Hi Simon, Thanks a lot for your help.
I was experimenting with few options : finally I got a working combination. I added below options in configs/omap3_overo_defconfig CONFIG_RSA=y CONFIG_DM=y and in include/configs/omap3_overo.h. #define CONFIG_OF_CONTROL #define CONFIG_OF_SEPARATE #define CONFIG_FIT #define CONFIG_FIT_SIGNATURE #define CONFIG_FIT_VERBOSE and used EXT_DTB option for make. now it works fine for the verified boot for gumstix overo. So I think, putting CONFIG_RSA [CONFIG_RSA alone, since I can't put all there - board hanging issue ] in defconfig enabled the RSA options for the board. Thanks & Regards, Arun On Wed, May 18, 2016 at 11:59 PM, Simon Glass <[email protected]> wrote: > Hi Arun, > > On 3 May 2016 at 19:50, Arun Kuttiyara Varghese <[email protected]> > wrote: > > Hi Simon, > > > > Thanks for the help. > > > > There is an update. > > > > I experimented with the two options. > > > > Option 1 > > ===== > > > > Like you mentioned, I tried putting all the RSA boot options to > > configs/omap3_overo_defconfig. > > but surprisingly, the board was not able to boot. it stucks after > printing > > one line of junk characters. > > > > So I think, putting definitions in include/configs/omap3_overo.h is also > > fine ? > > Not if it is in Kconfig. That sounds like a separate problem. But i"m > not sure what. > > > > > Option 2 > > ==== > > > > 1. changed u-boot-dtb.img name to u-boot.img . > > 2. then board is able to boot, but gives the below message when I tried > to > > use bootm. > > > > Overo # > > ## Loading kernel from FIT Image at 82000000 ... > > Using 'conf@1' configuration > > Verifying Hash Integrity ... sha1,rsa2048:my_keyRSA: Can't find > Modular > > Exp implementation > > RSA: Can't find Modular Exp implementation > > - Failed to verify required signature 'key-my_key' > > Bad Data Hash > > ERROR: can't get kernel image! > > Overo # > > If you grep for that message you see: > > ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); > if (ret) { > printf("RSA: Can't find Modular Exp implementation\n"); > return -EINVAL; > } > > It is trying to find that uclass. Assuming that you have driver model > enabled (CONFIG_DM), I wonder if you have CONFIG_RSA_SOFTWARE_EXP > enabled? Unfortunately it looks like you have to do that manually as > the option is not in Kconfig. > > It is a driver for modular exponentiation, used for RSA. Some chips > include hardware acceleration, but there is a software driver as a > fallback. > > > > > > > As mentioned in doc/uImage.FIT/beaglebone_vboot.txt, I tried the script - > > tools/fit_check_sign, and its output is normal. Able to verify the > > signature. > > > > So still dont know, what is the exact issue, why I am getting the above > > error message. > > I searched for UCLASS_MOD_EXP, /* RSA Mod Exp device */, but couldn't > > get much info. > > > > What is RSA Mod Exp device and how to make sure that I have that ? > > > > Any input to debugging will be greatly helpful. > > > > Thanks & Regards, > > Arun > > > > > > Regards, > Simon > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sun, May 1, 2016 at 2:55 PM, Simon Glass <[email protected]> wrote: > >> > >> Hi Arun, > >> > >> On 28 April 2016 at 14:48, Arun Kuttiyara Varghese > >> <[email protected]> wrote: > >> > Hi All, > >> > > >> > I was trying to enable the secured boot in u-boot for gumstix overo > >> > storm. > >> > > >> > based on http://www.denx-cs.de/doku/?q=m28verifiedboot > >> > > >> > After I prepared by SD cards, u-boot is not able to boot > >> > and gives the below error message. > >> > > >> > > >> > U-Boot SPL 2015.07 (Apr 28 2016 - 13:53:06) > >> > SPL: Please implement spl_start_uboot() for your board > >> > >> This seems to be implemented for pepper, so to avoid this warning you > >> could add this function for your board. > >> . > >> > SPL: Direct Linux boot not active! > >> > reading u-boot.img > >> > spl_load_image_fat: error reading image u-boot.img, err - -1 > >> > SPL: Please implement spl_start_uboot() for your board > >> > SPL: Direct Linux boot not active! > >> > Failed to mount ext2 filesystem... > >> > spl_load_image_ext: ext4fs mount err - 0 > >> > > >> > ================ > >> > > >> > This is the u-boot.dts file that I am using. > >> > > >> > > >> > /dts-v1/; > >> > > >> > / { > >> > model = "Keys"; > >> > > >> > signature { > >> > key-dev { > >> > required = "conf"; > >> > algo = "sha1,rsa2048"; > >> > key-name-hint = "my_key"; > >> > }; > >> > }; > >> > }; > >> > > >> > compilation using : > >> > dtc -p 0x1000 /work/u-boot.dts -O dtb -o /work/u-boot.dtb > >> > > >> > And these are the conf that I have added to > >> > include/configs/omap3_overo.h > >> > > >> > #define CONFIG_OF_CONTROL > >> > #define CONFIG_OF_SEPARATE > >> > #define CONFIG_FIT > >> > #define CONFIG_FIT_SIGNATURE > >> > #define CONFIG_RSA > >> > #define CONFIG_FIT_VERBOSE > >> > >> These are in Kconfig now, so you should add them to > >> configs/omap3_overo_defconfig. > >> > >> I'm not sure what is wrong, but those two things might help. > >> > >> > > >> > and I am compiling u-boot by using below line : > >> > > >> > make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- > EXT_DTB=/work/u-boot.dtb > >> > all > >> > -j4 > >> > > >> > Please let me know if you have any ideas on how to debug this issue. > >> > > >> > Thanks & Regards, > >> > Arun > >> Regards, > >> Simon > > > > > _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
