Tag Archives: Linux

FIT image containing u-boot script

FIT images may be signed and verified by bootloader u-boot, as required for opencritis.org. FIT images may contain multiple images, such as the kernel, fdt device trees initramfs and scritps.

As the FIT image is tagging each embedded element, these entities are embedded in raw format, for example zImage, initrd.cpio and the scripts as simple text files. For example see this fit image declaration of file “image.its”

/dts-v1/;

/ {
  description = "OpenCritis arm/virt FIT Image";
  #address-cells = <1>;

  images {
          kernel {
             description = "Kernel";
             data = /incbin/("zImage");
             type = "kernel";
             arch = "arm";
             os = "linux";
             compression = "none";
             load = <0x40400000>;
             entry = <0x40400000>;
             hash {
                algo = "sha256";
             };
          };

          fdt {
            description = "Flattened Device tree";
            data = /incbin/("nxp6ulevk.dtb");
            type = "flat_dt";
            arch = "ARM";
            compression = "none";
            hash {
      	       algo = "sha256";
            };
        };
 
      bootscript {
        description = "Bootscript";
        data = /incbin/("u-boot.scr");
        type = "script";
        compression = "none";
      };           
};

configurations {
      default = "standard";
      standard {
            description = "Standard Boot";
            kernel = "kernel";
            fdt = "fdt";
            hash {
                    algo = "sha256";
            };
      };
   };
};     

An u-boot script “u-boot.scr” has the form:

setenv bootargs "console=ttyAMA0,115200 ro rootwait root=/dev/sda2"
bootm  ${loadaddr}
echo "Bad image or kernel."
reset

The fit image “image.ub” is generated using the following command

mkimage -f image.its image.ub 

Loading a fit image and sourcing the script is done as follows:

setenv loadaddr 0x48000000
fatload mmc 0:1  ${loadaddr} image.ub
source ${loadaddr}:bootscript

Note: indexed node names will be refused by u-boot FIT parser yielding “Bad FIT image format”, for example do not use the following form

...
script@1 { .... };

Why I kicked out MS Office 365

MS Office 365 is the web-based version of MS Office (Word,Excel, etc). Its functionality is limited comparing to the original desktop version, it feels like MS Works I used 1992. But the worst, it is not possible to copy&paste between two documents in two different web-browser windows, no clipboard! A limited clipboard is available via browser-plugin only, but it did not work with Firefox on Ubuntu 2022.

Buildroot Verity Setup – Rootfs Integrity

I investigated the usage of Verity feature of Linux kernel, ingrating this feature into the OpenCritis environment. The Verity Device Mapper of the Linux kernel is verifying the integrity of a read-only file system (eg partition rootfs) using a Merkle tree; over the data blocks of the file system. If signing the top hash, the authenticity and integrity of the rootfs can be enforced while booting and during runtime!

Source: Wikipedia, Merkle Tree

Credits: Nathan Barrett-Morrison did a very good posting explaining the details https://www.timesys.com/security/dm-verity-without-an-initramfs/

Locking down U-Boot Environment

Performing secure boot U-Boot, the U-Boot-Env in mmc or flash should be static, read-only. In case of A-B boot concept as being used for OpenCritis, the bootloader needs to know the active partition to boot into. Therefore 3 variables shall be writable only, being stored in U-Boot Environmentn, namely

boot_order: Hex value, either “AB” or “BA”
boot_a_left: Dec value counting the number of trials, by default 3
boot_b_left: Dec value counting the number of trials, by default 3

To acieve this setup the uboot defconfig should have the following setup:

CONFIG_CMD_ENV_CALLBACK=y
CONFIG_CMD_ENV_FLAGS=y
CONFIG_ENV_IS_NOWHERE=y
CONFIG_ENV_IS_IN_MMC=y or CONFIG_ENV_IS_IN_FAT=y
CONFIG_ENV_APPEND=y
CONFIG_ENV_WRITEABLE_LIST=y
CONFIG_ENV_ACCESS_IGNORE_FORCE=y
CONFIG_CMD_NVEDIT_LOAD=y
CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y

In the board header file (eg. include/configs/qemu-arm.h) the following definitions must be added , for example as patch file.

#define CONFIG_ENV_FLAGS_LIST_DEFAULT "boot_order:xw,boot_a_left:dw,boot_b_left:dw"
#define CONFIG_ENV_FLAGS_LIST_STATIC  "boot_order:xw,boot_a_left:dw,boot_b_left:dw"

See the following README explaining the flag attributes: https://github.com/u-boot/u-boot/blob/master/README#L1588