Re: [U-Boot] verified boot of beaglebone black
+U-Boot ML
On 29 October 2014 21:09, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon
I am trying to implement verified boot process as mentioned in the below link
http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
And am using the /opt/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2013.10-ti2013.12.01/
When I was executing step 1 provided in the above link ie., while
Configure and build U-Boot with verified boot enabled
I am facing the below error, could you please help me in resolving this issue as early as possible, beacuse am stuck up this issue from past two days,
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01$ make O=b/am335x_boneblack_vboot CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm am335x_boneblack_vboot_config all Generating /home/srinivasan/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01/b/am335x_boneblack_vboot/include/autoconf.mk Generating /home/srinivasan/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01/b/am335x_boneblack_vboot/include/autoconf.mk.dep make: *** No rule to make target `am335x_boneblack_vboot_config'. Stop. make: *** [am335x_boneblack_vboot_config] Error 1 srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01$
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
kindly do the needful
Awaiting for your replies
Many Thanks in Advance
Srinivasan S
Regards, Simon
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
Thanks in advance Srinivasan S ________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Thursday, October 30, 2014 9:46 AM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
+U-Boot ML
On 29 October 2014 21:09, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon
I am trying to implement verified boot process as mentioned in the below link
http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
And am using the /opt/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2013.10-ti2013.12.01/
When I was executing step 1 provided in the above link ie., while
Configure and build U-Boot with verified boot enabled
I am facing the below error, could you please help me in resolving this issue as early as possible, beacuse am stuck up this issue from past two days,
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01$ make O=b/am335x_boneblack_vboot CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm am335x_boneblack_vboot_config all Generating /home/srinivasan/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01/b/am335x_boneblack_vboot/include/autoconf.mk Generating /home/srinivasan/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01/b/am335x_boneblack_vboot/include/autoconf.mk.dep make: *** No rule to make target `am335x_boneblack_vboot_config'. Stop. make: *** [am335x_boneblack_vboot_config] Error 1 srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2013.10-ti2013.12.01$
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
kindly do the needful
Awaiting for your replies
Many Thanks in Advance
Srinivasan S
Regards, Simon
Hi,
On 30 October 2014 01:15, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
Regards, Simon
Thanks a lot for your replies Simon,
1. Could you please confirm whether the beaglebone black support exists in that U-Boot 2014.07 & can I use linux-3.12.10-ti2013.12.01 kernel (provided by ti-sdk-am335x-evm-07.00.00.00 )on top of this U-Boot 2014.07
2. Could you please provide me the link for syncing U-Boot 2014.07 for beaglebone black
Many Thanks in Advance, Srinivasan S ________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Thursday, October 30, 2014 8:30 PM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 October 2014 01:15, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
Regards, Simon
Hi,
On 30 Oct 2014 21:50, "Srinivasan S" srinivasan.s@tataelxsi.co.in wrote:
Thanks a lot for your replies Simon,
- Could you please confirm whether the beaglebone black support exists
in that U-Boot 2014.07 & can I use linux-3.12.10-ti2013.12.01 kernel (provided by ti-sdk-am335x-evm-07.00.00.00 )on top of this U-Boot 2014.07
That should work ok.
- Could you please provide me the link for syncing U-Boot 2014.07 for
beaglebone black
See here:
ftp://ftp.denx.de/pub/u-boot/
Regards, Simon
Many Thanks in Advance, Srinivasan S ________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass <
sjg@chromium.org>
Sent: Thursday, October 30, 2014 8:30 PM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 October 2014 01:15, Srinivasan S srinivasan.s@tataelxsi.co.in
wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates
w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
Regards, Simon
Hi Simon
Once again thanks a lot for your confirmation
As you suggested, I have downloaded u-boot-2014.07.tar.bz2ftp://ftp.denx.de/pub/u-boot/u-boot-2014.07.tar.bz2 & when I was trying to build the same , I was facing the below errors
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2014.07$ make O=b/am335x_boneblack_vboot CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm am335x_boneblack_vboot_config all
/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 17: dtc: command not found /home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 18: dtc: command not found *** Your dtc is too old, please upgrade to dtc 1.4 or newer make[2]: *** [checkdtc] Error 1 make[1]: *** [build-one-by-one] Error 2 make: *** [sub-make] Error 2
Please do the needful in resolving this issue
Thanks in advance,
srinivasan S
________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Friday, October 31, 2014 9:57 AM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 Oct 2014 21:50, "Srinivasan S" <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Thanks a lot for your replies Simon,
- Could you please confirm whether the beaglebone black support exists in that U-Boot 2014.07 & can I use linux-3.12.10-ti2013.12.01 kernel (provided by ti-sdk-am335x-evm-07.00.00.00 )on top of this U-Boot 2014.07
That should work ok.
- Could you please provide me the link for syncing U-Boot 2014.07 for beaglebone black
See here:
ftp://ftp.denx.de/pub/u-boot/
Regards, Simon
Many Thanks in Advance, Srinivasan S ________________________________________ From: sjg@google.commailto:sjg@google.com <sjg@google.commailto:sjg@google.com> on behalf of Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> Sent: Thursday, October 30, 2014 8:30 PM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 October 2014 01:15, Srinivasan S <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
Regards, Simon
On 31 October 2014 10:48, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon
Once again thanks a lot for your confirmation
As you suggested, I have downloaded u-boot-2014.07.tar.bz2ftp://ftp.denx.de/pub/u-boot/u-boot-2014.07.tar.bz2 & when I was trying to build the same , I was facing the below errors
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2014.07$ make O=b/am335x_boneblack_vboot CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm am335x_boneblack_vboot_config all
/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 17: dtc: command not found /home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 18: dtc: command not found *** Your dtc is too old, please upgrade to dtc 1.4 or newer make[2]: *** [checkdtc] Error 1 make[1]: *** [build-one-by-one] Error 2 make: *** [sub-make] Error 2
Looks like dtc is not your your bash path, try to build the same and export it.
$ git clone git://git.kernel.org/pub/scm/utils/dtc/dtc.git $ cd dtc $ make $ sudo make install
See doc/README.fdt-control for more info.
Please do the needful in resolving this issue
Thanks in advance,
srinivasan S
From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Friday, October 31, 2014 9:57 AM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 Oct 2014 21:50, "Srinivasan S" <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Thanks a lot for your replies Simon,
- Could you please confirm whether the beaglebone black support exists in that U-Boot 2014.07 & can I use linux-3.12.10-ti2013.12.01 kernel (provided by ti-sdk-am335x-evm-07.00.00.00 )on top of this U-Boot 2014.07
That should work ok.
- Could you please provide me the link for syncing U-Boot 2014.07 for beaglebone black
See here:
ftp://ftp.denx.de/pub/u-boot/
Regards, Simon
Many Thanks in Advance, Srinivasan S ________________________________________ From: sjg@google.commailto:sjg@google.com <sjg@google.commailto:sjg@google.com> on behalf of Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> Sent: Thursday, October 30, 2014 8:30 PM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 October 2014 01:15, Srinivasan S <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
thanks!
Hi,
Thanks a lot for your replies, When I was executing the below ie., Step 5: Sign the kernel from http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
When I was using the mkimage tools for sigining am facing the below errors, could you please do the needful in resolving the below errors as early as possible
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL$ echo $PATH /home/srinivasan/bin:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/tools/:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/dtc/:/opt/ti-sdk-am335x-evm-07.00.00.00/linux-devkit/sysroots/i686-arago-linux/usr/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image keys sign.its u-boot-dtb.img srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit Error: sign.its:7.15-16 syntax error FATAL ERROR: Unable to parse input tree mkimage: Can't read image.fit.tmp: Invalid argument mkimage Can't add hashes to FIT blob srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$
Many Thanks in advance, Srinivasan S ________________________________________ From: Jagan Teki jagannadh.teki@gmail.com Sent: Friday, October 31, 2014 12:29 PM To: Srinivasan S Cc: Simon Glass; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
On 31 October 2014 10:48, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon
Once again thanks a lot for your confirmation
As you suggested, I have downloaded u-boot-2014.07.tar.bz2ftp://ftp.denx.de/pub/u-boot/u-boot-2014.07.tar.bz2 & when I was trying to build the same , I was facing the below errors
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/u-boot-2014.07$ make O=b/am335x_boneblack_vboot CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm am335x_boneblack_vboot_config all
/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 17: dtc: command not found /home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/scripts/dtc-version.sh: line 18: dtc: command not found *** Your dtc is too old, please upgrade to dtc 1.4 or newer make[2]: *** [checkdtc] Error 1 make[1]: *** [build-one-by-one] Error 2 make: *** [sub-make] Error 2
Looks like dtc is not your your bash path, try to build the same and export it.
$ git clone git://git.kernel.org/pub/scm/utils/dtc/dtc.git $ cd dtc $ make $ sudo make install
See doc/README.fdt-control for more info.
Please do the needful in resolving this issue
Thanks in advance,
srinivasan S
From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Friday, October 31, 2014 9:57 AM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 Oct 2014 21:50, "Srinivasan S" <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Thanks a lot for your replies Simon,
- Could you please confirm whether the beaglebone black support exists in that U-Boot 2014.07 & can I use linux-3.12.10-ti2013.12.01 kernel (provided by ti-sdk-am335x-evm-07.00.00.00 )on top of this U-Boot 2014.07
That should work ok.
- Could you please provide me the link for syncing U-Boot 2014.07 for beaglebone black
See here:
ftp://ftp.denx.de/pub/u-boot/
Regards, Simon
Many Thanks in Advance, Srinivasan S ________________________________________ From: sjg@google.commailto:sjg@google.com <sjg@google.commailto:sjg@google.com> on behalf of Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> Sent: Thursday, October 30, 2014 8:30 PM To: Srinivasan S Cc: U-Boot Mailing List Subject: Re: verified boot of beaglebone black
Hi,
On 30 October 2014 01:15, Srinivasan S <srinivasan.s@tataelxsi.co.inmailto:srinivasan.s@tataelxsi.co.in> wrote:
Hi Simon,
Extremely Sorry to push you Hard, Could you please provide any updates w.r.t the below issue
I think you missed my reply, am removing context...
Please use the latest mainline, or at least U-Boot 2014.07. That board does not exist in older versions.
thanks! -- Jagan.
Hi,
On 3 November 2014 23:09, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi,
Thanks a lot for your replies, When I was executing the below ie., Step 5: Sign the kernel from http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
When I was using the mkimage tools for sigining am facing the below errors, could you please do the needful in resolving the below errors as early as possible
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL$ echo $PATH /home/srinivasan/bin:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/tools/:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/dtc/:/opt/ti-sdk-am335x-evm-07.00.00.00/linux-devkit/sysroots/i686-arago-linux/usr/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image keys sign.its u-boot-dtb.img srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit Error: sign.its:7.15-16 syntax error FATAL ERROR: Unable to parse input tree
You should check that line of the file (line 7).
mkimage: Can't read image.fit.tmp: Invalid argument mkimage Can't add hashes to FIT blob srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$
Regards, Simon
Thanks a lot for your replies The issue was where at symbol was supposed to be changed to @
+ kernel at 1 { + data = /incbin/("Image.lzo"); + type = "kernel"; + arch = "arm"; + os = "linux"; + compression = "lzo"; + load = <0x80008000>; + entry = <0x80008000>; + hash at 1 { + algo = "sha1"; + };
When I was generating the keys ie., Step 4: Create a key pair
Am facing one more error while generating private key & certificate containing public key used for verification when I execute the below openssl commands it is saying can't open config file:
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl genrsa -F4 -out keys/dev.key 2048 WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Generating RSA private key, 2048 bit long modulus ............................+++ ...............................................+++ e is 65537 (0x10001) srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Unable to load config info from /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf
Could you pls do the needful in resolving this errors cz of which am not able to proceed further Many Thanks in advance ________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Tuesday, November 4, 2014 11:42 AM To: Srinivasan S Cc: Jagan Teki; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
Hi,
On 3 November 2014 23:09, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi,
Thanks a lot for your replies, When I was executing the below ie., Step 5: Sign the kernel from http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
When I was using the mkimage tools for sigining am facing the below errors, could you please do the needful in resolving the below errors as early as possible
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL$ echo $PATH /home/srinivasan/bin:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/tools/:/home/srinivasan/TUNSTALL/board-support/u-boot-2014.07/dtc/:/opt/ti-sdk-am335x-evm-07.00.00.00/linux-devkit/sysroots/i686-arago-linux/usr/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image keys sign.its u-boot-dtb.img srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit Error: sign.its:7.15-16 syntax error FATAL ERROR: Unable to parse input tree
You should check that line of the file (line 7).
mkimage: Can't read image.fit.tmp: Invalid argument mkimage Can't add hashes to FIT blob srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$
Regards, Simon
Hi,
On 4 November 2014 00:39, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Thanks a lot for your replies The issue was where at symbol was supposed to be changed to @
kernel at 1 {data = /incbin/("Image.lzo");type = "kernel";arch = "arm";os = "linux";compression = "lzo";load = <0x80008000>;entry = <0x80008000>;hash at 1 {algo = "sha1";};When I was generating the keys ie., Step 4: Create a key pair
Am facing one more error while generating private key & certificate containing public key used for verification when I execute the below openssl commands it is saying can't open config file:
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl genrsa -F4 -out keys/dev.key 2048 WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Generating RSA private key, 2048 bit long modulus ............................+++ ...............................................+++ e is 65537 (0x10001) srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Unable to load config info from /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf
Did you mkdir keys?
Regards, Simon
Hi Simon
________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Friday, November 7, 2014 10:18 PM To: Srinivasan S Cc: Jagan Teki; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
Hi,
On 4 November 2014 00:39, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Thanks a lot for your replies The issue was where at symbol was supposed to be changed to @
kernel at 1 {data = /incbin/("Image.lzo");type = "kernel";arch = "arm";os = "linux";compression = "lzo";load = <0x80008000>;entry = <0x80008000>;hash at 1 {algo = "sha1";};When I was generating the keys ie., Step 4: Create a key pair
Am facing one more error while generating private key & certificate containing public key used for verification when I execute the below openssl commands it is saying can't open config file:
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl genrsa -F4 -out keys/dev.key 2048 WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Generating RSA private key, 2048 bit long modulus ............................+++ ...............................................+++ e is 65537 (0x10001) srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Unable to load config info from /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf
Did you mkdir keys?
Regards, Simon
Hi Simon,
As you suggested earlier am using u-boot-2014.07 & Am using ~/ti-sdk-am335x-evm-07.00.00.00/bin/create-sdcard.sh for creating the partitions, After creating the partitions I tried implementing step 7. Put U-Boot and the kernel onto the board & step 8. Try it, by the following steps, And when I tried to boot I am facing the below error for which am not able to get the uboot prompt
U-Boot SPL 2013.10-g78d8ebd (Mar 30 2014 - 20:46:34) reading args spl: error reading image args, err - -1 reading u-boot.img reading u-boot.img No valid FDT found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb> initcall sequence 808511ec failed at call 80833f84 ### ERROR ### Please RESET the board ###
Steps followed by me 1. As tmp directory was unavailable while mounting /dev/sdc1, so I created tmp directory while mounting /dev/sdc1 & executed the commands as below sudo mount /dev/sdc1 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /mnt/tmp/u-boot.img sleep 1 sudo umount /dev/sdc1
sudo mount /dev/sdc2 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work/image.fit /mnt/tmp/boot/image.fit sleep 1 sudo umount /dev/sdc2
2.
I have even tried copying MLO & u-boot.img of as below
sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/MLO /media/boot/ sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /media/boot/
appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image image.fit Image.lzo keys sign.its u-boot-dtb.img appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ sudo image.fit /media/rootfs/boot/
Could you please do the needful in resolving the above issue as am stuck with this last steps
Kindly do the needful as early as possible,
Many Thanks in advance
Hi Simon,
Hi Simon,
As you suggested earlier am using u-boot-2014.07 & Am using ~/ti-sdk-am335x-evm-07.00.00.00/bin/create-sdcard.sh for creating the partitions, After creating the partitions I tried implementing step 7. Put U-Boot and the kernel onto the board & step 8. Try it, by the following steps, And when I tried to boot I am facing the below error for which am not able to get the uboot prompt
U-Boot SPL 2013.10-g78d8ebd (Mar 30 2014 - 20:46:34) reading args spl: error reading image args, err - -1 reading u-boot.img reading u-boot.img No valid FDT found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb> initcall sequence 808511ec failed at call 80833f84 ### ERROR ### Please RESET the board ###
Steps followed by me 1. As tmp directory was unavailable while mounting /dev/sdc1, so I created tmp directory while mounting /dev/sdc1 & executed the commands as below sudo mount /dev/sdc1 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /mnt/tmp/u-boot.img sleep 1 sudo umount /dev/sdc1
sudo mount /dev/sdc2 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work/image.fit /mnt/tmp/boot/image.fit sleep 1 sudo umount /dev/sdc2
2.
I have even tried copying MLO & u-boot.img of as below, but still the same error where unable to get uboot prompt
sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/MLO /media/boot/ sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /media/boot/
appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image image.fit Image.lzo keys sign.its u-boot-dtb.img appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ sudo image.fit /media/rootfs/boot/
Please do the needful in resolving the above issue as this is the last steps
Many Thanks in Advance again,
________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Friday, November 7, 2014 10:18 PM To: Srinivasan S Cc: Jagan Teki; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
Hi,
On 4 November 2014 00:39, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Thanks a lot for your replies The issue was where at symbol was supposed to be changed to @
kernel at 1 {data = /incbin/("Image.lzo");type = "kernel";arch = "arm";os = "linux";compression = "lzo";load = <0x80008000>;entry = <0x80008000>;hash at 1 {algo = "sha1";};When I was generating the keys ie., Step 4: Create a key pair
Am facing one more error while generating private key & certificate containing public key used for verification when I execute the below openssl commands it is saying can't open config file:
srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl genrsa -F4 -out keys/dev.key 2048 WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Generating RSA private key, 2048 bit long modulus ............................+++ ...............................................+++ e is 65537 (0x10001) srinivasan@tata-HP-Elite-7100-Microtower-PC:~/TUNSTALL/board-support/linux-3.12.10-ti2013.12.01/work$ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt WARNING: can't open config file: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf Unable to load config info from /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/i686-arago-linux/usr/lib/ssl/openssl.cnf
Did you mkdir keys?
Regards, Simon
Hi,
On 9 November 2014 17:13, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon,
Hi Simon,
As you suggested earlier am using u-boot-2014.07 & Am using ~/ti-sdk-am335x-evm-07.00.00.00/bin/create-sdcard.sh for creating the partitions, After creating the partitions I tried implementing step 7. Put U-Boot and the kernel onto the board & step 8. Try it, by the following steps, And when I tried to boot I am facing the below error for which am not able to get the uboot prompt
U-Boot SPL 2013.10-g78d8ebd (Mar 30 2014 - 20:46:34) reading args spl: error reading image args, err - -1 reading u-boot.img reading u-boot.img No valid FDT found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb> initcall sequence 808511ec failed at call 80833f84 ### ERROR ### Please RESET the board ###
I think you may have missed something here. The instructions should tell you to use u-boot-dtb.img which has a device tree attached.
Also please can you read about 'top posting' - you should avoid doing this on the U-Boot mailing list. Put your response after any part of the message that you are responding to.
Steps followed by me
As tmp directory was unavailable while mounting /dev/sdc1, so I created tmp directory while mounting /dev/sdc1 & executed the commands as below sudo mount /dev/sdc1 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /mnt/tmp/u-boot.img sleep 1 sudo umount /dev/sdc1
sudo mount /dev/sdc2 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work/image.fit /mnt/tmp/boot/image.fit sleep 1 sudo umount /dev/sdc2
I have even tried copying MLO & u-boot.img of as below, but still the same error where unable to get uboot prompt
sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/MLO /media/boot/ sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /media/boot/
appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image image.fit Image.lzo keys sign.its u-boot-dtb.img appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ sudo image.fit /media/rootfs/boot/
Please do the needful in resolving the above issue as this is the last steps
Many Thanks in Advance again,
Regards, Simon
Hi ,
________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Monday, November 10, 2014 9:23 PM To: Srinivasan S Cc: Jagan Teki; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
Hi,
On 9 November 2014 17:13, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon,
Hi Simon,
As you suggested earlier am using u-boot-2014.07 & Am using ~/ti-sdk-am335x-evm-07.00.00.00/bin/create-sdcard.sh for creating the partitions, After creating the partitions I tried implementing step 7. Put U-Boot and the kernel onto the board & step 8. Try it, by the following steps, And when I tried to boot I am facing the below error for which am not able to get the uboot prompt
U-Boot SPL 2013.10-g78d8ebd (Mar 30 2014 - 20:46:34) reading args spl: error reading image args, err - -1 reading u-boot.img reading u-boot.img No valid FDT found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb> initcall sequence 808511ec failed at call 80833f84 ### ERROR ### Please RESET the board ###
I think you may have missed something here. The instructions should tell you to use u-boot-dtb.img which has a device tree attached.
Also please can you read about 'top posting' - you should avoid doing this on the U-Boot mailing list. Put your response after any part of the message that you are responding to.
Steps followed by me
As tmp directory was unavailable while mounting /dev/sdc1, so I created tmp directory while mounting /dev/sdc1 & executed the commands as below sudo mount /dev/sdc1 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /mnt/tmp/u-boot.img sleep 1 sudo umount /dev/sdc1
sudo mount /dev/sdc2 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work/image.fit /mnt/tmp/boot/image.fit sleep 1 sudo umount /dev/sdc2
I have even tried copying MLO & u-boot.img of as below, but still the same error where unable to get uboot prompt
sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/MLO /media/boot/ sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /media/boot/
appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image image.fit Image.lzo keys sign.its u-boot-dtb.img appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ sudo image.fit /media/rootfs/boot/
Please do the needful in resolving the above issue as this is the last steps
Many Thanks in Advance again,
Regards, Simon
Thanks a lot for your quick responses, Finally I got resolved this problem & was able to boot uboot 2014 with my linux kernel, The issue was I had defined the flag in CONFIG_EMBEDD in uboot 2014 & got resolved this issue
And sorry I didn't understand the meaning of TOP posting
Could you please suggest me w.r.t following points
1. And now Am trying to sign even my rootfs also from kernel, as long back you had suggested dm_verity could you please let me know which version of linux kernel in mainline is supported , so that I can back port it to my kernel & get rootfs also signed from my kernel & please let me know if any rootfs changes also required for this signing from kernel to rootfs or Is there any possible way to add hashes in sign.its for rootfs also, so that it gets verified, if this is possible could you please let me know how this can be done in sign.its (ie., how hashes can be added in rootfs)
2. And am trying to flash MLO, uboot.img, image.fit & rootfs into eMMC instaed of SD card could you please let me know how this can be flashed onto emmc & vcan be verified the same
Could you please let me know as early as possiblem as only this is left from my side w.r.t signing activity so that I can close this activity
Many Many Thanks Once again in advance
Hi,
On 11 November 2014 21:29, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi ,
From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Monday, November 10, 2014 9:23 PM To: Srinivasan S Cc: Jagan Teki; U-Boot Mailing List Subject: Re: [U-Boot] verified boot of beaglebone black
Hi,
On 9 November 2014 17:13, Srinivasan S srinivasan.s@tataelxsi.co.in wrote:
Hi Simon,
Hi Simon,
As you suggested earlier am using u-boot-2014.07 & Am using ~/ti-sdk-am335x-evm-07.00.00.00/bin/create-sdcard.sh for creating the partitions, After creating the partitions I tried implementing step 7. Put U-Boot and the kernel onto the board & step 8. Try it, by the following steps, And when I tried to boot I am facing the below error for which am not able to get the uboot prompt
U-Boot SPL 2013.10-g78d8ebd (Mar 30 2014 - 20:46:34) reading args spl: error reading image args, err - -1 reading u-boot.img reading u-boot.img No valid FDT found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb> initcall sequence 808511ec failed at call 80833f84 ### ERROR ### Please RESET the board ###
I think you may have missed something here. The instructions should tell you to use u-boot-dtb.img which has a device tree attached.
Also please can you read about 'top posting' - you should avoid doing this on the U-Boot mailing list. Put your response after any part of the message that you are responding to.
Steps followed by me
As tmp directory was unavailable while mounting /dev/sdc1, so I created tmp directory while mounting /dev/sdc1 & executed the commands as below sudo mount /dev/sdc1 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /mnt/tmp/u-boot.img sleep 1 sudo umount /dev/sdc1
sudo mount /dev/sdc2 /mnt/tmp sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work/image.fit /mnt/tmp/boot/image.fit sleep 1 sudo umount /dev/sdc2
I have even tried copying MLO & u-boot.img of as below, but still the same error where unable to get uboot prompt
sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/MLO /media/boot/ sudo cp ~/ti-sdk-am335x-evm-07.00.00.00/board-support/u-boot-2014.07/b/am335x_boneblack_vboot/u-boot.img /media/boot/
appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ ls am335x-boneblack.dtb am335x-boneblack-pubkey.dtb Image image.fit Image.lzo keys sign.its u-boot-dtb.img appusony@appusony-laptop:~/ti-sdk-am335x-evm-07.00.00.00/board-support/linux-3.12.10-ti2013.12.01/work$ sudo image.fit /media/rootfs/boot/
Please do the needful in resolving the above issue as this is the last steps
Many Thanks in Advance again,
Regards, Simon
Thanks a lot for your quick responses, Finally I got resolved this problem & was able to boot uboot 2014 with my linux kernel, The issue was I had defined the flag in CONFIG_EMBEDD in uboot 2014 & got resolved this issue
And sorry I didn't understand the meaning of TOP posting
Could you please suggest me w.r.t following points
- And now Am trying to sign even my rootfs also from kernel, as long back you had suggested dm_verity could you please let me know which version of linux kernel in mainline is supported , so that I can back port it to my kernel & get rootfs also signed from my kernel & please let me know if any rootfs changes also required for this signing from kernel to rootfs or Is there any possible way to add hashes in sign.its for rootfs also, so that it gets verified, if this is possible could you please let me know how this can be done in sign.its (ie., how hashes can be added in rootfs)
It was merged in late 2012, so any version since then should work, but I suggest going with a recent version.
- And am trying to flash MLO, uboot.img, image.fit & rootfs into eMMC instaed of SD card could you please let me know how this can be flashed onto emmc & vcan be verified the same
There are no special requirements here that I know of. U-Boot will verify the kernel wherever it comes from. I can't remember if I wrote the kernel to the boot partial (FAT format) or the /boot directory of the root disk (ext4 format). But wherever you write it such that U-Boot can find it will be fine.
Verify requires a block filesystem such as ext4 in a partition, and a separate area for hashes, typically 8MB or so. You will need to allocate off some space on the eMMC to hold the hashes, and run the tool to write them after you create your read-only ext2 filesystem.
On Chrome OS the hashes go in the same disk partition as the ext2 filesystem, and the filesystem is made a little bit smaller than the partition to provide space for that. The script that runs is here, although you're need to chase down quite a bit:
https://chromium.googlesource.com/chromiumos/platform/crosutils/+/master/bui...
Could you please let me know as early as possiblem as only this is left from my side w.r.t signing activity so that I can close this activity
I have to say I have not done verity outside the Chrome OS environment. I believe that Redhat uses it, so there might be pointers there too.
Regards, Simon
participants (3)
-
Jagan Teki -
Simon Glass -
Srinivasan S