[U-Boot] About verify uboot
Duxiaoqiang
duxiaoqiang at huawei.com
Tue Jul 22 05:08:29 CEST 2014
Hi
I try to make use of uboot's secure verify feature, but failed. My procedure is below:
1) Enable control device tree
Ø Add CONFIG_OF_CONTROL / CONFIG_OF_SEPARATE to file vexpress_aemv8a.h
2) Enable FIT and verify boot
Ø Add CONFIG_FIT/CONFIG_RSA/CONFIG_FIT_SIGNATURE to file vexpress_aemv8a.h
3) Create RSA key pair use openssl named dev
4) Create uboot.dts file as bellow
/dts-v1/;
/ {
model = "Keys";
compatible = "denx, arm64 ";
signature {
key-dev {
required = "conf";
algo = "sha1,rsa2048";
key-name-hint = "dev";
};
};
};
5) Compile uboot.dtb file
dtc -p 0x1000 .uboot.dts -O dtb -o work/uboot.dtb
6) Create kernel.its file as bellow
/dts-v1/;
/ {
description = "Simple image with single Linux kernel and FDT blob";
#address-cells = <1>;
images {
kernel at 1 {
description = "Linux kernel";
data = /incbin/("./arch/arm/boot/zImage");
type = "kernel";
arch = "arm";
os = "linux";
compression = "none";
load = <0x40008000>;
entry = <0x40008000>;
hash at 1 {
algo = "sha1";
};
};
fdt at 1 {
description = "Flattened Device Tree blob";
data = /incbin/("./arch/arm/boot/arm64.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
hash at 1 {
algo = "sha1";
};
};
};
configurations {
default = "conf at 1";
conf at 1 {
description = "Boot Linux kernel with FDT blob";
kernel = "kernel at 1";
fdt = "fdt at 1";
signature at 1 {
algo = "sha1,rsa2048";
key-name-hint = "dev ";
};
};
};
};
7) Sign the image
Mkimage -D "-I dts -O dtb -p 2000" -f kernel.its - K uboot.dtb -k keys -r rsa.img
8) Make uboot FDT
Make vexpress_aem64a_config
Make DEV_TREE_BIN = work/uboot.dtb
And the Error is happened when build uboot FDT, error information is "Please define CONFIG_DEFAULT_DEVICE_TREE or build with DEVICE_TREE= argument".
My question is :
> Should I need to specify uboot.dts file when building FDT uboot
Best regards
Jason.
More information about the U-Boot
mailing list