[U-Boot] u-boot hangs after enabling secured boot : gumstix-overo

Arun Kuttiyara Varghese arunkuttiyara at gmail.com
Fri May 27 23:01:24 CEST 2016


Hi Simon,

Thanks a lot for your help.

I was experimenting with few options :
finally I got a working combination.

I added below options in configs/omap3_overo_defconfig
CONFIG_RSA=y
CONFIG_DM=y

and in include/configs/omap3_overo.h.

#define CONFIG_OF_CONTROL
#define CONFIG_OF_SEPARATE
#define CONFIG_FIT
#define CONFIG_FIT_SIGNATURE
#define CONFIG_FIT_VERBOSE

and used EXT_DTB option for make.

now it works fine for the verified boot for gumstix overo.

So I think, putting CONFIG_RSA [CONFIG_RSA alone, since I can't put all
there - board hanging issue ] in defconfig enabled the RSA options for the
board.

Thanks & Regards,
Arun













On Wed, May 18, 2016 at 11:59 PM, Simon Glass <sjg at chromium.org> wrote:

> Hi Arun,
>
> On 3 May 2016 at 19:50, Arun Kuttiyara Varghese <arunkuttiyara at gmail.com>
> wrote:
> > Hi Simon,
> >
> > Thanks for the help.
> >
> > There is an update.
> >
> > I experimented with the two options.
> >
> > Option 1
> > =====
> >
> > Like you mentioned, I tried putting all the RSA boot options to
> > configs/omap3_overo_defconfig.
> > but surprisingly, the board was not able to boot. it stucks after
> printing
> > one line of junk characters.
> >
> > So I think, putting definitions in include/configs/omap3_overo.h is also
> > fine ?
>
> Not if it is in Kconfig. That sounds like a separate problem. But i"m
> not sure what.
>
> >
> > Option 2
> > ====
> >
> > 1. changed u-boot-dtb.img name to u-boot.img .
> > 2. then board is able to boot, but gives the below message when I tried
> to
> > use bootm.
> >
> > Overo #
> > ## Loading kernel from FIT Image at 82000000 ...
> >    Using 'conf at 1' configuration
> >    Verifying Hash Integrity ... sha1,rsa2048:my_keyRSA: Can't find
> Modular
> > Exp implementation
> > RSA: Can't find Modular Exp implementation
> > - Failed to verify required signature 'key-my_key'
> > Bad Data Hash
> > ERROR: can't get kernel image!
> > Overo #
>
> If you grep for that message you see:
>
> ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> if (ret) {
> printf("RSA: Can't find Modular Exp implementation\n");
> return -EINVAL;
> }
>
> It is trying to find that uclass. Assuming that you have driver model
> enabled (CONFIG_DM), I wonder if you have CONFIG_RSA_SOFTWARE_EXP
> enabled? Unfortunately it looks like you have to do that manually as
> the option is not in Kconfig.
>
> It is a driver for modular exponentiation, used for RSA. Some chips
> include hardware acceleration, but there is a software driver as a
> fallback.
>
> >
> >
> > As mentioned in doc/uImage.FIT/beaglebone_vboot.txt, I tried the script -
> > tools/fit_check_sign, and its output is normal. Able to verify the
> > signature.
> >
> > So still dont know, what is the exact issue, why I am getting the above
> > error message.
> > I searched for UCLASS_MOD_EXP,     /* RSA Mod Exp device */, but couldn't
> > get much info.
> >
> > What is RSA Mod Exp device and how to make sure that I have that ?
> >
> > Any input to debugging will be greatly helpful.
> >
> > Thanks & Regards,
> > Arun
> >
> >
>
> Regards,
> Simon
>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Sun, May 1, 2016 at 2:55 PM, Simon Glass <sjg at chromium.org> wrote:
> >>
> >> Hi Arun,
> >>
> >> On 28 April 2016 at 14:48, Arun Kuttiyara Varghese
> >> <arunkuttiyara at gmail.com> wrote:
> >> > Hi All,
> >> >
> >> > I was trying to enable the secured boot in u-boot for gumstix overo
> >> > storm.
> >> >
> >> > based on http://www.denx-cs.de/doku/?q=m28verifiedboot
> >> >
> >> > After I prepared by SD cards, u-boot is not able to boot
> >> > and gives the below error message.
> >> >
> >> >
> >> > U-Boot SPL 2015.07 (Apr 28 2016 - 13:53:06)
> >> > SPL: Please implement spl_start_uboot() for your board
> >>
> >> This seems to be implemented for pepper, so to avoid this warning you
> >> could add this function for your board.
> >> .
> >> > SPL: Direct Linux boot not active!
> >> > reading u-boot.img
> >> > spl_load_image_fat: error reading image u-boot.img, err - -1
> >> > SPL: Please implement spl_start_uboot() for your board
> >> > SPL: Direct Linux boot not active!
> >> > Failed to mount ext2 filesystem...
> >> > spl_load_image_ext: ext4fs mount err - 0
> >> >
> >> > ================
> >> >
> >> > This is the u-boot.dts file that I am using.
> >> >
> >> >
> >> > /dts-v1/;
> >> >
> >> > / {
> >> >         model = "Keys";
> >> >
> >> >         signature {
> >> >                 key-dev {
> >> >                         required = "conf";
> >> >                         algo = "sha1,rsa2048";
> >> >                         key-name-hint = "my_key";
> >> >                 };
> >> >         };
> >> > };
> >> >
> >> > compilation using :
> >> > dtc -p 0x1000 /work/u-boot.dts -O dtb -o /work/u-boot.dtb
> >> >
> >> > And these are the conf that I have added to
> >> > include/configs/omap3_overo.h
> >> >
> >> >  #define CONFIG_OF_CONTROL
> >> >  #define CONFIG_OF_SEPARATE
> >> >  #define CONFIG_FIT
> >> >  #define CONFIG_FIT_SIGNATURE
> >> >  #define CONFIG_RSA
> >> >  #define CONFIG_FIT_VERBOSE
> >>
> >> These are in Kconfig now, so you should add them to
> >> configs/omap3_overo_defconfig.
> >>
> >> I'm not sure what is wrong, but those two things might help.
> >>
> >> >
> >> > and I am compiling u-boot by using below line :
> >> >
> >> > make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi-
> EXT_DTB=/work/u-boot.dtb
> >> > all
> >> > -j4
> >> >
> >> > Please let me know if you have any ideas on how to debug this issue.
> >> >
> >> > Thanks & Regards,
> >> > Arun
> >> Regards,
> >> Simon
> >
> >
>


More information about the U-Boot mailing list