u-boot-iot2050: Lift to 2023.10

Most of our patches are merged now, just one DT change, a small fix for the signing script and a fix for the board detection are remaining. In this latest upstream version, we folded PG1 and PG2 U-Boot configs into a single one again, generating both artifacts in the same run. Consequently, we can simplify the build as there is now only one recipe as well. We need to drop the disabling of CONFIG_DISTRO_DEFAULTS from the secure boot configuration as this would make distro_bootcmd unavailable. Signed-off-by: Jan Kiszka <[email protected]>
siemens · Oct 10, 2023 · 14ebdc4 · 14ebdc4
1 parent 91df62c
commit 14ebdc4
Show file tree

Hide file tree

Showing 44 changed files with 136 additions and 2,646 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -69,10 +69,8 @@ jobs:
         uses: actions/checkout@v3
       - name: Free Disk Space
         uses: ./.github/workflows/free-disk-space
-      - name: Build bootloader image for PG1
-        run: ./kas-container build kas-iot2050-boot-pg1.yml
-      - name: Build bootloader image for PG2 & m.2
-        run: ./kas-container build kas-iot2050-boot-pg2.yml
+      - name: Build bootloader image
+        run: ./kas-container build kas-iot2050-boot.yml
       - name: Archive bootloaders
         uses: actions/upload-artifact@v3
         with:

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -25,6 +25,4 @@ all:
     - kas build kas-iot2050-example.yml:kas/opt/preempt-rt.yml
     - kas build kas-iot2050-swupdate.yml
     - sudo rm -rf build/tmp
-    - kas build kas-iot2050-boot-pg1.yml
-    - sudo rm -rf build/tmp
-    - kas build kas-iot2050-boot-pg2.yml
+    - kas build kas-iot2050-boot.yml
diff --git a/Kconfig b/Kconfig
@@ -30,21 +30,13 @@ config IMAGE_SWUPDATE
 	  Based on the example image, this adds SWUpdate and changes the
 	  partition layout to an A/B rootfs.
 
-config IMAGE_BOOT_PG1
-	bool "Firmware image for PG1 devices"
+config IMAGE_BOOT
+	bool "Firmware image for PG1, PG2 and M.2 devices"
 	help
-	  Build the firmware image that is responsible for booting Product
-	  Generation 1 (PG1) devices.
-
-	  WARNING: Do not flash this image onto your device unless you know
-	  that it fits AND you have an external flash programmer at hand that
-	  allows to recover. Otherwise you risk to BRICK THE IOT2050!
-
-config IMAGE_BOOT_PG2
-	bool "Firmware image for PG2 and M.2 devices"
-	help
-	  Build the firmware image that is responsible for booting Product
-	  Generation 2 (PG2) devices, including its M.2 variant.
+	  Build firmware images that are responsible for booting IOT2050
+	  devices. Two artifacts are generated: iot2050-pg1-image-boot.bin
+	  for Product Generation 1 devices and iot2050-pg2-image-boot.bin for
+	  Product Generation 2 devices, including M.2 variants.
 
 	  WARNING: Do not flash this image onto your device unless you know
 	  that it fits AND you have an external flash programmer at hand that
@@ -56,8 +48,7 @@ config KAS_INCLUDE_MAIN
 	string
 	default "kas-iot2050-example.yml" if IMAGE_EXAMPLE
 	default "kas-iot2050-swupdate.yml" if IMAGE_SWUPDATE
-	default "kas-iot2050-boot-pg1.yml" if IMAGE_BOOT_PG1
-	default "kas-iot2050-boot-pg2.yml" if IMAGE_BOOT_PG2
+	default "kas-iot2050-boot.yml" if IMAGE_BOOT
 
 comment "Image features"
 
@@ -128,7 +119,7 @@ config SECURE_BOOT
 
 config SECURE_BOOT
 	bool "Secure boot"
-	depends on IMAGE_BOOT_PG2
+	depends on IMAGE_BOOT
 	help
 	  Enable signing of all customizable firmware artifacts, enforce UEFI
 	  Secure Boot mode, protect sensitive U-Boot environment variables and
@@ -138,9 +129,12 @@ config SECURE_BOOT
 	  This uses the public custMpk.key and certificate by default. Do not
 	  use this key in production, it is for demonstration purposes only.
 
+	  NOTE: Only PG2 and M.2 devices are officially supported regarding
+	  secure boot.
+
 config OTP_PROVISIONING
 	bool "OTP Provisioning"
-	depends on IMAGE_BOOT_PG2
+	depends on IMAGE_BOOT
 	help
 	  Integrate OTP provisioning data into the firmware artifacts. Various
 	  options are avaiable. By default, this will integrate the OTP command
@@ -152,7 +146,7 @@ config OTP_PROVISIONING
 
 config RPMB_SETUP
 	bool "OPTEE RPMB setup for OTP key write"
-	depends on IMAGE_BOOT_PG2 && !SECURE_BOOT
+	depends on IMAGE_BOOT && !SECURE_BOOT
 	help
 	   Enable one-time pairing between processor and secure storage
 	   (RPMB on eMMC). Do not sign and distribute this version. Run it
@@ -244,7 +238,7 @@ config KAS_INCLUDE_DEBIAN_MIRROR
 config FIRMWARE_SECURE_VER
 	string "Use specific firmware secure version"
 	default "0"
-	depends on SECURE_BOOT && IMAGE_BOOT_PG2
+	depends on SECURE_BOOT && IMAGE_BOOT
 	help
 	  Use specific anti-rollback secure version rather than the default 0.
 	  Range 0 - 127.

diff --git a/conf/distro/iot2050-debian.conf b/conf/distro/iot2050-debian.conf
@@ -16,8 +16,6 @@ DISTRO_NAME = "IOT2050 Debian System"
 
 HOSTNAME ??= "iot2050-debian"
 
-PREFERRED_VERSION_u-boot-iot2050-pg1 ?= "2022.10"
-PREFERRED_VERSION_u-boot-iot2050-pg2 ?= "2022.10"
 PREFERRED_VERSION_linux-iot2050 ?= "5.10.%"
 PREFERRED_VERSION_linux-iot2050-rt ?= "5.10.%"
 

diff --git a/conf/machine/iot2050.conf b/conf/machine/iot2050.conf
@@ -11,10 +11,8 @@
 
 DISTRO_ARCH ?= "arm64"
 
-PRODUCT_GENERATION ?= "pg2"
-
-PREFERRED_PROVIDER_u-boot-${MACHINE} ?= "u-boot-iot2050-${PRODUCT_GENERATION}"
-PREFERRED_PROVIDER_u-boot-${MACHINE}-config ?= "u-boot-iot2050-${PRODUCT_GENERATION}"
+PREFERRED_PROVIDER_u-boot-${MACHINE} ?= "u-boot-iot2050"
+PREFERRED_PROVIDER_u-boot-${MACHINE}-config ?= "u-boot-iot2050"
 
 KERNEL_NAME ?= "iot2050"
 DTB_FILES ?= " \

diff --git a/kas-iot2050-boot-pg1.yml b/kas-iot2050-boot-pg1.yml
diff --git a/kas-iot2050-boot-pg2.yml → kas-iot2050-boot.yml b/kas-iot2050-boot-pg2.yml → kas-iot2050-boot.yml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) Siemens AG, 2019-2021
+# Copyright (c) Siemens AG, 2019-2023
 #
 # Authors:
 #  Le Jin <[email protected]>

diff --git a/kas/opt/upstream.yml b/kas/opt/upstream.yml
@@ -10,8 +10,6 @@ header:
 
 local_conf_header:
   upstream-versions: |
-    PREFERRED_VERSION_u-boot-iot2050-pg1 = "202x.xx-upstream"
-    PREFERRED_VERSION_u-boot-iot2050-pg2 = "202x.xx-upstream"
     PREFERRED_VERSION_linux-iot2050 = "5.x-upstream"
   extra-args: |
     EXTRA_KERNEL_PARAMS = "fw_devlink=permissive"
diff --git a/recipes-bsp/optee-os/optee-os-iot2050_3.22.0.bb b/recipes-bsp/optee-os/optee-os-iot2050_3.22.0.bb
@@ -39,6 +39,4 @@ python() {
     if re.search("rpmb-setup", overrides):
         if re.search("secureboot", overrides):
             bb.fatal("Not possible to use Secure Boot and RPMB setup for OPTEE")
-        if d.getVar('PRODUCT_GENERATION') == "pg1":
-            bb.warn("PG1 devices do not supported RPMB based secure storage")
 }
diff --git a/recipes-bsp/secure-boot-otp-provisioning/README.md b/recipes-bsp/secure-boot-otp-provisioning/README.md
@@ -57,7 +57,7 @@ Before start the build, make sure the currently using key set is copied to
 `recipes-bsp/u-boot/files/keys/custMpk.pem`.
 
 ```shell
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision.yml
 ```
 
 > Warning: The default key sets within kas/opt/key-provision.yml only contain
@@ -93,7 +93,7 @@ Then start to building the new key signed firmware together with the key switchi
 otpcmd data.
 
 ```shell
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-switch.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-switch.yml
 ```
 
 > Warning: The default switching within kas/opt/key-switch.yml is from MPK to SMPK.
@@ -118,31 +118,31 @@ by feeding different kas option file to the building.
 If the BMPK need to be programmed together:
 
 ```bash
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-3keys.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-3keys.yml
 ```
 
 ### Provision keys only without enabling secure boot
 
 If only the keys need to be programmed but not enabling the secure boot:
 
 ```bash
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-keys-only.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-keys-only.yml
 ```
 
 ### Enable secure boot only
 
 If you want to only enable the secure boot(because the keys are already programmed):
 
 ```bash
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-enabling-only.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-provision-enabling-only.yml
 ```
 
 ### Switch from SMPK to BMPK
 
 If the key switching is from SMPK to BMPK:
 
 ```bash
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-switch-2to3.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/secure-boot.yml:kas/opt/otpcmd/key-switch-2to3.yml
 ```
 
 ### Use TUI alternative

diff --git a/recipes-bsp/u-boot/README.md b/recipes-bsp/u-boot/README.md
@@ -5,8 +5,7 @@
 The boot loader for PG1 and PG2 boards is built like this:
 
 ```shell
-./kas-container build kas-iot2050-boot-pg1.yml
-./kas-container build kas-iot2050-boot-pg2.yml
+./kas-container build kas-iot2050-boot.yml
 ```
 
 After the build the boot images are under
@@ -81,7 +80,7 @@ A special firmware build is required to run in a secure operating environment to
 program this key into RPMB. To build this special firmware:
 
 ```shell
-./kas-container build kas-iot2050-boot-pg2.yml:kas/opt/rpmb-setup.yml
+./kas-container build kas-iot2050-boot.yml:kas/opt/rpmb-setup.yml
 ```
 
 This will build a special OPTee binary for generating and programming the otp

diff --git a/...-Add-a-reserved-memory-for-watchdog.patch → ...WDIOF_CARDRESET-on-TI-AM65x-platfor.patch b/...-Add-a-reserved-memory-for-watchdog.patch → ...WDIOF_CARDRESET-on-TI-AM65x-platfor.patch
@@ -1,10 +1,10 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Li Hua Qian <[email protected]>
-Date: Wed, 7 Jun 2023 11:29:59 +0800
-Subject: [PATCH] Add a reserved memory for watchdog
+Date: Tue, 29 Aug 2023 11:46:21 +0800
+Subject: [PATCH] Watchdog: Support WDIOF_CARDRESET on TI AM65x platform
 
 To have the WDIOF_CARDRESET support for the TI AM65x platform watchdog,
-this patch reserves the memory, which indicates if the current boot due
+this patch reserves some memories, which indicate if the current boot due
 to a watchdog reset.
 
 Signed-off-by: Li Hua Qian <[email protected]>
@@ -13,7 +13,7 @@ Signed-off-by: Li Hua Qian <[email protected]>
  1 file changed, 11 insertions(+)
 
 diff --git a/arch/arm/dts/k3-am65-iot2050-common.dtsi b/arch/arm/dts/k3-am65-iot2050-common.dtsi
-index e60006be..acc41335 100644
+index 65da226847f..b6135b849f1 100644
 --- a/arch/arm/dts/k3-am65-iot2050-common.dtsi
 +++ b/arch/arm/dts/k3-am65-iot2050-common.dtsi
 @@ -64,6 +64,12 @@
@@ -29,7 +29,7 @@ index e60006be..acc41335 100644
  	};
 
  	leds {
-@@ -731,6 +737,11 @@
+@@ -720,6 +726,11 @@
  	mboxes = <&mailbox0_cluster1 &mbox_mcu_r5fss0_core1>;
  };
 

diff --git a/recipes-bsp/u-boot/files/0001-efi_loader-Improve-console-screen-clearing-and-reset.patch b/recipes-bsp/u-boot/files/0001-efi_loader-Improve-console-screen-clearing-and-reset.patch
diff --git a/recipes-bsp/u-boot/files/0002-env-Complete-generic-support-for-writable-list.patch b/recipes-bsp/u-boot/files/0002-env-Complete-generic-support-for-writable-list.patch