Hi,
I'm trying to keep our board in sync with upstream, but when trying to
port it to v2020.10-rc4, the kernel verification fails:
## Loading kernel from FIT Image at 03000000 ...
Using 'conf-def.dtb' configuration
Verifying Hash Integrity ... sha1,rsa2048:dev- error!
Verification failed for '<NULL>' hash node in 'conf-def.dtb' config node
Failed to verify required signature 'key-dev'
Bad Data Hash
ERROR: can't get kernel image!
Our current board code is based on v2020.04 where everything works as
expected.
I have checked that U-Boot's .dtb has identical /signature nodes between
the two versions, both from within U-Boot with 'fdt print /signature'
and using fdtdump:
=> fdt print /signature
signature {
key-dev {
required = "conf";
algo = "sha1,rsa2048";
rsa,r-squared = ...
rsa,modulus = ...
rsa,exponent = ...
rsa,n0-inverse = ...
rsa,num-bits = <0x00000800>;
key-name-hint = "dev";
};
};
(except that apparently the new version of U-Boot no longer abbreviates
the r-squared and modulus values to an "* adress [length]" format).
I wanted to try using tools/fit_check_sign as a quick way to bisect
this, unfortunately the v2020.10-rc4 version (also) says that the kernel
image is correctly signed.
Does anyone have a crystal ball that says what might have changed to
cause this? The board in question is based on mpc8309, i.e. big-endian
powerpc.
Thanks,
Rasmus
