Hello. I'm using U-Boot to load a signed Linux uImage (FIT). Public key is embedded into the main dtb file bcm2712-rpi-5-b.dtb and the signature is inside the uImage. That's the only way to load a signed Linux Image in U-Boot without some code modifications from what I saw.
What is strange is that bootm hangs at Starting kernel ... but booti works just fine:
If you look at that log the raw Image is at 0x300000c0 (0xC0 offset from the uImage) and just using that address with booti boots the image.
Issuing booti at the address after kernel relocation by bootm also worksSo... what is wrong with bootm ? And alternatively how to check an Image signature without using an uImage (rellocating the raw Image is kind of stupid, too bad we can't just boot straight from the uImage offset.)
I'm using U-Boot v2024.04 25049ad560826f7dc1c4740883b0016014a59789 provied by meta-lts-mixins
What is strange is that bootm hangs at Starting kernel ... but booti works just fine:
Code:
load mmc 0:1 0x30000000 Image.fit && bootm 0x30000000 - ${fdt_addr}Working FDT set to 2efec700switch to partitions #0, OKmmc0 is current device27560114 bytes read in 1144 ms (23 MiB/s)## Loading kernel from FIT Image at 30000000 ... Using 'conf' configuration Verifying Hash Integrity ... sha256,rsa2048:dev+ OK Trying 'kernel' kernel subimage Description: Linux Image Type: Kernel Image Compression: uncompressed Data Start: 0x300000c0 Data Size: 27558400 Bytes = 26.3 MiB Architecture: ARM OS: Linux Load Address: 0x00080000 Entry Point: 0x00080000 Hash algo: sha256 Hash value: cc9efcdec54fb97587c2033d9e811ca90ae2d018b7e682678163b80f984fdcc2 Verifying Hash Integrity ... sha256+ OK## Flattened Device Tree blob at 2efec700 Booting using the fdt blob at 0x2efec700Working FDT set to 2efec700 Loading Kernel Image to 80000 Using Device Tree in place at 000000002efec700, end 000000002f002fb7Working FDT set to 2efec700Starting kernel ...Issuing booti at the address after kernel relocation by bootm also works
Code:
U-Boot> bootm start 0x30000000#conf - ${fdt_addr}## Loading kernel from FIT Image at 30000000 ... Using 'conf' configuration Verifying Hash Integrity ... sha256,rsa2048:dev+ OK Trying 'kernel' kernel subimage Description: Linux Image Type: Kernel Image Compression: uncompressed Data Start: 0x300000c0 Data Size: 27558400 Bytes = 26.3 MiB Architecture: ARM OS: Linux Load Address: 0x00080000 Entry Point: 0x00080000 Hash algo: sha256 Hash value: cc9efcdec54fb97587c2033d9e811ca90ae2d018b7e682678163b80f984fdcc2 Verifying Hash Integrity ... sha256+ OK## Flattened Device Tree blob at 2efec700 Booting using the fdt blob at 0x2efec700Working FDT set to 2efec700U-Boot> bootm loados Loading Kernel Image to 80000U-Boot> bootm ramdiskU-Boot> bootm fdt Using Device Tree in place at 000000002efec700, end 000000002f005fb7Working FDT set to 2efec700U-Boot> booti 0x80000 - 0x2efec700Moving Image from 0x80000 to 0x200000, end=1da0000## Flattened Device Tree blob at 2efec700 Booting using the fdt blob at 0x2efec700Working FDT set to 2efec700 Using Device Tree in place at 000000002efec700, end 000000002f008fb7Working FDT set to 2efec700Starting kernel ...[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x414fd0b1]I'm using U-Boot v2024.04 25049ad560826f7dc1c4740883b0016014a59789 provied by meta-lts-mixins
Statistics: Posted by pseregiet — Wed Aug 14, 2024 6:16 pm