From mboxrd@z Thu Jan 1 00:00:00 1970 From: Davis Roman Date: Tue, 24 Apr 2018 21:19:39 -0400 Subject: [U-Boot] u-boot.dtb is not generated when enabling verified boot In-Reply-To: References: Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Fabio, Thank you so much for responding. It's good to know that I'm not alone in the world. :) Unfortunately, I'm stuck with 2016.03 for the moment. So I'm still having issues with getting verified boot to work. After compiling and installing the new u-boot image on my board I noticed that it bricked my board. After lots of trail and error, I tracked it down to CONFIG_OF_CONTROL. When enabled, u-boot refuses to boot. ( no output is shown on the serial debug interface) Since I'm using CONFIG_OF_SEPERATE, I suspect u-boot tries to read my attached dtb blob however it's probably wrong. So my dts file looks like this: /dts-v1/; / { model = "dummy"; compatible = "dummy"; reset at 0 { compatible = "dummy"; }; }; I know that the properties 'model' and 'compatible' matter when in regards to the kernel however u-boot is using the device tree just to hold the public key so do they still matter? For now I just set them to "dummy" Secondly, I'm doing: $ cat u-boot.imx my-blob.dtb > u-boot.imx.final Do you see anything that stands out to you? Thank you! Davis On Tue, Apr 24, 2018 at 7:40 PM, Fabio Estevam wrote: > Hi Davis, > > On Fri, Apr 20, 2018 at 9:00 PM, Davis Roman > wrote: > > Hello, > > > > I'm trying to get verified-boot working using u-boot 2016.03 on an imx6. > > It would be better to try something more recent, such as 2018.03 instead. > > > So far I've managed to figure out that I need the following additional > > config settings: > > #define CONFIG_DM > > #define CONFIG_ENABLE_VBOOT > > #define CONFIG_RSA > > #define CONFIG_FIT > > #define CONFIG_OF_CONTROL > > #define CONFIG_FIT_SIGNATURE > > #define CONFIG_OF_SEPERATE > > #define CONFIG_OF_LIBFDT > > #define CONFIG_FIT_VERBOSE > > > > However, no matter what I do I can't seem to generate u-boot.dtb. > > This is expected if your board does not use device tree file in U-Boot. > > > > > My understanding is that u-boot automatically generates this > > u-boot.dtb for the purpose of storing > > the public key when mkimage signs the fitimage and that this process > > does not require that I provide a dts file. > > > > However, below are the files that are generated with my current > > configuration and no u-boot.dtb file is generated. > > > > Additionally, since u-boot produces a u-boot-nodtb.bin, I figured it > > was reasonable to believe that u-boot.bin contained the device tree > > however as shown below both u-boot-nodtb.bin and u-boot.bin have an > > idential hash. > > > > Is there something that I'm missing here? Any advice would be greatly > > appreciated > > > > Thank you, > > > > Davis > > > > davis at XPS-15-9560:~/Desktop/u-boot-work/uboot-imx$ ls -l *u-boot* > > -rwxrwxr-x 1 davis davis 3413272 Apr 20 23:41 u-boot > > -rwxrwxr-x 1 davis davis 506052 Apr 20 23:37 u-boot.bin > > -rw-rw-r-- 1 davis davis 39490 Apr 20 23:27 u-boot.cfg > > -rw-rw-r-- 1 davis davis 510976 Apr 20 23:37 u-boot.imx > > That's the one you need. > > If your board does not use device tree you will get a u-boot.imx > binary that you can flash into your boot media. >