diff options
Diffstat (limited to 'doc/uImage.FIT/beaglebone_vboot.txt')
| -rw-r--r-- | doc/uImage.FIT/beaglebone_vboot.txt | 84 |
1 files changed, 42 insertions, 42 deletions
diff --git a/doc/uImage.FIT/beaglebone_vboot.txt b/doc/uImage.FIT/beaglebone_vboot.txt index b4ab28542e..f1862c2753 100644 --- a/doc/uImage.FIT/beaglebone_vboot.txt +++ b/doc/uImage.FIT/beaglebone_vboot.txt @@ -130,7 +130,7 @@ Put this into a file in that directory called sign.its: #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("Image.lzo"); type = "kernel"; arch = "arm"; @@ -138,27 +138,27 @@ Put this into a file in that directory called sign.its: compression = "lzo"; load = <0x80008000>; entry = <0x80008000>; - hash@1 { + hash-1 { algo = "sha1"; }; }; - fdt@1 { + fdt-1 { description = "beaglebone-black"; data = /incbin/("am335x-boneblack.dtb"); type = "flat_dt"; arch = "arm"; compression = "none"; - hash@1 { + hash-1 { algo = "sha1"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature-1 { algo = "sha1,rsa2048"; key-name-hint = "dev"; sign-images = "fdt", "kernel"; @@ -211,7 +211,7 @@ You should see something like this: FIT description: Beaglebone black Created: Sun Jun 1 12:50:30 2014 - Image 0 (kernel@1) + Image 0 (kernel) Description: unavailable Created: Sun Jun 1 12:50:30 2014 Type: Kernel Image @@ -223,7 +223,7 @@ Created: Sun Jun 1 12:50:30 2014 Entry Point: 0x80008000 Hash algo: sha1 Hash value: c94364646427e10f423837e559898ef02c97b988 - Image 1 (fdt@1) + Image 1 (fdt-1) Description: beaglebone-black Created: Sun Jun 1 12:50:30 2014 Type: Flat Device Tree @@ -232,11 +232,11 @@ Created: Sun Jun 1 12:50:30 2014 Architecture: ARM Hash algo: sha1 Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d - Default Configuration: 'conf@1' - Configuration 0 (conf@1) + Default Configuration: 'conf-1' + Configuration 0 (conf-1) Description: unavailable - Kernel: kernel@1 - FDT: fdt@1 + Kernel: kernel + FDT: fdt-1 Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains @@ -251,12 +251,12 @@ which results in: Verifying Hash Integrity ... sha1,rsa2048:dev+ ## Loading kernel from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: Sun Jun 1 12:50:30 2014 Type: Kernel Image @@ -274,8 +274,8 @@ OK Unimplemented compression type 4 ## Loading fdt from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: Sun Jun 1 12:50:30 2014 Type: Flat Device Tree @@ -291,7 +291,7 @@ OK Loading Flat Device Tree ... OK ## Loading ramdisk from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Could not find subimage node Signature check OK @@ -313,8 +313,8 @@ the above flow works. But it is fun to do this by hand, so you can load image.fit into a hex editor like ghex, and change a byte in the kernel: - $UOUT/tools/fit_info -f image.fit -n /images/kernel@1 -p data -NAME: kernel@1 + $UOUT/tools/fit_info -f image.fit -n /images/kernel -p data +NAME: kernel LEN: 7790938 OFF: 168 @@ -324,12 +324,12 @@ fit_check_sign again. You should see something like: Verifying Hash Integrity ... sha1,rsa2048:dev+ ## Loading kernel from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: Sun Jun 1 13:09:21 2014 Type: Kernel Image @@ -343,12 +343,12 @@ OK Hash value: c94364646427e10f423837e559898ef02c97b988 Verifying Hash Integrity ... sha1 error -Bad hash value for 'hash@1' hash node in 'kernel@1' image node +Bad hash value for 'hash-1' hash node in 'kernel' image node Bad Data Hash ## Loading fdt from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: Sun Jun 1 13:09:21 2014 Type: Flat Device Tree @@ -364,7 +364,7 @@ OK Loading Flat Device Tree ... OK ## Loading ramdisk from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Could not find subimage node Signature check Bad (error 1) @@ -386,11 +386,11 @@ images configurations fdtget -l image.fit /configurations -conf@1 -fdtget -l image.fit /configurations/conf@1 -signature@1 +conf-1 +fdtget -l image.fit /configurations/conf-1 +signature-1 - fdtget -p image.fit /configurations/conf@1/signature@1 + fdtget -p image.fit /configurations/conf-1/signature-1 hashed-strings hashed-nodes timestamp @@ -401,20 +401,20 @@ algo key-name-hint sign-images - fdtget image.fit /configurations/conf@1/signature@1 hashed-nodes -/ /configurations/conf@1 /images/fdt@1 /images/fdt@1/hash@1 /images/kernel@1 /images/kernel@1/hash@1 + fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes +/ /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1 This gives us a bit of a look into the signature that mkimage added. Note you can also use fdtdump to list the entire device tree. Say we want to change the kernel that this configuration uses -(/images/kernel@1). We could just put a new kernel in the image, but we will +(/images/kernel). We could just put a new kernel in the image, but we will need to change the hash to match. Let's simulate that by changing a byte of the hash: - fdtget -tx image.fit /images/kernel@1/hash@1 value + fdtget -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b988 - fdtput -tx image.fit /images/kernel@1/hash@1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981 + fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981 Now check it again: @@ -437,7 +437,7 @@ configuration. But that won't work since you are not allowed to change the configuration in any way. Try it with a fresh (valid) image if you like by running the mkimage link again. Then: - fdtput -p image.fit /configurations/conf@1/signature@2 value fred + fdtput -p image.fit /configurations/conf-1/signature-1 value fred $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb Verifying Hash Integrity ... - sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13 @@ -521,9 +521,9 @@ U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit 7824930 bytes read in 589 ms (12.7 MiB/s) U-Boot# bootm 82000000 ## Loading kernel from FIT Image at 82000000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: 2014-06-01 19:32:54 UTC Type: Kernel Image @@ -538,8 +538,8 @@ U-Boot# bootm 82000000 Hash value: c94364646427e10f423837e559898ef02c97b988 Verifying Hash Integrity ... sha1+ OK ## Loading fdt from FIT Image at 82000000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: 2014-06-01 19:32:54 UTC Type: Flat Device Tree |