Add a variable analogous to TRUSTFENCE_SIGN to enable/disable artifact
encryption. Deprecate TRUSTFENCE_DEK_PATH in favor of TRUSTFENCE_KEYS_PATH to
use a more generic name and avoid overloading it as an on/off flag. Add per-key
variables for encryption key filenames to avoid hardcoded names and allow
platform overrides.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The ConnectCore MP2 DVK does not include an external STM32G0 component.
This commit removes the 'usbg0' entry from MACHINE_FEATURES to prevent
the installation of the unnecessary stm32mp-g0 firmware.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the secure boot support for STM platforms based on the
STM32 MPU Ecosystem v6.1.0. It introduces support for encrypted boot artifacts,
including TF-A and FIP, and enables this functionality for the ConnectCore MP2
platform.
This enhancement allows secure boot deployments with both authentication and
encryption for improved protection of critical boot components.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
As the OmniVision OV5640 camera is now deprecated and no longer supported by
most vendors, this commit moves its support to a separate Device Tree overlay,
allowing it to be used if needed.
Instead, the Sony IMX335 MIPI camera is integrated into the default device
tree as the default supported camera for the CCMP25-DVK platform.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
IMAGE_FSTYPES was declared on each platform config file, but it has the
same values for all platforms depending on the storage media (mmc or mtd)
and whether read-only is enabled.
Move the conditional weak assignment to digi-default.inc and remove it from
each platform config.
In the case of STM platforms, since IMAGE_FSTYPES is weak-assigned by STM
layer, we still need to append/remove from it inside the platform config,
but move it to the family includes, rather than declaring it on each
specific platform.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The USB and SD installers are U-Boot scripts that are practically
identical.
Merge them into a single template with a couple of machine variables that
determine the default device index in U-Boot for the USB or the microSD
card.
Do dynamic substitutions to create the two installers out of the template.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
ALSA_LIST variable is weakly set through an override (stm32mp1common or
stm32mp2common). When the override is in place, the hard assignment of
the plain variable is not enough, and the value weakly set in
meta-st-stm32mp layer takes precedence over the plain variable hard
assignment.
Clear the variable with the override and move it from machine config files
to the include file.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Configure the FIT_CONF_DEFAULT_DTB in the machine settings to define the
default configuration for the generated FIT image.
https://onedigi.atlassian.net/browse/DEL-9595
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit conditionally selects the appropriate boot artifacts to include in
the ZIP installer, depending on whether Trustfence is enabled or not.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The kernel-fitimage class sets the default configuration using the first
element from the kernel device tree list. This commit ensures that the main DTB
is listed first to enforce the correct default configuration.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The FIP flavor for OP-TEE + USB is managed in the meta-st-stm32mp layer through
the "optee-programmer-usb". However, since we do not require the additional
overhead introduced by the STM32CubeProgrammer tool, this commit introduces a
new FIP configuration based on OP-TEE for booting from USB.
https://onedigi.atlassian.net/browse/DEL-9442
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit defines the device tree file variable used to generate the SD card
image, fixing the build of the bootloader flavor intended for booting from an
SD card.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Device tree overlays now have the extension 'dtso' that
distinguishes them from board 'dts' files, so there is
no need for a prefix '_ov_' to tell if a file contains
a DT overlay.
To make them shorter and easier to tell the platform they
are for, change the filename format to:
<platform-name>_<functionality>.dtso
where <platform-name> can be the name of the SOM or the
name of the DVK, so there is no need either to specify
'som' or 'board' on the filename.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
After the rework in 61eb1bfbe6 the metadata
file inside the fip/ subfolder has the default filename 'metadata.bin'.
Use the new symlinks that now live on the deployimgdir.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
bluez5-init is a Digi custom recipe to collect the init script
needed to bring up the specific platform bluetooth hardware.
CCMP1s do not require any bluetooth init extra action.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit increases the maximum rootfs size to 2.5 GB, aligning it with the
default rootfs partition size of 3 GB. This adjustment allows adding all the
functionality required by the user.
https://onedigi.atlassian.net/browse/DEL-9456
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
We tested all tarball compression formats supported by poky, and although bz2
has faster (de)compression time, xz is better in terms of compression ratio:
for all of the rootfs tarballs generated for our currently supported
images/platforms (15 at the moment), the xz format saves an average of 30 MiB
per tarball compared to bz2, totalling up to 450 MiB.
No extra dependencies are pulled in, since xz-native is already being pulled in
for all of our image builds, so the only drawback to this change is the
increased compression time (+7.34s on average per tarball).
https://onedigi.atlassian.net/browse/DEL-9459
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We have these features enabled for our mp1 platforms, and the optee one is
needed in order to pull in the optee-os package to the images/sdk.
https://onedigi.atlassian.net/browse/DEL-9443
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Based on the boot schemes and sources supported for each platform, the boot
artifacts now include this information in their filenames. This commit updates
the filenames accordingly in several recipes.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit updates the default FIP generation variables to align with the
common stm32mp2 configuration files from the latest meta-st-stm32mp layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0
(Scarthgap).
https://onedigi.atlassian.net/browse/DEL-9381
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
When EXTRA_IMAGE_FEATURES += "overlayfs-etc" is added these
configurations are needed to compile. They are provided with
the default configuration to work with our software.
https://onedigi.atlassian.net/browse/DEL-9186
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Arturo Buzarra
Hector Palacios
Javier Viguera
Isaac Hermida
Gabriel Valcazar
Francisco Gil
Mike Engel