Hi Simon & All
These days I tested verified U-Boot on ARM Foundation. And I found a problem
when I tested like this:
1) Generate a FIT image and signature blob file like: mkimage -D "-I dts
-O dtb -p 2000" -F kernel.its -k keys -K fvp.dtb -r signed_image.fit
2) Compile the Uboot like :
Step1: Make distclean
Step2: Make DEVICE_TREE=foundation all. After this step, there generated a
u-boot-dtb.bin file, but public key was not contained in it.
Normally I should use the public key contained blob file fvp.dtb to compile
Uoobt like: make EXT_DTB=<path>/fvp.dtb.
In my test case, I omitted the last step, and just choose step2's result to
test.
3) Package firmware together with uboot
4) Boot system on Foundation
For the signed_image.fit contains the signature information, but U-Boot has no
public key information contained, When U-boot load the image,
There occurred error information like ": No signature node found: ", this
result was normal.
But the system wasn't stopped after this error information, it keep going on
and boot the system success at last!
I checked the source code about UBoot, and found problem in function
fit_config_verify_required_sigs
Please note the red part.
int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
const void *sig_blob)
{
int noffset;
int sig_node;
/* Work out what we need to verify */
sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
if (sig_node < 0) {
debug("%s: No signature node found: %s\n", __func__,
fdt_strerror(sig_node));
return 0; --> Since mismatch exists between UBoot and images, system
should return a error code. Return 0 means the result was ok.
}
.........
After I modified return0 to return -1, result seems ok.
Please check this problem, and confirm should I have to commit a patch or
someone else will modify it.
Sincerely.
Jason
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
