[U-Boot] u-boot.dtb is not generated when enabling verified boot
Davis Roman
davis.roman84 at gmail.com
Wed Apr 25 01:19:39 UTC 2018
Hi Fabio,
Thank you so much for responding. It's good to know that I'm not alone in
the world. :)
Unfortunately, I'm stuck with 2016.03 for the moment.
So I'm still having issues with getting verified boot to work. After
compiling and installing the new u-boot image on my board I noticed that it
bricked my board.
After lots of trail and error, I tracked it down to CONFIG_OF_CONTROL. When
enabled, u-boot refuses to boot. ( no output is shown on the serial debug
interface)
Since I'm using CONFIG_OF_SEPERATE, I suspect u-boot tries to read my
attached dtb blob however it's probably wrong.
So my dts file looks like this:
/dts-v1/;
/ {
model = "dummy";
compatible = "dummy";
reset at 0 {
compatible = "dummy";
};
};
I know that the properties 'model' and 'compatible' matter when in regards
to the kernel however u-boot is using the device tree just to hold the
public key so do they still matter?
For now I just set them to "dummy"
Secondly, I'm doing:
$ cat u-boot.imx my-blob.dtb > u-boot.imx.final
Do you see anything that stands out to you?
Thank you!
Davis
On Tue, Apr 24, 2018 at 7:40 PM, Fabio Estevam <festevam at gmail.com> wrote:
> Hi Davis,
>
> On Fri, Apr 20, 2018 at 9:00 PM, Davis Roman <davis.roman84 at gmail.com>
> wrote:
> > Hello,
> >
> > I'm trying to get verified-boot working using u-boot 2016.03 on an imx6.
>
> It would be better to try something more recent, such as 2018.03 instead.
>
> > So far I've managed to figure out that I need the following additional
> > config settings:
> > #define CONFIG_DM
> > #define CONFIG_ENABLE_VBOOT
> > #define CONFIG_RSA
> > #define CONFIG_FIT
> > #define CONFIG_OF_CONTROL
> > #define CONFIG_FIT_SIGNATURE
> > #define CONFIG_OF_SEPERATE
> > #define CONFIG_OF_LIBFDT
> > #define CONFIG_FIT_VERBOSE
> >
> > However, no matter what I do I can't seem to generate u-boot.dtb.
>
> This is expected if your board does not use device tree file in U-Boot.
>
> >
> > My understanding is that u-boot automatically generates this
> > u-boot.dtb for the purpose of storing
> > the public key when mkimage signs the fitimage and that this process
> > does not require that I provide a dts file.
> >
> > However, below are the files that are generated with my current
> > configuration and no u-boot.dtb file is generated.
> >
> > Additionally, since u-boot produces a u-boot-nodtb.bin, I figured it
> > was reasonable to believe that u-boot.bin contained the device tree
> > however as shown below both u-boot-nodtb.bin and u-boot.bin have an
> > idential hash.
> >
> > Is there something that I'm missing here? Any advice would be greatly
> > appreciated
> >
> > Thank you,
> >
> > Davis
> >
> > davis at XPS-15-9560:~/Desktop/u-boot-work/uboot-imx$ ls -l *u-boot*
> > -rwxrwxr-x 1 davis davis 3413272 Apr 20 23:41 u-boot
> > -rwxrwxr-x 1 davis davis 506052 Apr 20 23:37 u-boot.bin
> > -rw-rw-r-- 1 davis davis 39490 Apr 20 23:27 u-boot.cfg
> > -rw-rw-r-- 1 davis davis 510976 Apr 20 23:37 u-boot.imx
>
> That's the one you need.
>
> If your board does not use device tree you will get a u-boot.imx
> binary that you can flash into your boot media.
>
More information about the U-Boot
mailing list