#address-cells = <1>;
images {
- kernel@1 {
+ kernel {
data = /incbin/("Image.lzo");
type = "kernel";
arch = "arm";
compression = "lzo";
load = <0x80008000>;
entry = <0x80008000>;
- hash@1 {
+ hash-1 {
algo = "sha1";
};
};
- fdt@1 {
+ fdt-1 {
description = "beaglebone-black";
data = /incbin/("am335x-boneblack.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
- hash@1 {
+ hash-1 {
algo = "sha1";
};
};
};
configurations {
- default = "conf@1";
- conf@1 {
- kernel = "kernel@1";
- fdt = "fdt@1";
- signature@1 {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature-1 {
algo = "sha1,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
FIT description: Beaglebone black
Created: Sun Jun 1 12:50:30 2014
- Image 0 (kernel@1)
+ Image 0 (kernel)
Description: unavailable
Created: Sun Jun 1 12:50:30 2014
Type: Kernel Image
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
- Image 1 (fdt@1)
+ Image 1 (fdt-1)
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
Type: Flat Device Tree
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
- Default Configuration: 'conf@1'
- Configuration 0 (conf@1)
+ Default Configuration: 'conf-1'
+ Configuration 0 (conf-1)
Description: unavailable
- Kernel: kernel@1
- FDT: fdt@1
+ Kernel: kernel
+ FDT: fdt-1
Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
Verifying Hash Integrity ... sha1,rsa2048:dev+
## Loading kernel from FIT Image at 7fc6ee469000 ...
- Using 'conf@1' configuration
+ Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
OK
- Trying 'kernel@1' kernel subimage
+ Trying 'kernel' kernel subimage
Description: unavailable
Created: Sun Jun 1 12:50:30 2014
Type: Kernel Image
Unimplemented compression type 4
## Loading fdt from FIT Image at 7fc6ee469000 ...
- Using 'conf@1' configuration
- Trying 'fdt@1' fdt subimage
+ Using 'conf-1' configuration
+ Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
Type: Flat Device Tree
Loading Flat Device Tree ... OK
## Loading ramdisk from FIT Image at 7fc6ee469000 ...
- Using 'conf@1' configuration
+ Using 'conf-1' configuration
Could not find subimage node
Signature check OK
But it is fun to do this by hand, so you can load image.fit into a hex editor
like ghex, and change a byte in the kernel:
- $UOUT/tools/fit_info -f image.fit -n /images/kernel@1 -p data
-NAME: kernel@1
+ $UOUT/tools/fit_info -f image.fit -n /images/kernel -p data
+NAME: kernel
LEN: 7790938
OFF: 168
Verifying Hash Integrity ... sha1,rsa2048:dev+
## Loading kernel from FIT Image at 7f5a39571000 ...
- Using 'conf@1' configuration
+ Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
OK
- Trying 'kernel@1' kernel subimage
+ Trying 'kernel' kernel subimage
Description: unavailable
Created: Sun Jun 1 13:09:21 2014
Type: Kernel Image
Hash value: c94364646427e10f423837e559898ef02c97b988
Verifying Hash Integrity ...
sha1 error
-Bad hash value for 'hash@1' hash node in 'kernel@1' image node
+Bad hash value for 'hash-1' hash node in 'kernel' image node
Bad Data Hash
## Loading fdt from FIT Image at 7f5a39571000 ...
- Using 'conf@1' configuration
- Trying 'fdt@1' fdt subimage
+ Using 'conf-1' configuration
+ Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: Sun Jun 1 13:09:21 2014
Type: Flat Device Tree
Loading Flat Device Tree ... OK
## Loading ramdisk from FIT Image at 7f5a39571000 ...
- Using 'conf@1' configuration
+ Using 'conf-1' configuration
Could not find subimage node
Signature check Bad (error 1)
configurations
fdtget -l image.fit /configurations
-conf@1
-fdtget -l image.fit /configurations/conf@1
-signature@1
+conf-1
+fdtget -l image.fit /configurations/conf-1
+signature-1
- fdtget -p image.fit /configurations/conf@1/signature@1
+ fdtget -p image.fit /configurations/conf-1/signature-1
hashed-strings
hashed-nodes
timestamp
key-name-hint
sign-images
- fdtget image.fit /configurations/conf@1/signature@1 hashed-nodes
-/ /configurations/conf@1 /images/fdt@1 /images/fdt@1/hash@1 /images/kernel@1 /images/kernel@1/hash@1
+ fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes
+/ /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1
This gives us a bit of a look into the signature that mkimage added. Note you
can also use fdtdump to list the entire device tree.
Say we want to change the kernel that this configuration uses
-(/images/kernel@1). We could just put a new kernel in the image, but we will
+(/images/kernel). We could just put a new kernel in the image, but we will
need to change the hash to match. Let's simulate that by changing a byte of
the hash:
- fdtget -tx image.fit /images/kernel@1/hash@1 value
+ fdtget -tx image.fit /images/kernel/hash-1 value
c9436464 6427e10f 423837e5 59898ef0 2c97b988
- fdtput -tx image.fit /images/kernel@1/hash@1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
+ fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
Now check it again:
configuration in any way. Try it with a fresh (valid) image if you like by
running the mkimage link again. Then:
- fdtput -p image.fit /configurations/conf@1/signature@2 value fred
+ fdtput -p image.fit /configurations/conf-1/signature-1 value fred
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... -
sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
7824930 bytes read in 589 ms (12.7 MiB/s)
U-Boot# bootm 82000000
## Loading kernel from FIT Image at 82000000 ...
- Using 'conf@1' configuration
+ Using 'conf-1' configuration
Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
- Trying 'kernel@1' kernel subimage
+ Trying 'kernel' kernel subimage
Description: unavailable
Created: 2014-06-01 19:32:54 UTC
Type: Kernel Image
Hash value: c94364646427e10f423837e559898ef02c97b988
Verifying Hash Integrity ... sha1+ OK
## Loading fdt from FIT Image at 82000000 ...
- Using 'conf@1' configuration
- Trying 'fdt@1' fdt subimage
+ Using 'conf-1' configuration
+ Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: 2014-06-01 19:32:54 UTC
Type: Flat Device Tree