[U-Boot] rockchip: SecureBoot Support?
Hello,
Is SecureBoot from the manufacturers u-boot distribution operational? When I try to sign the loader using the SBC it complains "Sign loader failed!"
I did a standard make:
CROSS_COMPILE=/Developer/arm-eabi-4.8/bin/arm-eabi- make O=firefly firefly-rk3288_defconfig all
Then generated the loader binary for SecureBootConsole by trying these combinations, all failed with same error:
./firefly/tools/mkimage -n rk3288 -T rkimage -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \
cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
./firefly/tools/mkimage -n rk3288 -T rkspi -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \
cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
I also tried using the boot_merger tool from the manufacturer distribution using the RK3288.ini with PATH=./firefly/spl/u-boot-spl-nodtb.bin. This still failed with same error.
If this feature is not yet functional, is it on the roadmap?
Thanks,
Gregory Ray
Hi Gregory,
On 3 August 2016 at 21:21, Gregory Ray gregory.ray@eyeio.com wrote:
Hello,
Is SecureBoot from the manufacturers u-boot distribution operational? When I try to sign the loader using the SBC it complains "Sign loader failed!"
I did a standard make:
CROSS_COMPILE=/Developer/arm-eabi-4.8/bin/arm-eabi- make O=firefly firefly-rk3288_defconfig all
Then generated the loader binary for SecureBootConsole by trying these combinations, all failed with same error:
./firefly/tools/mkimage -n rk3288 -T rkimage -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
./firefly/tools/mkimage -n rk3288 -T rkspi -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
I also tried using the boot_merger tool from the manufacturer distribution using the RK3288.ini with PATH=./firefly/spl/u-boot-spl-nodtb.bin. This still failed with same error.
If this feature is not yet functional, is it on the roadmap?
Which feature are you referring to here? What is the 'manufacturers u-boot distribution'? If it is not mainline, then I suspect only the Rockchip people know about it.
Thanks,
Gregory Ray
Regards, Simon
Hi
2016-08-05 9:36 GMT+08:00 Simon Glass sjg@chromium.org:
Hi Gregory,
On 3 August 2016 at 21:21, Gregory Ray gregory.ray@eyeio.com wrote:
Hello,
Is SecureBoot from the manufacturers u-boot distribution operational? When I try to sign the loader using the SBC it complains "Sign loader failed!"
I did a standard make:
CROSS_COMPILE=/Developer/arm-eabi-4.8/bin/arm-eabi- make O=firefly firefly-rk3288_defconfig all
Then generated the loader binary for SecureBootConsole by trying these combinations, all failed with same error:
./firefly/tools/mkimage -n rk3288 -T rkimage -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
./firefly/tools/mkimage -n rk3288 -T rkspi -d \
./firefly/spl/u-boot-spl-nodtb.bin out && \cat out | openssl rc4 -K 7c4e0304550509072d2c7b38170d1711 > sbc_in.bin
I also tried using the boot_merger tool from the manufacturer distribution using the RK3288.ini with PATH=./firefly/spl/u-boot-spl-nodtb.bin. This still failed with same error.
If this feature is not yet functional, is it on the roadmap?
Which feature are you referring to here? What is the 'manufacturers u-boot distribution'? If it is not mainline, then I suspect only the Rockchip people know about it.
I guess you are talking about verified boot?
Thanks,
Gregory Ray
Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
participants (3)
-
Eddie Cai -
Gregory Ray -
Simon Glass