This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The name "ext-eth" seems to indicate "External Ethernet". Rename that variable
and related ones to a more proper name like second ethernet.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of
the fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Do not compile the kernel for supporting the static regulatory domain
but force the system to do that by using crda.
https://jira.digi.com/browse/DEL-2539
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We compile those modules as built in to avoid a mismatch
between the current kernel version and the wlan.ko module.
https://jira.digi.com/browse/DEL-2653
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Used ccimx6ul_defconfig from v4.1/master repository.
The defconfig file will live under module folder and not specific platform
folder because it will be the same for other ccimx6ul platforms.
https://jira.digi.com/browse/DEL-2381https://jira.digi.com/browse/DEL-2529
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
COMPATIBLE_MACHINE is a regular expression, so we need to update the current
pattern for ccimx6 due to it will also match with ccimx6ul.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
As the plan is to use the same git objects (SHA1) in the internal and
github repos, also remove that internal/external SRCREV infrastructure.
https://jira.digi.com/browse/DEL-2205
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
For the moment, disable the built-in GPU kernel driver as there is a
mismatch between the driver version and the user-space GPU libraries.
Use the external module maintained by the community.
https://jira.digi.com/browse/DEL-1890https://jira.digi.com/browse/DEL-1926
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ccimx51js and ccimx53js are not supported in this version of DEY.
Support for those platforms is in previous versions of DEY.
https://jira.digi.com/browse/DEL-1890
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
That commit disables CONFIG_FIRMWARE_IN_KERNEL which is needed by IMX
SDMA driver and maybe other drivers.
An example of functionality failing without that enabled is the audio
over HDMI.
While on it configure the atheros driver as module. Otherwise the kernel
tries to load the firmware from user-space before the rootfs being
mounted, giving error messages on boot:
ath6kl: No "atheros,board-id" property on wireless node.
ath6kl: Failed to get board file ath6k/AR6003/hw2.1.1/bdata.bin (-2), trying to find default board file.
ath6kl: Failed to get default board file ath6k/AR6003/hw2.1.1/bdata.SD31.bin: -2
ath6kl: Failed to init ath6kl core
ath6kl_sdio: probe of mmc3:0001:1 failed with error -2
https://jira.digi.com/browse/DEL-1858
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Diaz de Grenu, Jose
Hector Palacios
Isaac Hermida
Javier Viguera
Alex Gonzalez