[U-Boot] About verify uboot

Simon Glass sjg at chromium.org
Fri Sep 5 00:52:48 CEST 2014


Hi,

On 21 July 2014 21:08, Duxiaoqiang <duxiaoqiang at huawei.com> wrote:
>
> Hi
>
> I try to make use of uboot's secure verify feature, but failed. My procedure is below:
>
> 1)       Enable control device tree
>
> Ø  Add CONFIG_OF_CONTROL / CONFIG_OF_SEPARATE to file vexpress_aemv8a.h
>
> 2)       Enable FIT and verify boot
>
> Ø  Add CONFIG_FIT/CONFIG_RSA/CONFIG_FIT_SIGNATURE to file vexpress_aemv8a.h
>
> 3)       Create RSA key pair use openssl named dev
>
> 4)       Create uboot.dts file as bellow
>
> /dts-v1/;
>
> / {
>         model = "Keys";
>         compatible = "denx, arm64 ";
>
>         signature {
>                 key-dev {
>                         required = "conf";
>                         algo = "sha1,rsa2048";
>                         key-name-hint = "dev";
>                 };
>         };
> };
>
>
> 5)       Compile uboot.dtb file
>
> dtc -p 0x1000 .uboot.dts -O dtb -o work/uboot.dtb
>
> 6)       Create kernel.its file as bellow
>
> /dts-v1/;
> / {
>
>         description = "Simple image with single Linux kernel and FDT blob";
>
>         #address-cells = <1>;
>
>        images {
>
>                 kernel at 1 {
>
>                         description = "Linux kernel";
>
>                         data = /incbin/("./arch/arm/boot/zImage");
>
>                         type = "kernel";
>
>                         arch = "arm";
>
>                         os = "linux";
>
>                         compression = "none";
>
>                         load = <0x40008000>;
>
>                         entry = <0x40008000>;
>
>                          hash at 1 {
>
>                                 algo = "sha1";
>
>                         };
>
>                 };
>
>
>                 fdt at 1 {
>
>                         description = "Flattened Device Tree blob";
>
>                         data = /incbin/("./arch/arm/boot/arm64.dtb");
>
>                         type = "flat_dt";
>
>                         arch = "arm";
>
>                         compression = "none";
>
>                         hash at 1 {
>
>                                 algo = "sha1";
>
>                         };
>
>                 };
>
>         };
>
>
>
>         configurations {
>
>                 default = "conf at 1";
>
>                 conf at 1 {
>
>                         description = "Boot Linux kernel with FDT blob";
>
>                         kernel = "kernel at 1";
>
>                         fdt = "fdt at 1";
>
>                         signature at 1 {
>
>                                 algo = "sha1,rsa2048";
>
>                                 key-name-hint = "dev ";
>
>                         };
>
>                 };
>
>         };
>
> };
>
> 7)       Sign the image
>
> Mkimage -D "-I dts -O dtb -p 2000" -f kernel.its - K uboot.dtb -k keys -r rsa.img
>
> 8)       Make uboot FDT
>
> Make vexpress_aem64a_config
>
> Make DEV_TREE_BIN = work/uboot.dtb
>
>        And the Error is happened when build uboot FDT, error information is "Please define CONFIG_DEFAULT_DEVICE_TREE or build with DEVICE_TREE= argument".
>
>          My question is :
>        > Should I need to specify uboot.dts file when building FDT uboot

I only just saw this email. Yes, device tree is required.

Regards,
Simon


More information about the U-Boot mailing list