This commit enables SWU image authentication when TrustFence
is enabled instead of when signing of images is enabled.
This allows the system to authenticate SWU images on images that
have been externally signed.
https://onedigi.atlassian.net/browse/DEL-8891
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commits adds the CCMX91 platform to the DEY
build system. Furthermore, it creates generic ccimx9
support to be used for the CCiMX91 and CCiMX93
platform.
https://onedigi.atlassian.net/browse/DEL-9106
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Add also 'e2fsprogs-tune2fs' to the image, as busybox's version of
tune2fs command does not support setting the "encrypt" feature of the
EXT4 filesystem.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Commit c4f2fce4d3 added logic to do_install()
that saves space by removing board image files that don't match the machine
name. However, the ccimx6qpsbc uses the ccimx6sbc board image file, and it was
being removed from the demo, breaking the demo's landing page.
Avoid this by specifying the correct filename for the ccimx6qpsbc.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The ccimx6ul is the only platform that doesn't include a desktop backend in the
LVGL image, so remove the desktop backend suffix from the image's name. This
affects the image name itself, the corresponding SWU package and the
installation scripts.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The support to update U-Boot in the redundant partition must be enabled in the project
configuration file by setting the variable "SWUPDATE_UBOOTIMG_REDUNDANT" to "true":
SWUPDATE_UBOOTIMG_REDUNDANT = "true"
This feature is only available for the newer platforms: ccmp13, ccmp15 and ccimx93. Trying to
enable it in older platforms will display a warning and fallback to non-redundant update.
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CCCS_CONF_PATH' is defined, the specified file is installed as CCCS
configuration file without any modification.
It it is not defined or it is empty, the configuration file in cc_dey
('cc_dey/cccs-daemon/cfg_files/cccs.conf') is installed and modified if
required.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Rework the script so that it has a similar structure as the MMC leaving it ready
to integrate new platforms.
Signed-off-by: David Escalona <david.escalona@digi.com>
This variable is only required to enable the bootcount feature after an update when the bootcount value is
stored in the environment. This only happens in the CCIMX6 products, so it makes no sense to use it for the
CCMP1 devices.
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, enable support to update encrypted U-Boot for all mmc platforms
supporting it. The install script extracts the DEK blob from the installed
U-Boot and appends it to the new U-Boot before flashing it.
Signed-off-by: David Escalona <david.escalona@digi.com>
To work in a dualboot memory layout out of the box, the most
common use case of the firmware update through the cloud should
be on the fly because in nand platforms there is not enough
memory to keep the update file in the system.
https://onedigi.atlassian.net/browse/DEL-8305
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
These fields were added to default files, but not to the
special sw-description files for ccmp1 and cc6ul platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds u-boot swupdate support for all platforms.
Now u-boot can be updated with all our supported update
options. Currently it will only update first partition
u-boot partition.
https://onedigi.atlassian.net/browse/DEL-8749
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
LVGL is a free and open-source embedded graphics library that is able to run
in environments with limited resources.
This image includes a desktop environment and an LVGL widget demo (lvgl_demo)
https://onedigi.atlassian.net/browse/DEL-8740
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
ConnectCore 6 based products require the use of the 'upgrade_available' environment flag to save the
bootcount value between resets. Extend the use of this U-Boot variable for single system updates and
updates based on files.
Signed-off-by: David Escalona <david.escalona@digi.com>
If the system is send to suspend mode, the bluetooth core is reconfigured.
Therefore, restart the service if it is running, to configure the ble
service.
https://onedigi.atlassian.net/browse/DEL-8694
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
There was a missmatch between the configuration file and the
correct adc in the ccmp15 platform.
Also a whitespace is removed from ccmp13 configuration file.
https://onedigi.atlassian.net/browse/DEL-8702
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
ConnectCore Cloud Services examples are included in 'dey-examples' repository
so they can be built from here and also imported in Eclipse/Digi Application
Development Environment for Linux with the samples wizard.
The example 'upload_file' has been removed since currently there is no support
for binary data points in the CCCS daemon/client model.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This recipe generates several packages:
* 'cccs' includes the CCCS shared library
* 'cccs-daemon' includes the binary and resources to execute the CCCS daemon
(daemon, service and init scripts, configuration file)
* 'cccs-cert' includes the required certificate to use CCCS daemon
* 'cccs-gs-demo' includes the binary and resources to execute the CCCS get
started demo (binary, service and init scripts)
* 'cccs-legacy' includes the binary (all-in-one) application to execute
the legacy CCCS application (aka cloud-connector) and the configuration
file
* 'cccs-legacy-dev' includes resources to develop legacy CCCS applications
(all-in-one) (header files inside 'cloud-connector' and 'cloudconnector.pc'
pkg config file)
* 'cccs-legacy-staticdev' includes static resources to develop legacy CCCS
applications (all-in-one) (static library)
This commit also renames:
* 'CLOUDCONNECTOR_PKGS' variable to 'CCCS_PKGS'.
* 'CC_DEVICE_TYPE' variable to 'CCCS_DEVICE_TYPE'.
https://onedigi.atlassian.net/browse/DEL-8628
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Now we can't determine if the rootfs is ubifs/squashfs
in the ccmp1X platforms, so we need to add again the rootfstype
parameter but only for ccmp1X platforms.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The CCIMX6 platform is the only one that will keep using the 'bootcount' value stored in the environment.
For this reason, that is the only platform requiring the 'upgrade_available' flag to be set after a
firmware update. For the rest of the platforms, remove it.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, remove the block of the 'dualboot' script that was taking care of this action.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
Add a user space application to manage the bootcount from the running system. This application
allows to read, reset and set the bootcount:
Usage: bootcount [options]
-r --read Read the current bootcount value (Default action)
-s <value> --set=<value> Set current bootcount to a specific value.
-x --reset Reset bootcount value to zero.
The binary checks the running platform underneath to perform the correct system access.
While on it, add a service to automatically execute the binary on boot to reset the bootcount value.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
This commit adds sha256 entry for the script files into
the sw-descrition. It is necessary for the Trustfence
authentication to have the included script files signed.
https://onedigi.atlassian.net/browse/DEL-8649
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This variable is only needed in the cc6ul, that's the reason
to create another sw-description only for the ccimx6ul.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When TrustFence is enabled, a PKI tree is generated.
In the case of NXP platforms, the PKI contains public certificates
from which the public key needs to be extracted using an openssl
command.
In the case of STM platforms, the PKI contains directly the
public key.
In all cases, we need the public key to be installed in the
rootfs /etc/ssl/certs/ folder, so that it can be used by
swupdate to authenticate signed SWU packages.
Up to now, this was being done on the dualboot recipe, but the
installation of the public key should really be only dependant
on the fact of TF being enabled.
This commit:
- Removes the generation of the public key from dualboot.bb.
- Generates a patch to extract the public key from the certificate
as part of the PKI tree generation (on NXP platforms).
- Installs the public key during a post install function after
the final rootfs has been created.
- For NXP platforms, extracts the public key using openssl if
it does not exist (for backwards compatibility).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Implement a new mechanism to allow users to create update packages based on differences for read-only
systems. The update mechanism requires full knowledge of the current software running on the device in order
to compute a sensitive patch. For this reason, only systems without user modifications in the rootfs/boot
partitions are eligible for this kind of updates. At the moment, only the 'rootfs' partition supports the
read-only squashfs file system type, so it is the only partition supporting incremental updates. The 'boot'
partition will still be updated but as a full image.
This new feature is done making use of the SWUpdate 'rdiff' handler, which applies binary deltas with the
functionallity provided by the rsync library. During the update process, the contents of the active 'rootfs'
partition are read as the base and written to the inactive 'rootfs' partition applying the delta binary patch
on-the-fly. To ensure the delta file is applied using the correct base, the firmware update process verifies
the contents of the 'rootfs' base partition before applying the update.
The binary delta file is automatically generated by the DEY build system using the resulting 'rootfs' squashfs
image as target and the user specified file as source. The file is then packaged with the rest of components in
the SWU update image. Users must specify the base source file in their project configuration file using the
new variable 'SWUPDATE_RDIFF_ROOTFS_SOURCE_FILE'. Also, 'read-only-rootfs' image feature should be set in the
project to generate this new SWU update package.
Since a base and a target 'rootfs' partition is required during the update, only 'dualboot' systems can benefit
from this new feature.
Note: If variable 'SWUPDATE_RDIFF_ROOTFS_SOURCE_FILE' is configured in the project but any of 'SWUPDATE_FILES_LIST'
or 'SWUPDATE_FILES_TARGZ_FILE' variables is also set, the build system will prioritize a SWU update package
based on files instead of a differences package.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
We expect new types of SWU update packages to be created in the future. To avoid splitting
all the code in different classes based on the update type, create the generic class
'dey-swupdate' to hold all the custom code and the 'dey-swupdate-common' class to hold all
the required variables. This basically renames the old 'swupdate-files' and 'swupdate-files-common'
classes.
While on it, reorganize the 'swupdate-images' recipe to move variable declarations and
functionallity to the correct place:
- Move all variable declarations to 'swupdate-digi-common' class and organize them in
functional groups.
- Improve the way files are included in the 'SWUPDATE_IMAGES' by using the update type
variables.
- Move the update script copy to the 'do_swuimage' prepend function. Until now, the copy
process was executed in the 'fill_description' method, which should only touch the
'sw-description' file.
- Rename some variables to use 'SWUPDATE' prefix.
- Minor cosmetic changes.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
fill_description copies some artifacts to the images deploy directory,
so that should be created beforehand. Otherwise it may fail on the
'do_unpack' task depending on how bitbake schedules the tasks.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Implement a new mechanism to allow users to create update packages based on files and folders to modify
the active system.
This is done through the new class 'swupdate-files', which creates a tar.gz update file in the image
distribution output directory containing all the files and directories to create/update. The 'tar.gz'
file is used later by the 'swu-images' recipe to generate the final SWUpdate package. The SWU package
installation process extracts the tar.gz file in the root folder ("/") of the active system.
Users can specify the list of files and directories to include in the update package using the
'SWUPDATE_FILES_LIST' variable. These files will be directly copied from the generated system rootfs and
placed in the tar.gz archive. Additionally, users can provide their custom 'tar.gz' file to use in the update
by specifying its location in the 'SWUPDATE_FILES_TARGZ_FILE' variable. In any case, all the paths to include
in the update package must be relative to "/", as it is the base directory where tar.gz file contents are
extracted.
The update process for dual boot systems sets a new u-boot flag so that active bank is not swapped once
installation is complete and system reboots.
The SWU update mechanism based on files provides a custom update script which takes care of preparing the
system for the installation process. Just like in the SWU updates based on images, users can customize this
script or override it with the 'SWUPDATE_SCRIPT' variable, specifying the location of the new script to use.
If both the 'SWUPDATE_FILES_LIST' and 'SWUPDATE_FILES_TARGZ_FILE' variables are empty, a standard images
SWUpdate package will be generated instead.
Signed-off-by: David Escalona <david.escalona@digi.com>
Enable scripting support during the installation of system images with SWU. A new shell
script is included by default in all the SWU update packages that will be executed just
before the update starts and just after it finishes. The script is empty and contains two
place-holders that will be called in the two scenarios mentioned before.
Users can customize this script to execute specific actions based on their final product
needs or provide their own one by setting its location in the 'SWUPDATE_SCRIPT' variable.
While on it, rename the 'sw-description_template' file to 'sw-description-images_template'
as it is more accurate with the update mechanism it is used for.
Signed-off-by: David Escalona <david.escalona@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The fact of including both storage types (mtd and mmc) in the same 'sw-description' file is not providing any kind
of benefit. Instead, it makes the file larger, complex and harder to maintain. Additionally, most of the images
entries share the same structure and contents, changing only names and mount points. This commit simplifies the
'sw-description' file by configuring the storage type and the images to include in the SWU package at build
time, using a generic 'sw-description' template and template files for 'mmc' and 'mtd' images.
While on it, use the new 'DEY_FIRMWARE_VERSION' variable for SWU package version and fix the recipe to not include
all 'SRC_URI' files in the SWU update image, but only the required files for the update. Also, make use of variable
substitution provided by SWU class in the 'sw-description' file.
Note: SWU U-Boot update will be broken after this change. Waiting for official support with a robust implementation.
https://onedigi.atlassian.net/browse/DEL-8537https://onedigi.atlassian.net/browse/DEL-8538
Signed-off-by: David Escalona <david.escalona@digi.com>
While on it, rename the old "Firmware" variable to "DEY version", as it refers explicity to the DEY
distribution version.
https://onedigi.atlassian.net/browse/DEL-8539
Signed-off-by: David Escalona <david.escalona@digi.com>
If 'CC_DEVICE_TYPE' is not defined or it is empty use 'MACHINE' as the device
type in the Cloud Connector configuration file.
This commit also limits its length to a maximum of 255 characters.
https://onedigi.atlassian.net/browse/DEL-8531
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
In a squashfs the mount points are different and the current logic
wasn't working.
It's more reliable to check the /proc/cmdline to determine if
the system is a nand or an emmc.
Added also logic to get the active partition in nand devices
when the rootfs is squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When a squashfs image is flashed we need to delete the compression
field in the swupdate descriptor.
Also the rootfstype u-boot variable needs to be set to squashfs.
https://onedigi.atlassian.net/browse/DEL-8558
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Several recipes depend on the PKI creation.
Create a small recipe to just run this function which
is moved from the trustfence.bbclass.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
dualboot and recovery recipes may require to use the keys so they must
depend on the recipe that installs the script that generates them.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit syncs the device request code to match with the latest 'cc_api'
layer implementation.
See commit 99a2ff39b771f0e36af8d15d40f970462352e0b6 in 'cc_api' repository and
commit d8c848fc2f516a6c2197181f7540c9c23feaf44f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Connector creates detached threads and calling to 'wait_for_ccimp_threads()' is
not required.
See commit d34ddfb719932ae59774b388579b7d6a77472c4f in 'cc_dey' repository.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
* Remove 'MAX_RESPONSE_SIZE' define and allocate required memory in
'device_request_listener' example.
* Create 'free_timestamp()' function in 'upload_data_points' example.
* Use some sorter variable names.
* Use '__func__' to log function names.
* Remove line feed from log messages.
* Remove not required curly braces for single line loops.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Cloud Connector configuration file sets:
* 'edp12.devicecloud.com' as the URL to connect to (this end point uses client
certificates)
* '/mnt/data' as the directory to store downloaded certificates, now that
this is also available in emmc platforms (see
62d937df42)
This commit:
* reverts a0842cbcfd to keep
'edp12.devicecloud.com' URL that uses certificates for ccimx8m platforms.
* reverts fd94f10c0b since now the cloud connector
configuration file sets '/mnt/data' as the place to store downloaded
certificates, so no need to modify it for ccmp1 platforms.
* It also configures '/etc/ssl/certs' as the certificates directory for cc6ul
devices. Although by default, these devices are connecting to
'remotemanager.digi.com' that not uses certificates, we prefer to use an
existing directory in that setting. See commit
063a946e7c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
'environment' partition is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if the 'rootfs' is
'ubifs' mounted.
Related to commits 7c07b15370 and
678eaaf0fc4ce74e67682387e3465eb29659bd47
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit adds a new function to get the active system in a dualboot device
without using 'active_system' U-Boot variable.
This way the script always knows the real active system even when the variable
'active_system' has the value of the next boot active system, for example, after
performing a 'update-firmware --swap-active-system'.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This option combined with '-a' ('--active') only prints the active block: a or b
The purpose an output to be consumed by other scripts or programs.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Check the second ('/') and third ('ubifs') field of 'rootfs' entry in
'/proc/mounts' as the first one ('rootfs_a' or 'rootfs_b') may be changed by
custormers:
root@ccmp15-dvk:~# cat /proc/mounts
ubi0:rootfs_b / ubifs rw,relatime,assert=read-only,ubi=0,vol=5 0 0
[...]
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This is required for the firmware update using Digi Remote Manager. The reboot
is commanded by the server, it that does not happen the update process is not
ended for DRM.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
Francisco Gil
Javier Viguera
Hector Palacios
Mike Engel
Arturo Buzarra
Isaac Hermida
Stephan Klatt
Gabriel Valcazar
David Escalona
Tatiana Leon