FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

imx8m (coral) verified boot issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx8m (coral) verified boot issues

‎09-27-2021 06:11 AM
1,070 Views
uboot_problem
Contributor I

I'm dealing with a couple of issues trying to setup verified boot on a coral dev board.

I've got an yocto image running fine on the system.

I've added mkimage to the build and I'm facing two issues. First one is related to the .its file. The contents of the file are currently of the following structure:

/dts-v1/;
/ {
	description = "img";
	#address-cells = <1>;

	images {
		kernel@1 {
			description = "linux kernel";
			data = /incbin/("/boot/Image");
			type = "kernel";
			arch = "arm64";
			os = "linux";
			compression = "none";
			load = <0x00008000>;
			entry = <0x00008000>;
			hash@1 {
				algo = "sha1";
			};
			signature@1 {
				algo = "sha1,rs2048";
			};
		};
		fdt@1 {
			description = "Flattened Device Tree blob";
			data = /incbin/("/boot/fsl-imx8mq-phanbell.dtb");
			type = "flat_dt";
			arch = "arm";
			compression = "none";
			hash@1 {
				algo = "sha1";
			};
			signature@1 {
				algo = "sha1,rs2048";
			};
		};

	};

	configurations {
		default = "conf@1";
		conf@1 {
			description = "Boot Linux kernel with FDT blob";
			kernel = "kernel@1";
			fdt = "fdt@1";
		};
	};
};

 

"Image" corresponds to the zImage of the kernel. I'm trying to create a FIT image with the following commands (certs exist under ./keys)

#1
mkimage -f kernel_fdt.its image.fit
#2
mkimage -F image.fit -k keys -K fsl-imx8mq-phanbell.dtb -c "message" -r

However the second command, which is supposed to sign the image throws an error on:

Unsupported signature algorithm (sha1,rs2048) for 'signature@1' signature node in 'kernel@1' image node
mkimage Can't add hashes to FIT blob: -1

Is there some missing config parameter in my kernel/uboot defconfig? I had a hard time finding answers via google.

 

If I leave the signature parts out of the .its file, then the signing succeeds without issues. However if i try to boot that new image via the following commands:

#0x40480000 corresponds to loadaddr
ext4load mmc 0:2 0x40480000 /boot/image.fit
bootm 0x40480000
...
#result
Verifying Hash Integrity ... sha1+ OK
Loading Kernel Image ... Image too large: increase CONFIG_SYS_BOOTM_LEN

 

I've patched the topmost yocto layer with the increased CONFIG_SYS_BOOTM_LEN via "include/configs/imx8mq_phanbell.h" file, and even tried overriding it via "common/bootm.c", but neither had any effect on the uboot errors.

Are there any alternative workarounds for these issues, or any further resources I should be looking into?

0 Kudos
Reply
1 Reply

‎09-29-2021 01:54 PM
1,054 Views
Juan-Rodarte
NXP Employee
NXP Employee

Hello,

Coral is not supported by us, I leave you a page with documentation that can help you.
https://coral.ai/docs/

Best Regards,

Diego

0 Kudos
Reply