我正在尝试按照文档
在beaglebone black上进行验证启动https://github.com/01org/edison-u-boot/blob/master/doc/uImage.FIT/beaglebone_vboot.txt
当我运行命令将公钥放入.dtb文件
时mkimage -f sign.its -K am335x-boneblack.dtb -k keys -r image.fit
我得到了输出
FIT description: Beaglebone black
Created: Fri Mar 24 18:47:51 2017
Image 0 (kernel@1)
Description: unavailable
Created: Fri Mar 24 18:47:51 2017
Type: Kernel Image
Compression: lzo compressed
Data Size: 8490316 Bytes = 8291.32 KiB = 8.10 MiB
Architecture: ARM
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
Hash algo: sha1
Hash value: 9a390ee3c02c5bddc7b191d5cbe107991522a6d7
Image 1 (fdt@1)
Description: beaglebone-black
Created: Fri Mar 24 18:47:51 2017
Type: Flat Device Tree
Compression: uncompressed
Data Size: 38894 Bytes = 37.98 KiB = 0.04 MiB
Architecture: ARM
Hash algo: sha1
Hash value: 249ca75de41f5202fae334253bd153666f60b7dc
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
Description: unavailable
Kernel: kernel@1
FDT: fdt@1
但遗憾的是,当我用fdtdump读取时,我的.dtb文件中没有像signature或rsa这样的字段。
这是我的.its文件:
/dts-v1/;
/ {
description = "Beaglebone black";
#address-cells = <1>;
images {
kernel@1 {
data = /incbin/("zImage.lzo");
type = "kernel";
arch = "arm";
os = "linux";
compression = "lzo";
load = <0x80008000>;
entry = <0x80008000>;
hash@1 {
algo = "sha1";
};
};
fdt@1 {
description = "beaglebone-black";
data = /incbin/("am335x-boneblack.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
hash@1 {
algo = "sha1";
};
};
};
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
signature@1 {
algo = "sha1,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
};
};
};
也在keys文件夹中我有dev.key和dev.crt文件。
谢谢你的回答。答案 0 :(得分:0)
如:https://lxr.missinglinkelectronics.com/#uboot/doc/uImage.FIT/signature.txt
中所述为了验证我们需要使用公钥签名的图像 有一个可信的公钥。这不能存储在签名图像中,因为 它会很容易改变。对于这个实现,我们选择存储 U-Boot控制FDT中的公钥(使用CONFIG_OF_CONTROL)。
问候,史蒂夫
答案 1 :(得分:0)
尽管没有错误消息,但是如果未在U-Boot的.config中设置CONFIG_FIT_SIGNATURE,则mkimage不支持该功能。