From mboxrd@z Thu Jan 1 00:00:00 1970 From: Davis Roman Date: Tue, 24 Apr 2018 21:22:11 -0400 Subject: [U-Boot] u-boot.dtb is not generated when enabling verified boot In-Reply-To: References: Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Fabio, Additionally, I did check that my-blob.dtb does contain the public key after signing the fitimage by using 'fdtdump -s' Thank you, Davis On Tue, Apr 24, 2018 at 9:19 PM, Davis Roman wrote: > Hi Fabio, > > Thank you so much for responding. It's good to know that I'm not alone in > the world. :) > > Unfortunately, I'm stuck with 2016.03 for the moment. > > So I'm still having issues with getting verified boot to work. After > compiling and installing the new u-boot image on my board I noticed that it > bricked my board. > > After lots of trail and error, I tracked it down to CONFIG_OF_CONTROL. > When enabled, u-boot refuses to boot. ( no output is shown on the serial > debug interface) > > Since I'm using CONFIG_OF_SEPERATE, I suspect u-boot tries to read my > attached dtb blob however it's probably wrong. > > So my dts file looks like this: > > /dts-v1/; > > / { > model = "dummy"; > compatible = "dummy"; > > reset at 0 { > compatible = "dummy"; > }; > }; > > > > I know that the properties 'model' and 'compatible' matter when in regards > to the kernel however u-boot is using the device tree just to hold the > public key so do they still matter? > For now I just set them to "dummy" > > > Secondly, I'm doing: > > $ cat u-boot.imx my-blob.dtb > u-boot.imx.final > > > Do you see anything that stands out to you? > > Thank you! > > Davis > > > > On Tue, Apr 24, 2018 at 7:40 PM, Fabio Estevam wrote: > >> Hi Davis, >> >> On Fri, Apr 20, 2018 at 9:00 PM, Davis Roman >> wrote: >> > Hello, >> > >> > I'm trying to get verified-boot working using u-boot 2016.03 on an imx6. >> >> It would be better to try something more recent, such as 2018.03 instead. >> >> > So far I've managed to figure out that I need the following additional >> > config settings: >> > #define CONFIG_DM >> > #define CONFIG_ENABLE_VBOOT >> > #define CONFIG_RSA >> > #define CONFIG_FIT >> > #define CONFIG_OF_CONTROL >> > #define CONFIG_FIT_SIGNATURE >> > #define CONFIG_OF_SEPERATE >> > #define CONFIG_OF_LIBFDT >> > #define CONFIG_FIT_VERBOSE >> > >> > However, no matter what I do I can't seem to generate u-boot.dtb. >> >> This is expected if your board does not use device tree file in U-Boot. >> >> > >> > My understanding is that u-boot automatically generates this >> > u-boot.dtb for the purpose of storing >> > the public key when mkimage signs the fitimage and that this process >> > does not require that I provide a dts file. >> > >> > However, below are the files that are generated with my current >> > configuration and no u-boot.dtb file is generated. >> > >> > Additionally, since u-boot produces a u-boot-nodtb.bin, I figured it >> > was reasonable to believe that u-boot.bin contained the device tree >> > however as shown below both u-boot-nodtb.bin and u-boot.bin have an >> > idential hash. >> > >> > Is there something that I'm missing here? Any advice would be greatly >> > appreciated >> > >> > Thank you, >> > >> > Davis >> > >> > davis at XPS-15-9560:~/Desktop/u-boot-work/uboot-imx$ ls -l *u-boot* >> > -rwxrwxr-x 1 davis davis 3413272 Apr 20 23:41 u-boot >> > -rwxrwxr-x 1 davis davis 506052 Apr 20 23:37 u-boot.bin >> > -rw-rw-r-- 1 davis davis 39490 Apr 20 23:27 u-boot.cfg >> > -rw-rw-r-- 1 davis davis 510976 Apr 20 23:37 u-boot.imx >> >> That's the one you need. >> >> If your board does not use device tree you will get a u-boot.imx >> binary that you can flash into your boot media. >> > >