We have the secure version of the am4372.
How is the signature from the fit image initramfs file supposed to be removed?
I am using Yocto Thud with the TI layer:
git://git.yoctoproject.org/meta-ti
When we create a FIT image with initramfs, it contains a signature at the end of the initramfs. When the kernel reads this signature that is tacked at the end of the initramfs, the kernel does not like it, and prints the error:
>junk in compressed archive
and aborts the read of the initramfs.
This code generating the error can be found here:
https://elixir.bootlin.com/linux/v4.19.89/source/init/initramfs.c#L491
Was U-Boot supposed to remove the signature?
Here is the .its file embedded in the fit image (should there be something to indicate these files have signatures):
/dts-v1/;
/ {
description = "U-Boot fitImage for mLinux/4.19.50+gitAUTOINC+e56692e9c3/mtcdt3hs";
#address-cells = <1>;
images {
kernel@1 {
description = "Linux kernel";
data = /incbin/("linux.bin.sec");
type = "kernel";
arch = "arm";
os = "linux";
compression = "none";
load = <0x82000000>;
entry = <0x82000000>;
hash@1 {
algo = "sha256";
};
};
mtcdt3.dtb {
description = "Flattened Device Tree blob";
data = /incbin/("arch/arm/boot/dts/mtcdt3.dtb.sec");
type = "flat_dt";
arch = "arm";
compression = "none";
························
hash@1 {
algo = "sha256";
};
};
ramdisk@1 {
description = "ramdisk image";
data = /incbin/("usr/core-image-rorootfs-overlay-initramfs-mtcdt3hs.cpio.gz.sec");
type = "ramdisk";
arch = "arm";
os = "linux";
compression = "gzip";
hash@1 {
algo = "sha256";
};
};
};
configurations {
default = "mtcdt3.dtb";
mtcdt3.dtb {
description = "Linux kernel, FDT blob, ramdisk";
fdt = "mtcdt3.dtb";
kernel = "kernel@1";
ramdisk = "ramdisk@1";
························
························
hash@1 {
algo = "sha256";
};
signature@1 {
algo = "sha256,rsa2048";
key-name-hint = "debug";
sign-images = "kernel", "fdt", "ramdisk";
};
};
};
};
