Index: copy_wsl.sh
===================================================================
diff -u
--- copy_wsl.sh	(revision 0)
+++ copy_wsl.sh	(revision a95647cc4f00e556692a9a1966ca44ab0c600ad4)
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+IMAGES="$HOME/leahi-distro/tmp/deploy/images/ccimx8mm-dvk"
+cp ${IMAGES}/dey-image-qt-fb-ccimx8mm-dvk.boot.vfat     .
+cp ${IMAGES}/dey-image-qt-fb-ccimx8mm-dvk.ext4.gz       .
+cp ${IMAGES}/dey-image-qt-fb-ccimx8mm-dvk.recovery.vfat .
+cp ${IMAGES}/imx-boot-ccimx8mm-dvk.bin                  .
+cp ${IMAGES}/install_linux_fw_uuu.sh                    .
+
+exit 0
+
Index: dey-image-qt-fb-ccimx8mm-dvk.boot.vfat
===================================================================
diff -u -r0f7ff0c511a08daf1a0b6c4b21f2cd6d337e42f3 -ra95647cc4f00e556692a9a1966ca44ab0c600ad4
Binary files differ
Index: dey-image-qt-fb-ccimx8mm-dvk.ext4.gz
===================================================================
diff -u -r0f7ff0c511a08daf1a0b6c4b21f2cd6d337e42f3 -ra95647cc4f00e556692a9a1966ca44ab0c600ad4
Binary files differ
Index: dey-image-qt-fb-ccimx8mm-dvk.recovery.vfat
===================================================================
diff -u -r0f7ff0c511a08daf1a0b6c4b21f2cd6d337e42f3 -ra95647cc4f00e556692a9a1966ca44ab0c600ad4
Binary files differ
Index: imx-boot-ccimx8mm-dvk.bin
===================================================================
diff -u -ra5ab6a2a61c11137bd37ba23612d39b3642d5457 -ra95647cc4f00e556692a9a1966ca44ab0c600ad4
Binary files differ
Index: install_linux_fw_uuu.sh
===================================================================
diff -u -r58b5d8853668a5ff7d8a5a4f59510b55edd2bc76 -ra95647cc4f00e556692a9a1966ca44ab0c600ad4
--- install_linux_fw_uuu.sh	(.../install_linux_fw_uuu.sh)	(revision 58b5d8853668a5ff7d8a5a4f59510b55edd2bc76)
+++ install_linux_fw_uuu.sh	(.../install_linux_fw_uuu.sh)	(revision a95647cc4f00e556692a9a1966ca44ab0c600ad4)
@@ -1,7 +1,7 @@
 #!/bin/sh
 #===============================================================================
 #
-#  Copyright (C) 2020-2024 by Digi International Inc.
+#  Copyright (C) 2020-2025 by Digi International Inc.
 #  All rights reserved.
 #
 #  This program is free software; you can redistribute it and/or modify it
@@ -21,12 +21,27 @@
 # Exit on any error
 set -e
 
+if [ $(uname -s) != "Linux" ]; then
+	UUU="uuu.exe"
+else
+	UUU="uuu"
+fi
+
 # Parse uuu cmd output
 getenv()
 {
-	uuu -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p"
+	$UUU -v fb: ucmd printenv "${1}" | sed -ne "s,^${1}=,,g;T;p"
 }
 
+# Grep for string in command output
+# Params:
+#  1. Command
+#  2. String to grep
+grep_string()
+{
+	$UUU -v fb: ucmd ${1} | grep "${2}"
+}
+
 show_usage()
 {
 	echo "Usage: $0 [options]"
@@ -42,7 +57,6 @@
 	echo "   -k <dek-filename>      Update includes dek file."
 	echo "                          (implies -t)."
 	echo "   -n                     No wait. Skips 10 seconds delay to stop script."
-	echo "   -t                     Install TrustFence artifacts."
 	echo "   -u <u-boot-filename>   U-Boot filename."
 	echo "                          Auto-determined by variant if not provided."
 	exit 2
@@ -61,23 +75,27 @@
 	echo "====================================================================================="
 	echo "\033[0m"
 
-	if [ "${TRUSTFENCE}" = "true" ] && [ "${1}" = "bootloader" ]; then
-		uuu fb: download -f "${2}"
-		if [ -n "${DEK_FILE}" ]; then
-			uuu fb: ucmd setenv uboot_size \${filesize}
-			uuu fb: ucmd setenv fastboot_buffer \${initrd_addr}
-			uuu fb: download -f "${3}"
-			uuu fb: ucmd setenv dek_size \${filesize}
-			uuu fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size}
+	if [ "${1}" = "bootloader" ]; then
+		if [ "${ENCRYPTED}" = "true" ]; then
+			$UUU fb: download -f "${2}"
+			if [ -n "${DEK_FILE}" ]; then
+				# Encrypted bootloader + dek
+				$UUU fb: ucmd setenv uboot_size \${filesize}
+				$UUU fb: ucmd setenv fastboot_buffer \${initrd_addr}
+				$UUU fb: download -f "${3}"
+				$UUU fb: ucmd setenv dek_size \${filesize}
+				$UUU fb: ucmd trustfence update ram \${loadaddr} \${uboot_size} \${initrd_addr} \${dek_size}
+			else
+				# Encrypted bootloader (re-use existing dek)
+				$UUU fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes}
+			fi
 		else
-			uuu fb: ucmd trustfence update ram \${fastboot_buffer} \${fastboot_bytes}
+			# Non-encrypted bootloader (can be signed or not)
+			$UUU fb: flash "${1}" "${2}"
 		fi
 	else
-		if [ "${1}" = "bootloader" ]; then
-			uuu fb: flash "${1}" "${2}"
-		else
-			uuu fb: flash -raw2sparse "${1}" "${2}"
-		fi
+		# Non-bootloader image
+		$UUU fb: flash -raw2sparse "${1}" "${2}"
 	fi
 }
 
@@ -91,7 +109,7 @@
 # -i <image-name>
 # -u <u-boot-filename>
 # -k <dek-filename>
-while getopts ':bdhi:k:ntu:' c
+while getopts ':bdhi:k:nu:' c
 do
 	if [ "${c}" = ":" ]; then
 		c="${OPTARG}"
@@ -105,25 +123,21 @@
 	d) INSTALL_DUALBOOT=true && BOOTCOUNT=true ;;
 	h) show_usage ;;
 	i) IMAGE_NAME=${OPTARG} ;;
-	k) DEK_FILE=${OPTARG} && TRUSTFENCE=true ;;
+	k) DEK_FILE=${OPTARG} ;;
 	n) NOWAIT=true ;;
-	t) TRUSTFENCE=true ;;
 	u) INSTALL_UBOOT_FILENAME=${OPTARG} ;;
 	esac
 done
 
 # Enable the redirect support to get u-boot variables values
-uuu fb: ucmd setenv stdout serial,fastboot
+$UUU fb: ucmd setenv stdout serial,fastboot
 
 # Check if dualboot variable is active
 dualboot=$(getenv "dualboot")
 if [ "${dualboot}" = "yes" ]; then
 	DUALBOOT=true;
 fi
 
-# remove redirect
-uuu fb: ucmd setenv stdout serial
-
 echo ""
 echo "Determining image files to use..."
 
@@ -132,11 +146,43 @@
 	INSTALL_UBOOT_FILENAME="imx-boot-ccimx8mm-dvk.bin"
 fi
 
+# Determine if bootloader is signed and/or encrypted
+if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "signed"; then
+	SIGNED=true
+fi
+if echo "$INSTALL_UBOOT_FILENAME" | grep -q -e "encrypted"; then
+	ENCRYPTED=true
+fi
+
+if [ "${ENCRYPTED}" = "true" ]; then
+	tf_status=$(grep_string "trustfence status" "Secure boot:")
+	if echo "${tf_status}" | grep -q -e "OPEN"; then
+		echo "\033[93m"
+		echo "WARNING!"
+		echo "You are trying to program encrypted images but the device status is OPEN."
+		echo "An OPEN device requires manual procedure for installing an encrypted bootloader,"
+		echo "programming the secure keys, and closing the device."
+		echo "Continuing would result in a non-secure setup or a non-bootable device after the"
+		echo "close operation."
+		echo ""
+		echo "Check the online documentation for manual steps at:"
+		echo "https://docs.digi.com/resources/documentation/digidocs/embedded/trustfence_home.html"
+		echo ""
+		echo "You can run this installer to program encrypted artifacts when the device has been closed."
+		echo "\033[0m"
+		echo "Exiting."
+		exit 1
+	fi
+fi
+
+# remove redirect
+$UUU fb: ucmd setenv stdout serial
+
 # Determine linux, recovery, and rootfs image filenames to update
 if [ -z "${IMAGE_NAME}" ]; then
 	IMAGE_NAME="dey-image-qt"
 fi
-GRAPHICAL_IMAGES="dey-image-crank dey-image-qt dey-image-webkit dey-image-lvgl"
+GRAPHICAL_IMAGES="dey-image-qt dey-image-webkit dey-image-lvgl dey-image-chromium"
 for g in ${GRAPHICAL_IMAGES}; do
 	if [ "${IMAGE_NAME}" = "${g}" ]; then
 		BASEFILENAME="${IMAGE_NAME}-fb"
@@ -235,16 +281,16 @@
 fi
 
 # Set fastboot buffer address to $loadaddr, just in case
-uuu fb: ucmd setenv fastboot_buffer \${loadaddr}
+$UUU fb: ucmd setenv fastboot_buffer \${loadaddr}
 
 # Skip user confirmation for U-Boot update
-uuu fb: ucmd setenv forced_update 1
+$UUU fb: ucmd setenv forced_update 1
 
 # Update U-Boot
 part_update "bootloader" "${INSTALL_UBOOT_FILENAME}" "${DEK_FILE}"
 
 # Set MMC to boot from BOOT1 partition
-uuu fb: ucmd mmc partconf 0 1 1 1
+$UUU fb: ucmd mmc partconf 0 1 1 1
 
 # Set 'bootcmd' for the second part of the script that will
 #  - Reset environment to defaults
@@ -255,7 +301,7 @@
 #  - Update the 'linux' partition
 #  - Update the 'recovery' partition
 #  - Update the 'rootfs' partition
-uuu fb: ucmd setenv bootcmd "
+$UUU fb: ucmd setenv bootcmd "
 	env default -a;
 	setenv dualboot \${dualboot};
 	bootcount reset;
@@ -282,18 +328,18 @@
 	fastboot 0;
 "
 
-uuu fb: ucmd saveenv
-uuu fb: acmd reset
+$UUU fb: ucmd saveenv
+$UUU fb: acmd reset
 
 # Wait for the target to reset
 sleep 3
 
 # Restart fastboot with the latest MMC partition configuration
-uuu fb: ucmd setenv fastboot_dev sata
-uuu fb: ucmd setenv fastboot_dev mmc
+$UUU fb: ucmd setenv fastboot_dev sata
+$UUU fb: ucmd setenv fastboot_dev mmc
 
 # Set fastboot buffer address to $loadaddr, just in case
-uuu fb: ucmd setenv fastboot_buffer \${loadaddr}
+$UUU fb: ucmd setenv fastboot_buffer \${loadaddr}
 
 if [ "${DUALBOOT}" = true ]; then
 	# Update Linux A
@@ -324,20 +370,21 @@
 
 if [ "${DUALBOOT}" != true ]; then
 	# Configure u-boot to boot into recovery mode
-	uuu fb: ucmd setenv boot_recovery yes
-	uuu fb: ucmd setenv recovery_command wipe_update
+	$UUU fb: ucmd setenv boot_recovery yes
+	$UUU fb: ucmd setenv recovery_command wipe_update
 fi
 
-# Enable the enable the touchscreen support
-uuu fb: ucmd setenv overlays _ov_board_lvds_ccimx8m-dvk.dtbo
+# Enable the touchscreen support
+$UUU fb: ucmd setenv fdt_file ccimx8mm-leahi.dtb
+$UUU fb: ucmd setenv overlays
 
 # Save the U-Boot environment variables
-uuu fb: ucmd saveenv
+$UUU fb: ucmd saveenv
 
 # Reset the bootcount
-uuu fb: ucmd bootcount reset
+$UUU fb: ucmd bootcount reset
 # Reset the target
-uuu fb: acmd reset
+$UUU fb: acmd reset
 
 echo "\033[32m"
 echo "============================================================="