From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7155796682318282752 X-Received: by 2002:a17:907:2d0f:b0:78e:9ca5:62af with SMTP id gs15-20020a1709072d0f00b0078e9ca562afmr1784301ejc.334.1666088820577; Tue, 18 Oct 2022 03:27:00 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:35c1:b0:45d:64be:d1a with SMTP id z1-20020a05640235c100b0045d64be0d1als1654172edc.1.-pod-prod-gmail; Tue, 18 Oct 2022 03:26:59 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5a4KCUvFnA0XaUGUMlekRh7cXVrkOyLL8ZbR8TUetsX6qXZX3Eod7e++qo2SbfAHZ1SlwN X-Received: by 2002:a05:6402:2913:b0:45c:a7d6:c1ef with SMTP id ee19-20020a056402291300b0045ca7d6c1efmr1879245edb.276.1666088819572; Tue, 18 Oct 2022 03:26:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1666088819; cv=pass; d=google.com; s=arc-20160816; b=acaEvF1OSpC0pOLB+xBSYT95Zq+EkMnrpEflUPxhtDKlhlji2+EC0tepbIANHs1fO1 anUyjAWyISqYWzpQQ11UnZELvtEQ016AgDd/4BxI2FpIF6Li95p4hFnMQ5BWbeknnNa9 yU4xFBPLiOTdpClDOhrWUzn/lZa8XkAh9+BAKL/TsY7u63AguhTdNiac9d/o1RAqbSfZ DYtMffb2rfnsKUHHd1dLvSdp5zB15ndzDpahyEuURuFk0E5JfO9ClOhHaTxcrgac8SIZ 8rnjw6Ai3KxOjk0wEevc2fLa2PdJcG5n3iMwGKyc5vpsXUVULkmxZIG1DLl+8ff85OH+ YHgA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=JHtoMUW8XMUE+GS6OcgZzxAkDkRLOn2Fkr4PtP4AnNo=; b=KdJJQLiBQVDvQYHNUEahVS9WXZ4Ja/Yckx0LSR5OyHZFmqli0sSWMJJUXgr9RmnnBQ UXgroihKjAOlCQn7uOVk1D4hIUHjgAH50/WMM0Z81CdeY+YE6TsSSd6jeYEz1cetfz6e 1lDn19mMjLNE5ds/7LiuLwUY0cfnKtjN6IZTm2Z2RZv1YwIsOjD1HGiHJ1HXEFFbDtpT Ky673T8yVxk05SZ1YQcf0BDiPT9vkJnyPxHWwOjBb28AugCcjeRctO/YnF3lM1EFw6Ha AenWx4CUgCj6fCLNFKSmgiiewl9IHK3kk2+KUrKp78O0teN99K7r7RIRMETI0ibux3u1 /t/A== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zhOLdAla; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of sven.schultschik@siemens.com designates 40.107.8.48 as permitted sender) smtp.mailfrom=sven.schultschik@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80048.outbound.protection.outlook.com. [40.107.8.48]) by gmr-mx.google.com with ESMTPS id p4-20020a05640210c400b0045757c7cb91si515280edu.4.2022.10.18.03.26.59 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Oct 2022 03:26:59 -0700 (PDT) Received-SPF: pass (google.com: domain of sven.schultschik@siemens.com designates 40.107.8.48 as permitted sender) client-ip=40.107.8.48; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zhOLdAla; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of sven.schultschik@siemens.com designates 40.107.8.48 as permitted sender) smtp.mailfrom=sven.schultschik@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QlDpnrusw4weNajweq55YMaGiJ1ZCDB+y0hM77i0PVURarEuuKHFjXI6CrU0xhs+47nPfKqCQQcLfsr6dcOeh6MajjuzNwyEjjdWBTH99Uu36USbihrnN1WelUvB+xHmI/kE/swAkgT1cUirOLu0WHF4elETfSVhTy0j2Vxy6Y9z+01wHvY6cyNrmunxA5hl6km4Djhvvd+T6tzxpouMG11KAQfaMvEOV4q0ov2CvMyAm3nq1/Wuq8PZlHAXWenTmgWkAySRp4E+yQUQn63AbNFOihdlXJh+dRtgZGauXS/YwteVziebLvK8Eh0DHGYy1ou25duTBjKhbmXMIumbBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JHtoMUW8XMUE+GS6OcgZzxAkDkRLOn2Fkr4PtP4AnNo=; b=KaexvdxoxRCfwbtpy/SiTHTNYZNzbv6dx9SKPzrnk0XtqpS0xqbUgMO+TwjGnecVHY4B4eHma7Bjj0WXxJFKoO5epl32xFkkTGNpXh6R8NnGLzjyeYFfLd1PcZNtIHaW2f8lwnADu6clD/hdeb18uc4r4DTqQwjPhaJljQoR01UpPjqn2hSHioKNrif+odjwVpeFhgl5h0fKg7NGC2vUpvTL9NA9eeLzGJpA4qHpB47ctPiC1zaCxVSHPGIX9ZqU++sbTPlGd2WbvWrCO/vsRulP7gUHo7bl4AfsM7+PYh9QNJD6LSmCy1bcoUkTJ8G188Hg9uyNQxIBouTQiMTdnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JHtoMUW8XMUE+GS6OcgZzxAkDkRLOn2Fkr4PtP4AnNo=; b=zhOLdAlaDwATiyLqpS8ujaFIWbo6BmI/G1SP18MkNVoAX6pN/2DtdoJJ4BJmBiBbGk9iYse27kNlCvx4S/rr2hnewKrl3oHNA4X02pFiGFeCt3PCpPrB6CBAeMY79jJqsSM0zZa+IsKsgkJGMXFcGJ7fuBJHKHFQDKKpPFrl3i4XT/3cj2pfayf5jjDNp4KxHerQlgQxbYuXRARkn7uhT7rEZBVcP0mkLfY2crrEJjwnaWNIg6UKcnannjjsUiZVLtpW4S6rc5iVQ0EbW+mbqs+9RFmnqJdFez33WsMvmZYslmWo7+gAkUDeWiDFLpxPafPMGXlfIraiLHIGS8bibw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by PRAPR10MB5373.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:292::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30; Tue, 18 Oct 2022 10:26:58 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%7]) with mapi id 15.20.5723.033; Tue, 18 Oct 2022 10:26:58 +0000 From: sven.schultschik@siemens.com To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, Sven Schultschik Subject: [PATCH 7/7] test patch Date: Tue, 18 Oct 2022 12:25:33 +0200 Message-Id: <20221018102533.10390-7-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221018102533.10390-1-sven.schultschik@siemens.com> References: <20221018102533.10390-1-sven.schultschik@siemens.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: AS9PR05CA0056.eurprd05.prod.outlook.com (2603:10a6:20b:489::19) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) Return-Path: sven.schultschik@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|PRAPR10MB5373:EE_ X-MS-Office365-Filtering-Correlation-Id: c490af41-fbb4-44f8-1bbd-08dab0f34888 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: F3/kUAtzMxPgViAVnbBLwgY8TZwiY9c4HsHOP/PZ5HNeGE3TXvf4iUzK4rZ99bHCSec0/gTMH6uaEKZWcNzoiBOpe11bati+LWp+reVPPhDJSLIN8+55YXaenWPJIRx/nk4c/iAi7qvGsF9XN8Y7IvWjJ551cDYrdhvVXlGgQVrNSFp8DWCuElUw12RbZP9vQPBtGcX834UIaDNsexXpaUXuPO1fb+yFfz1+Ma7foo4bMDWQePVSfYarcNnFEXQq/7f0DbNFYeBYOhcSRCgraxA3XKkcvNtNlw6yhJje0aA+HF/kdz/2reOBQRRXVdDUIjSo/xEoFjbSJOb276ENg/YEkBP8DjKc3eSXaHI5G0eWIW5lNWUr+gacxqlXzJMRaO4ruxAYaB3HM7y4jKL2Fu8/jy2az1fSa7yrFQiBg5FIs/QplWJkd3FKsa+254ApUIsqmpCtf6zUVsGUZ8ahTmGU/NZv0AZg/KLjhxuR+8cEGB03PhEsvgZtqm9OaQCMFEC6JdA/QMTrpzbrqJ0bDFXfHWJMjbRhJ5JsYrm4mB1r3mipjEcf4t5V0eu60qd+fioZlGrLZ+Nnm+zycDCi6oPbkLVqOpewKkYbcURnfyT/S2NX2bMs5BJDjzamW5YEzn8pYFfJpVuV7L8iF8x7tX5qZLv+Nvc5UAn7UnyVYS5BgyE4eTv5PNN73YYItT/7kV2jiyjVJqamv/hsE9JG5Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(136003)(396003)(39860400002)(451199015)(41300700001)(107886003)(9686003)(186003)(6666004)(6512007)(478600001)(1076003)(26005)(2616005)(2906002)(36756003)(6506007)(4326008)(5660300002)(8936002)(86362001)(38100700002)(316002)(6916009)(6486002)(8676002)(66946007)(83380400001)(66556008)(66476007)(82960400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?QO56jFy4zKE4GXA8z7B3XHE4T0dY1cYRYsHPjtb+qSHzQW3kJQf5khItD+uw?= =?us-ascii?Q?VB3lvlKG91toGQc4ljCaa4wYadyRroK4sPPcWR4xl4f8GDWQfDTkDYCW0vNG?= =?us-ascii?Q?rIzuA6MqL69auFMdgL6J/zIC3obDDc+prusYfZZ/uUTrkE6x2LTSyTXvGa12?= =?us-ascii?Q?F7vQqKcnCEVQ6vqyzvUwm+CPuP7CvrKiaprE1q5IwL9ncX3bUTE6P0J1JCNn?= =?us-ascii?Q?cmNuReIIeTJEIs+/moqBMWbZ4x2Igg01lIOM/g+BCQBrJBWjOHtskV7rccHm?= =?us-ascii?Q?dD8HdEGsp3lhcBVSkFhpwg2LrZnoeRk0ksHseh8QnexJVgt3MO6W8WfLsd/f?= =?us-ascii?Q?KCIu+xtHYde4thS+2QJjCjfKBjKZmysK3DuVT++8iuA6cYpprH5kqG801c1Q?= =?us-ascii?Q?NEnGjNO9aKm8uwW7yySvlUsB2C7Z2LIxpysQajnL43iOFwOgcY26ivw40Jpg?= =?us-ascii?Q?EBk/gLvwsaSPOqeiJ+BShI1qSZm9N/UcShCT7kqsVro65n+Iv3NLIIQgwxTJ?= =?us-ascii?Q?Fw3PRSX2shUp8RAFblyG1IR20BOmhEYcl5K52PZGdISe0NSTgt+VJTcQaalt?= =?us-ascii?Q?jnYzh03ron9RtRjOiTDZdcVJJz0wm2FbsjmJWDj4Wfx+p9Gxg2GASgD4hf2S?= =?us-ascii?Q?bMefXxl4FE0++TGJLlvt1JuKELqUWOsmaVuSwH0VLer66rocG7qOjo2pmLhL?= =?us-ascii?Q?VCO2uDO3P8tiZDok1S0I2CfR2Fk/vk/JIFkMmRkJpypQ5DBXl04k0yl00L/4?= =?us-ascii?Q?qFTNVcsOIMZ5qMcqZQJVKWxnN7u9pdMG1CSu3KwIGKkJxHteDYxVoW+Tt2ct?= =?us-ascii?Q?VOC0hzosmTfvK9xLs26sZeyW0puPKdjuc3Mq5TxrKhgsv7DBY0xJR+yFw+UE?= =?us-ascii?Q?XFt3AYbcPDbqpXyZ1imwprB7AWskYyDLaseXc9RVbMzrBWFc4+M5W2ByArtS?= =?us-ascii?Q?Xk4yrfXsvveeusIi2Ct1CT0fMGaTQEr7F0M3Qj+p08MVr2oE8miChFROrM6T?= =?us-ascii?Q?KskMwrLsFRHrq61Jd4nswDBt6QM3XXoIF4o83Yemeb8pAwlgozeg1q+GpnTG?= =?us-ascii?Q?X5p5dMvi2zqYgOVLnTaLXTXOesiirXr7Hotoa07K0rHR/ZK1DkRo416V1dPE?= =?us-ascii?Q?fWpBYo3Yn69hp6GLRNSIx40qwBCPrzyRahzZtJG+66oiKP5tqO+fpHvPIuHo?= =?us-ascii?Q?8z2r6RugK0F0lN9bsn2C0MAxTcuCt0t8YqvSZXpKLOTFJ9hAj+9MIDmLv3Fx?= =?us-ascii?Q?tHS/26rV02y086WNmOSsz5A5ymjCrhDNKu0bSrHk2DLOqmgKK4p/Un4Yb2IU?= =?us-ascii?Q?AH+pIuWpLp2sMbpd0tAShMdvQFuU98X4pwpVwi9mLHgKzGSEdm68/xJ3IOUG?= =?us-ascii?Q?Hu+UXFrwe1FQ8kEeWBU37LObnJyo0wCTGSvZJKGWABOJy5o20ZCwE7hd4QaT?= =?us-ascii?Q?rhbIgOmMY03xjyp2rqmO9M6XCKxXs9ADpccE5DAUUr4Z3cO7yDXGWclBKeoQ?= =?us-ascii?Q?ufkOEVzOgdaEDlrlZ1/btE9hfvN3doBDOreN6l5leXNBdpiX0K4Rm/kLCvPZ?= =?us-ascii?Q?zoC/31+zRx+m2UQUP6J7qLU6+7DzuRvGmH0QSKlkQeewPq8n96PDS0s/vyxI?= =?us-ascii?Q?Bg=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: c490af41-fbb4-44f8-1bbd-08dab0f34888 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Oct 2022 10:26:57.3641 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7PHF83iwH1X+uVTqCinm9ULHLdSFsd0In00gbaCUcuhvq8mEw/pEUa/hrVvWRKL6cGxNHcf7qeXVOEsPIEBIHI8AUrPlL4ireJ7jsVISVyc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAPR10MB5373 X-TUID: 2REJaSEl2MuN From: Sven Schultschik --- README.md | 65 ++++++++++++++++++ keys/helloworld.efi | Bin 0 -> 4576 bytes recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 2 +- start-qemu.sh | 3 +- 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 keys/helloworld.efi diff --git a/README.md b/README.md index e30ff3a6..36f9ebe2 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,71 @@ or via bmap-tools bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/ +## Running Secure Boot Target Images and test it +Create a folder named `keys` if not exist and within this folder create the signing keys and db + +```bash +#PK +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc PK.crt PK.esl +sign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth + +# KEK +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc KEK.crt KEK.esl +sign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth + +# db +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_db/ -keyout db.key -out db.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc db.crt db.esl +sign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth +``` + +Put an bootable `.efi` file in it or use the `helloworld.efi` provided and sign it. + +``` +sbsign --key db.key --cert db.crt helloworld.efi +``` + +The `start-qemu.sh` has additional `-hdb fat:rw:keys` added with this patch to mount the `keys` folder. + +Start the qemu with following command + +``` +FIRMWARE_BIN=./build/tmp/deploy/images/qemu-arm64/flash.bin ./start-qemu.sh aarch64 +``` + +In this test patch there is as well the possibility added to stop in the u-boot. So if you see a 5 sec timer ticking press Enter to stop. + +Now add the keys to the environment my typing + +``` +fatload virtio 1:1 ${fileaddr} PK.auth +setenv -e -nv -bs -rt -at -i ${fileaddr}:$filesize PK +fatload virtio 1:1 ${fileaddr} KEK.auth +setenv -e -nv -bs -rt -at -i ${fileaddr}:$filesize KEK +fatload virtio 1:1 ${fileaddr} db.auth +setenv -e -nv -bs -rt -at -i ${fileaddr}:$filesize db +``` +> The address ${fileaddr}=40000000 depends on your DRAM setup. You can check with `bdinfo` + +> $filesize is set by fatload + +### Boot signed efi binary + +``` +fatload virtio 1:1 ${fileaddr} helloworld.efi.signed + +bootefi ${fileaddr} ${fdtcontroladdr} +``` + +### Try same binary but unsigned +This should fail with `Image not authenticated. Loading image failed` +``` +fatload virtio 1:1 ${fileaddr} helloworld.efi + +bootefi ${fileaddr} ${fdtcontroladdr} +``` ## Community Resources diff --git a/keys/helloworld.efi b/keys/helloworld.efi new file mode 100644 index 0000000000000000000000000000000000000000..c021d94ae576271f1f472bd2e5f380ed1830a2ff GIT binary patch literal 4576 zcmeHKYfKbZ6h1SvJSx^Kg7`w6;o+lE>w`Af8X2%q+e(Xoefa|rRv{uFPz#|cL$D1A ziD9CqO=~TtHE}mhYK@xOmxv~9Qr2V(h{ve?bDWy6pZoe~omt7WOnH$u^Tzj^^cyFwXVwQ(!0ZSa%QcpcQw=l#<{TmfDMgQDbG9F^o4s=A=4Wr zxr;}9PCz>}eVMsHqJzamr@c{`?q`V(jy824?^23-8E<1c5>1X9E|A=Di1||?Pq8Q4 zk{!CGQ%0|`MnBsnQCiDF-D;8OROlS{nPa#h)2$6GGMSs>t|_vIFCMWYaby`1oi+ql92q^D?#J``UM0@M{3CI?HQIE+)}9P5nT&i5S1~Zd z(5woMwUW`pn&Rl%A6i?G=Qpg)YxIHdP}T}tkDZ@bm-Pp7?u^teDMhz@VcGaAX`UmRLr_A#N zYBCldQm4bn(}+Q>(sauwOM@32RA@x$)?V=Tw@T*uZZeh4T*q0Sz&>?G(%W_{Y-H4h#hMH!(N1MK~&xE#=w)89X0M{oO z_4)++;`^N%yI~U)qo+@qw%w`JMrAxda(#{JMq^pO8t%njyhYnkt{anZWP zag476zDwY3{i-&m-$0DiN@jS>j_{bv!ImPl{NY4lM5RvAPbV*z+FDw=gI6F&X=CJ}bz_Sl-(M;I(r(o@yQe z-tG@9Hu((nwdT0vp^NV?8ukVGpZA{|#(1N0+~m})X#%$&9GZ$ca1OW}xKfRx8^@q8 zlN668(`kaQODXC-r_vDa+ro1x!Y0yC2~lAZ@%=5gYdV=j;7h@H6gC<57HkpGP}v;) zCVr0!@w;~NSNJkgW-82seL~J$BKCu+ja*Pq2-Mt+Fxoz?a(Cz2u@=FsWd5(Oxi?!m3~| zfwvsJdf@omMGg3#jA;iLTq3F(=t|&sW4s&vT51$Ao8YO$r<#^y{$+cv602%rKA&E) z)m7koClH*ON?R$La_9;4@YI7Q)*G(1Uaare7DQzt<2*Zd4XvbAh^q&~c4%;oX$mkF zP%dQw`wSIKf*W5suD#1v$Jy|Hxa>WtK*lA|?yp}h=D2oT=gLXz7UcPNwdY-#j5Qa# zR))|nTU@58n~ObmSNVf_tassUqecwYz4kS|>43-B}kw$K^amlHN#p;ck) F{tfI&1hD`B literal 0 HcmV?d00001 diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl index 8e642823..63d73f70 100644 --- a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl +++ b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl @@ -1,5 +1,5 @@ ### Secure boot config -CONFIG_BOOTDELAY=-2 +CONFIG_BOOTDELAY=5 CONFIG_USE_BOOTCOMMAND=y CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/boot${EFI_ARCH}.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/boot${EFI_ARCH}.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset" CONFIG_EFI_VARIABLES_PRESEED=y diff --git a/start-qemu.sh b/start-qemu.sh index 18946a6c..ac73d8d3 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -179,7 +179,8 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then ${QEMU_PATH}${QEMU} \ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \ -bios ${u_boot_bin} \ - ${QEMU_COMMON_OPTIONS} "$@" + ${QEMU_COMMON_OPTIONS} "$@" \ + -hdb fat:rw:keys ;; *) echo "Unsupported architecture: ${arch}" -- 2.30.2