Hi Simon,
On Tue, Jun 3, 2014 at 9:58 PM, Simon Glass sjg@chromium.org wrote:
Hi Harsha,
On 3 June 2014 20:29, Harsha Kiran harshakiran443@gmail.com wrote:
Hi Simon,
I was able to succesfully test the Secure u-boot on the beaglebone black from the u-boot-x86 Bone git. Thanks for all the help and it was a great beaglebone_vboot.txt file !
Good!
I have some of minor things i would like to mention when i followed the procedure.
- in the 7th step
- Put U-Boot and the kernel onto the board
The MLO information is missing..
In my case I already had this on the card. Do you have instructions for what you followed?
Harsha: I have formated my SD card into 2 partitions(boot and rootfs). in my boot partition, i have MLO,u-boot.img,image.fit,uEnv.txt and in the other partition i have the root filesystem. Instructions: I just copied them directly harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86$ sudo cp MLO /media/harsha/boot/ harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86$ sudo cp u-boot.img /media/harsha/boot/ harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86/doc/uImage.FIT$ sudo cp image.fit /media/harsha/boot/
i used fatload command. i have to modify my uEnv.txt to load it without stoping in u-boot prompt. U-Boot# fatload mmc 0 0x82000000 image.fit reading image.fit 8580350 bytes read in 474 ms (17.3 MiB/s) U-Boot# bootm 0x82000000 ## Loading kernel from FIT Image at 82000000 ... Using 'conf@1' configuration
I was not able to boot with kernel (image.lzo) in the FIT. it gave me the following error U-Boot# bootm 0x82000000
## Loading kernel from FIT Image at 82000000 ... Using 'conf@1' configuration Verifying Hash Integrity ... OK Trying 'kernel@1' kernel subimage Description: unavailable Created: 2014-06-04 1:28:38 UTC Type: Kernel Image Compression: lzo compressed Data Start: 0x820000a8 Data Size: 8543704 Bytes = 8.1 MiB
Architecture: ARM OS: Linux Load Address: 0x80008000 Entry Point: 0x80008000 Hash algo: sha1 Hash value: 9504d8fefcec81c054e2d0fb4e9d9b6bcfb9b4b7Verifying Hash Integrity ... sha1+ OK
## Loading fdt from FIT Image at 82000000 ... Using 'conf@1' configuration Trying 'fdt@1' fdt subimage Description: beaglebone-black Created: 2014-06-04 1:28:38 UTC
Type: Flat Device Tree Compression: uncompressed Data Start: 0x82825f68 Data Size: 34352 Bytes = 33.5 KiB Architecture: ARM Hash algo: sha1 Hash value: 4b14973cf0fe4a40dc420ed55d2441c6f51f586bVerifying Hash Integrity ... sha1+ OK Booting using the fdt blob at 0x82825f68 Uncompressing Kernel Image ... LZO: uncompress or overwrite error -1 - must RESET board to recover resetting ...
U-Boot SPL 2014.07-rc2 (Jun 03 2014 - 20:09:15) reading u-boot.img reading u-boot.img
But when i switch it back to the zImage it worked good. I will check
again
on this.
It might be the maximum image size:
#define CONFIG_SYS_BOOTM_LEN (16 << 20)
Is it possible that your kernel is larger than 16MB? Or that you forgot to compress it with lzop?
Harsha: I am working on the TI SDK7 and took tisdk_am335x-evm_defconfig
as my config file. The default kernel compression mode is Gzip. My Image is 8 MB and zImage is 4.1MB. Which compression mode is the best? I usually use the XZ mode as it gives me smallest binary (uImage 2.9 MB).
Regards, Simon
I have modified my signed image.fit in a HEX editor and loaded the image and it fails to load with the correct error.. .... Entry Point: 0x80008000 Hash algo: sha1 Hash value: 3d72bc90b8afb5464cb03de2952d1bba90cd542e Verifying Hash Integrity ... sha1 error! Bad hash value for 'hash@1' hash node in 'kernel@1' image node Bad Data Hash ERROR: can't get kernel image! U-Boot# U-Boot SPL 2014.07-rc2 (Jun 03 2014 - 20:09:15)
But, this time i did not sign my image.fit. i just converted my kernel_fdt.its to image.fit file (To test the unsigned images) harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86/doc/uImage.FIT$ sudo ../../b/am335x_boneblack_vboot/tools/mkimage -f kernel_fdt.its image.fit I am still able to load the image.fit successfully.! Should the singed u-boot.img allow the unsigned images to load??
To sign my u-boot i used the following command. (there is -r to make it compulsary)
harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86/doc/uImage.FIT$ sudo ../../b/am335x_boneblack_vboot/tools/mkimage -f kernel_fdt.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit. I am i still missing anything??
harsha@harshakiran_kasha:/abb/Verified-uboot/u-boot-x86/doc/uImage.FIT$ sudo ../../b/am335x_boneblack_vboot/tools/mkimage Usage: ../../b/am335x_boneblack_vboot/tools/mkimage -l image -l ==> list image header information ../../b/am335x_boneblack_vboot/tools/mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d data_file[:data_file...] image -A ==> set architecture to 'arch' -O ==> set operating system to 'os' -T ==> set image type to 'type' -C ==> set compression type 'comp' -a ==> set load address to 'addr' (hex) -e ==> set entry point to 'ep' (hex) -n ==> set image name to 'name' -d ==> use image data from 'datafile' -x ==> set XIP (execute in place) ../../b/am335x_boneblack_vboot/tools/mkimage [-D dtc_options] [-f fit-image.its|-F] fit-image -D => set options for device tree compiler -f => input filename for FIT source Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-r] -k => set directory containing private keys -K => write public keys to this .dtb file -c => add comment in signature node -F => re-sign existing FIT image -r => mark keys used as 'required' in dtb ../../b/am335x_boneblack_vboot/tools/mkimage -V ==> print version information and exit
Thanks, Harsha
--