diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.init b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.init new file mode 100644 index 00000000..f28eea33 --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.init @@ -0,0 +1,20 @@ +#! /bin/sh +NAME=nv_update_verifier +DESC="OTA bootloader update verifier" + +case "$1" in + start|restart) + echo -n "Running $DESC: " + /usr/sbin/nv_update_verifier < /dev/null + echo "[OK]" + ;; + stop) + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.service b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.service new file mode 100644 index 00000000..48340b2b --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.service @@ -0,0 +1,10 @@ +[Unit] +Description=OTA bootloader update verifier +After=nvstartup.service + +[Service] +Type=simple +ExecStart=/usr/sbin/nv_update_verifier + +[Install] +WantedBy=basic.target diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.sh b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.sh new file mode 100644 index 00000000..4ee332d3 --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot/nv_update_verifier.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +upgrade_available=$(/sbin/fw_printenv upgrade_available | cut -d "=" -f2) + +# Only verify booted slot if we are not in an upgrade process +# since mender will do that on commit (through fw_setenv) +if [ "$upgrade_available" == "0" ]; then + /usr/sbin/nvbootctrl verify +fi \ No newline at end of file diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot_%.bbappend b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot_%.bbappend index d5d74cb3..2822208b 100644 --- a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot_%.bbappend +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/tegra-binaries/tegra-redundant-boot_%.bbappend @@ -4,3 +4,13 @@ EXTRADEPS:tegra210 = "" EXTRADEPS:tegra234 = "" RDEPENDS:${PN} += "${EXTRADEPS}" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI:append = "\ + file://nv_update_verifier.sh \ +" + +do_install:append:tegra234() { + install -d ${D}/${sbindir} + install -m 0755 ${S}/nv_update_verifier.sh ${D}/${sbindir}/nv_update_verifier +} diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/edk2-firmware-tegra_%.bbappend b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/edk2-firmware-tegra_%.bbappend index d030091b..b417e0bb 100644 --- a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/edk2-firmware-tegra_%.bbappend +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/edk2-firmware-tegra_%.bbappend @@ -2,7 +2,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI += "file://0007-runtime-access-for-KernelCommandLine-efivar.patch;patchdir=.." -SRC_URI += "file://0008-enable-rootfs-redundancy.patch;patchdir=.." SRC_URI += "file://0009-BootChainDxe-fix.patch;patchdir=.." diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/0008-enable-rootfs-redundancy.patch b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/0008-enable-rootfs-redundancy.patch deleted file mode 100644 index 556b92e1..00000000 --- a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/0008-enable-rootfs-redundancy.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git edk2-tegra.a/edk2-nvidia/Silicon/NVIDIA/Tegra/DeviceTree/L4TConfiguration.dts edk2-tegra.b/edk2-nvidia/Silicon/NVIDIA/Tegra/DeviceTree/L4TConfiguration.dts -index 2c619e21..b254ae76 100644 ---- edk2-tegra.a/edk2-nvidia/Silicon/NVIDIA/Tegra/DeviceTree/L4TConfiguration.dts -+++ edk2-tegra.b/edk2-nvidia/Silicon/NVIDIA/Tegra/DeviceTree/L4TConfiguration.dts -@@ -37,7 +37,7 @@ - locked; - }; - RootfsRedundancyLevel { -- data = [00 00 00 00]; -+ data = [01 00 00 00]; - runtime; - locked; - }; diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/L4TConfiguration-RootfsRedundancyLevelABEnable.dtsi b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/L4TConfiguration-RootfsRedundancyLevelABEnable.dtsi new file mode 100644 index 00000000..be1b7a78 --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-bsp/uefi/files/L4TConfiguration-RootfsRedundancyLevelABEnable.dtsi @@ -0,0 +1,41 @@ +/dts-v1/; + +/ { + overlay-name = "L4T Configuration Settings"; + + fragment@0 { + target-path = "/"; + + board_config { + sw-modules = "uefi"; + }; + + __overlay__ { + + firmware { + + uefi { + + variables { + + gNVIDIAPublicVariableGuid { + + RootfsRedundancyLevel { + data = [01 00 00 00]; + runtime; + locked; + }; + + RootfsRetryCountMax { + data = [ 01 00 00 00 ]; + runtime; + }; + + }; + + }; + }; + }; + }; + }; +}; diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/abort-blupdate b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/abort-blupdate new file mode 100644 index 00000000..6d5d5bbf --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/abort-blupdate @@ -0,0 +1,7 @@ +#!/bin/bash + +CAPTARGET="/opt/nvidia/esp/EFI/UpdateCapsule/TEGRA_BL.Cap" + +if [ -f "$CAPTARGET" ]; then + rm "$CAPTARGET" +fi \ No newline at end of file diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/verify-slot b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/verify-slot new file mode 100644 index 00000000..704fee39 --- /dev/null +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/files/verify-slot @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/sbin/nvbootctrl verify \ No newline at end of file diff --git a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/tegra-state-scripts_1.0.bb b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/tegra-state-scripts_1.0.bb index 99693afe..44add07a 100644 --- a/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/tegra-state-scripts_1.0.bb +++ b/meta-mender-tegra/meta-mender-tegra-jetpack5/recipes-mender/tegra-state-scripts/tegra-state-scripts_1.0.bb @@ -1,5 +1,7 @@ SRC_URI = " \ file://switch-rootfs \ + file://verify-slot \ + file://abort-blupdate \ " LICENSE = "Apache-2.0" @@ -14,6 +16,8 @@ PERSIST_MACHINE_ID:mender-persist-systemd-machine-id = "yes" do_compile() { cp ${S}/switch-rootfs ${MENDER_STATE_SCRIPTS_DIR}/ArtifactInstall_Leave_50_switch-rootfs + cp ${S}/verify-slot ${MENDER_STATE_SCRIPTS_DIR}/ArtifactCommit_Leave_50_verify-slot + cp ${S}/abort-blupdate ${MENDER_STATE_SCRIPTS_DIR}/ArtifactRollback_Leave_50_abort-blupdate } # Make sure scripts aren't left around from old builds