Hi Fabio,
Thank you so much for responding. It's good to know that I'm not alone in the world. :)
Unfortunately, I'm stuck with 2016.03 for the moment.
So I'm still having issues with getting verified boot to work. After compiling and installing the new u-boot image on my board I noticed that it bricked my board.
After lots of trail and error, I tracked it down to CONFIG_OF_CONTROL. When enabled, u-boot refuses to boot. ( no output is shown on the serial debug interface)
Since I'm using CONFIG_OF_SEPERATE, I suspect u-boot tries to read my attached dtb blob however it's probably wrong.
So my dts file looks like this:
/dts-v1/;
/ { model = "dummy"; compatible = "dummy";
reset@0 { compatible = "dummy"; }; };
I know that the properties 'model' and 'compatible' matter when in regards to the kernel however u-boot is using the device tree just to hold the public key so do they still matter? For now I just set them to "dummy"
Secondly, I'm doing:
$ cat u-boot.imx my-blob.dtb > u-boot.imx.final
Do you see anything that stands out to you?
Thank you!
Davis
On Tue, Apr 24, 2018 at 7:40 PM, Fabio Estevam festevam@gmail.com wrote:
Hi Davis,
On Fri, Apr 20, 2018 at 9:00 PM, Davis Roman davis.roman84@gmail.com wrote:
Hello,
I'm trying to get verified-boot working using u-boot 2016.03 on an imx6.
It would be better to try something more recent, such as 2018.03 instead.
So far I've managed to figure out that I need the following additional config settings: #define CONFIG_DM #define CONFIG_ENABLE_VBOOT #define CONFIG_RSA #define CONFIG_FIT #define CONFIG_OF_CONTROL #define CONFIG_FIT_SIGNATURE #define CONFIG_OF_SEPERATE #define CONFIG_OF_LIBFDT #define CONFIG_FIT_VERBOSE
However, no matter what I do I can't seem to generate u-boot.dtb.
This is expected if your board does not use device tree file in U-Boot.
My understanding is that u-boot automatically generates this u-boot.dtb for the purpose of storing the public key when mkimage signs the fitimage and that this process does not require that I provide a dts file.
However, below are the files that are generated with my current configuration and no u-boot.dtb file is generated.
Additionally, since u-boot produces a u-boot-nodtb.bin, I figured it was reasonable to believe that u-boot.bin contained the device tree however as shown below both u-boot-nodtb.bin and u-boot.bin have an idential hash.
Is there something that I'm missing here? Any advice would be greatly appreciated
Thank you,
Davis
davis@XPS-15-9560:~/Desktop/u-boot-work/uboot-imx$ ls -l *u-boot* -rwxrwxr-x 1 davis davis 3413272 Apr 20 23:41 u-boot -rwxrwxr-x 1 davis davis 506052 Apr 20 23:37 u-boot.bin -rw-rw-r-- 1 davis davis 39490 Apr 20 23:27 u-boot.cfg -rw-rw-r-- 1 davis davis 510976 Apr 20 23:37 u-boot.imx
That's the one you need.
If your board does not use device tree you will get a u-boot.imx binary that you can flash into your boot media.