从fit镜像加载rootfs并进行签名验证

从fit镜像加载rootfs并进行签名验证

我是新来适应图像和安全启动。我使用命令创建了 fit 映像mkimage,并向其中添加了内核 dtb 和 rootfs。

目标:

  1. 需要从合适的镜像内核 rootfs 和 dtb 启动。我能够从合适的映像启动内核和 dtb。但是我没有得到任何线索如何从合适的图像加载 rootfs 并将其写入 mmcblk。
  2. 我还需要使用一些签名来验证图像,即内核 rootfs 和 dtb。这个怎么做。如果我遗漏了什么,请帮助我或指导我。

以下是我的 fitimage 配置:

/dts-v1/;

/ {
        description = "U-Boot fitImage for Aprisa NEXT/4.14.54+gitAUTOINC+7c0df4bf46/clearfog";
        #address-cells = <1>;

        images {
                kernel@1 {
                        description = "Linux kernel";
                        data = /incbin/("/home/deepak/4RF/release_11/fit_image_pro/zImage");
                        type = "kernel";
                        arch = "arm";
                        os = "linux";
                        compression = "none";
                        load = <20008000>;
                        entry = <20008000>;
                        hash@1 {
                                algo = "sha1";
                        };
                };
                [email protected] {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("/home/deepak/4RF/release_11/fit_image_pro/armada-388-clearfog-pro.dtb");
                        type = "flat_dt";
                        arch = "arm";
                        compression = "none";
                        hash@1 {
                                algo = "sha1";
                        };
                };
                ramdisk@1 {
                        description = "initramfs-main-image";
                        data = /incbin/("/home/deepak/4RF/release_11/fit_image_pro/openwrt-mvebu-cortexa9-device-armada-388-clearfog-pro-rootfs.tar.gz");
                        type = "ramdisk";
                        arch = "arm";
                        os = "linux";
                        compression = "gzip";
                        load = <00000000>;
                        entry = <00000000>;
                        hash@1 {
                                algo = "sha1";
                        };
                };
    };

        configurations {
                default = "[email protected]";
                [email protected] {
            description = "1 Linux kernel, FDT blob, ramdisk";
            kernel = "kernel@1";
            fdt = "[email protected]";
            ramdisk = "ramdisk@1";

                        hash@1 {
                                algo = "sha1";
                        };
                };
    };
};

请指导我并分享是否有任何适当的文件可用于执行上述操作。

答案1

https://events.static.linuxfound.org/sites/events/files/slides/elce-2014.pdf

我希望它对您正在寻找的东西有所帮助

相关内容