Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 1 | .. SPDX-License-Identifier: GPL-2.0+ |
| 2 | |
| 3 | Verified Boot on the Beaglebone Black |
| 4 | ===================================== |
| 5 | |
| 6 | Introduction |
| 7 | ------------ |
| 8 | |
| 9 | Before reading this, please read :doc:`verified-boot` and :doc:`signature`. |
| 10 | These instructions are for mainline U-Boot from v2014.07 onwards. |
| 11 | |
| 12 | There is quite a bit of documentation in this directory describing how |
| 13 | verified boot works in U-Boot. There is also a test which runs through the |
| 14 | entire process of signing an image and running U-Boot (sandbox) to check it. |
| 15 | However, it might be useful to also have an example on a real board. |
| 16 | |
| 17 | Beaglebone Black is a fairly common board so seems to be a reasonable choice |
| 18 | for an example of how to enable verified boot using U-Boot. |
| 19 | |
| 20 | First a note that may to help avoid confusion. U-Boot and Linux both use |
| 21 | device tree. They may use the same device tree source, but it is seldom useful |
| 22 | for them to use the exact same binary from the same place. More typically, |
| 23 | U-Boot has its device tree packaged with it, and the kernel's device tree is |
| 24 | packaged with the kernel. In particular this is important with verified boot, |
| 25 | since U-Boot's device tree must be immutable. If it can be changed then the |
| 26 | public keys can be changed and verified boot is useless. An attacker can |
| 27 | simply generate a new key and put his public key into U-Boot so that |
| 28 | everything verifies. On the other hand the kernel's device tree typically |
| 29 | changes when the kernel changes, so it is useful to package an updated device |
| 30 | tree with the kernel binary. U-Boot supports the latter with its flexible FIT |
| 31 | format (Flat Image Tree). |
| 32 | |
| 33 | |
| 34 | Overview |
| 35 | -------- |
| 36 | |
| 37 | The steps are roughly as follows: |
| 38 | |
| 39 | #. Build U-Boot for the board, with the verified boot options enabled. |
| 40 | |
| 41 | #. Obtain a suitable Linux kernel |
| 42 | |
| 43 | #. Create a Image Tree Source file (ITS) file describing how you want the |
| 44 | kernel to be packaged, compressed and signed. |
| 45 | |
| 46 | #. Create a key pair |
| 47 | |
| 48 | #. Sign the kernel |
| 49 | |
| 50 | #. Put the public key into U-Boot's image |
| 51 | |
| 52 | #. Put U-Boot and the kernel onto the board |
| 53 | |
| 54 | #. Try it |
| 55 | |
| 56 | |
| 57 | Step 1: Build U-Boot |
| 58 | -------------------- |
| 59 | |
| 60 | a. Set up the environment variable to point to your toolchain. You will need |
| 61 | this for U-Boot and also for the kernel if you build it. For example if you |
| 62 | installed a Linaro version manually it might be something like:: |
| 63 | |
| 64 | export CROSS_COMPILE=/opt/linaro/gcc-linaro-arm-linux-gnueabihf-4.8-2013.08_linux/bin/arm-linux-gnueabihf- |
| 65 | |
| 66 | or if you just installed gcc-arm-linux-gnueabi then it might be:: |
| 67 | |
| 68 | export CROSS_COMPILE=arm-linux-gnueabi- |
| 69 | |
Simon Glass | d93b48d | 2024-06-27 09:29:49 +0100 | [diff] [blame] | 70 | b. Configure and build U-Boot with verified boot enabled. Note that we use the |
| 71 | am335x_evm target since it covers all boards based on the AM335x evaluation |
| 72 | board:: |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 73 | |
| 74 | export UBOOT=/path/to/u-boot |
| 75 | cd $UBOOT |
| 76 | # You can add -j10 if you have 10 CPUs to make it faster |
Simon Glass | d93b48d | 2024-06-27 09:29:49 +0100 | [diff] [blame] | 77 | make O=b/am335x_evm am335x_evm_config all |
| 78 | export UOUT=$UBOOT/b/am335x_evm |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 79 | |
| 80 | c. You will now have a U-Boot image:: |
| 81 | |
Simon Glass | d93b48d | 2024-06-27 09:29:49 +0100 | [diff] [blame] | 82 | file b/am335x_evm/u-boot-dtb.img |
| 83 | b/am335x_evm/u-boot-dtb.img: u-boot legacy uImage, |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 84 | U-Boot 2014.07-rc2-00065-g2f69f8, Firmware/ARM, Firmware Image |
| 85 | (Not compressed), 395375 bytes, Sat May 31 16:19:04 2014, |
| 86 | Load Address: 0x80800000, Entry Point: 0x00000000, |
| 87 | Header CRC: 0x0ABD6ACA, Data CRC: 0x36DEF7E4 |
| 88 | |
| 89 | |
| 90 | Step 2: Build Linux |
Heinrich Schuchardt | b72160b | 2023-10-28 11:59:32 +0200 | [diff] [blame] | 91 | ------------------- |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 92 | |
| 93 | a. Find the kernel image ('Image') and device tree (.dtb) file you plan to |
| 94 | use. In our case it is am335x-boneblack.dtb and it is built with the kernel. |
| 95 | At the time of writing an SD Boot image can be obtained from here:: |
| 96 | |
| 97 | http://www.elinux.org/Beagleboard:Updating_The_Software#Image_For_Booting_From_microSD |
| 98 | |
| 99 | You can write this to an SD card and then mount it to extract the kernel and |
| 100 | device tree files. |
| 101 | |
| 102 | You can also build a kernel. Instructions for this are are here:: |
| 103 | |
| 104 | http://elinux.org/Building_BBB_Kernel |
| 105 | |
| 106 | or you can use your favourite search engine. Following these instructions |
| 107 | produces a kernel Image and device tree files. For the record the steps |
| 108 | were:: |
| 109 | |
| 110 | export KERNEL=/path/to/kernel |
| 111 | cd $KERNEL |
| 112 | git clone git://github.com/beagleboard/kernel.git . |
| 113 | git checkout v3.14 |
| 114 | ./patch.sh |
| 115 | cp configs/beaglebone kernel/arch/arm/configs/beaglebone_defconfig |
| 116 | cd kernel |
| 117 | make beaglebone_defconfig |
| 118 | make uImage dtbs # -j10 if you have 10 CPUs |
| 119 | export OKERNEL=$KERNEL/kernel/arch/arm/boot |
| 120 | |
| 121 | b. You now have the 'Image' and 'am335x-boneblack.dtb' files needed to boot. |
| 122 | |
| 123 | |
| 124 | Step 3: Create the ITS |
| 125 | ---------------------- |
| 126 | |
| 127 | Set up a directory for your work:: |
| 128 | |
| 129 | export WORK=/path/to/dir |
| 130 | cd $WORK |
| 131 | |
| 132 | Put this into a file in that directory called sign.its:: |
| 133 | |
| 134 | /dts-v1/; |
| 135 | |
| 136 | / { |
| 137 | description = "Beaglebone black"; |
| 138 | #address-cells = <1>; |
| 139 | |
| 140 | images { |
| 141 | kernel { |
| 142 | data = /incbin/("Image.lzo"); |
| 143 | type = "kernel"; |
| 144 | arch = "arm"; |
| 145 | os = "linux"; |
| 146 | compression = "lzo"; |
| 147 | load = <0x80008000>; |
| 148 | entry = <0x80008000>; |
| 149 | hash-1 { |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 150 | algo = "sha256"; |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 151 | }; |
| 152 | }; |
| 153 | fdt-1 { |
| 154 | description = "beaglebone-black"; |
| 155 | data = /incbin/("am335x-boneblack.dtb"); |
| 156 | type = "flat_dt"; |
| 157 | arch = "arm"; |
| 158 | compression = "none"; |
| 159 | hash-1 { |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 160 | algo = "sha256"; |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 161 | }; |
| 162 | }; |
| 163 | }; |
| 164 | configurations { |
| 165 | default = "conf-1"; |
| 166 | conf-1 { |
| 167 | kernel = "kernel"; |
| 168 | fdt = "fdt-1"; |
| 169 | signature-1 { |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 170 | algo = "sha256,rsa2048"; |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 171 | key-name-hint = "dev"; |
| 172 | sign-images = "fdt", "kernel"; |
| 173 | }; |
| 174 | }; |
| 175 | }; |
| 176 | }; |
| 177 | |
| 178 | |
| 179 | The explanation for this is all in the documentation you have already read. |
| 180 | But briefly it packages a kernel and device tree, and provides a single |
| 181 | configuration to be signed with a key named 'dev'. The kernel is compressed |
| 182 | with LZO to make it smaller. |
| 183 | |
| 184 | |
| 185 | Step 4: Create a key pair |
| 186 | ------------------------- |
| 187 | |
| 188 | See :doc:`signature` for details on this step:: |
| 189 | |
| 190 | cd $WORK |
| 191 | mkdir keys |
| 192 | openssl genrsa -F4 -out keys/dev.key 2048 |
| 193 | openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt |
| 194 | |
| 195 | Note: keys/dev.key contains your private key and is very secret. If anyone |
| 196 | gets access to that file they can sign kernels with it. Keep it secure. |
| 197 | |
| 198 | |
| 199 | Step 5: Sign the kernel |
| 200 | ----------------------- |
| 201 | |
| 202 | We need to use mkimage (which was built when you built U-Boot) to package the |
| 203 | Linux kernel into a FIT (Flat Image Tree, a flexible file format that U-Boot |
| 204 | can load) using the ITS file you just created. |
| 205 | |
| 206 | At the same time we must put the public key into U-Boot device tree, with the |
| 207 | 'required' property, which tells U-Boot that this key must be verified for the |
| 208 | image to be valid. You will make this key available to U-Boot for booting in |
| 209 | step 6:: |
| 210 | |
| 211 | ln -s $OKERNEL/dts/am335x-boneblack.dtb |
| 212 | ln -s $OKERNEL/Image |
| 213 | ln -s $UOUT/u-boot-dtb.img |
| 214 | cp $UOUT/arch/arm/dts/am335x-boneblack.dtb am335x-boneblack-pubkey.dtb |
| 215 | lzop Image |
| 216 | $UOUT/tools/mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit |
| 217 | |
| 218 | You should see something like this:: |
| 219 | |
| 220 | FIT description: Beaglebone black |
| 221 | Created: Sun Jun 1 12:50:30 2014 |
| 222 | Image 0 (kernel) |
| 223 | Description: unavailable |
| 224 | Created: Sun Jun 1 12:50:30 2014 |
| 225 | Type: Kernel Image |
| 226 | Compression: lzo compressed |
| 227 | Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB |
| 228 | Architecture: ARM |
| 229 | OS: Linux |
| 230 | Load Address: 0x80008000 |
| 231 | Entry Point: 0x80008000 |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 232 | Hash algo: sha256 |
| 233 | Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 234 | Image 1 (fdt-1) |
| 235 | Description: beaglebone-black |
| 236 | Created: Sun Jun 1 12:50:30 2014 |
| 237 | Type: Flat Device Tree |
| 238 | Compression: uncompressed |
| 239 | Data Size: 31547 Bytes = 30.81 kB = 0.03 MB |
| 240 | Architecture: ARM |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 241 | Hash algo: sha256 |
| 242 | Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 243 | Default Configuration: 'conf-1' |
| 244 | Configuration 0 (conf-1) |
| 245 | Description: unavailable |
| 246 | Kernel: kernel |
| 247 | FDT: fdt-1 |
| 248 | |
| 249 | |
| 250 | Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains |
| 251 | the signed kernel. Jump to step 6 if you like, or continue reading to increase |
| 252 | your understanding. |
| 253 | |
| 254 | You can also run fit_check_sign to check it:: |
| 255 | |
| 256 | $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb |
| 257 | |
| 258 | which results in:: |
| 259 | |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 260 | Verifying Hash Integrity ... sha256,rsa2048:dev+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 261 | ## Loading kernel from FIT Image at 7fc6ee469000 ... |
| 262 | Using 'conf-1' configuration |
| 263 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 264 | sha256,rsa2048:dev+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 265 | OK |
| 266 | |
| 267 | Trying 'kernel' kernel subimage |
| 268 | Description: unavailable |
| 269 | Created: Sun Jun 1 12:50:30 2014 |
| 270 | Type: Kernel Image |
| 271 | Compression: lzo compressed |
| 272 | Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB |
| 273 | Architecture: ARM |
| 274 | OS: Linux |
| 275 | Load Address: 0x80008000 |
| 276 | Entry Point: 0x80008000 |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 277 | Hash algo: sha256 |
| 278 | Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 279 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 280 | sha256+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 281 | OK |
| 282 | |
| 283 | Unimplemented compression type 4 |
| 284 | ## Loading fdt from FIT Image at 7fc6ee469000 ... |
| 285 | Using 'conf-1' configuration |
| 286 | Trying 'fdt-1' fdt subimage |
| 287 | Description: beaglebone-black |
| 288 | Created: Sun Jun 1 12:50:30 2014 |
| 289 | Type: Flat Device Tree |
| 290 | Compression: uncompressed |
| 291 | Data Size: 31547 Bytes = 30.81 kB = 0.03 MB |
| 292 | Architecture: ARM |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 293 | Hash algo: sha256 |
| 294 | Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 295 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 296 | sha256+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 297 | OK |
| 298 | |
| 299 | Loading Flat Device Tree ... OK |
| 300 | |
| 301 | ## Loading ramdisk from FIT Image at 7fc6ee469000 ... |
| 302 | Using 'conf-1' configuration |
| 303 | Could not find subimage node |
| 304 | |
| 305 | Signature check OK |
| 306 | |
| 307 | |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 308 | At the top, you see "sha256,rsa2048:dev+". This means that it checked an RSA key |
| 309 | of size 2048 bits using SHA256 as the hash algorithm. The key name checked was |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 310 | 'dev' and the '+' means that it verified. If it showed '-' that would be bad. |
| 311 | |
| 312 | Once the configuration is verified it is then possible to rely on the hashes |
| 313 | in each image referenced by that configuration. So fit_check_sign goes on to |
| 314 | load each of the images. We have a kernel and an FDT but no ramkdisk. In each |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 315 | case fit_check_sign checks the hash and prints sha256+ meaning that the SHA256 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 316 | hash verified. This means that none of the images has been tampered with. |
| 317 | |
| 318 | There is a test in test/vboot which uses U-Boot's sandbox build to verify that |
| 319 | the above flow works. |
| 320 | |
| 321 | But it is fun to do this by hand, so you can load image.fit into a hex editor |
| 322 | like ghex, and change a byte in the kernel:: |
| 323 | |
| 324 | $UOUT/tools/fit_info -f image.fit -n /images/kernel -p data |
| 325 | NAME: kernel |
| 326 | LEN: 7790938 |
| 327 | OFF: 168 |
| 328 | |
| 329 | This tells us that the kernel starts at byte offset 168 (decimal) in image.fit |
| 330 | and extends for about 7MB. Try changing a byte at 0x2000 (say) and run |
| 331 | fit_check_sign again. You should see something like:: |
| 332 | |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 333 | Verifying Hash Integrity ... sha256,rsa2048:dev+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 334 | ## Loading kernel from FIT Image at 7f5a39571000 ... |
| 335 | Using 'conf-1' configuration |
| 336 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 337 | sha256,rsa2048:dev+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 338 | OK |
| 339 | |
| 340 | Trying 'kernel' kernel subimage |
| 341 | Description: unavailable |
| 342 | Created: Sun Jun 1 13:09:21 2014 |
| 343 | Type: Kernel Image |
| 344 | Compression: lzo compressed |
| 345 | Data Size: 7790938 Bytes = 7608.34 kB = 7.43 MB |
| 346 | Architecture: ARM |
| 347 | OS: Linux |
| 348 | Load Address: 0x80008000 |
| 349 | Entry Point: 0x80008000 |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 350 | Hash algo: sha256 |
| 351 | Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 352 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 353 | sha256 error |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 354 | Bad hash value for 'hash-1' hash node in 'kernel' image node |
| 355 | Bad Data Hash |
| 356 | |
| 357 | ## Loading fdt from FIT Image at 7f5a39571000 ... |
| 358 | Using 'conf-1' configuration |
| 359 | Trying 'fdt-1' fdt subimage |
| 360 | Description: beaglebone-black |
| 361 | Created: Sun Jun 1 13:09:21 2014 |
| 362 | Type: Flat Device Tree |
| 363 | Compression: uncompressed |
| 364 | Data Size: 31547 Bytes = 30.81 kB = 0.03 MB |
| 365 | Architecture: ARM |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 366 | Hash algo: sha256 |
| 367 | Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 368 | Verifying Hash Integrity ... |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 369 | sha256+ |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 370 | OK |
| 371 | |
| 372 | Loading Flat Device Tree ... OK |
| 373 | |
| 374 | ## Loading ramdisk from FIT Image at 7f5a39571000 ... |
| 375 | Using 'conf-1' configuration |
| 376 | Could not find subimage node |
| 377 | |
| 378 | Signature check Bad (error 1) |
| 379 | |
| 380 | |
| 381 | It has detected the change in the kernel. |
| 382 | |
| 383 | You can also be sneaky and try to switch images, using the libfdt utilities |
| 384 | that come with dtc (package name is device-tree-compiler but you will need a |
| 385 | recent version like 1.4:: |
| 386 | |
| 387 | dtc -v |
| 388 | Version: DTC 1.4.0 |
| 389 | |
| 390 | First we can check which nodes are actually hashed by the configuration:: |
| 391 | |
| 392 | $ fdtget -l image.fit / |
| 393 | images |
| 394 | configurations |
| 395 | |
| 396 | $ fdtget -l image.fit /configurations |
| 397 | conf-1 |
| 398 | fdtget -l image.fit /configurations/conf-1 |
| 399 | signature-1 |
| 400 | |
| 401 | $ fdtget -p image.fit /configurations/conf-1/signature-1 |
| 402 | hashed-strings |
| 403 | hashed-nodes |
| 404 | timestamp |
| 405 | signer-version |
| 406 | signer-name |
| 407 | value |
| 408 | algo |
| 409 | key-name-hint |
| 410 | sign-images |
| 411 | |
| 412 | $ fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes |
| 413 | / /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1 |
| 414 | |
| 415 | This gives us a bit of a look into the signature that mkimage added. Note you |
| 416 | can also use fdtdump to list the entire device tree. |
| 417 | |
| 418 | Say we want to change the kernel that this configuration uses |
| 419 | (/images/kernel). We could just put a new kernel in the image, but we will |
| 420 | need to change the hash to match. Let's simulate that by changing a byte of |
| 421 | the hash:: |
| 422 | |
| 423 | fdtget -tx image.fit /images/kernel/hash-1 value |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 424 | 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c1 |
| 425 | fdtput -tx image.fit /images/kernel/hash-1 value 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c8 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 426 | |
| 427 | Now check it again:: |
| 428 | |
| 429 | $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 430 | Verifying Hash Integrity ... sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 431 | rsa_verify_with_keynode: RSA failed to verify: -13 |
| 432 | - |
| 433 | Failed to verify required signature 'key-dev' |
| 434 | Signature check Bad (error 1) |
| 435 | |
| 436 | This time we don't even get as far as checking the images, since the |
| 437 | configuration signature doesn't match. We can't change any hashes without the |
| 438 | signature check noticing. The configuration is essentially locked. U-Boot has |
| 439 | a public key for which it requires a match, and will not permit the use of any |
| 440 | configuration that does not match that public key. The only way the |
| 441 | configuration will match is if it was signed by the matching private key. |
| 442 | |
| 443 | It would also be possible to add a new signature node that does match your new |
| 444 | configuration. But that won't work since you are not allowed to change the |
| 445 | configuration in any way. Try it with a fresh (valid) image if you like by |
| 446 | running the mkimage link again. Then:: |
| 447 | |
| 448 | fdtput -p image.fit /configurations/conf-1/signature-1 value fred |
| 449 | $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb |
| 450 | Verifying Hash Integrity ... - |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 451 | sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13 |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 452 | rsa_verify_with_keynode: RSA failed to verify: -13 |
| 453 | - |
| 454 | Failed to verify required signature 'key-dev' |
| 455 | Signature check Bad (error 1) |
| 456 | |
| 457 | |
| 458 | Of course it would be possible to add an entirely new configuration and boot |
| 459 | with that, but it still needs to be signed, so it won't help. |
| 460 | |
| 461 | |
| 462 | 6. Put the public key into U-Boot's image |
| 463 | ----------------------------------------- |
| 464 | |
| 465 | Having confirmed that the signature is doing its job, let's try it out in |
| 466 | U-Boot on the board. U-Boot needs access to the public key corresponding to |
| 467 | the private key that you signed with so that it can verify any kernels that |
| 468 | you sign:: |
| 469 | |
| 470 | cd $UBOOT |
Simon Glass | d93b48d | 2024-06-27 09:29:49 +0100 | [diff] [blame] | 471 | make O=b/am335x_evm EXT_DTB=${WORK}/am335x-boneblack-pubkey.dtb |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 472 | |
| 473 | Here we are overriding the normal device tree file with our one, which |
| 474 | contains the public key. |
| 475 | |
| 476 | Now you have a special U-Boot image with the public key. It can verify can |
| 477 | kernel that you sign with the private key as in step 5. |
| 478 | |
| 479 | If you like you can take a look at the public key information that mkimage |
| 480 | added to U-Boot's device tree:: |
| 481 | |
| 482 | fdtget -p am335x-boneblack-pubkey.dtb /signature/key-dev |
| 483 | required |
| 484 | algo |
| 485 | rsa,r-squared |
| 486 | rsa,modulus |
| 487 | rsa,n0-inverse |
| 488 | rsa,num-bits |
| 489 | key-name-hint |
| 490 | |
| 491 | This has information about the key and some pre-processed values which U-Boot |
| 492 | can use to verify against it. These values are obtained from the public key |
| 493 | certificate by mkimage, but require quite a bit of code to generate. To save |
| 494 | code space in U-Boot, the information is extracted and written in raw form for |
| 495 | U-Boot to easily use. The same mechanism is used in Google's Chrome OS. |
| 496 | |
| 497 | Notice the 'required' property. This marks the key as required - U-Boot will |
| 498 | not boot any image that does not verify against this key. |
| 499 | |
| 500 | |
| 501 | 7. Put U-Boot and the kernel onto the board |
| 502 | ------------------------------------------- |
| 503 | |
| 504 | The method here varies depending on how you are booting. For this example we |
| 505 | are booting from an micro-SD card with two partitions, one for U-Boot and one |
| 506 | for Linux. Put it into your machine and write U-Boot and the kernel to it. |
| 507 | Here the card is /dev/sde:: |
| 508 | |
| 509 | cd $WORK |
| 510 | export UDEV=/dev/sde1 # Change thes two lines to the correct device |
| 511 | export KDEV=/dev/sde2 |
| 512 | sudo mount $UDEV /mnt/tmp && sudo cp $UOUT/u-boot-dtb.img /mnt/tmp/u-boot.img && sleep 1 && sudo umount $UDEV |
| 513 | sudo mount $KDEV /mnt/tmp && sudo cp $WORK/image.fit /mnt/tmp/boot/image.fit && sleep 1 && sudo umount $KDEV |
| 514 | |
| 515 | |
| 516 | 8. Try it |
| 517 | --------- |
| 518 | |
| 519 | Boot the board using the commands below:: |
| 520 | |
| 521 | setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait |
| 522 | ext2load mmc 0:2 82000000 /boot/image.fit |
| 523 | bootm 82000000 |
| 524 | |
| 525 | You should then see something like this:: |
| 526 | |
| 527 | U-Boot# setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait |
| 528 | U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit |
| 529 | 7824930 bytes read in 589 ms (12.7 MiB/s) |
| 530 | U-Boot# bootm 82000000 |
| 531 | ## Loading kernel from FIT Image at 82000000 ... |
| 532 | Using 'conf-1' configuration |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 533 | Verifying Hash Integrity ... sha256,rsa2048:dev+ OK |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 534 | Trying 'kernel' kernel subimage |
| 535 | Description: unavailable |
| 536 | Created: 2014-06-01 19:32:54 UTC |
| 537 | Type: Kernel Image |
| 538 | Compression: lzo compressed |
| 539 | Data Start: 0x820000a8 |
| 540 | Data Size: 7790938 Bytes = 7.4 MiB |
| 541 | Architecture: ARM |
| 542 | OS: Linux |
| 543 | Load Address: 0x80008000 |
| 544 | Entry Point: 0x80008000 |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 545 | Hash algo: sha256 |
| 546 | Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1 |
| 547 | Verifying Hash Integrity ... sha256+ OK |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 548 | ## Loading fdt from FIT Image at 82000000 ... |
| 549 | Using 'conf-1' configuration |
| 550 | Trying 'fdt-1' fdt subimage |
| 551 | Description: beaglebone-black |
| 552 | Created: 2014-06-01 19:32:54 UTC |
| 553 | Type: Flat Device Tree |
| 554 | Compression: uncompressed |
| 555 | Data Start: 0x8276e2ec |
| 556 | Data Size: 31547 Bytes = 30.8 KiB |
| 557 | Architecture: ARM |
Sean Anderson | 72a09cc | 2023-12-02 14:33:14 -0500 | [diff] [blame] | 558 | Hash algo: sha256 |
| 559 | Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd |
| 560 | Verifying Hash Integrity ... sha256+ OK |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 561 | Booting using the fdt blob at 0x8276e2ec |
| 562 | Uncompressing Kernel Image ... OK |
| 563 | Loading Device Tree to 8fff5000, end 8ffffb3a ... OK |
| 564 | |
| 565 | Starting kernel ... |
| 566 | |
| 567 | [ 0.582377] omap_init_mbox: hwmod doesn't have valid attrs |
| 568 | [ 2.589651] musb-hdrc musb-hdrc.0.auto: Failed to request rx1. |
| 569 | [ 2.595830] musb-hdrc musb-hdrc.0.auto: musb_init_controller failed with status -517 |
| 570 | [ 2.606470] musb-hdrc musb-hdrc.1.auto: Failed to request rx1. |
| 571 | [ 2.612723] musb-hdrc musb-hdrc.1.auto: musb_init_controller failed with status -517 |
| 572 | [ 2.940808] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) |
| 573 | [ 7.248889] libphy: PHY 4a101000.mdio:01 not found |
| 574 | [ 7.253995] net eth0: phy 4a101000.mdio:01 not found on slave 1 |
| 575 | systemd-fsck[83]: Angstrom: clean, 50607/218160 files, 306348/872448 blocks |
| 576 | |
| 577 | .---O---. |
| 578 | | | .-. o o |
| 579 | | | |-----.-----.-----.| | .----..-----.-----. |
| 580 | | | | __ | ---'| '--.| .-'| | | |
| 581 | | | | | | |--- || --'| | | ' | | | | |
| 582 | '---'---'--'--'--. |-----''----''--' '-----'-'-'-' |
| 583 | -' | |
| 584 | '---' |
| 585 | |
| 586 | The Angstrom Distribution beaglebone ttyO0 |
| 587 | |
| 588 | Angstrom v2012.12 - Kernel 3.14.1+ |
| 589 | |
| 590 | beaglebone login: |
| 591 | |
| 592 | At this point your kernel has been verified and you can be sure that it is one |
| 593 | that you signed. As an exercise, try changing image.fit as in step 5 and see |
| 594 | what happens. |
| 595 | |
| 596 | |
| 597 | Further Improvements |
| 598 | -------------------- |
| 599 | |
| 600 | Several of the steps here can be easily automated. In particular it would be |
| 601 | capital if signing and packaging a kernel were easy, perhaps a simple make |
Simon Glass | d93b48d | 2024-06-27 09:29:49 +0100 | [diff] [blame] | 602 | target in the kernel. A starting point for this is the 'make image.fit' target |
| 603 | for ARM64 in Linux from v6.9 onwards. |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 604 | |
| 605 | Some mention of how to use multiple .dtb files in a FIT might be useful. |
| 606 | |
Simon Glass | fb8b112 | 2023-06-23 13:22:06 +0100 | [diff] [blame] | 607 | Perhaps the verified boot feature could be integrated into the Amstrom |
| 608 | distribution. |
| 609 | |
| 610 | |
| 611 | .. sectionauthor:: Simon Glass <sjg@chromium.org>, 2-June-14 |