blob: 1298ba1ae08410e3027771304eab7c4ef9365a21 [file] [log] [blame]
Simon Glassad29e082023-06-23 13:22:06 +01001.. SPDX-License-Identifier: GPL-2.0+
2
3Verified Boot on the Beaglebone Black
4=====================================
5
6Introduction
7------------
8
9Before reading this, please read :doc:`verified-boot` and :doc:`signature`.
10These instructions are for mainline U-Boot from v2014.07 onwards.
11
12There is quite a bit of documentation in this directory describing how
13verified boot works in U-Boot. There is also a test which runs through the
14entire process of signing an image and running U-Boot (sandbox) to check it.
15However, it might be useful to also have an example on a real board.
16
17Beaglebone Black is a fairly common board so seems to be a reasonable choice
18for an example of how to enable verified boot using U-Boot.
19
20First a note that may to help avoid confusion. U-Boot and Linux both use
21device tree. They may use the same device tree source, but it is seldom useful
22for them to use the exact same binary from the same place. More typically,
23U-Boot has its device tree packaged with it, and the kernel's device tree is
24packaged with the kernel. In particular this is important with verified boot,
25since U-Boot's device tree must be immutable. If it can be changed then the
26public keys can be changed and verified boot is useless. An attacker can
27simply generate a new key and put his public key into U-Boot so that
28everything verifies. On the other hand the kernel's device tree typically
29changes when the kernel changes, so it is useful to package an updated device
30tree with the kernel binary. U-Boot supports the latter with its flexible FIT
31format (Flat Image Tree).
32
33
34Overview
35--------
36
37The steps are roughly as follows:
38
39#. Build U-Boot for the board, with the verified boot options enabled.
40
41#. Obtain a suitable Linux kernel
42
43#. Create a Image Tree Source file (ITS) file describing how you want the
44 kernel to be packaged, compressed and signed.
45
46#. Create a key pair
47
48#. Sign the kernel
49
50#. Put the public key into U-Boot's image
51
52#. Put U-Boot and the kernel onto the board
53
54#. Try it
55
56
57Step 1: Build U-Boot
58--------------------
59
60a. Set up the environment variable to point to your toolchain. You will need
61 this for U-Boot and also for the kernel if you build it. For example if you
62 installed a Linaro version manually it might be something like::
63
64 export CROSS_COMPILE=/opt/linaro/gcc-linaro-arm-linux-gnueabihf-4.8-2013.08_linux/bin/arm-linux-gnueabihf-
65
66 or if you just installed gcc-arm-linux-gnueabi then it might be::
67
68 export CROSS_COMPILE=arm-linux-gnueabi-
69
Simon Glassd7809652024-06-27 09:29:49 +010070b. Configure and build U-Boot with verified boot enabled. Note that we use the
71am335x_evm target since it covers all boards based on the AM335x evaluation
72board::
Simon Glassad29e082023-06-23 13:22:06 +010073
74 export UBOOT=/path/to/u-boot
75 cd $UBOOT
76 # You can add -j10 if you have 10 CPUs to make it faster
Simon Glassd7809652024-06-27 09:29:49 +010077 make O=b/am335x_evm am335x_evm_config all
78 export UOUT=$UBOOT/b/am335x_evm
Simon Glassad29e082023-06-23 13:22:06 +010079
80c. You will now have a U-Boot image::
81
Simon Glassd7809652024-06-27 09:29:49 +010082 file b/am335x_evm/u-boot-dtb.img
83 b/am335x_evm/u-boot-dtb.img: u-boot legacy uImage,
Simon Glassad29e082023-06-23 13:22:06 +010084 U-Boot 2014.07-rc2-00065-g2f69f8, Firmware/ARM, Firmware Image
85 (Not compressed), 395375 bytes, Sat May 31 16:19:04 2014,
86 Load Address: 0x80800000, Entry Point: 0x00000000,
87 Header CRC: 0x0ABD6ACA, Data CRC: 0x36DEF7E4
88
89
90Step 2: Build Linux
Heinrich Schuchardtb214e882023-10-28 11:59:32 +020091-------------------
Simon Glassad29e082023-06-23 13:22:06 +010092
93a. Find the kernel image ('Image') and device tree (.dtb) file you plan to
94 use. In our case it is am335x-boneblack.dtb and it is built with the kernel.
95 At the time of writing an SD Boot image can be obtained from here::
96
97 http://www.elinux.org/Beagleboard:Updating_The_Software#Image_For_Booting_From_microSD
98
99 You can write this to an SD card and then mount it to extract the kernel and
100 device tree files.
101
102 You can also build a kernel. Instructions for this are are here::
103
104 http://elinux.org/Building_BBB_Kernel
105
106 or you can use your favourite search engine. Following these instructions
107 produces a kernel Image and device tree files. For the record the steps
108 were::
109
110 export KERNEL=/path/to/kernel
111 cd $KERNEL
112 git clone git://github.com/beagleboard/kernel.git .
113 git checkout v3.14
114 ./patch.sh
115 cp configs/beaglebone kernel/arch/arm/configs/beaglebone_defconfig
116 cd kernel
117 make beaglebone_defconfig
118 make uImage dtbs # -j10 if you have 10 CPUs
119 export OKERNEL=$KERNEL/kernel/arch/arm/boot
120
121b. You now have the 'Image' and 'am335x-boneblack.dtb' files needed to boot.
122
123
124Step 3: Create the ITS
125----------------------
126
127Set up a directory for your work::
128
129 export WORK=/path/to/dir
130 cd $WORK
131
132Put this into a file in that directory called sign.its::
133
134 /dts-v1/;
135
136 / {
137 description = "Beaglebone black";
138 #address-cells = <1>;
139
140 images {
141 kernel {
142 data = /incbin/("Image.lzo");
143 type = "kernel";
144 arch = "arm";
145 os = "linux";
146 compression = "lzo";
147 load = <0x80008000>;
148 entry = <0x80008000>;
149 hash-1 {
Sean Anderson291ab912023-12-02 14:33:14 -0500150 algo = "sha256";
Simon Glassad29e082023-06-23 13:22:06 +0100151 };
152 };
153 fdt-1 {
154 description = "beaglebone-black";
155 data = /incbin/("am335x-boneblack.dtb");
156 type = "flat_dt";
157 arch = "arm";
158 compression = "none";
159 hash-1 {
Sean Anderson291ab912023-12-02 14:33:14 -0500160 algo = "sha256";
Simon Glassad29e082023-06-23 13:22:06 +0100161 };
162 };
163 };
164 configurations {
165 default = "conf-1";
166 conf-1 {
167 kernel = "kernel";
168 fdt = "fdt-1";
169 signature-1 {
Sean Anderson291ab912023-12-02 14:33:14 -0500170 algo = "sha256,rsa2048";
Simon Glassad29e082023-06-23 13:22:06 +0100171 key-name-hint = "dev";
172 sign-images = "fdt", "kernel";
173 };
174 };
175 };
176 };
177
178
179The explanation for this is all in the documentation you have already read.
180But briefly it packages a kernel and device tree, and provides a single
181configuration to be signed with a key named 'dev'. The kernel is compressed
182with LZO to make it smaller.
183
184
185Step 4: Create a key pair
186-------------------------
187
188See :doc:`signature` for details on this step::
189
190 cd $WORK
191 mkdir keys
192 openssl genrsa -F4 -out keys/dev.key 2048
193 openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
194
195Note: keys/dev.key contains your private key and is very secret. If anyone
196gets access to that file they can sign kernels with it. Keep it secure.
197
198
199Step 5: Sign the kernel
200-----------------------
201
202We need to use mkimage (which was built when you built U-Boot) to package the
203Linux kernel into a FIT (Flat Image Tree, a flexible file format that U-Boot
204can load) using the ITS file you just created.
205
206At the same time we must put the public key into U-Boot device tree, with the
207'required' property, which tells U-Boot that this key must be verified for the
208image to be valid. You will make this key available to U-Boot for booting in
209step 6::
210
211 ln -s $OKERNEL/dts/am335x-boneblack.dtb
212 ln -s $OKERNEL/Image
213 ln -s $UOUT/u-boot-dtb.img
214 cp $UOUT/arch/arm/dts/am335x-boneblack.dtb am335x-boneblack-pubkey.dtb
215 lzop Image
216 $UOUT/tools/mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit
217
218You should see something like this::
219
220 FIT description: Beaglebone black
221 Created: Sun Jun 1 12:50:30 2014
222 Image 0 (kernel)
223 Description: unavailable
224 Created: Sun Jun 1 12:50:30 2014
225 Type: Kernel Image
226 Compression: lzo compressed
227 Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB
228 Architecture: ARM
229 OS: Linux
230 Load Address: 0x80008000
231 Entry Point: 0x80008000
Sean Anderson291ab912023-12-02 14:33:14 -0500232 Hash algo: sha256
233 Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Simon Glassad29e082023-06-23 13:22:06 +0100234 Image 1 (fdt-1)
235 Description: beaglebone-black
236 Created: Sun Jun 1 12:50:30 2014
237 Type: Flat Device Tree
238 Compression: uncompressed
239 Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
240 Architecture: ARM
Sean Anderson291ab912023-12-02 14:33:14 -0500241 Hash algo: sha256
242 Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Simon Glassad29e082023-06-23 13:22:06 +0100243 Default Configuration: 'conf-1'
244 Configuration 0 (conf-1)
245 Description: unavailable
246 Kernel: kernel
247 FDT: fdt-1
248
249
250Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
251the signed kernel. Jump to step 6 if you like, or continue reading to increase
252your understanding.
253
254You can also run fit_check_sign to check it::
255
256 $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
257
258which results in::
259
Sean Anderson291ab912023-12-02 14:33:14 -0500260 Verifying Hash Integrity ... sha256,rsa2048:dev+
Simon Glassad29e082023-06-23 13:22:06 +0100261 ## Loading kernel from FIT Image at 7fc6ee469000 ...
262 Using 'conf-1' configuration
263 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500264 sha256,rsa2048:dev+
Simon Glassad29e082023-06-23 13:22:06 +0100265 OK
266
267 Trying 'kernel' kernel subimage
268 Description: unavailable
269 Created: Sun Jun 1 12:50:30 2014
270 Type: Kernel Image
271 Compression: lzo compressed
272 Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB
273 Architecture: ARM
274 OS: Linux
275 Load Address: 0x80008000
276 Entry Point: 0x80008000
Sean Anderson291ab912023-12-02 14:33:14 -0500277 Hash algo: sha256
278 Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Simon Glassad29e082023-06-23 13:22:06 +0100279 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500280 sha256+
Simon Glassad29e082023-06-23 13:22:06 +0100281 OK
282
283 Unimplemented compression type 4
284 ## Loading fdt from FIT Image at 7fc6ee469000 ...
285 Using 'conf-1' configuration
286 Trying 'fdt-1' fdt subimage
287 Description: beaglebone-black
288 Created: Sun Jun 1 12:50:30 2014
289 Type: Flat Device Tree
290 Compression: uncompressed
291 Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
292 Architecture: ARM
Sean Anderson291ab912023-12-02 14:33:14 -0500293 Hash algo: sha256
294 Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Simon Glassad29e082023-06-23 13:22:06 +0100295 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500296 sha256+
Simon Glassad29e082023-06-23 13:22:06 +0100297 OK
298
299 Loading Flat Device Tree ... OK
300
301 ## Loading ramdisk from FIT Image at 7fc6ee469000 ...
302 Using 'conf-1' configuration
303 Could not find subimage node
304
305 Signature check OK
306
307
Sean Anderson291ab912023-12-02 14:33:14 -0500308At the top, you see "sha256,rsa2048:dev+". This means that it checked an RSA key
309of size 2048 bits using SHA256 as the hash algorithm. The key name checked was
Simon Glassad29e082023-06-23 13:22:06 +0100310'dev' and the '+' means that it verified. If it showed '-' that would be bad.
311
312Once the configuration is verified it is then possible to rely on the hashes
313in each image referenced by that configuration. So fit_check_sign goes on to
314load each of the images. We have a kernel and an FDT but no ramkdisk. In each
Sean Anderson291ab912023-12-02 14:33:14 -0500315case fit_check_sign checks the hash and prints sha256+ meaning that the SHA256
Simon Glassad29e082023-06-23 13:22:06 +0100316hash verified. This means that none of the images has been tampered with.
317
318There is a test in test/vboot which uses U-Boot's sandbox build to verify that
319the above flow works.
320
321But it is fun to do this by hand, so you can load image.fit into a hex editor
322like ghex, and change a byte in the kernel::
323
324 $UOUT/tools/fit_info -f image.fit -n /images/kernel -p data
325 NAME: kernel
326 LEN: 7790938
327 OFF: 168
328
329This tells us that the kernel starts at byte offset 168 (decimal) in image.fit
330and extends for about 7MB. Try changing a byte at 0x2000 (say) and run
331fit_check_sign again. You should see something like::
332
Sean Anderson291ab912023-12-02 14:33:14 -0500333 Verifying Hash Integrity ... sha256,rsa2048:dev+
Simon Glassad29e082023-06-23 13:22:06 +0100334 ## Loading kernel from FIT Image at 7f5a39571000 ...
335 Using 'conf-1' configuration
336 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500337 sha256,rsa2048:dev+
Simon Glassad29e082023-06-23 13:22:06 +0100338 OK
339
340 Trying 'kernel' kernel subimage
341 Description: unavailable
342 Created: Sun Jun 1 13:09:21 2014
343 Type: Kernel Image
344 Compression: lzo compressed
345 Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB
346 Architecture: ARM
347 OS: Linux
348 Load Address: 0x80008000
349 Entry Point: 0x80008000
Sean Anderson291ab912023-12-02 14:33:14 -0500350 Hash algo: sha256
351 Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Simon Glassad29e082023-06-23 13:22:06 +0100352 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500353 sha256 error
Simon Glassad29e082023-06-23 13:22:06 +0100354 Bad hash value for 'hash-1' hash node in 'kernel' image node
355 Bad Data Hash
356
357 ## Loading fdt from FIT Image at 7f5a39571000 ...
358 Using 'conf-1' configuration
359 Trying 'fdt-1' fdt subimage
360 Description: beaglebone-black
361 Created: Sun Jun 1 13:09:21 2014
362 Type: Flat Device Tree
363 Compression: uncompressed
364 Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
365 Architecture: ARM
Sean Anderson291ab912023-12-02 14:33:14 -0500366 Hash algo: sha256
367 Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Simon Glassad29e082023-06-23 13:22:06 +0100368 Verifying Hash Integrity ...
Sean Anderson291ab912023-12-02 14:33:14 -0500369 sha256+
Simon Glassad29e082023-06-23 13:22:06 +0100370 OK
371
372 Loading Flat Device Tree ... OK
373
374 ## Loading ramdisk from FIT Image at 7f5a39571000 ...
375 Using 'conf-1' configuration
376 Could not find subimage node
377
378 Signature check Bad (error 1)
379
380
381It has detected the change in the kernel.
382
383You can also be sneaky and try to switch images, using the libfdt utilities
384that come with dtc (package name is device-tree-compiler but you will need a
385recent version like 1.4::
386
387 dtc -v
388 Version: DTC 1.4.0
389
390First we can check which nodes are actually hashed by the configuration::
391
392 $ fdtget -l image.fit /
393 images
394 configurations
395
396 $ fdtget -l image.fit /configurations
397 conf-1
398 fdtget -l image.fit /configurations/conf-1
399 signature-1
400
401 $ fdtget -p image.fit /configurations/conf-1/signature-1
402 hashed-strings
403 hashed-nodes
404 timestamp
405 signer-version
406 signer-name
407 value
408 algo
409 key-name-hint
410 sign-images
411
412 $ fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes
413 / /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1
414
415This gives us a bit of a look into the signature that mkimage added. Note you
416can also use fdtdump to list the entire device tree.
417
418Say we want to change the kernel that this configuration uses
419(/images/kernel). We could just put a new kernel in the image, but we will
420need to change the hash to match. Let's simulate that by changing a byte of
421the hash::
422
423 fdtget -tx image.fit /images/kernel/hash-1 value
Sean Anderson291ab912023-12-02 14:33:14 -0500424 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c1
425 fdtput -tx image.fit /images/kernel/hash-1 value 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c8
Simon Glassad29e082023-06-23 13:22:06 +0100426
427Now check it again::
428
429 $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Sean Anderson291ab912023-12-02 14:33:14 -0500430 Verifying Hash Integrity ... sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
Simon Glassad29e082023-06-23 13:22:06 +0100431 rsa_verify_with_keynode: RSA failed to verify: -13
432 -
433 Failed to verify required signature 'key-dev'
434 Signature check Bad (error 1)
435
436This time we don't even get as far as checking the images, since the
437configuration signature doesn't match. We can't change any hashes without the
438signature check noticing. The configuration is essentially locked. U-Boot has
439a public key for which it requires a match, and will not permit the use of any
440configuration that does not match that public key. The only way the
441configuration will match is if it was signed by the matching private key.
442
443It would also be possible to add a new signature node that does match your new
444configuration. But that won't work since you are not allowed to change the
445configuration in any way. Try it with a fresh (valid) image if you like by
446running the mkimage link again. Then::
447
448 fdtput -p image.fit /configurations/conf-1/signature-1 value fred
449 $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
450 Verifying Hash Integrity ... -
Sean Anderson291ab912023-12-02 14:33:14 -0500451 sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
Simon Glassad29e082023-06-23 13:22:06 +0100452 rsa_verify_with_keynode: RSA failed to verify: -13
453 -
454 Failed to verify required signature 'key-dev'
455 Signature check Bad (error 1)
456
457
458Of course it would be possible to add an entirely new configuration and boot
459with that, but it still needs to be signed, so it won't help.
460
461
4626. Put the public key into U-Boot's image
463-----------------------------------------
464
465Having confirmed that the signature is doing its job, let's try it out in
466U-Boot on the board. U-Boot needs access to the public key corresponding to
467the private key that you signed with so that it can verify any kernels that
468you sign::
469
470 cd $UBOOT
Simon Glassd7809652024-06-27 09:29:49 +0100471 make O=b/am335x_evm EXT_DTB=${WORK}/am335x-boneblack-pubkey.dtb
Simon Glassad29e082023-06-23 13:22:06 +0100472
473Here we are overriding the normal device tree file with our one, which
474contains the public key.
475
476Now you have a special U-Boot image with the public key. It can verify can
477kernel that you sign with the private key as in step 5.
478
479If you like you can take a look at the public key information that mkimage
480added to U-Boot's device tree::
481
482 fdtget -p am335x-boneblack-pubkey.dtb /signature/key-dev
483 required
484 algo
485 rsa,r-squared
486 rsa,modulus
487 rsa,n0-inverse
488 rsa,num-bits
489 key-name-hint
490
491This has information about the key and some pre-processed values which U-Boot
492can use to verify against it. These values are obtained from the public key
493certificate by mkimage, but require quite a bit of code to generate. To save
494code space in U-Boot, the information is extracted and written in raw form for
495U-Boot to easily use. The same mechanism is used in Google's Chrome OS.
496
497Notice the 'required' property. This marks the key as required - U-Boot will
498not boot any image that does not verify against this key.
499
500
5017. Put U-Boot and the kernel onto the board
502-------------------------------------------
503
504The method here varies depending on how you are booting. For this example we
505are booting from an micro-SD card with two partitions, one for U-Boot and one
506for Linux. Put it into your machine and write U-Boot and the kernel to it.
507Here the card is /dev/sde::
508
509 cd $WORK
510 export UDEV=/dev/sde1 # Change thes two lines to the correct device
511 export KDEV=/dev/sde2
512 sudo mount $UDEV /mnt/tmp && sudo cp $UOUT/u-boot-dtb.img /mnt/tmp/u-boot.img && sleep 1 && sudo umount $UDEV
513 sudo mount $KDEV /mnt/tmp && sudo cp $WORK/image.fit /mnt/tmp/boot/image.fit && sleep 1 && sudo umount $KDEV
514
515
5168. Try it
517---------
518
519Boot the board using the commands below::
520
521 setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait
522 ext2load mmc 0:2 82000000 /boot/image.fit
523 bootm 82000000
524
525You should then see something like this::
526
527 U-Boot# setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait
528 U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit
529 7824930 bytes read in 589 ms (12.7 MiB/s)
530 U-Boot# bootm 82000000
531 ## Loading kernel from FIT Image at 82000000 ...
532 Using 'conf-1' configuration
Sean Anderson291ab912023-12-02 14:33:14 -0500533 Verifying Hash Integrity ... sha256,rsa2048:dev+ OK
Simon Glassad29e082023-06-23 13:22:06 +0100534 Trying 'kernel' kernel subimage
535 Description: unavailable
536 Created: 2014-06-01 19:32:54 UTC
537 Type: Kernel Image
538 Compression: lzo compressed
539 Data Start: 0x820000a8
540 Data Size: 7790938 Bytes = 7.4 MiB
541 Architecture: ARM
542 OS: Linux
543 Load Address: 0x80008000
544 Entry Point: 0x80008000
Sean Anderson291ab912023-12-02 14:33:14 -0500545 Hash algo: sha256
546 Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
547 Verifying Hash Integrity ... sha256+ OK
Simon Glassad29e082023-06-23 13:22:06 +0100548 ## Loading fdt from FIT Image at 82000000 ...
549 Using 'conf-1' configuration
550 Trying 'fdt-1' fdt subimage
551 Description: beaglebone-black
552 Created: 2014-06-01 19:32:54 UTC
553 Type: Flat Device Tree
554 Compression: uncompressed
555 Data Start: 0x8276e2ec
556 Data Size: 31547 Bytes = 30.8 KiB
557 Architecture: ARM
Sean Anderson291ab912023-12-02 14:33:14 -0500558 Hash algo: sha256
559 Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
560 Verifying Hash Integrity ... sha256+ OK
Simon Glassad29e082023-06-23 13:22:06 +0100561 Booting using the fdt blob at 0x8276e2ec
562 Uncompressing Kernel Image ... OK
563 Loading Device Tree to 8fff5000, end 8ffffb3a ... OK
564
565 Starting kernel ...
566
567 [ 0.582377] omap_init_mbox: hwmod doesn't have valid attrs
568 [ 2.589651] musb-hdrc musb-hdrc.0.auto: Failed to request rx1.
569 [ 2.595830] musb-hdrc musb-hdrc.0.auto: musb_init_controller failed with status -517
570 [ 2.606470] musb-hdrc musb-hdrc.1.auto: Failed to request rx1.
571 [ 2.612723] musb-hdrc musb-hdrc.1.auto: musb_init_controller failed with status -517
572 [ 2.940808] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
573 [ 7.248889] libphy: PHY 4a101000.mdio:01 not found
574 [ 7.253995] net eth0: phy 4a101000.mdio:01 not found on slave 1
575 systemd-fsck[83]: Angstrom: clean, 50607/218160 files, 306348/872448 blocks
576
577 .---O---.
578 | | .-. o o
579 | | |-----.-----.-----.| | .----..-----.-----.
580 | | | __ | ---'| '--.| .-'| | |
581 | | | | | |--- || --'| | | ' | | | |
582 '---'---'--'--'--. |-----''----''--' '-----'-'-'-'
583 -' |
584 '---'
585
586 The Angstrom Distribution beaglebone ttyO0
587
588 Angstrom v2012.12 - Kernel 3.14.1+
589
590 beaglebone login:
591
592At this point your kernel has been verified and you can be sure that it is one
593that you signed. As an exercise, try changing image.fit as in step 5 and see
594what happens.
595
596
597Further Improvements
598--------------------
599
600Several of the steps here can be easily automated. In particular it would be
601capital if signing and packaging a kernel were easy, perhaps a simple make
Simon Glassd7809652024-06-27 09:29:49 +0100602target in the kernel. A starting point for this is the 'make image.fit' target
603for ARM64 in Linux from v6.9 onwards.
Simon Glassad29e082023-06-23 13:22:06 +0100604
605Some mention of how to use multiple .dtb files in a FIT might be useful.
606
Simon Glassad29e082023-06-23 13:22:06 +0100607Perhaps the verified boot feature could be integrated into the Amstrom
608distribution.
609
610
611.. sectionauthor:: Simon Glass <sjg@chromium.org>, 2-June-14