# You can add -j10 if you have 10 CPUs to make it faster Configure and build U-Boot with verified boot enabled: Or if you just installed gcc-arm-linux-gnueabi then it might beī. Installed a Linaro version manually it might be something like:Įxport CROSS_COMPILE=/opt/linaro/gcc-linaro-arm-linux-gnueabihf-4.8-2013.08_linux/bin/arm-linux-gnueabihf. This for U-Boot and also for the kernel if you build it. Set up the environment variable to point to your toolchain. Put U-Boot and the kernel onto the boardĪ. Kernel to be packaged, compressed and signed.Ħ. Create a Image Tree Source file (ITS) file describing how you want the Build U-Boot for the board, with the verified boot options enabled.ģ. U-Boot supports the latter with its flexible FITġ. On the other hand the kernel's device tree typicallyĬhanges when the kernel changes, so it is useful to package an updated device Simply generate a new key and put his public key into U-Boot so thatĮverything verifies. Public keys can be changed and verified boot is useless. Since U-Boot's device tree must be immutable.
In particular this is important with verified boot,
U-Boot has its device tree packaged wtih it, and the kernel's device tree is They may use the same device tree source, but it is seldom usefulįor them to use the exact same binary from the same place.
U boot for beaglebone black how to#
However, it might be useful to also have an example on a real board.īeaglebone Black is a fairly common board so seems to be a reasonable choiceįor an example of how to enable verified boot using U-Boot.įirst a note that may to help avoid confusion. There is also a test which runs through theĮntire process of signing an image and running U-Boot (sandbox) to check it. There is quite a bit of documentation in this directory describing how Instructions are for mainline U-Boot from v2014.07 onwards. Before reading this, please read verified-boot.txt and signature.txt.
0 kommentar(er)
