The old fsl_otp driver is deprecated and we need to determine
if the device is closed using a new property of the device tree
called 'digi,tf-closed'.
Assume the device is open if the property is not found.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.
This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.
It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
- OTP section
- Use just one fixed path to the OTP nvmem device descriptor (instead
of a loop).
- Use '-v' for dumping all values with hexdump.
- TrustFence section
- For cc8x, determine if the device is closed by checking a new boolean
property on the DT: digi,tf-open|closed
- For the rest, check the SEC_CONFIG[1] bit using the new nvmem
descriptor.
- Change log from 'Device status' to 'Security status'
- Report UNKNOWN if nvmem device does not exist.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7185
imx-boot files for target flash_regression_linux_m4 fail the signature
process, so skip them while signing the rest of the targets.
https://jira.digi.com/browse/DEL-7158
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Busybox's device manager mdev was originally meant to be set up by writing its
path to /proc/sys/kernel/hotplug before launching it, but that entry no longer
exists in Linux v5.4's procfs and mdev can be launched directly.
Since mdev is the element in the recovery initramfs that is in charge of
mounting all partitions where .swu packages can be found (update partition on
the eMMC/MTD, uSD and USB), checking for the existence of the hotplug entry in
the procfs before launching mdev in v5.4 was preventing the partitions from
being mounted, and causing all software updates to fail.
While at it, move the two second delay to before mdev is launched, so all
partitions can be mounted. Otherwise, some devices such as the USB might not
be ready when mdev is launched, causing its partition to not be mounted.
https://jira.digi.com/browse/DEL-7143
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This recipe was originally ported from the zeus branch of poky into the dey-2.6
meta-digi branch to support the pkcs11 feature in cryptoauthlib. Now that we've
migrated to zeus, the recipe is now duplicated and no longer necessary.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The cryptoauthlib package is being added in digi-defaults.inc, which is parsed
before this file. Setting the variable here overwrites its previous value,
causing the cryptoauthlib package to be left out of the rootfs. Append to the
variable instead of overwriting it to avoid this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Aside from adding the wireless-regdb-static support, this NXP package needs to
be included in the rootfs so the regulatory fw gets loaded in userspace.
https://jira.digi.com/browse/DEL-7133
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Starting with Linux v4.15, regulatory domains are no longer handled via CRDA,
but via the kernel and a flexible database instead. Said database is included
in the wireless-regdb-static package, which conflicts with the old
wireless-regdb package.
To accomodate for this new package, add CRDA as a dependency for ccimx6
platforms only, and incorporate wireless-regdb-static for the rest of the
platforms. Additionally, the ccimx6 kernel should inherit the
kernel_wireless_regdb .bbclass so the plaintext database is copied to the
kernel sources, but since we use the same recipe for all kernel versions and
ccimx6 platforms are not yet supported in zeus, omit this change for now.
Remove the package-base .bbappend, since only ccimx6ulstarter images include
that packagegroup and they require wireless-regdb-static, anyway.
By adding the regulatory database, we avoid delays when going to suspend,
caused by the kernel waiting for the database to appear.
https://jira.digi.com/browse/DEL-7133
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
When loading the wireless driver in test mode, the UTF firmware file
is loaded.
On pcie chips, the UTF file is expected to be named 'utf.bin'.
On sdio chips, the UTF file is expected to be named 'utf30.bin'.
Rename the pcie UTF file to match this requirement.
md5sum
----------------------------------------------------------
qca65X4_pcie: utf.bin -> 41cfb4e50613cd0eeb0fa99a005131bd
qca65X4_sdio: utf30.bin -> 4743dee015047752e433e69f4db89974
https://jira.digi.com/browse/DEL-7086
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Add Compliance Test Limits (CTL) information for FCC, CE and TELEC
certifications to the CC8X US Board Data File.
The rest of the file (calibration, target power levels, etc.) remains
intact.
Updated file:
- bdwlan30_US.bin (MD5SUM: 100a982b33b4a2cfeb34cdea794dc6d6)
https://jira.digi.com/browse/DEL-6995
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Perform AHAB signing process without altering the original file.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When the Bootloader is an 'u-boot' select the correct u-boot
signed image to compose the sdcard artifact.
Signed u-boot artifacts start with 'u-boot-dtb-signed-'.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
When the Bootloader is an 'imx-boot', select the correct imx-boot
signed image to compose the sdcard artifact.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signed imx-boot files had the '-signed' appended at the end of the file.
Add it after the file prefix instead, so it is easier to replace using an
unsigned file for a signed one just by changing the file prefix.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The '-fmacro-prefix' option is a new GCC option introduced in gcc version 8.
To keep compatibility with previous GCC versions, remove this option from
the DEBUG_PREFIX_MAP list so nativesdk builds are able to compile this recipe.
Following is the compilation issue avoided by this patch:
| gcc: error: unrecognized command line option ‘-fmacro-prefix-map=<yocto-workspace>/tmp/work/x86_64-nativesdk-deysdk-linux/nativesdk-imx-mkimage/git-r0=/usr/src/debug/nativesdk-imx-mkimage/git-r0’
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This recipe is now built as native and nativesdk by means of the
BBCLASSEXTEND configuration.
Remove every remaining legacy native configuration since all will be covered
by the class extension.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
This service is the same as the one provided by NXP, but with altered
dependencies. Start it before the kernel modules are loaded so the firmware is
ready by the time the mcp25xxfd module is loaded.
https://jira.digi.com/browse/DEL-7114
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Revert partially commit 1fb65f08 ("qtbase: apply imxgpu2d patches to imx8mn
platforms as well"), since it was fixed in meta-freescale layer in the commit
626e271b ("qtbase: Add i.MX 8 configuration")
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Disable all encryption support by default on CC8X and CC8MN platforms so
the default built images can be directly built.
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
LINUX_ARM64 images include the padding length in the size property of
their header, so for these images read the header size property instead
of calculating it with 'stat'.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
If CONFIG_SIGN_MODE is unset, we were assuming the sign mode to be AHAB
whereas it is preferable to abort the signing process and notify with an
error message.
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
The signing script is used for signing multiple artifacts, not just the
kernel, so rename it for a broader use.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signing with AHAB mode only requires an additional prior step, so
reuse as much code as possible.
Also, for Image.gz images, sign the uncompressed Image and later
compress the result.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Signing with AHAB mode only requires an additional prior step, so
reuse as much code as possible.
https://jira.digi.com/browse/DEL-7047
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
TRUSTFENCE_SIGN_MODE for ccimx8mn is "HAB", although the
BOOTLOADER_IMAGE_RECIPE is "imx-boot".
https://jira.digi.com/browse/DEL-7024
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Includes:
- add io reset support including edge detection.
https://jira.digi.com/browse/CC6UL-1132
Signed-off-by: Pedro Perez de Heredia <pedro.perez@digi.com>
Gstreamer package was updated to v1.16.2 in poky layer, so
we need to update the base files used in meta-digi.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
imx-mkimage is a host recipe to provide the mkimage_imx8 binaries, required
for the trustfence support with platform based on AHAB (ccimx8x). Since
these binaries are required to the sign process we need to export it in the
SDK to allow the standalone sign mode, and with that we can simplify the
mechanism to share these binaries with another recipes (u-boot, linux).
Also the do_deploy() from imx-mkimage recipe was removed to avoid overriding
the implementation from the native class and allow populating the mkimage
binaries.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Commit 3fbd38ca ("imx-boot: build ccimx8x images for B0 and C0 silicon
revisions") added support to build images for B0 and C0 revisions,
forgetting include this support on trustfence builds.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Hector Palacios
Francisco Gil Martinez
Gabriel Valcazar
Gonzalo Ruiz
Arturo Buzarra
Hector Bujanda