leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc: FIT image: fix incorrect description of DT node unit address

Browse Source 
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image documentation files where this was not
observed, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This commit is contained in:
Andre Przywara 2017-12-04 02:05:07 +00:00 committed by Simon Glass
parent 30d704c645
commit 838404054e
7 changed files with 196 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
doc/uImage.FIT/beaglebone_vboot.txt
View File

@ -130,7 +130,7 @@ Put this into a file in that directory called sign.its:
#address-cells = <1>;
images {
kernel@1 {
kernel {
data = /incbin/("Image.lzo");
type = "kernel";
arch = "arm";
@ -138,27 +138,27 @@ Put this into a file in that directory called sign.its:
compression = "lzo";
load = <0x80008000>;
entry = <0x80008000>;
hash@1 {
hash-1 {
algo = "sha1";
};
};
fdt@1 {
fdt-1 {
description = "beaglebone-black";
data = /incbin/("am335x-boneblack.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
hash@1 {
hash-1 {
algo = "sha1";
};
};
};
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
signature@1 {
default = "conf-1";
conf-1 {
kernel = "kernel";
fdt = "fdt-1";
signature-1 {
algo = "sha1,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
@ -211,7 +211,7 @@ You should see something like this:
FIT description: Beaglebone black
Created: Sun Jun 1 12:50:30 2014
Image 0 (kernel@1)
Image 0 (kernel)
Description: unavailable
Created: Sun Jun 1 12:50:30 2014
Type: Kernel Image
@ -223,7 +223,7 @@ Created: Sun Jun 1 12:50:30 2014
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
Image 1 (fdt@1)
Image 1 (fdt-1)
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
Type: Flat Device Tree
@ -232,11 +232,11 @@ Created: Sun Jun 1 12:50:30 2014
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: unavailable
Kernel: kernel@1
FDT: fdt@1
Kernel: kernel
FDT: fdt-1
Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
@ -251,12 +251,12 @@ which results in:
Verifying Hash Integrity ... sha1,rsa2048:dev+
## Loading kernel from FIT Image at 7fc6ee469000 ...
Using 'conf@1' configuration
Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
OK
Trying 'kernel@1' kernel subimage
Trying 'kernel' kernel subimage
Description: unavailable
Created: Sun Jun 1 12:50:30 2014
Type: Kernel Image
@ -274,8 +274,8 @@ OK
Unimplemented compression type 4
## Loading fdt from FIT Image at 7fc6ee469000 ...
Using 'conf@1' configuration
Trying 'fdt@1' fdt subimage
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
Type: Flat Device Tree
@ -291,7 +291,7 @@ OK
Loading Flat Device Tree ... OK
## Loading ramdisk from FIT Image at 7fc6ee469000 ...
Using 'conf@1' configuration
Using 'conf-1' configuration
Could not find subimage node
Signature check OK
@ -313,8 +313,8 @@ the above flow works.
But it is fun to do this by hand, so you can load image.fit into a hex editor
like ghex, and change a byte in the kernel:
$UOUT/tools/fit_info -f image.fit -n /images/kernel@1 -p data
NAME: kernel@1
$UOUT/tools/fit_info -f image.fit -n /images/kernel -p data
NAME: kernel
LEN: 7790938
OFF: 168
@ -324,12 +324,12 @@ fit_check_sign again. You should see something like:
Verifying Hash Integrity ... sha1,rsa2048:dev+
## Loading kernel from FIT Image at 7f5a39571000 ...
Using 'conf@1' configuration
Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
OK
Trying 'kernel@1' kernel subimage
Trying 'kernel' kernel subimage
Description: unavailable
Created: Sun Jun 1 13:09:21 2014
Type: Kernel Image
@ -343,12 +343,12 @@ OK
Hash value: c94364646427e10f423837e559898ef02c97b988
Verifying Hash Integrity ...
sha1 error
Bad hash value for 'hash@1' hash node in 'kernel@1' image node
Bad hash value for 'hash-1' hash node in 'kernel' image node
Bad Data Hash
## Loading fdt from FIT Image at 7f5a39571000 ...
Using 'conf@1' configuration
Trying 'fdt@1' fdt subimage
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: Sun Jun 1 13:09:21 2014
Type: Flat Device Tree
@ -364,7 +364,7 @@ OK
Loading Flat Device Tree ... OK
## Loading ramdisk from FIT Image at 7f5a39571000 ...
Using 'conf@1' configuration
Using 'conf-1' configuration
Could not find subimage node
Signature check Bad (error 1)
@ -386,11 +386,11 @@ images
configurations
fdtget -l image.fit /configurations
conf@1
fdtget -l image.fit /configurations/conf@1
signature@1
conf-1
fdtget -l image.fit /configurations/conf-1
signature-1
fdtget -p image.fit /configurations/conf@1/signature@1
fdtget -p image.fit /configurations/conf-1/signature-1
hashed-strings
hashed-nodes
timestamp
@ -401,20 +401,20 @@ algo
key-name-hint
sign-images
fdtget image.fit /configurations/conf@1/signature@1 hashed-nodes
/ /configurations/conf@1 /images/fdt@1 /images/fdt@1/hash@1 /images/kernel@1 /images/kernel@1/hash@1
fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes
/ /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1
This gives us a bit of a look into the signature that mkimage added. Note you
can also use fdtdump to list the entire device tree.
Say we want to change the kernel that this configuration uses
(/images/kernel@1). We could just put a new kernel in the image, but we will
(/images/kernel). We could just put a new kernel in the image, but we will
need to change the hash to match. Let's simulate that by changing a byte of
the hash:
fdtget -tx image.fit /images/kernel@1/hash@1 value
fdtget -tx image.fit /images/kernel/hash-1 value
c9436464 6427e10f 423837e5 59898ef0 2c97b988
fdtput -tx image.fit /images/kernel@1/hash@1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
Now check it again:
@ -437,7 +437,7 @@ configuration. But that won't work since you are not allowed to change the
configuration in any way. Try it with a fresh (valid) image if you like by
running the mkimage link again. Then:
fdtput -p image.fit /configurations/conf@1/signature@2 value fred
fdtput -p image.fit /configurations/conf-1/signature-1 value fred
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... -
sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
@ -521,9 +521,9 @@ U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit
7824930 bytes read in 589 ms (12.7 MiB/s)
U-Boot# bootm 82000000
## Loading kernel from FIT Image at 82000000 ...
Using 'conf@1' configuration
Using 'conf-1' configuration
Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
Trying 'kernel@1' kernel subimage
Trying 'kernel' kernel subimage
Description: unavailable
Created: 2014-06-01 19:32:54 UTC
Type: Kernel Image
@ -538,8 +538,8 @@ U-Boot# bootm 82000000
Hash value: c94364646427e10f423837e559898ef02c97b988
Verifying Hash Integrity ... sha1+ OK
## Loading fdt from FIT Image at 82000000 ...
Using 'conf@1' configuration
Trying 'fdt@1' fdt subimage
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
Description: beaglebone-black
Created: 2014-06-01 19:32:54 UTC
Type: Flat Device Tree

42
doc/uImage.FIT/command_syntax_extensions.txt
View File

@ -138,31 +138,31 @@ unit.
Examples:
- boot kernel "kernel@1" stored in a new uImage located at 200000:
bootm 200000:kernel@1
- boot kernel "kernel-1" stored in a new uImage located at 200000:
bootm 200000:kernel-1
- boot configuration "cfg@1" from a new uImage located at 200000:
bootm 200000#cfg@1
- boot configuration "cfg-1" from a new uImage located at 200000:
bootm 200000#cfg-1
- boot configuration "cfg@1" with extra "cfg@2" from a new uImage located
- boot configuration "cfg-1" with extra "cfg-2" from a new uImage located
at 200000:
bootm 200000#cfg@1#cfg@2
bootm 200000#cfg-1#cfg-2
- boot "kernel@1" from a new uImage at 200000 with initrd "ramdisk@2" found in
- boot "kernel-1" from a new uImage at 200000 with initrd "ramdisk-2" found in
some other new uImage stored at address 800000:
bootm 200000:kernel@1 800000:ramdisk@2
bootm 200000:kernel-1 800000:ramdisk-2
- boot "kernel@2" from a new uImage at 200000, with initrd "ramdisk@1" and FDT
"fdt@1", both stored in some other new uImage located at 800000:
bootm 200000:kernel@1 800000:ramdisk@1 800000:fdt@1
- boot "kernel-2" from a new uImage at 200000, with initrd "ramdisk-1" and FDT
"fdt-1", both stored in some other new uImage located at 800000:
bootm 200000:kernel-1 800000:ramdisk-1 800000:fdt-1
- boot kernel "kernel@2" with initrd "ramdisk@2", both stored in a new uImage
- boot kernel "kernel-2" with initrd "ramdisk-2", both stored in a new uImage
at address 200000, with a raw FDT blob stored at address 600000:
bootm 200000:kernel@2 200000:ramdisk@2 600000
bootm 200000:kernel-2 200000:ramdisk-2 600000
- boot kernel "kernel@2" from new uImage at 200000 with FDT "fdt@1" from the
- boot kernel "kernel-2" from new uImage at 200000 with FDT "fdt-1" from the
same new uImage:
bootm 200000:kernel@2 - 200000:fdt@1
bootm 200000:kernel-2 - 200000:fdt-1
Note on current image address
@ -186,16 +186,16 @@ current image address is to be used. For example, consider the following
commands:
tftp 200000 /tftpboot/uImage
bootm :kernel@1
bootm :kernel-1
Last command is equivalent to:
bootm 200000:kernel@1
bootm 200000:kernel-1
tftp 200000 /tftpboot/uImage
bootm 400000:kernel@1 :ramdisk@1
bootm 400000:kernel-1 :ramdisk-1
Last command is equivalent to:
bootm 400000:kernel@1 400000:ramdisk@1
bootm 400000:kernel-1 400000:ramdisk-1
tftp 200000 /tftpboot/uImage
bootm :kernel@1 400000:ramdisk@1 :fdt@1
bootm :kernel-1 400000:ramdisk-1 :fdt-1
Last command is equivalent to:
bootm 200000:kernel@1 400000:ramdisk@1 400000:fdt@1
bootm 200000:kernel-1 400000:ramdisk-1 400000:fdt-1

52
doc/uImage.FIT/howto.txt
View File

@ -86,7 +86,7 @@ $
$ mkimage -l kernel.itb
FIT description: Simple image with single Linux kernel
Created: Tue Mar 11 17:26:15 2008
Image 0 (kernel@1)
Image 0 (kernel)
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -99,10 +99,10 @@ Created: Tue Mar 11 17:26:15 2008
Hash value: 2ae2bb40
Hash algo: sha1
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
Default Configuration: 'config@1'
Configuration 0 (config@1)
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
Kernel: kernel@1
Kernel: kernel
The resulting image file kernel.itb can be now transferred to the target,
@ -130,7 +130,7 @@ Bytes transferred = 944464 (e6950 hex)
FIT image found
FIT description: Simple image with single Linux kernel
Created: 2008-03-11 16:26:15 UTC
Image 0 (kernel@1)
Image 0 (kernel)
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -144,15 +144,15 @@ Bytes transferred = 944464 (e6950 hex)
Hash value: 2ae2bb40
Hash algo: sha1
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
Default Configuration: 'config@1'
Configuration 0 (config@1)
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
Kernel: kernel@1
Kernel: kernel
=> bootm
## Booting kernel from FIT Image at 00900000 ...
Using 'config@1' configuration
Trying 'kernel@1' kernel subimage
Using 'config-1' configuration
Trying 'kernel' kernel subimage
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -196,7 +196,7 @@ $
$ mkimage -l kernel_fdt.itb
FIT description: Simple image with single Linux kernel and FDT blob
Created: Tue Mar 11 16:29:22 2008
Image 0 (kernel@1)
Image 0 (kernel)
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -209,7 +209,7 @@ Created: Tue Mar 11 16:29:22 2008
Hash value: 2c0cc807
Hash algo: sha1
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
Image 1 (fdt@1)
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
Compression: uncompressed
@ -219,11 +219,11 @@ Created: Tue Mar 11 16:29:22 2008
Hash value: 0d655d71
Hash algo: sha1
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
Kernel: kernel@1
FDT: fdt@1
Kernel: kernel
FDT: fdt-1
The resulting image file kernel_fdt.itb can be now transferred to the target,
@ -245,7 +245,7 @@ Bytes transferred = 1109776 (10ef10 hex)
FIT image found
FIT description: Simple image with single Linux kernel and FDT blob
Created: 2008-03-11 15:29:22 UTC
Image 0 (kernel@1)
Image 0 (kernel)
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -259,7 +259,7 @@ Bytes transferred = 1109776 (10ef10 hex)
Hash value: 2c0cc807
Hash algo: sha1
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
Image 1 (fdt@1)
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
Compression: uncompressed
@ -270,15 +270,15 @@ Bytes transferred = 1109776 (10ef10 hex)
Hash value: 0d655d71
Hash algo: sha1
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
Kernel: kernel@1
FDT: fdt@1
Kernel: kernel
FDT: fdt-1
=> bootm
## Booting kernel from FIT Image at 00900000 ...
Using 'conf@1' configuration
Trying 'kernel@1' kernel subimage
Using 'conf-1' configuration
Trying 'kernel' kernel subimage
Description: Vanilla Linux kernel
Type: Kernel Image
Compression: gzip compressed
@ -295,8 +295,8 @@ Bytes transferred = 1109776 (10ef10 hex)
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
## Flattened Device Tree from FIT Image at 00900000
Using 'conf@1' configuration
Trying 'fdt@1' FDT blob subimage
Using 'conf-1' configuration
Trying 'fdt-1' FDT blob subimage
Description: Flattened Device Tree blob
Type: Flat Device Tree
Compression: uncompressed

78
doc/uImage.FIT/overlay-fdt-boot.txt
View File

@ -24,7 +24,7 @@ Without using overlays the configuration would be as follows for every case.
/dts-v1/;
/ {
images {
kernel@1 {
kernel {
data = /incbin/("./zImage");
type = "kernel";
arch = "arm";
@ -32,32 +32,32 @@ Without using overlays the configuration would be as follows for every case.
load = <0x82000000>;
entry = <0x82000000>;
};
fdt@1 {
fdt-1 {
data = /incbin/("./foo-reva.dtb");
type = "flat_dt";
arch = "arm";
};
fdt@2 {
fdt-2 {
data = /incbin/("./foo-revb.dtb");
type = "flat_dt";
arch = "arm";
};
fdt@3 {
fdt-3 {
data = /incbin/("./foo-reva-bar.dtb");
type = "flat_dt";
arch = "arm";
};
fdt@4 {
fdt-4 {
data = /incbin/("./foo-revb-bar.dtb");
type = "flat_dt";
arch = "arm";
};
fdt@5 {
fdt-5 {
data = /incbin/("./foo-revb-baz.dtb");
type = "flat_dt";
arch = "arm";
};
fdt@6 {
fdt-6 {
data = /incbin/("./foo-revb-bar-baz.dtb");
type = "flat_dt";
arch = "arm";
@ -67,28 +67,28 @@ Without using overlays the configuration would be as follows for every case.
configurations {
default = "foo-reva.dtb;
foo-reva.dtb {
kernel = "kernel@1";
fdt = "fdt@1";
kernel = "kernel";
fdt = "fdt-1";
};
foo-revb.dtb {
kernel = "kernel@1";
fdt = "fdt@2";
kernel = "kernel";
fdt = "fdt-2";
};
foo-reva-bar.dtb {
kernel = "kernel@1";
fdt = "fdt@3";
kernel = "kernel";
fdt = "fdt-3";
};
foo-revb-bar.dtb {
kernel = "kernel@1";
fdt = "fdt@4";
kernel = "kernel";
fdt = "fdt-4";
};
foo-revb-baz.dtb {
kernel = "kernel@1";
fdt = "fdt@5";
kernel = "kernel";
fdt = "fdt-5";
};
foo-revb-bar-baz.dtb {
kernel = "kernel@1";
fdt = "fdt@6";
kernel = "kernel";
fdt = "fdt-6";
};
};
};
@ -117,7 +117,7 @@ explosion problem.
/dts-v1/;
/ {
images {
kernel@1 {
kernel {
data = /incbin/("./zImage");
type = "kernel";
arch = "arm";
@ -125,31 +125,31 @@ explosion problem.
load = <0x82000000>;
entry = <0x82000000>;
};
fdt@1 {
fdt-1 {
data = /incbin/("./foo.dtb");
type = "flat_dt";
arch = "arm";
load = <0x87f00000>;
};
fdt@2 {
fdt-2 {
data = /incbin/("./reva.dtbo");
type = "flat_dt";
arch = "arm";
load = <0x87fc0000>;
};
fdt@3 {
fdt-3 {
data = /incbin/("./revb.dtbo");
type = "flat_dt";
arch = "arm";
load = <0x87fc0000>;
};
fdt@4 {
fdt-4 {
data = /incbin/("./bar.dtbo");
type = "flat_dt";
arch = "arm";
load = <0x87fc0000>;
};
fdt@5 {
fdt-5 {
data = /incbin/("./baz.dtbo");
type = "flat_dt";
arch = "arm";
@ -160,34 +160,34 @@ explosion problem.
configurations {
default = "foo-reva.dtb;
foo-reva.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@2";
kernel = "kernel";
fdt = "fdt-1", "fdt-2";
};
foo-revb.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@3";
kernel = "kernel";
fdt = "fdt-1", "fdt-3";
};
foo-reva-bar.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@2", "fdt@4";
kernel = "kernel";
fdt = "fdt-1", "fdt-2", "fdt-4";
};
foo-revb-bar.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@3", "fdt@4";
kernel = "kernel";
fdt = "fdt-1", "fdt-3", "fdt-4";
};
foo-revb-baz.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@3", "fdt@5";
kernel = "kernel";
fdt = "fdt-1", "fdt-3", "fdt-5";
};
foo-revb-bar-baz.dtb {
kernel = "kernel@1";
fdt = "fdt@1", "fdt@3", "fdt@4", "fdt@5";
kernel = "kernel";
fdt = "fdt-1", "fdt-3", "fdt-4", "fdt-5";
};
bar {
fdt = "fdt@4";
fdt = "fdt-4";
};
baz {
fdt = "fdt@5";
fdt = "fdt-5";
};
};
};

100
doc/uImage.FIT/signature.txt
View File

@ -83,7 +83,7 @@ Device Tree Bindings
The following properties are required in the FIT's signature node(s) to
allow the signer to operate. These should be added to the .its file.
Signature nodes sit at the same level as hash nodes and are called
signature@1, signature@2, etc.
signature-1, signature-2, etc.
- algo: Algorithm name (e.g. "sha1,rsa2048")
@ -118,9 +118,9 @@ For config bindings, these properties are added by the signer:
- hashed-nodes: A list of nodes which were hashed by the signer. Each is
a string - the full path to node. A typical value might be:
hashed-nodes = "/", "/configurations/conf@1", "/images/kernel@1",
"/images/kernel@1/hash@1", "/images/fdt@1",
"/images/fdt@1/hash@1";
hashed-nodes = "/", "/configurations/conf-1", "/images/kernel",
"/images/kernel/hash-1", "/images/fdt-1",
"/images/fdt-1/hash-1";
- hashed-strings: The start and size of the string region of the FIT that
was hashed
@ -178,44 +178,44 @@ As an example, consider this FIT:
/ {
images {
kernel@1 {
kernel-1 {
data = <data for kernel1>
signature@1 {
signature-1 {
algo = "sha1,rsa2048";
value = <...kernel signature 1...>
};
};
kernel@2 {
kernel-2 {
data = <data for kernel2>
signature@1 {
signature-1 {
algo = "sha1,rsa2048";
value = <...kernel signature 2...>
};
};
fdt@1 {
fdt-1 {
data = <data for fdt1>;
signature@1 {
signature-1 {
algo = "sha1,rsa2048";
vaue = <...fdt signature 1...>
};
};
fdt@2 {
fdt-2 {
data = <data for fdt2>;
signature@1 {
signature-1 {
algo = "sha1,rsa2048";
vaue = <...fdt signature 2...>
};
};
};
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
default = "conf-1";
conf-1 {
kernel = "kernel-1";
fdt = "fdt-1";
};
conf@1 {
kernel = "kernel@2";
fdt = "fdt@2";
conf-1 {
kernel = "kernel-2";
fdt = "fdt-2";
};
};
};
@ -224,18 +224,18 @@ Since both kernels are signed it is easy for an attacker to add a new
configuration 3 with kernel 1 and fdt 2:
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
default = "conf-1";
conf-1 {
kernel = "kernel-1";
fdt = "fdt-1";
};
conf@1 {
kernel = "kernel@2";
fdt = "fdt@2";
conf-1 {
kernel = "kernel-2";
fdt = "fdt-2";
};
conf@3 {
kernel = "kernel@1";
fdt = "fdt@2";
conf-3 {
kernel = "kernel-1";
fdt = "fdt-2";
};
};
@ -250,49 +250,49 @@ So the above example is adjusted to look like this:
/ {
images {
kernel@1 {
kernel-1 {
data = <data for kernel1>
hash@1 {
hash-1 {
algo = "sha1";
value = <...kernel hash 1...>
};
};
kernel@2 {
kernel-2 {
data = <data for kernel2>
hash@1 {
hash-1 {
algo = "sha1";
value = <...kernel hash 2...>
};
};
fdt@1 {
fdt-1 {
data = <data for fdt1>;
hash@1 {
hash-1 {
algo = "sha1";
value = <...fdt hash 1...>
};
};
fdt@2 {
fdt-2 {
data = <data for fdt2>;
hash@1 {
hash-1 {
algo = "sha1";
value = <...fdt hash 2...>
};
};
};
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
signature@1 {
default = "conf-1";
conf-1 {
kernel = "kernel-1";
fdt = "fdt-1";
signature-1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
};
conf@2 {
kernel = "kernel@2";
fdt = "fdt@2";
signature@1 {
conf-2 {
kernel = "kernel-2";
fdt = "fdt-2";
signature-1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
@ -303,11 +303,11 @@ So the above example is adjusted to look like this:
You can see that we have added hashes for all images (since they are no
longer signed), and a signature to each configuration. In the above example,
mkimage will sign configurations/conf@1, the kernel and fdt that are
pointed to by the configuration (/images/kernel@1, /images/kernel@1/hash@1,
/images/fdt@1, /images/fdt@1/hash@1) and the root structure of the image
mkimage will sign configurations/conf-1, the kernel and fdt that are
pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1,
/images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image
(so that it isn't possible to add or remove root nodes). The signature is
written into /configurations/conf@1/signature@1/value. It can easily be
written into /configurations/conf-1/signature-1/value. It can easily be
verified later even if the FIT has been signed with other keys in the
meantime.

26
doc/uImage.FIT/source_file_format.txt
View File

@ -102,15 +102,15 @@ Root node of the uImage Tree should have the following layout:
|
o images
| |
| o image@1 {...}
| o image@2 {...}
| o image-1 {...}
| o image-2 {...}
| ...
|
o configurations
|- default = "conf@1"
|- default = "conf-1"
|
o conf@1 {...}
o conf@2 {...}
o conf-1 {...}
o conf-2 {...}
...
@ -142,7 +142,7 @@ Root node of the uImage Tree should have the following layout:
This node is a container node for component sub-image nodes. Each sub-node of
the '/images' node should have the following layout:
o image@1
o image-1
|- description = "component sub-image description"
|- data = /incbin/("path/to/data/file.bin")
|- type = "sub-image type name"
@ -152,8 +152,8 @@ the '/images' node should have the following layout:
|- load = <00000000>
|- entry = <00000000>
|
o hash@1 {...}
o hash@2 {...}
o hash-1 {...}
o hash-2 {...}
...
Mandatory properties:
@ -183,14 +183,14 @@ the '/images' node should have the following layout:
property of the root node. Mandatory for types: "standalone" and "kernel".
Optional nodes:
- hash@1 : Each hash sub-node represents separate hash or checksum
- hash-1 : Each hash sub-node represents separate hash or checksum
calculated for node's data according to specified algorithm.
5) Hash nodes
-------------
o hash@1
o hash-1
|- algo = "hash or checksum algorithm name"
|- value = [hash or checksum value]
@ -212,8 +212,8 @@ The 'configurations' node has has the following structure:
o configurations
|- default = "default configuration sub-node unit name"
|
o config@1 {...}
o config@2 {...}
o config-1 {...}
o config-2 {...}
...
@ -231,7 +231,7 @@ o configurations
Each configuration has the following structure:
o config@1
o config-1
|- description = "configuration description"
|- kernel = "kernel sub-node unit name"
|- ramdisk = "ramdisk sub-node unit name"

10
doc/uImage.FIT/x86-fit-boot.txt
View File

@ -197,7 +197,7 @@ You can take a look at the resulting fit file if you like:
$ dumpimage -l image.fit
FIT description: Simple image with single Linux kernel on x86
Created: Tue Oct 7 10:57:24 2014
Image 0 (kernel@1)
Image 0 (kernel)
Description: Vanilla Linux kernel
Created: Tue Oct 7 10:57:24 2014
Type: Kernel Image
@ -209,7 +209,7 @@ Created: Tue Oct 7 10:57:24 2014
Entry Point: 0x00000000
Hash algo: sha1
Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
Image 1 (setup@1)
Image 1 (setup)
Description: Linux setup.bin
Created: Tue Oct 7 10:57:24 2014
Type: x86 setup.bin
@ -217,10 +217,10 @@ Created: Tue Oct 7 10:57:24 2014
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
Hash algo: sha1
Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
Default Configuration: 'config@1'
Configuration 0 (config@1)
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
Kernel: kernel@1
Kernel: kernel
Booting the FIT