mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-06-09 23:36:03 +09:00
doc: FIT image: fix incorrect description of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the FIT image documentation files where this was not observed, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This commit is contained in:
parent
30d704c645
commit
838404054e
|
@ -130,7 +130,7 @@ Put this into a file in that directory called sign.its:
|
||||||
#address-cells = <1>;
|
#address-cells = <1>;
|
||||||
|
|
||||||
images {
|
images {
|
||||||
kernel@1 {
|
kernel {
|
||||||
data = /incbin/("Image.lzo");
|
data = /incbin/("Image.lzo");
|
||||||
type = "kernel";
|
type = "kernel";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
|
@ -138,27 +138,27 @@ Put this into a file in that directory called sign.its:
|
||||||
compression = "lzo";
|
compression = "lzo";
|
||||||
load = <0x80008000>;
|
load = <0x80008000>;
|
||||||
entry = <0x80008000>;
|
entry = <0x80008000>;
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fdt@1 {
|
fdt-1 {
|
||||||
description = "beaglebone-black";
|
description = "beaglebone-black";
|
||||||
data = /incbin/("am335x-boneblack.dtb");
|
data = /incbin/("am335x-boneblack.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
compression = "none";
|
compression = "none";
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
configurations {
|
configurations {
|
||||||
default = "conf@1";
|
default = "conf-1";
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1";
|
fdt = "fdt-1";
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
key-name-hint = "dev";
|
key-name-hint = "dev";
|
||||||
sign-images = "fdt", "kernel";
|
sign-images = "fdt", "kernel";
|
||||||
|
@ -211,7 +211,7 @@ You should see something like this:
|
||||||
|
|
||||||
FIT description: Beaglebone black
|
FIT description: Beaglebone black
|
||||||
Created: Sun Jun 1 12:50:30 2014
|
Created: Sun Jun 1 12:50:30 2014
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: unavailable
|
Description: unavailable
|
||||||
Created: Sun Jun 1 12:50:30 2014
|
Created: Sun Jun 1 12:50:30 2014
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
|
@ -223,7 +223,7 @@ Created: Sun Jun 1 12:50:30 2014
|
||||||
Entry Point: 0x80008000
|
Entry Point: 0x80008000
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: c94364646427e10f423837e559898ef02c97b988
|
Hash value: c94364646427e10f423837e559898ef02c97b988
|
||||||
Image 1 (fdt@1)
|
Image 1 (fdt-1)
|
||||||
Description: beaglebone-black
|
Description: beaglebone-black
|
||||||
Created: Sun Jun 1 12:50:30 2014
|
Created: Sun Jun 1 12:50:30 2014
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
|
@ -232,11 +232,11 @@ Created: Sun Jun 1 12:50:30 2014
|
||||||
Architecture: ARM
|
Architecture: ARM
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
|
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
|
||||||
Default Configuration: 'conf@1'
|
Default Configuration: 'conf-1'
|
||||||
Configuration 0 (conf@1)
|
Configuration 0 (conf-1)
|
||||||
Description: unavailable
|
Description: unavailable
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
FDT: fdt@1
|
FDT: fdt-1
|
||||||
|
|
||||||
|
|
||||||
Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
|
Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
|
||||||
|
@ -251,12 +251,12 @@ which results in:
|
||||||
|
|
||||||
Verifying Hash Integrity ... sha1,rsa2048:dev+
|
Verifying Hash Integrity ... sha1,rsa2048:dev+
|
||||||
## Loading kernel from FIT Image at 7fc6ee469000 ...
|
## Loading kernel from FIT Image at 7fc6ee469000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Verifying Hash Integrity ...
|
Verifying Hash Integrity ...
|
||||||
sha1,rsa2048:dev+
|
sha1,rsa2048:dev+
|
||||||
OK
|
OK
|
||||||
|
|
||||||
Trying 'kernel@1' kernel subimage
|
Trying 'kernel' kernel subimage
|
||||||
Description: unavailable
|
Description: unavailable
|
||||||
Created: Sun Jun 1 12:50:30 2014
|
Created: Sun Jun 1 12:50:30 2014
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
|
@ -274,8 +274,8 @@ OK
|
||||||
|
|
||||||
Unimplemented compression type 4
|
Unimplemented compression type 4
|
||||||
## Loading fdt from FIT Image at 7fc6ee469000 ...
|
## Loading fdt from FIT Image at 7fc6ee469000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Trying 'fdt@1' fdt subimage
|
Trying 'fdt-1' fdt subimage
|
||||||
Description: beaglebone-black
|
Description: beaglebone-black
|
||||||
Created: Sun Jun 1 12:50:30 2014
|
Created: Sun Jun 1 12:50:30 2014
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
|
@ -291,7 +291,7 @@ OK
|
||||||
Loading Flat Device Tree ... OK
|
Loading Flat Device Tree ... OK
|
||||||
|
|
||||||
## Loading ramdisk from FIT Image at 7fc6ee469000 ...
|
## Loading ramdisk from FIT Image at 7fc6ee469000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Could not find subimage node
|
Could not find subimage node
|
||||||
|
|
||||||
Signature check OK
|
Signature check OK
|
||||||
|
@ -313,8 +313,8 @@ the above flow works.
|
||||||
But it is fun to do this by hand, so you can load image.fit into a hex editor
|
But it is fun to do this by hand, so you can load image.fit into a hex editor
|
||||||
like ghex, and change a byte in the kernel:
|
like ghex, and change a byte in the kernel:
|
||||||
|
|
||||||
$UOUT/tools/fit_info -f image.fit -n /images/kernel@1 -p data
|
$UOUT/tools/fit_info -f image.fit -n /images/kernel -p data
|
||||||
NAME: kernel@1
|
NAME: kernel
|
||||||
LEN: 7790938
|
LEN: 7790938
|
||||||
OFF: 168
|
OFF: 168
|
||||||
|
|
||||||
|
@ -324,12 +324,12 @@ fit_check_sign again. You should see something like:
|
||||||
|
|
||||||
Verifying Hash Integrity ... sha1,rsa2048:dev+
|
Verifying Hash Integrity ... sha1,rsa2048:dev+
|
||||||
## Loading kernel from FIT Image at 7f5a39571000 ...
|
## Loading kernel from FIT Image at 7f5a39571000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Verifying Hash Integrity ...
|
Verifying Hash Integrity ...
|
||||||
sha1,rsa2048:dev+
|
sha1,rsa2048:dev+
|
||||||
OK
|
OK
|
||||||
|
|
||||||
Trying 'kernel@1' kernel subimage
|
Trying 'kernel' kernel subimage
|
||||||
Description: unavailable
|
Description: unavailable
|
||||||
Created: Sun Jun 1 13:09:21 2014
|
Created: Sun Jun 1 13:09:21 2014
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
|
@ -343,12 +343,12 @@ OK
|
||||||
Hash value: c94364646427e10f423837e559898ef02c97b988
|
Hash value: c94364646427e10f423837e559898ef02c97b988
|
||||||
Verifying Hash Integrity ...
|
Verifying Hash Integrity ...
|
||||||
sha1 error
|
sha1 error
|
||||||
Bad hash value for 'hash@1' hash node in 'kernel@1' image node
|
Bad hash value for 'hash-1' hash node in 'kernel' image node
|
||||||
Bad Data Hash
|
Bad Data Hash
|
||||||
|
|
||||||
## Loading fdt from FIT Image at 7f5a39571000 ...
|
## Loading fdt from FIT Image at 7f5a39571000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Trying 'fdt@1' fdt subimage
|
Trying 'fdt-1' fdt subimage
|
||||||
Description: beaglebone-black
|
Description: beaglebone-black
|
||||||
Created: Sun Jun 1 13:09:21 2014
|
Created: Sun Jun 1 13:09:21 2014
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
|
@ -364,7 +364,7 @@ OK
|
||||||
Loading Flat Device Tree ... OK
|
Loading Flat Device Tree ... OK
|
||||||
|
|
||||||
## Loading ramdisk from FIT Image at 7f5a39571000 ...
|
## Loading ramdisk from FIT Image at 7f5a39571000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Could not find subimage node
|
Could not find subimage node
|
||||||
|
|
||||||
Signature check Bad (error 1)
|
Signature check Bad (error 1)
|
||||||
|
@ -386,11 +386,11 @@ images
|
||||||
configurations
|
configurations
|
||||||
|
|
||||||
fdtget -l image.fit /configurations
|
fdtget -l image.fit /configurations
|
||||||
conf@1
|
conf-1
|
||||||
fdtget -l image.fit /configurations/conf@1
|
fdtget -l image.fit /configurations/conf-1
|
||||||
signature@1
|
signature-1
|
||||||
|
|
||||||
fdtget -p image.fit /configurations/conf@1/signature@1
|
fdtget -p image.fit /configurations/conf-1/signature-1
|
||||||
hashed-strings
|
hashed-strings
|
||||||
hashed-nodes
|
hashed-nodes
|
||||||
timestamp
|
timestamp
|
||||||
|
@ -401,20 +401,20 @@ algo
|
||||||
key-name-hint
|
key-name-hint
|
||||||
sign-images
|
sign-images
|
||||||
|
|
||||||
fdtget image.fit /configurations/conf@1/signature@1 hashed-nodes
|
fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes
|
||||||
/ /configurations/conf@1 /images/fdt@1 /images/fdt@1/hash@1 /images/kernel@1 /images/kernel@1/hash@1
|
/ /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1
|
||||||
|
|
||||||
This gives us a bit of a look into the signature that mkimage added. Note you
|
This gives us a bit of a look into the signature that mkimage added. Note you
|
||||||
can also use fdtdump to list the entire device tree.
|
can also use fdtdump to list the entire device tree.
|
||||||
|
|
||||||
Say we want to change the kernel that this configuration uses
|
Say we want to change the kernel that this configuration uses
|
||||||
(/images/kernel@1). We could just put a new kernel in the image, but we will
|
(/images/kernel). We could just put a new kernel in the image, but we will
|
||||||
need to change the hash to match. Let's simulate that by changing a byte of
|
need to change the hash to match. Let's simulate that by changing a byte of
|
||||||
the hash:
|
the hash:
|
||||||
|
|
||||||
fdtget -tx image.fit /images/kernel@1/hash@1 value
|
fdtget -tx image.fit /images/kernel/hash-1 value
|
||||||
c9436464 6427e10f 423837e5 59898ef0 2c97b988
|
c9436464 6427e10f 423837e5 59898ef0 2c97b988
|
||||||
fdtput -tx image.fit /images/kernel@1/hash@1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
|
fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
|
||||||
|
|
||||||
Now check it again:
|
Now check it again:
|
||||||
|
|
||||||
|
@ -437,7 +437,7 @@ configuration. But that won't work since you are not allowed to change the
|
||||||
configuration in any way. Try it with a fresh (valid) image if you like by
|
configuration in any way. Try it with a fresh (valid) image if you like by
|
||||||
running the mkimage link again. Then:
|
running the mkimage link again. Then:
|
||||||
|
|
||||||
fdtput -p image.fit /configurations/conf@1/signature@2 value fred
|
fdtput -p image.fit /configurations/conf-1/signature-1 value fred
|
||||||
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
|
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
|
||||||
Verifying Hash Integrity ... -
|
Verifying Hash Integrity ... -
|
||||||
sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
|
sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
|
||||||
|
@ -521,9 +521,9 @@ U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit
|
||||||
7824930 bytes read in 589 ms (12.7 MiB/s)
|
7824930 bytes read in 589 ms (12.7 MiB/s)
|
||||||
U-Boot# bootm 82000000
|
U-Boot# bootm 82000000
|
||||||
## Loading kernel from FIT Image at 82000000 ...
|
## Loading kernel from FIT Image at 82000000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
|
Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
|
||||||
Trying 'kernel@1' kernel subimage
|
Trying 'kernel' kernel subimage
|
||||||
Description: unavailable
|
Description: unavailable
|
||||||
Created: 2014-06-01 19:32:54 UTC
|
Created: 2014-06-01 19:32:54 UTC
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
|
@ -538,8 +538,8 @@ U-Boot# bootm 82000000
|
||||||
Hash value: c94364646427e10f423837e559898ef02c97b988
|
Hash value: c94364646427e10f423837e559898ef02c97b988
|
||||||
Verifying Hash Integrity ... sha1+ OK
|
Verifying Hash Integrity ... sha1+ OK
|
||||||
## Loading fdt from FIT Image at 82000000 ...
|
## Loading fdt from FIT Image at 82000000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Trying 'fdt@1' fdt subimage
|
Trying 'fdt-1' fdt subimage
|
||||||
Description: beaglebone-black
|
Description: beaglebone-black
|
||||||
Created: 2014-06-01 19:32:54 UTC
|
Created: 2014-06-01 19:32:54 UTC
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
|
|
|
@ -138,31 +138,31 @@ unit.
|
||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
|
|
||||||
- boot kernel "kernel@1" stored in a new uImage located at 200000:
|
- boot kernel "kernel-1" stored in a new uImage located at 200000:
|
||||||
bootm 200000:kernel@1
|
bootm 200000:kernel-1
|
||||||
|
|
||||||
- boot configuration "cfg@1" from a new uImage located at 200000:
|
- boot configuration "cfg-1" from a new uImage located at 200000:
|
||||||
bootm 200000#cfg@1
|
bootm 200000#cfg-1
|
||||||
|
|
||||||
- boot configuration "cfg@1" with extra "cfg@2" from a new uImage located
|
- boot configuration "cfg-1" with extra "cfg-2" from a new uImage located
|
||||||
at 200000:
|
at 200000:
|
||||||
bootm 200000#cfg@1#cfg@2
|
bootm 200000#cfg-1#cfg-2
|
||||||
|
|
||||||
- boot "kernel@1" from a new uImage at 200000 with initrd "ramdisk@2" found in
|
- boot "kernel-1" from a new uImage at 200000 with initrd "ramdisk-2" found in
|
||||||
some other new uImage stored at address 800000:
|
some other new uImage stored at address 800000:
|
||||||
bootm 200000:kernel@1 800000:ramdisk@2
|
bootm 200000:kernel-1 800000:ramdisk-2
|
||||||
|
|
||||||
- boot "kernel@2" from a new uImage at 200000, with initrd "ramdisk@1" and FDT
|
- boot "kernel-2" from a new uImage at 200000, with initrd "ramdisk-1" and FDT
|
||||||
"fdt@1", both stored in some other new uImage located at 800000:
|
"fdt-1", both stored in some other new uImage located at 800000:
|
||||||
bootm 200000:kernel@1 800000:ramdisk@1 800000:fdt@1
|
bootm 200000:kernel-1 800000:ramdisk-1 800000:fdt-1
|
||||||
|
|
||||||
- boot kernel "kernel@2" with initrd "ramdisk@2", both stored in a new uImage
|
- boot kernel "kernel-2" with initrd "ramdisk-2", both stored in a new uImage
|
||||||
at address 200000, with a raw FDT blob stored at address 600000:
|
at address 200000, with a raw FDT blob stored at address 600000:
|
||||||
bootm 200000:kernel@2 200000:ramdisk@2 600000
|
bootm 200000:kernel-2 200000:ramdisk-2 600000
|
||||||
|
|
||||||
- boot kernel "kernel@2" from new uImage at 200000 with FDT "fdt@1" from the
|
- boot kernel "kernel-2" from new uImage at 200000 with FDT "fdt-1" from the
|
||||||
same new uImage:
|
same new uImage:
|
||||||
bootm 200000:kernel@2 - 200000:fdt@1
|
bootm 200000:kernel-2 - 200000:fdt-1
|
||||||
|
|
||||||
|
|
||||||
Note on current image address
|
Note on current image address
|
||||||
|
@ -186,16 +186,16 @@ current image address is to be used. For example, consider the following
|
||||||
commands:
|
commands:
|
||||||
|
|
||||||
tftp 200000 /tftpboot/uImage
|
tftp 200000 /tftpboot/uImage
|
||||||
bootm :kernel@1
|
bootm :kernel-1
|
||||||
Last command is equivalent to:
|
Last command is equivalent to:
|
||||||
bootm 200000:kernel@1
|
bootm 200000:kernel-1
|
||||||
|
|
||||||
tftp 200000 /tftpboot/uImage
|
tftp 200000 /tftpboot/uImage
|
||||||
bootm 400000:kernel@1 :ramdisk@1
|
bootm 400000:kernel-1 :ramdisk-1
|
||||||
Last command is equivalent to:
|
Last command is equivalent to:
|
||||||
bootm 400000:kernel@1 400000:ramdisk@1
|
bootm 400000:kernel-1 400000:ramdisk-1
|
||||||
|
|
||||||
tftp 200000 /tftpboot/uImage
|
tftp 200000 /tftpboot/uImage
|
||||||
bootm :kernel@1 400000:ramdisk@1 :fdt@1
|
bootm :kernel-1 400000:ramdisk-1 :fdt-1
|
||||||
Last command is equivalent to:
|
Last command is equivalent to:
|
||||||
bootm 200000:kernel@1 400000:ramdisk@1 400000:fdt@1
|
bootm 200000:kernel-1 400000:ramdisk-1 400000:fdt-1
|
||||||
|
|
|
@ -86,7 +86,7 @@ $
|
||||||
$ mkimage -l kernel.itb
|
$ mkimage -l kernel.itb
|
||||||
FIT description: Simple image with single Linux kernel
|
FIT description: Simple image with single Linux kernel
|
||||||
Created: Tue Mar 11 17:26:15 2008
|
Created: Tue Mar 11 17:26:15 2008
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -99,10 +99,10 @@ Created: Tue Mar 11 17:26:15 2008
|
||||||
Hash value: 2ae2bb40
|
Hash value: 2ae2bb40
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
|
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
|
||||||
Default Configuration: 'config@1'
|
Default Configuration: 'config-1'
|
||||||
Configuration 0 (config@1)
|
Configuration 0 (config-1)
|
||||||
Description: Boot Linux kernel
|
Description: Boot Linux kernel
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
|
|
||||||
|
|
||||||
The resulting image file kernel.itb can be now transferred to the target,
|
The resulting image file kernel.itb can be now transferred to the target,
|
||||||
|
@ -130,7 +130,7 @@ Bytes transferred = 944464 (e6950 hex)
|
||||||
FIT image found
|
FIT image found
|
||||||
FIT description: Simple image with single Linux kernel
|
FIT description: Simple image with single Linux kernel
|
||||||
Created: 2008-03-11 16:26:15 UTC
|
Created: 2008-03-11 16:26:15 UTC
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -144,15 +144,15 @@ Bytes transferred = 944464 (e6950 hex)
|
||||||
Hash value: 2ae2bb40
|
Hash value: 2ae2bb40
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
|
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
|
||||||
Default Configuration: 'config@1'
|
Default Configuration: 'config-1'
|
||||||
Configuration 0 (config@1)
|
Configuration 0 (config-1)
|
||||||
Description: Boot Linux kernel
|
Description: Boot Linux kernel
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
|
|
||||||
=> bootm
|
=> bootm
|
||||||
## Booting kernel from FIT Image at 00900000 ...
|
## Booting kernel from FIT Image at 00900000 ...
|
||||||
Using 'config@1' configuration
|
Using 'config-1' configuration
|
||||||
Trying 'kernel@1' kernel subimage
|
Trying 'kernel' kernel subimage
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -196,7 +196,7 @@ $
|
||||||
$ mkimage -l kernel_fdt.itb
|
$ mkimage -l kernel_fdt.itb
|
||||||
FIT description: Simple image with single Linux kernel and FDT blob
|
FIT description: Simple image with single Linux kernel and FDT blob
|
||||||
Created: Tue Mar 11 16:29:22 2008
|
Created: Tue Mar 11 16:29:22 2008
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -209,7 +209,7 @@ Created: Tue Mar 11 16:29:22 2008
|
||||||
Hash value: 2c0cc807
|
Hash value: 2c0cc807
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
|
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
|
||||||
Image 1 (fdt@1)
|
Image 1 (fdt-1)
|
||||||
Description: Flattened Device Tree blob
|
Description: Flattened Device Tree blob
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
Compression: uncompressed
|
Compression: uncompressed
|
||||||
|
@ -219,11 +219,11 @@ Created: Tue Mar 11 16:29:22 2008
|
||||||
Hash value: 0d655d71
|
Hash value: 0d655d71
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
|
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
|
||||||
Default Configuration: 'conf@1'
|
Default Configuration: 'conf-1'
|
||||||
Configuration 0 (conf@1)
|
Configuration 0 (conf-1)
|
||||||
Description: Boot Linux kernel with FDT blob
|
Description: Boot Linux kernel with FDT blob
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
FDT: fdt@1
|
FDT: fdt-1
|
||||||
|
|
||||||
|
|
||||||
The resulting image file kernel_fdt.itb can be now transferred to the target,
|
The resulting image file kernel_fdt.itb can be now transferred to the target,
|
||||||
|
@ -245,7 +245,7 @@ Bytes transferred = 1109776 (10ef10 hex)
|
||||||
FIT image found
|
FIT image found
|
||||||
FIT description: Simple image with single Linux kernel and FDT blob
|
FIT description: Simple image with single Linux kernel and FDT blob
|
||||||
Created: 2008-03-11 15:29:22 UTC
|
Created: 2008-03-11 15:29:22 UTC
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -259,7 +259,7 @@ Bytes transferred = 1109776 (10ef10 hex)
|
||||||
Hash value: 2c0cc807
|
Hash value: 2c0cc807
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
|
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
|
||||||
Image 1 (fdt@1)
|
Image 1 (fdt-1)
|
||||||
Description: Flattened Device Tree blob
|
Description: Flattened Device Tree blob
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
Compression: uncompressed
|
Compression: uncompressed
|
||||||
|
@ -270,15 +270,15 @@ Bytes transferred = 1109776 (10ef10 hex)
|
||||||
Hash value: 0d655d71
|
Hash value: 0d655d71
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
|
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
|
||||||
Default Configuration: 'conf@1'
|
Default Configuration: 'conf-1'
|
||||||
Configuration 0 (conf@1)
|
Configuration 0 (conf-1)
|
||||||
Description: Boot Linux kernel with FDT blob
|
Description: Boot Linux kernel with FDT blob
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
FDT: fdt@1
|
FDT: fdt-1
|
||||||
=> bootm
|
=> bootm
|
||||||
## Booting kernel from FIT Image at 00900000 ...
|
## Booting kernel from FIT Image at 00900000 ...
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Trying 'kernel@1' kernel subimage
|
Trying 'kernel' kernel subimage
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
Compression: gzip compressed
|
Compression: gzip compressed
|
||||||
|
@ -295,8 +295,8 @@ Bytes transferred = 1109776 (10ef10 hex)
|
||||||
Verifying Hash Integrity ... crc32+ sha1+ OK
|
Verifying Hash Integrity ... crc32+ sha1+ OK
|
||||||
Uncompressing Kernel Image ... OK
|
Uncompressing Kernel Image ... OK
|
||||||
## Flattened Device Tree from FIT Image at 00900000
|
## Flattened Device Tree from FIT Image at 00900000
|
||||||
Using 'conf@1' configuration
|
Using 'conf-1' configuration
|
||||||
Trying 'fdt@1' FDT blob subimage
|
Trying 'fdt-1' FDT blob subimage
|
||||||
Description: Flattened Device Tree blob
|
Description: Flattened Device Tree blob
|
||||||
Type: Flat Device Tree
|
Type: Flat Device Tree
|
||||||
Compression: uncompressed
|
Compression: uncompressed
|
||||||
|
|
|
@ -24,7 +24,7 @@ Without using overlays the configuration would be as follows for every case.
|
||||||
/dts-v1/;
|
/dts-v1/;
|
||||||
/ {
|
/ {
|
||||||
images {
|
images {
|
||||||
kernel@1 {
|
kernel {
|
||||||
data = /incbin/("./zImage");
|
data = /incbin/("./zImage");
|
||||||
type = "kernel";
|
type = "kernel";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
|
@ -32,32 +32,32 @@ Without using overlays the configuration would be as follows for every case.
|
||||||
load = <0x82000000>;
|
load = <0x82000000>;
|
||||||
entry = <0x82000000>;
|
entry = <0x82000000>;
|
||||||
};
|
};
|
||||||
fdt@1 {
|
fdt-1 {
|
||||||
data = /incbin/("./foo-reva.dtb");
|
data = /incbin/("./foo-reva.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
};
|
};
|
||||||
fdt@2 {
|
fdt-2 {
|
||||||
data = /incbin/("./foo-revb.dtb");
|
data = /incbin/("./foo-revb.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
};
|
};
|
||||||
fdt@3 {
|
fdt-3 {
|
||||||
data = /incbin/("./foo-reva-bar.dtb");
|
data = /incbin/("./foo-reva-bar.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
};
|
};
|
||||||
fdt@4 {
|
fdt-4 {
|
||||||
data = /incbin/("./foo-revb-bar.dtb");
|
data = /incbin/("./foo-revb-bar.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
};
|
};
|
||||||
fdt@5 {
|
fdt-5 {
|
||||||
data = /incbin/("./foo-revb-baz.dtb");
|
data = /incbin/("./foo-revb-baz.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
};
|
};
|
||||||
fdt@6 {
|
fdt-6 {
|
||||||
data = /incbin/("./foo-revb-bar-baz.dtb");
|
data = /incbin/("./foo-revb-bar-baz.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
|
@ -67,28 +67,28 @@ Without using overlays the configuration would be as follows for every case.
|
||||||
configurations {
|
configurations {
|
||||||
default = "foo-reva.dtb;
|
default = "foo-reva.dtb;
|
||||||
foo-reva.dtb {
|
foo-reva.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1";
|
fdt = "fdt-1";
|
||||||
};
|
};
|
||||||
foo-revb.dtb {
|
foo-revb.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@2";
|
fdt = "fdt-2";
|
||||||
};
|
};
|
||||||
foo-reva-bar.dtb {
|
foo-reva-bar.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@3";
|
fdt = "fdt-3";
|
||||||
};
|
};
|
||||||
foo-revb-bar.dtb {
|
foo-revb-bar.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@4";
|
fdt = "fdt-4";
|
||||||
};
|
};
|
||||||
foo-revb-baz.dtb {
|
foo-revb-baz.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@5";
|
fdt = "fdt-5";
|
||||||
};
|
};
|
||||||
foo-revb-bar-baz.dtb {
|
foo-revb-bar-baz.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@6";
|
fdt = "fdt-6";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -117,7 +117,7 @@ explosion problem.
|
||||||
/dts-v1/;
|
/dts-v1/;
|
||||||
/ {
|
/ {
|
||||||
images {
|
images {
|
||||||
kernel@1 {
|
kernel {
|
||||||
data = /incbin/("./zImage");
|
data = /incbin/("./zImage");
|
||||||
type = "kernel";
|
type = "kernel";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
|
@ -125,31 +125,31 @@ explosion problem.
|
||||||
load = <0x82000000>;
|
load = <0x82000000>;
|
||||||
entry = <0x82000000>;
|
entry = <0x82000000>;
|
||||||
};
|
};
|
||||||
fdt@1 {
|
fdt-1 {
|
||||||
data = /incbin/("./foo.dtb");
|
data = /incbin/("./foo.dtb");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
load = <0x87f00000>;
|
load = <0x87f00000>;
|
||||||
};
|
};
|
||||||
fdt@2 {
|
fdt-2 {
|
||||||
data = /incbin/("./reva.dtbo");
|
data = /incbin/("./reva.dtbo");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
load = <0x87fc0000>;
|
load = <0x87fc0000>;
|
||||||
};
|
};
|
||||||
fdt@3 {
|
fdt-3 {
|
||||||
data = /incbin/("./revb.dtbo");
|
data = /incbin/("./revb.dtbo");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
load = <0x87fc0000>;
|
load = <0x87fc0000>;
|
||||||
};
|
};
|
||||||
fdt@4 {
|
fdt-4 {
|
||||||
data = /incbin/("./bar.dtbo");
|
data = /incbin/("./bar.dtbo");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
load = <0x87fc0000>;
|
load = <0x87fc0000>;
|
||||||
};
|
};
|
||||||
fdt@5 {
|
fdt-5 {
|
||||||
data = /incbin/("./baz.dtbo");
|
data = /incbin/("./baz.dtbo");
|
||||||
type = "flat_dt";
|
type = "flat_dt";
|
||||||
arch = "arm";
|
arch = "arm";
|
||||||
|
@ -160,34 +160,34 @@ explosion problem.
|
||||||
configurations {
|
configurations {
|
||||||
default = "foo-reva.dtb;
|
default = "foo-reva.dtb;
|
||||||
foo-reva.dtb {
|
foo-reva.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@2";
|
fdt = "fdt-1", "fdt-2";
|
||||||
};
|
};
|
||||||
foo-revb.dtb {
|
foo-revb.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@3";
|
fdt = "fdt-1", "fdt-3";
|
||||||
};
|
};
|
||||||
foo-reva-bar.dtb {
|
foo-reva-bar.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@2", "fdt@4";
|
fdt = "fdt-1", "fdt-2", "fdt-4";
|
||||||
};
|
};
|
||||||
foo-revb-bar.dtb {
|
foo-revb-bar.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@3", "fdt@4";
|
fdt = "fdt-1", "fdt-3", "fdt-4";
|
||||||
};
|
};
|
||||||
foo-revb-baz.dtb {
|
foo-revb-baz.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@3", "fdt@5";
|
fdt = "fdt-1", "fdt-3", "fdt-5";
|
||||||
};
|
};
|
||||||
foo-revb-bar-baz.dtb {
|
foo-revb-bar-baz.dtb {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel";
|
||||||
fdt = "fdt@1", "fdt@3", "fdt@4", "fdt@5";
|
fdt = "fdt-1", "fdt-3", "fdt-4", "fdt-5";
|
||||||
};
|
};
|
||||||
bar {
|
bar {
|
||||||
fdt = "fdt@4";
|
fdt = "fdt-4";
|
||||||
};
|
};
|
||||||
baz {
|
baz {
|
||||||
fdt = "fdt@5";
|
fdt = "fdt-5";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -83,7 +83,7 @@ Device Tree Bindings
|
||||||
The following properties are required in the FIT's signature node(s) to
|
The following properties are required in the FIT's signature node(s) to
|
||||||
allow the signer to operate. These should be added to the .its file.
|
allow the signer to operate. These should be added to the .its file.
|
||||||
Signature nodes sit at the same level as hash nodes and are called
|
Signature nodes sit at the same level as hash nodes and are called
|
||||||
signature@1, signature@2, etc.
|
signature-1, signature-2, etc.
|
||||||
|
|
||||||
- algo: Algorithm name (e.g. "sha1,rsa2048")
|
- algo: Algorithm name (e.g. "sha1,rsa2048")
|
||||||
|
|
||||||
|
@ -118,9 +118,9 @@ For config bindings, these properties are added by the signer:
|
||||||
- hashed-nodes: A list of nodes which were hashed by the signer. Each is
|
- hashed-nodes: A list of nodes which were hashed by the signer. Each is
|
||||||
a string - the full path to node. A typical value might be:
|
a string - the full path to node. A typical value might be:
|
||||||
|
|
||||||
hashed-nodes = "/", "/configurations/conf@1", "/images/kernel@1",
|
hashed-nodes = "/", "/configurations/conf-1", "/images/kernel",
|
||||||
"/images/kernel@1/hash@1", "/images/fdt@1",
|
"/images/kernel/hash-1", "/images/fdt-1",
|
||||||
"/images/fdt@1/hash@1";
|
"/images/fdt-1/hash-1";
|
||||||
|
|
||||||
- hashed-strings: The start and size of the string region of the FIT that
|
- hashed-strings: The start and size of the string region of the FIT that
|
||||||
was hashed
|
was hashed
|
||||||
|
@ -178,44 +178,44 @@ As an example, consider this FIT:
|
||||||
|
|
||||||
/ {
|
/ {
|
||||||
images {
|
images {
|
||||||
kernel@1 {
|
kernel-1 {
|
||||||
data = <data for kernel1>
|
data = <data for kernel1>
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
value = <...kernel signature 1...>
|
value = <...kernel signature 1...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kernel@2 {
|
kernel-2 {
|
||||||
data = <data for kernel2>
|
data = <data for kernel2>
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
value = <...kernel signature 2...>
|
value = <...kernel signature 2...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fdt@1 {
|
fdt-1 {
|
||||||
data = <data for fdt1>;
|
data = <data for fdt1>;
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
vaue = <...fdt signature 1...>
|
vaue = <...fdt signature 1...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fdt@2 {
|
fdt-2 {
|
||||||
data = <data for fdt2>;
|
data = <data for fdt2>;
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
vaue = <...fdt signature 2...>
|
vaue = <...fdt signature 2...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
configurations {
|
configurations {
|
||||||
default = "conf@1";
|
default = "conf-1";
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel-1";
|
||||||
fdt = "fdt@1";
|
fdt = "fdt-1";
|
||||||
};
|
};
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@2";
|
kernel = "kernel-2";
|
||||||
fdt = "fdt@2";
|
fdt = "fdt-2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -224,18 +224,18 @@ Since both kernels are signed it is easy for an attacker to add a new
|
||||||
configuration 3 with kernel 1 and fdt 2:
|
configuration 3 with kernel 1 and fdt 2:
|
||||||
|
|
||||||
configurations {
|
configurations {
|
||||||
default = "conf@1";
|
default = "conf-1";
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel-1";
|
||||||
fdt = "fdt@1";
|
fdt = "fdt-1";
|
||||||
};
|
};
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@2";
|
kernel = "kernel-2";
|
||||||
fdt = "fdt@2";
|
fdt = "fdt-2";
|
||||||
};
|
};
|
||||||
conf@3 {
|
conf-3 {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel-1";
|
||||||
fdt = "fdt@2";
|
fdt = "fdt-2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -250,49 +250,49 @@ So the above example is adjusted to look like this:
|
||||||
|
|
||||||
/ {
|
/ {
|
||||||
images {
|
images {
|
||||||
kernel@1 {
|
kernel-1 {
|
||||||
data = <data for kernel1>
|
data = <data for kernel1>
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
value = <...kernel hash 1...>
|
value = <...kernel hash 1...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kernel@2 {
|
kernel-2 {
|
||||||
data = <data for kernel2>
|
data = <data for kernel2>
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
value = <...kernel hash 2...>
|
value = <...kernel hash 2...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fdt@1 {
|
fdt-1 {
|
||||||
data = <data for fdt1>;
|
data = <data for fdt1>;
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
value = <...fdt hash 1...>
|
value = <...fdt hash 1...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fdt@2 {
|
fdt-2 {
|
||||||
data = <data for fdt2>;
|
data = <data for fdt2>;
|
||||||
hash@1 {
|
hash-1 {
|
||||||
algo = "sha1";
|
algo = "sha1";
|
||||||
value = <...fdt hash 2...>
|
value = <...fdt hash 2...>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
configurations {
|
configurations {
|
||||||
default = "conf@1";
|
default = "conf-1";
|
||||||
conf@1 {
|
conf-1 {
|
||||||
kernel = "kernel@1";
|
kernel = "kernel-1";
|
||||||
fdt = "fdt@1";
|
fdt = "fdt-1";
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
value = <...conf 1 signature...>;
|
value = <...conf 1 signature...>;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
conf@2 {
|
conf-2 {
|
||||||
kernel = "kernel@2";
|
kernel = "kernel-2";
|
||||||
fdt = "fdt@2";
|
fdt = "fdt-2";
|
||||||
signature@1 {
|
signature-1 {
|
||||||
algo = "sha1,rsa2048";
|
algo = "sha1,rsa2048";
|
||||||
value = <...conf 1 signature...>;
|
value = <...conf 1 signature...>;
|
||||||
};
|
};
|
||||||
|
@ -303,11 +303,11 @@ So the above example is adjusted to look like this:
|
||||||
|
|
||||||
You can see that we have added hashes for all images (since they are no
|
You can see that we have added hashes for all images (since they are no
|
||||||
longer signed), and a signature to each configuration. In the above example,
|
longer signed), and a signature to each configuration. In the above example,
|
||||||
mkimage will sign configurations/conf@1, the kernel and fdt that are
|
mkimage will sign configurations/conf-1, the kernel and fdt that are
|
||||||
pointed to by the configuration (/images/kernel@1, /images/kernel@1/hash@1,
|
pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1,
|
||||||
/images/fdt@1, /images/fdt@1/hash@1) and the root structure of the image
|
/images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image
|
||||||
(so that it isn't possible to add or remove root nodes). The signature is
|
(so that it isn't possible to add or remove root nodes). The signature is
|
||||||
written into /configurations/conf@1/signature@1/value. It can easily be
|
written into /configurations/conf-1/signature-1/value. It can easily be
|
||||||
verified later even if the FIT has been signed with other keys in the
|
verified later even if the FIT has been signed with other keys in the
|
||||||
meantime.
|
meantime.
|
||||||
|
|
||||||
|
|
|
@ -102,15 +102,15 @@ Root node of the uImage Tree should have the following layout:
|
||||||
|
|
|
|
||||||
o images
|
o images
|
||||||
| |
|
| |
|
||||||
| o image@1 {...}
|
| o image-1 {...}
|
||||||
| o image@2 {...}
|
| o image-2 {...}
|
||||||
| ...
|
| ...
|
||||||
|
|
|
|
||||||
o configurations
|
o configurations
|
||||||
|- default = "conf@1"
|
|- default = "conf-1"
|
||||||
|
|
|
|
||||||
o conf@1 {...}
|
o conf-1 {...}
|
||||||
o conf@2 {...}
|
o conf-2 {...}
|
||||||
...
|
...
|
||||||
|
|
||||||
|
|
||||||
|
@ -142,7 +142,7 @@ Root node of the uImage Tree should have the following layout:
|
||||||
This node is a container node for component sub-image nodes. Each sub-node of
|
This node is a container node for component sub-image nodes. Each sub-node of
|
||||||
the '/images' node should have the following layout:
|
the '/images' node should have the following layout:
|
||||||
|
|
||||||
o image@1
|
o image-1
|
||||||
|- description = "component sub-image description"
|
|- description = "component sub-image description"
|
||||||
|- data = /incbin/("path/to/data/file.bin")
|
|- data = /incbin/("path/to/data/file.bin")
|
||||||
|- type = "sub-image type name"
|
|- type = "sub-image type name"
|
||||||
|
@ -152,8 +152,8 @@ the '/images' node should have the following layout:
|
||||||
|- load = <00000000>
|
|- load = <00000000>
|
||||||
|- entry = <00000000>
|
|- entry = <00000000>
|
||||||
|
|
|
|
||||||
o hash@1 {...}
|
o hash-1 {...}
|
||||||
o hash@2 {...}
|
o hash-2 {...}
|
||||||
...
|
...
|
||||||
|
|
||||||
Mandatory properties:
|
Mandatory properties:
|
||||||
|
@ -183,14 +183,14 @@ the '/images' node should have the following layout:
|
||||||
property of the root node. Mandatory for types: "standalone" and "kernel".
|
property of the root node. Mandatory for types: "standalone" and "kernel".
|
||||||
|
|
||||||
Optional nodes:
|
Optional nodes:
|
||||||
- hash@1 : Each hash sub-node represents separate hash or checksum
|
- hash-1 : Each hash sub-node represents separate hash or checksum
|
||||||
calculated for node's data according to specified algorithm.
|
calculated for node's data according to specified algorithm.
|
||||||
|
|
||||||
|
|
||||||
5) Hash nodes
|
5) Hash nodes
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
o hash@1
|
o hash-1
|
||||||
|- algo = "hash or checksum algorithm name"
|
|- algo = "hash or checksum algorithm name"
|
||||||
|- value = [hash or checksum value]
|
|- value = [hash or checksum value]
|
||||||
|
|
||||||
|
@ -212,8 +212,8 @@ The 'configurations' node has has the following structure:
|
||||||
o configurations
|
o configurations
|
||||||
|- default = "default configuration sub-node unit name"
|
|- default = "default configuration sub-node unit name"
|
||||||
|
|
|
|
||||||
o config@1 {...}
|
o config-1 {...}
|
||||||
o config@2 {...}
|
o config-2 {...}
|
||||||
...
|
...
|
||||||
|
|
||||||
|
|
||||||
|
@ -231,7 +231,7 @@ o configurations
|
||||||
|
|
||||||
Each configuration has the following structure:
|
Each configuration has the following structure:
|
||||||
|
|
||||||
o config@1
|
o config-1
|
||||||
|- description = "configuration description"
|
|- description = "configuration description"
|
||||||
|- kernel = "kernel sub-node unit name"
|
|- kernel = "kernel sub-node unit name"
|
||||||
|- ramdisk = "ramdisk sub-node unit name"
|
|- ramdisk = "ramdisk sub-node unit name"
|
||||||
|
|
|
@ -197,7 +197,7 @@ You can take a look at the resulting fit file if you like:
|
||||||
$ dumpimage -l image.fit
|
$ dumpimage -l image.fit
|
||||||
FIT description: Simple image with single Linux kernel on x86
|
FIT description: Simple image with single Linux kernel on x86
|
||||||
Created: Tue Oct 7 10:57:24 2014
|
Created: Tue Oct 7 10:57:24 2014
|
||||||
Image 0 (kernel@1)
|
Image 0 (kernel)
|
||||||
Description: Vanilla Linux kernel
|
Description: Vanilla Linux kernel
|
||||||
Created: Tue Oct 7 10:57:24 2014
|
Created: Tue Oct 7 10:57:24 2014
|
||||||
Type: Kernel Image
|
Type: Kernel Image
|
||||||
|
@ -209,7 +209,7 @@ Created: Tue Oct 7 10:57:24 2014
|
||||||
Entry Point: 0x00000000
|
Entry Point: 0x00000000
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
|
Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
|
||||||
Image 1 (setup@1)
|
Image 1 (setup)
|
||||||
Description: Linux setup.bin
|
Description: Linux setup.bin
|
||||||
Created: Tue Oct 7 10:57:24 2014
|
Created: Tue Oct 7 10:57:24 2014
|
||||||
Type: x86 setup.bin
|
Type: x86 setup.bin
|
||||||
|
@ -217,10 +217,10 @@ Created: Tue Oct 7 10:57:24 2014
|
||||||
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
|
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
|
||||||
Hash algo: sha1
|
Hash algo: sha1
|
||||||
Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
|
Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
|
||||||
Default Configuration: 'config@1'
|
Default Configuration: 'config-1'
|
||||||
Configuration 0 (config@1)
|
Configuration 0 (config-1)
|
||||||
Description: Boot Linux kernel
|
Description: Boot Linux kernel
|
||||||
Kernel: kernel@1
|
Kernel: kernel
|
||||||
|
|
||||||
|
|
||||||
Booting the FIT
|
Booting the FIT
|
||||||
|
|
Loading…
Reference in New Issue
Block a user