The codec MAX98088 present on the ccimx6ulsbc only needs one
configuration file that can play and record.
The default file enables the interfaces present on the ccimx6ulsbc:
- Headphones
- Speaker
- LineOut (in stereo mode)
- LineIN-A
- MIC2
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2352
- Added the new image type 'recovery.vfat' to the DEY images
generation process. This new image is a clone of the 'boot.vfat'
but including the recovery ramdisk and the recovery boot script.
- Added the new image type 'recovery.ubifs' to the DEY images
generation process. This new image is similar to the 'boot.ubifs'
but including the recovery ramdisk and the recovery boot script.
Signed-off-by: David Escalona <david.escalona@digi.com>
The i.MX6UL supports some basic multimedia functionality
using the pixel pipeline (PXP).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2358
The patch with the same name in 'meta-swupdate' fails to apply cleanly
after the patches we have done in meta-digi. So add here a version of
the patch that applies cleanly and with higher precedence in the search
path (using 'dey' distro override).
https://jira.digi.com/browse/DEL-3355
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The kernel recipe was modifying the device tree blobs in place within the
kernel build temporal directory. This can cause problems after several
compilations, only the deployed artifacts should be signed/encrypted.
The deployment of the DTBs is done by do_deploy_appends in other layers which
are appended after this recipe, so it is required to use a postfunc to do the
trustfence related process after the deployment of all the artifacts.
https://jira.digi.com/browse/DEL-3388
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This application can be used to:
- Update the MCA firmware
- Configure the tamper settings
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-3230
Ensure that the signing script is not executed in parallel. This is required in
order to avoid problems during PKI generation and CST usage when building with
Yocto or the Android build system.
https://jira.digi.com/browse/DEL-2849
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
It is desirable to keep the name of the initramfs images the same regardless of
the sign and encryption configuration.
https://jira.digi.com/browse/DEL-3141
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This commit adds the proper DEFAULTTUNE and overrides for the ccimx6ul
family of modules.
https://jira.digi.com/browse/DEL-3102
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The HAB on the i.MX6/i.MX6UL expects an entrypoint which is used to pass
execution to U-Boot in the ROM code. In later executions of HAB, U-Boot calls
the HAB but ignores this value.
A fixed value of 0x1000 was being used for the entrypoint, which is too big for
really small artifacts, like bootscripts. This commit reduces the value to
0x100. This allows to sign and encrypt artifacts as small as 260 bytes.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
A corner case requires to save the environment so that the
boot command works after reset.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DUB-681
Also change the image type of dey-image-trustfence-initramfs.
https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch introduces some parameters which allow to select the type of image
to be signed. Currently the supported types are:
* linux kernel (-l)
* DTB (-d)
* initramfs (-i)
This also moves the CONFIG_PLATFORM environment variable to a parameter, for
consistency.
https://jira.digi.com/browse/DUB-614https://jira.digi.com/browse/DUB-615
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The default DEY image recipe for ccimx6ulsbc builds dey-image-qt.
The graphical backend is determined dynamically.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Otherwise they are overridden with config files from other layers (for
example meta-fsl-arm) that may not be valid for our platforms.
https://jira.digi.com/browse/DEL-3046
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Set of the World country code in the BDF file. It was lost after syncing to the
latest QCA BDF files (commit b80f00f14a).
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The name "ext-eth" seems to indicate "External Ethernet". Rename that variable
and related ones to a more proper name like second ethernet.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
* Check number of arguments
* Add platform argument
* Read user configuration from .config file
* Remove unused variable (dek_blob_size)
* Remove noise in output messages
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
When writing the fake IVT table in raw, rely on tac (part of the core-utils
package) instead of on xxd.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
Add a recipe to include all signing and encryption tools for U-Boot and
kernel images to the SDK. Move existing trustfence kernel scripts to this
new recipe.
This allows to use these scripts not only from the Yocto build system but
also as standalone tools for image signing and encryption.
https://jira.digi.com/browse/DEL-2688
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This reverts commit b8f50680e5.
The support to read and write to an encrypted environment has been added, so
there is no need to exclude the u-boot-fw-utils anymore.
https://jira.digi.com/browse/DEL-2836
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This patch adds the functionality to automatically detect if the enviroment
is encrypted (through the device tree). If it is, the environment is encrypted
and decrypted as required in a transparent way for the user.
https://jira.digi.com/browse/DEL-2836
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
- boot.txt
Sets the device tree filename basing on the SOM variant read from
the HWID and boots from NAND.
- install_linux_fw_sd
Deploys a full system (as generated by Digi Embedded Yocto) from
a FAT formatted micro SD card into the NAND flash.
https://jira.digi.com/browse/DEL-2925
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
APM is an ancient power management API mainly for x86. There is an
optional emulation layer for ARM, but none of our platforms is using
it, so just remove the machine feature.
https://jira.digi.com/browse/DEL-2745
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Tweaked to maintain the u-boot and linux revisions to AUTOREV instead of
the fixed SHA1s from the tag.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
So the warning message shows the TF variable setting in the correct
syntax that they should be written in the project's local.conf
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
When TRUSTFENCE_SIGN is enabled, the u-boot binary for the SDCARD image
needs to be the "signed" one.
https://jira.digi.com/browse/DEL-2876
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
enabled
There is currently no support on fw_printenv/fw_setenv to access an
encrypted environment.
This commit removes the package if U-Boot environment encryption is
enabled to avoid environment corruption on access.
It also documents the issue as a known issue.
https://jira.digi.com/browse/DEL-2625
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
When changing any of the secure boot configurable macros the Linux kernel
should be re-deployed so that it can be signed/encrypted as needed.
https://jira.digi.com/browse/DEL-2750
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
This package is native only, this patch ensures it can only be built
natively and fix the following problems:
* Add openssl-native rather than openssl to the dependencies.
* Use the $(CC) $(LDFLAGS) and $(CFLAGS) that Yocto provides to avoid a
compilation error.
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
The region code is programmed in the OTP bits. We want to allow to be able to
override this behavior by setting the new value as a property in the device
tree called "regulatory-domain".
This can be done by setting the variable "regdomain=<code>" in uboot or well
by defining that entry in the device tree.
https://jira.digi.com/browse/DEL-2799
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The country region is programmed in the OTP bits. Based on that value we need
to load the firmware file for the specific country region.
https://jira.digi.com/browse/DEL-2774
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We are including two firmware files: one for setting the country to US and the
other one to set it to the World Wide Roaming region (SKU 0060).
https://jira.digi.com/browse/DEL-2774
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
TRUSTFENCE_SIGN can be defined to "0" to explicitly disable uImage sign and
encryption.
https://jira.digi.com/browse/DEL-2803
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This device tree file corresponds to StarterBoard with ID=129
which corresponds to smart part number CC-WMX6UL-START.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The correct U-Boot branch to be used with dey-2.0/master is v2015.04/master, as
it contains the latest development changes (just like dey-2.0/master).
This reverts commit 728619a5bc.
After commit b0a766eafc8 in the U-Boot repository, both signed and
encrypted images will be generated. Copy both of them to the deploy folder
https://jira.digi.com/browse/DUB-642
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
This allows to automatically create a secure PKI tree without user
interaction.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
NXP Code signing Tool for the High Assurance Boot library is needed for
signing and encrypting different artifacts (U-Boot image, uImage, ...).
As the CST cannot be included in DEY, the user needs to download the
tarball and add it to the recipe folder.
https://jira.digi.com/browse/DUB-618
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
To build the CC6UL boot image, the u-boot and linux images need to be
already deployed. Also the native mtd-utils package needs to be
available in the sysroot.
Make all this dependences explicit for deterministic reproducibility.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
U-Boot environment on the CC6UL NAND is located at partition /dev/mtd1:
- original copy is located at offset 0 in the partition
- redundant copy is located 1 erase block (128K) after the original copy
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2552
At the moment there is no support for rootfs encryption for the CC6UL,
so there is not a ramdisk in the boot image. But with the initial
addition of TF support, the u-boot boot script was being on-the-fly
updated for TF regardless of the platform, making the CC6UL unable to
boot when TF was enabled.
This commit fixes the problem, by just changing the u-boot boot script
when TF is enabled only for the CC6.
https://jira.digi.com/browse/DEL-2754
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
builds.
When building multiple u-boots they get compiled externally into a
directory named after machine defconfigs.
Once there is a directory with the same name as a defconfig it is not
possible to run the defconfig make target.
Fixes https://jira.digi.com/browse/DEL-2644
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
builds.
When building multiple u-boots they get compiled externally into a
directory named after machine defconfigs.
Once there is a directory with the same name as a defconfig it is not
possible to run the defconfig make target.
This change should be only temporary until it gets upstream.
Fixes https://jira.digi.com/browse/DEL-2644
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
When Trustfence is enabled, this adds a dependence on the TF initramfs,
so it's built and added to the boot image.
It also modifies the u-boot boot script on the fly, to boot correctly
using the Trustfence initramfs.
https://jira.digi.com/browse/DEL-2278
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The external module revision has been upgraded in meta-fsl-arm, thus
refresh the patches so they apply cleanly.
https://jira.digi.com/browse/DEL-2305
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The size of the destination partition (linux) is around 14MiB so the
max-leb-cnt must be reduced compared to the one used for the rootfs
partition.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2697
This creates a UBIFS file with the kernel, device tree files, and U-Boot
bootscripts generated by Digi Embedded Yocto.
The resulting image can be then programmed into the boot (linux) partition.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2697
- boot.txt
Sets the device tree filename basing on the SOM variant read from
the HWID and boots from NAND.
- install_linux_fw_sd
Deploys a full system (as generated by Digi Embedded Yocto) from
a FAT formatted micro SD card into the NAND flash.
The u-boot-dey recipe is now fully shared by ccimx6 and ccimx6ul platforms
so we can remove the platform-specific appends.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The setting of 'bootcmd' in the script was done using single quotes, which
doesn't expand variables. As a consequence the following variables must
be defined again (during the execution of the second part of the script):
- mmcdev
- INSTALL_LINUX_FILENAME
- INSTALL_ROOTFS_FILENAME
This patch changes the single quotes with double quotes, so that these
variables are expanded during the setting of 'bootcmd' with the values
assigned at the begining of the installation script (notice these are
not dynamically generated so there is no risk to expand them).
At the same time we need to escape with a backslash:
- double quotes containing strings
- variables that we don't want to expand (like the return value $?)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
- Add semi-colons to instructions inside 'setenv' commands
- Remove semi-colons in instructions where they are not needed (for
consistency with the rest of instructions)
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
By default the driver was being compiled with debug messages. Disabled it
but leave the option there so it can be enabled by user.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This commit will add the cryptodev module to the CC6UL kernel to use
the CAAM from user space through this device.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-2719
Do not compile the kernel for supporting the static regulatory domain
but force the system to do that by using crda.
https://jira.digi.com/browse/DEL-2539
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
The root filesystem can have installed the busybox modprobe implementation or
the kmod modprobe implementation.
Check the version installed and compound the modprobe arguments.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Add recipe kernel-module-qualcomm to compile kernel module externally with all
the patches for kernel 4.1.15.
https://jira.digi.com/browse/DEL-2653
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
We compile those modules as built in to avoid a mismatch
between the current kernel version and the wlan.ko module.
https://jira.digi.com/browse/DEL-2653
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This function is deprecated in favor of bb.utils.contains. The same
change has been done in other layers.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The CC6UL does not support booting from SD card, so it does not make
sense to create a SDCARD image by default.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There are several possible values for TRUSTFENCE_UBOOT_ENV_DEK:
* Not defined: if the trustfence support is not included.
Should not include the feature.
* 32 characters: when defining a valid key.
Should include the feature.
* "0": when explicetily disabling the feature.
Should not include the feature
* <other>: Invalid value, should trigger the error.
This commits fixes the logic so that 'None' (no defined) is taken as a valid
value.
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
https://jira.digi.com/browse/DEL-2603
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
Implement the set of TRUSTFENCE_ macros to configure each secure boot feature
available in U-Boot.
https://jira.digi.com/browse/DUB-570
Signed-off-by: Jose Diaz de Grenu de Pedro <Jose.DiazdeGrenudePedro@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This daemon (rngd) feeds random data from hardware device to kernel
entropy pool.
https://jira.digi.com/browse/DEL-2501
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This module is the interface between user-space (openssl, gnutls) and
the hardware cryptographic acceleration support (CAAM).
This commit installs the module in the rootfs and configures it so it is
loaded on boot.
https://jira.digi.com/browse/DEL-2501
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This enables the Cryptographic Accelerator and Assurance Module (CAAM).
https://jira.digi.com/browse/DEL-2502
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Adding some early initial support as a copy of ccimx6 files.
https://jira.digi.com/browse/DEL-2529
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Used ccimx6ul_defconfig from v4.1/master repository.
The defconfig file will live under module folder and not specific platform
folder because it will be the same for other ccimx6ul platforms.
https://jira.digi.com/browse/DEL-2381https://jira.digi.com/browse/DEL-2529
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
COMPATIBLE_MACHINE is a regular expression, so we need to update the current
pattern for ccimx6 due to it will also match with ccimx6ul.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Use LAYERDEPENDS to configure the layer dependences for meta-digi-arm
and meta-digi-dey.
https://jira.digi.com/browse/DEL-1129
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Old versions of u-boot 'v2013.0x' have a bug in the shell's test command
that makes structures like:
if test "${not-existing}" = "0x01"; then ...
if test -z "${not-existing}"; then ...
to fail when the checked variable does not exist.
So implement workarounds in the updater script to overcome this problem.
This is needed because the script may be used in modules with an old
pre-installed u-boot.
https://jira.digi.com/browse/DEL-2231
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The install script allows for an easy deployment of the DEY firmware
artifacts into the eMMC of the ConnectCore 6 by using a micro SD card.
The install script:
- updates U-Boot
- resets the U-Boot environmnet to default values
- formats the User Data partition of the eMMC
- installs the firmware images (linux and rootfs partitions)
- resets/starts the system
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-2192
Hector Palacios
David Escalona
Javier Viguera
Diaz de Grenu, Jose
Alex Gonzalez
Isaac Hermida
Mike Engel
Jose Diaz de Grenu de Pedro