
meta-freescale updated the base recipe for NXP's release 6.6.52_2.2.1,
so our overrides in the bbappend are no longer needed.
https://onedigi.atlassian.net/browse/DEL-9748
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit introduces the necessary changes in the Digi Embedded Yocto layer
to support the X-LINUX-AI v6.1.0 software package from the meta-st-x-linux-ai
layer.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit introduces a custom export_binaries() function to resolve a
deployment issue affecting the final TF-A artifact path. The issue occurs when
the SoC name does not match the TF-A device tree name.
This fix is required due to changes introduced in commit f0b4d0d02a
("ccmp15: enable secure_system_service for CCMP15"), which modified the TF-A
artifact generation process.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the Digi custom .bbappend recipes for FIP and TF-A to align
with the latest ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11
tag for Yocto 5.0 (scarthgap).
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit fixes the default secure storage path
to /mnt/data/tee instead of /var/lib/tee. This will
store all secure storage keys in that path and will
keep them even during rootfs updates.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Update the STM32MP-specific kernel branch to Linux v6.6.78, aligned with the
latest ST release: openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11.
https://onedigi.atlassian.net/browse/DEL-9734
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
mwifiex driver is not able to automatically download the corresponding
rgpower binary after receiving CountryIE beacon information from country
XX, so we have to do it manually running "iw reg set XX".
However, the driver considers country XX is already configured and
ignores the rgpower download request.
Fix it by not processing the countryIE information in the driver by
adding a patch from NXP that will be integrated in their next
official release.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add service to automatically detect changes in the global regulatory
domain and force a PHY regulatory domain change.
This allows detecting regulatory domain changes based on beacon
information when 802.11d is enabled and instructing the wireless
driver to download the rgpower firmware file corresponding to the
selected country.
If the selected country is not one of the supported ones, Worldwide
rgpower_WW.bin file will be downloaded by default.
Run the check service every 5 seconds through a systemd timer.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
On the multi-MTD layout (default) the 'data' UBI volume is never created
and thus not mounted by the system. This is because with this layout, the
creation of the UBI volume is done by the 'update' command, but nobody
updates this partition cause DEY doesn't generate an image for it.
We want the 'data' UBI volume to be created so that the CC6UL can connect
to the regular Remote Manager URI and store the certificate in it.
As long as a UBI volume is created, Linux will mount it, so this commit
erases the partition and creates the UBI volume.
The same goes for the 'update' partition. The installer was relying on the
recovery mechanism to wipe this partition, but this is not longer required
with UBI. As long as the installer erases the partition and creates the
volume, Linux will be able to mount it, so the boot in recovery mode has
been removed from the script.
Note: the formatting is only done for multi-MTD layout; the ubivolscript
creates all volumes for single-MTD layout.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Set V2 TX power method for regulatory management on the iw612 init
and remove the 'txpwrlimit_cfg' and 'init_hostcmd_cfg' driver
parameters which are only used for V1 TX power method.
This allows the driver to load a specific rgpower_XX.bin binary file
contained in the rootfs whenever command "iw reg set XX" is executed,
updating the TX power settings and allowed frequencies list to those
contained in the file. 'XX' stands for the 2-character ISO3166-1
alpha-2 country code.
If the selected rgpower_XX.bin file does not exist, or no country is
selected, the driver will load rgpower_WW.bin (Worldwide) by default.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Do not install 'txpower' and 'rutxpower' files from the Murata repo,
which are used for the V1 TX power method, and replace them with custom
'rgpower' files, required for the V2 TX power method.
These files encode the TxPower limitations obtained during the
ConnectCore 93 Certification tests, and there is one file per supported
country. There is a common file for all the European countries, so
create links for each of them, based on the CEPT REC7003E recommendation.
New 'rgpower' files:
- rgpower_CA.bin (MD5SUM: 7c012351f0521a02e3d78615fed5eb54)
- rgpower_EU.bin (MD5SUM: 4d1a54b3c1f12a7d0bb44d0337786a0b)
- rgpower_JP.bin (MD5SUM: b7706bb2718997d933b2bdf1e53e64b4)
- rgpower_US.bin (MD5SUM: 16555f962b025e0426098decd0147f1f)
- rgpower_WW.bin (MD5SUM: 505223c56527e849d4b1e5800c8613b5)
Take the opportunity to just install bt_power_config scripts and prevent
the installation of other unused files (db.txt, ed_mac_ctrl_V2_nw61x.conf
and regulatory.db) from the Murata repository.
https://onedigi.atlassian.net/browse/DEL-8974
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Commit ac69566ecd mistakenly removed
the command of cc9, cc8x, and cc8m media installers that sets the
variable that contains the U-Boot file to install.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9720
At the point of saving the bootcmd for the second stage of the install
process we want to use the variable value, not the variable name
since this variable doesn't exist after the environment is reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-9711
Javier Viguera
Arturo Buzarra
Mike Engel
Hector Palacios
Gabriel Valcazar
Gonzalo Ruiz