Hi Everyone, hopefully someone can help me because I’m pulling out my hair over here. I’m trying to get the Unleashed running with verified U-Boot and I’m having some success but I’m seeing some behaviors I can’t explain and it is driving me absolutely insane. Here’s what I’ve done:
I’ve changed my $(fit) target in the main freedom-u-sdk Makefile to insert signature data using mkfile (following these instructions here). So it went from this:
$(fit): $(bbl_bin) $(vmlinux_bin) $(uboot) $(initramfs) $(confdir)/uboot-fit-image.its
$(uboot_wrkdir)/tools/mkimage -f $(confdir)/uboot-fit-image.its -A riscv -O linux -T flat_dt $@
to this:
$(fit): $(bbl_bin) $(vmlinux_bin) $(uboot) $(initramfs) $(confdir)/uboot-fit-image.its
$(uboot_wrkdir)/tools/mkimage -f $(confdir)/uboot-fit-image.its -k HiFive_U-Boot/keys -A riscv -O linux -T flat_dt $@
$(uboot_wrkdir)/tools/mkimage -A riscv -O linux -T flat_dt -F -k HiFive_U-Boot/keys -K /home/devadmin/freedom-u-sdk/HiFive_U-Boot/arch/riscv/dts/hifive_u540.dtb -r $@
cat work/HiFive_U-Boot/u-boot-nodtb.bin /home/devadmin/freedom-u-sdk/HiFive_U-Boot/arch/riscv/dts/hifive_u540.dtb > work/HiFive_U-Boot/u-boot.bin
Additionally, I edited conf/uboot-fitimage.its to include a signature on the kernel section:
kernel {
description = "Linux kernel";
data = /incbin/("../work/vmlinux.bin");
type = "kernel";
arch = "riscv";
os = "linux";
load = <0x80200000>;
compression = "none";
hash-1 {
algo = "sha256";
};
signature@1{
algo = "sha256,rsa2048";
key-name-hint = "dev_key";
};
};
I also added some necessary flags to HiFive_U-Boot/configs/HiFive-U540_regression_defconfig:
CONFIG_FIT=y
CONFIG_FIT_ENABLE_SHA256_SUPPORT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_FIT_VERBOSE=y
CONFIG_RSA=y
CONFIG_ENABLE_VBOOT=y
So these things seems to work fine. I can see the signature being appended and everything looks okay, but this is where I start getting confused. The U-Boot README says to replace the format-boot-loader target in the main Makefile with the following:
.PHONY: format-boot-loader
format-boot-loader: $(bin)
@test -b $(DISK) || (echo "$(DISK): is not a block device"; exit 1)
sgdisk --clear \
--new=1:2048:4095 --change-name=1:uboot --typecode=1:$(FSBL) \
--new=2:4096:69631 --change-name=2:bootloader --typecode=2:$(BBL) \
--new=3:264192: --change-name=3:root --typecode=3:$(LINUX) \
$(DISK)
@sleep 1
ifeq ($(DISK)p1,$(wildcard $(DISK)p1))
@$(eval PART1 := $(DISK)p1)
@$(eval PART2 := $(DISK)p2)
@$(eval PART3 := $(DISK)p3)
else ifeq ($(DISK)s1,$(wildcard $(DISK)s1))
@$(eval PART1 := $(DISK)s1)
@$(eval PART2 := $(DISK)s2)
@$(eval PART3 := $(DISK)s3)
else ifeq ($(DISK)1,$(wildcard $(DISK)1))
@$(eval PART1 := $(DISK)1)
@$(eval PART2 := $(DISK)2)
@$(eval PART3 := $(DISK)3)
else
@echo Error: Could not find bootloader partition for $(DISK)
@exit 1
endif
dd if=/{Path_To}/freedom-u-sdk/work/u-boot.bin of=$(PART1) bs=4096
dd if=/{Path_To}/freedom-u-sdk/work/bbl.bin of=$(PART2) bs=4096
mke2fs -t ext3 $(PART3)
So when I build the target and then call “make format-boot-loader” it seems to load everything okay:
devadmin@xubuntu1604:~/freedom-u-sdk$ sudo make DISK=/dev/sdb format-boot-loader KBUILD_VERBOSE=1
sgdisk --clear \
--new=1:2048:4095 --change-name=1:uboot --typecode=1:5B193300-FC78-40CD-8002-E86C45580B47 \
--new=2:4096:69631 --change-name=2:bootloader --typecode=2:2E54B353-1271-4842-806F-E436D6AF6985 \
--new=3:264192: --change-name=3:root --typecode=3:0FC63DAF-8483-4772-8E79-3D69D8477DE4 \
/dev/sdb
Setting name!
partNum is 0
REALLY setting name!
Setting name!
partNum is 1
REALLY setting name!
Setting name!
partNum is 2
REALLY setting name!
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
/sbin/partprobe
dd if=/home/devadmin/freedom-u-sdk/work/HiFive_U-Boot/u-boot.bin of=/dev/sdb1 bs=4096
120+1 records in
120+1 records out
493181 bytes (493 kB, 482 KiB) copied, 0.0294419 s, 16.8 MB/s
dd if=/home/devadmin/freedom-u-sdk/work/bbl.bin of=/dev/sdb2 bs=4096
18+1 records in
18+1 records out
74266 bytes (74 kB, 73 KiB) copied, 0.059587 s, 1.2 MB/s
mke2fs -t ext3 /dev/sdb3
mke2fs 1.42.13 (17-May-2015)
/dev/sdb3 contains a ext2 file system
last mounted on Fri Apr 5 09:56:46 2019
Proceed anyway? (y,n) y
Filesystem too small for a journal
Discarding device blocks: done
Creating filesystem with 480 1k blocks and 64 inodes
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
My problem at this point is that when I boot from the SD card (skipping the boot process that is in there currently) the hash verification of the ramdisk fails:
U-Boot 2018.09-gca05d26-dirty (Apr 05 2019 - 11:36:09 -0400)
DRAM: 2 GiB
MMC:
In: serial
Out: serial
Err: serial
Net: gmac0
Hit any key to stop autoboot: 0
MMC_SPI: 0 at 0:1 hz 20000000 mode 0
Partition Map for MMC device 0 -- Partition Type: EFI
Part Start LBA End LBA Name
Attributes
Type GUID
Partition GUID
1 0x00000800 0x00000fff "uboot"
attrs: 0x0000000000000000
type: 5b193300-fc78-40cd-8002-e86c45580b47
guid: 054cd6e2-1e7f-47a2-a3db-66036d3bf1be
2 0x00001000 0x00010fff "bootloader"
attrs: 0x0000000000000000
type: 2e54b353-1271-4842-806f-e436d6af6985
guid: 7e216960-57bb-483a-985c-503e91c3a41b
3 0x00040800 0x00ecdfde "root"
attrs: 0x0000000000000000
type: 0fc63daf-8483-4772-8e79-3d69d8477de4
type: linux
guid: f6fb1dd2-e3c4-4eeb-9e85-7448f87b0091
** Unrecognized filesystem type **
## Info: input data size = 787 = 0x313
running boot2...
## Error: "boot2" not defined
HiFive-Unleashed # iminfo
## Checking Image at a0000000 ...
FIT description: U-boot FIT image for HiFive Unleashed
Image 0 (bbl)
Description: BBL/SBI/riscv-pk
Type: Kernel Image
Compression: uncompressed
Data Start: 0xa00000d4
Data Size: 74266 Bytes = 72.5 KiB
Architecture: RISC-V
OS: Linux
Load Address: 0x80000000
Entry Point: 0x80000000
Hash algo: sha256
Hash value: 8a13913e602e33fc48b51c87a792f719fcdd939b6d3221823af7a245a2a
0b854
Image 1 (kernel)
Description: Linux kernel
Type: Kernel Image
Compression: uncompressed
Data Start: 0xa00123e8
Data Size: 10781356 Bytes = 10.3 MiB
Architecture: RISC-V
OS: Linux
Load Address: 0x80200000
Entry Point: unavailable
Hash algo: sha256
Hash value: eee5427def0c852f6c3ea0ff9eeeda46255f92db0fc3f3bc3b3ea3037c9
3994f
Sign algo: sha256,rsa2048:dev_key
Sign value: 308bf1c535bd50a3c473af2e2175202cbd5e473051790f1c51f611ad635
8cd99157c7c16591e0071882ee42b9cfe4f2b5eec73d747ebbdbf33ddb4650099fca6923ba7715
feb772982599de8eef3c57b8d8f25cbaff7ff62cc0bf986abf22a6c6d770e9dc07300a4561c4e5
08d0e6feaed5b39d800417fd2c6f0d7ca4f1021d20781465c6f1ddbce447d1a6dc440944c5c4f3
c1a7d9eda1ee654f7e066d4949000b3661c79c9bfead6656f0a17771f8b0f488e10b896897debd
8d755ee9991926a83ba8d00e9da38c3ae192063ac479687ecfb112d3dd4b04759e5a3bef20d3bb
90be8fc2b36ee31fc224b11ada9cd146f113194a4069d65c183824faba05f10
Image 2 (ramdisk)
Description: buildroot initramfs
Type: RAMDisk Image
Compression: gzip compressed
Data Start: 0xa0a5a918
Data Size: 4467438 Bytes = 4.3 MiB
Architecture: RISC-V
OS: Linux
Load Address: 0x82000000
Entry Point: unavailable
Hash algo: sha256
Hash value: 6a4e77f29bc9566b97f63b8bfe3e7e810969215b323daee7cc057e8f282
4869c
Image 3 (fdt)
Description: unavailable
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0xa0e9d4d0
Data Size: 15765 Bytes = 15.4 KiB
Architecture: RISC-V
Load Address: 0x81f00000
Hash algo: sha256
Hash value: 90317bc02979b1681313c8df7f992801eeecc0600ae9e6d4e0f37ab5d1c
6bbbb
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: HiFive Unleashed with BBL
Kernel: bbl
FDT: fdt
Loadables: kernel
ramdisk
## Checking hash(es) for FIT Image at a0000000 ...
value:
779e0d0460b8ee835dcd2585870f1ebf59110469b0eed9adf90d1dc42ed80f3f
fit_value:
6a4e77f29bc9566b97f63b8bfe3e7e810969215b323daee7cc057e8f2824869c error!
Bad hash value for 'hash-1' hash node in 'ramdisk' image node
Bad hash in FIT image!
HiFive-Unleashed #
So you’ll see above a couple things. First, the “** Unrecognized filesystem type **” which I believe is okay because the boot instructions are left over from the default file system structure?
Second, obviously the hash computed at boot time doesn’t match the hash value computed when the image was made. Even doing a hash of the initramfs.cpio.gz file that is loaded into this section on my local machine yields the one in the image:
devadmin@xubuntu1604:~/freedom-u-sdk$ sha256sum work/initramfs.cpio.gz
6a4e77f29bc9566b97f63b8bfe3e7e810969215b323daee7cc057e8f2824869c work/initramfs.cpio.gz
So I have no idea why its being computed incorrectly later on. I’m thinking its probably not a coincidence that the first hash being computed after the section with the signature appended to it is the first one that fails?
Finally - continuing on with the UBoot instructions, I try and boot the kernel following this advice from the UBoot README:
### Boot Linux from SD card
Enter below commands on serial terminal
# mmc_spi 1 20000000 0
# mmc read 0x80000000 0x1000 0x10000
# go 0x80000000
Which, um… kinda works?
HiFive-Unleashed # mmc_spi 1 20000000 0
MMC_SPI: 1 at 0:1 hz 20000000 mode 0
HiFive-Unleashed # mmc read 0x80000000 0x1000 0x10000
MMC read: dev # 0, block # 4096, count 65536 ... 65536 blocks read: OK
HiFive-Unleashed # go 0x80000000
## Starting application at 0x80000000 ...
bbl loader
SIFIVE, INC.
5555555555555555555555555
5555 5555
5555 5555
5555 5555
5555 5555555555555555555555
5555 555555555555555555555555
5555 5555
5555 5555
5555 5555
5555555555555555555555555555 55555
55555 555555555 55555
55555 55555 55555
55555 5 55555
55555 55555
55555 55555
55555 55555
55555 55555
55555 55555
555555555
55555
5
SiFive RISC-V Core IP
TTThhhTihiisi sssi si siib ssbblb 'lbbs' sbbd lludmu''mmssym_y p_ddapyauul
ymmolaommdayy.d .__ ppT oTaa oyybo ollbooota doaa.td r . eT aaol bkToroeo
eta r la nboke oetrrl ne,ae l ar,rle ar elekc ckooeennrrfninfegeilu,rgl eu,r e
b rcbreoln
efwbciigtobuhnlr et
f hwibeb gilfut
lwahrig et h- t -bhtwhiebet l hf-
flpwlaagyai lgt-o-ah wd -i=Ptt-AhhwT-Hpie,at ytlfhhol-eandpa =Pgraey Abl-Tuoi
aH-ld,wd= iPbttAbhleTh.nH- Arp,lea tbeutyrihlnladoet anibvb delr=P.A leTAybH
l,tu, ei
trhnbleabdnt i lrvb eeblcbuyali,l
.ndb bblbAb ellc.at neuA lbsrteene
ruadnst aetdiii nvviene l lfyf,iiy
rr,bmbw
mlawbr ecbaral-en- o obncnel alyuny
sme odmbd eieo n db yfeu i sardmebdwdyian rgiae nd -defodviirincmnlew-argtye
r emd-eoeo dnenvo lidbeycys e
afdm-odotri nrdageen d eeeb xvtinyeco ren-adat
delr esdpe
ia ynnflogoodaer d s daena
v nfiecxodetr -etru rnsaeaelne npoaQedy
ExelsotM
aeUfd r'oansrnadl a-upsabneyi lQoeoEaxsMdUt 'eaasr nnn-addbli o
p-usa yskaleenodar d Q-nkeEaelMnr nodUep 'lt isuoo spntse-i. bo
n
iQs oE.
Ms
U
c ha' ons sce dhn- o s{-be
kin oe{ sr
n ea lnr di s co vpr-ikt,sei
kcrvneo,ernkle snro.enpetl
li-
-osn sts ta.r
a t
r = ct h < pc=oah syolse<oenpa
nd a _{y{s
t
la or t a > d ;
_ rs ti s a rcr tvi >r;s,i
cks c evv r,, k
kne eer n lrer-nli-sesecltnvd,a- rk=stt ea=<rr t<np pea=a yyl<ll-poaaeoydnal
_osddat_ eanrd=dt_ >>;;<s
pt aa ry } lt; o>
aP ;ordwi_see
rnc dv>o, fk;fe
r
n
So obviously something is wrong there, but is it related to the hashing problem? Please help!