persmule has quit [Remote host closed the connection]
rockosov_ has quit [Ping timeout: 240 seconds]
rockosov_ has joined #u-boot
persmule has joined #u-boot
monstr has joined #u-boot
PhoenixMage has joined #u-boot
<PhoenixMage>
Hi all, I am trying to create a fit image with a uefi binary in it instead of a kernel without much success. Does the fitImage have to be signed for it to work or is unsigned ok?
<PhoenixMage>
If I set the efi (grub-aa64) in the its to arch=arm I get Not a "PE-COFF file" when I set it to arm64 I get "Bad Linux ARM64 Image magic!"
<PhoenixMage>
I can use the fdt and the efi file to boot ok with bootefi, if I imxtract the efi to memory and try to use it it doesnt appear to be valid
<xypron>
PhoenixMage: There is a python test case for UEFI in FIT images.
<xypron>
Both signed and unsigned should work depending on configuration.
<xypron>
PhoenixMage: arch = "arm64"; in the its works when packaging a 64bit UEFI binaries like lib/efi_loader/helloworld.efi
<xypron>
PhoenixMage: "Not a PE-COFF file\n" is written when bootm has passed the binary to the UEFI sub-system and it does not pass the tests in efi_check_pe().
hanetzer has quit [Ping timeout: 265 seconds]
hanetzer has joined #u-boot
ebach has joined #u-boot
Eschik has quit [Quit: Connection closed for inactivity]
<milkylainen>
Anyone else beside sjg1? Is there a way to verify mkimage signed fit images with the public key without running the bootloader which normally does the same job?
<milkylainen>
Afaics mkimage does not have a verification option?
<milkylainen>
Perhaps I'm blind.
<xypron>
milkylainen: Wouldn't such a functionality better fit into dumpimage than in mkimage?
<milkylainen>
xypron: Hmm. Is there such a functionality in dumpimage? As I said. Blind. *checks*
<xypron>
no
<milkylainen>
ah. :D
<xypron>
The sandbox should do the job?
<milkylainen>
I'd prefer not to launch a thing over a signature validation.
ldevulder has joined #u-boot
<PhoenixMage>
Thanks xypron I'll look at it later
stipa has quit [Ping timeout: 256 seconds]
<milkylainen>
I was thinking within the confines of distro packaging of "uboot tools".
<milkylainen>
So dumpimage would work.
xroumegue has joined #u-boot
stipa has joined #u-boot
konradybcio[m] has quit [Remote host closed the connection]
<PhoenixMage>
"grub-efi-bootaa64.efi: PE32+ executable (EFI application) Aarch64 (stripped to external PDB), for MS Windows"
<Kwiboo>
PhoenixMage: do you need to use a fit for checksum/signing validation? you do know that bootstd will look for efi/boot/bootaa64.efi and start it by default without such custom fit?
<PhoenixMage>
I do, the problem I am having that I am trying to solve is the u-boot dts and the linux dts arent in sync for the Rock 5b
<PhoenixMage>
I know you from the radxa discord dont I? Pointed me to a dts patch for Rock 3a?
<PhoenixMage>
I using fit because its a nice little package wrapped up in a bow that gets me to grub which is then integrated nicely with mender and provides conistency across my many different boards
<PhoenixMage>
I did try dumping the dtb in / and /rockchip on the vfat boot partition, didnt seem to help
<PhoenixMage>
Assuming the file name is supposed to be the default one
<PhoenixMage>
Though looking at that code maybe it should have been in efi/boot...
<PhoenixMage>
C is almost illegible to me so I can decipher what the filename should be...
<Kwiboo>
with CONFIG_LOGLEVEL=7 or higher the path it will try should be printed to console
<PhoenixMage>
Think I got it but boy does my C suck lol, its been 20+ years since I have written and I think the alcohol killed everything I didnt know about pointers
<PhoenixMage>
Can I do that at the u-boot cli before I boot it or would I need to recompile it in?
<milkylainen>
manchaw: oh. I'll check it out. Told the channel I was blind.
<milkylainen>
manchaw: Doesn't seem to be part of typical distro packaging though.
<milkylainen>
manchaw: interesting. doesn't validate the fit, but everything boots it fine. I think the fit image is fine but the fit_sign_check is broken somehow?
Eschik has joined #u-boot
<milkylainen>
The checker seems to want to uncompress the images too? Strange. What for? Signature and hashes are calculated as is?
ebach has quit [Quit: Leaving]
lucascastro has quit [Quit: Leaving]
mmu_man has quit [Ping timeout: 240 seconds]
ladis has quit [Ping timeout: 240 seconds]
ladis has joined #u-boot
mmu_man has joined #u-boot
mmu_man has quit [Ping timeout: 240 seconds]
<PhoenixMage>
No dice on putting a dtb in the path, will take another look at why the fit image isnt working with a work efi tomorrow
<manchaw>
milkylainen: Not really sure about your queries, I haven't used it a lot
apritzel has joined #u-boot
apritzel has quit [Ping timeout: 268 seconds]
ikarso has quit [Quit: Connection closed for inactivity]
<milkylainen>
manchaw: It's a bug. The program doesn't really cope with compressed fit image components well. The functions used more used for boot. So it tries to decompress things, fails and propagates various errors. Decompression isn't really needed for signature validation.
<milkylainen>
Yeah. I fixed it.
<milkylainen>
manchaw: tnx for the pointer, much appreciated.
<milkylainen>
sjg1: fit sign checker breaks when dealing with uncompression of various fdt blobs. Instead of just verifying the signatures of data.
ladis has quit [Quit: Leaving]
monstr has quit [Remote host closed the connection]