Problem with building u-boot for imx6 with Yocto for HAB

Technical Support
, , , ,
1

Hi Everyone,
I’m trying to set up an Secure Boot with HAB V4 on the Colibri iMX6S 256MB IT. I’m using the Toradex Embedded Linux BSP 3.0 with Yocto. The Host is an Ubuntu 18.05 VM. The Machine in the local.conf is MACHINE ?= "colibri-imx6".

Tho achive that I used devtool modify u-boot-toradex and added the following lines the the colibri_imx6_defconfig file:

CONFIG_SECURE_BOOT=y
CONFIG_SYS_FSL_HAS_SEC=y
CONFIG_SYS_FSL_SEC_COMPAT=4
CONFIG_CMD_DEKBLOB=y
CONFIG_FSL_CAAM=y
CONFIG_SHA_HW_ACCEL=y

Afterwards I added the changes to the git, made a commit and started the Building process with bitbake -k console-tdx-image.

This brought up the following Error:

|   ./tools/mkimage -n spl/u-boot-spl.cfgout -T imximage -e 0x00908000 -d spl/u-boot-spl.bin SPL >SPL.log  && cat SPL.log
| Image Type:   Freescale IMX Boot Image
| Image Ver:    2 (i.MX53/6/7 compatible)
| Mode:         DCD
| Data Size:    65536 Bytes = 64.00 KiB = 0.06 MiB
| Load Address: 00907420
| Entry Point:  00908000
| HAB Blocks:   0x00907400 0x00000000 0x0000bc00
| DCD Blocks:   0x00910000 0x0000002c 0x00000004
|   /home/feick2/oe-core-3-0-hab/build/workspace/sources/u-boot-toradex/scripts/check-config.sh u-boot.cfg /home/feick2/oe-core-3-0-hab/build/workspace/sources/u-boot-toradex/scripts/config_whitelist.txt /home/feick2/oe-core-3-0-hab/build/workspace/sources/u-boot-toradex
| make[1]: Leaving directory '/home/feick2/oe-core-3-0-hab/build/tmp/work/colibri_imx6-tdx-linux-gnueabi/u-boot-toradex/1_2019.07+git999-r0/u-boot-toradex-2019.07+git999/colibri_imx6_defconfig'
| make: Leaving directory '/home/feick2/oe-core-3-0-hab/build/workspace/sources/u-boot-toradex'
| cp: cannot stat '/home/feick2/oe-core-3-0-hab/build/tmp/work/colibri_imx6-tdx-linux-gnueabi/u-boot-toradex/1_2019.07+git999-r0/u-boot-toradex-2019.07+git999//colibri_imx6_defconfig/u-boot.img': No such file or directory
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /home/feick2/oe-core-3-0-hab/build/tmp/work/colibri_imx6-tdx-linux-gnueabi/u-boot-toradex/1_2019.07+git999-r0/temp/log.do_compile.9798)
ERROR: Task (/home/feick2/oe-core-3-0-hab/build/../layers/meta-toradex-nxp/recipes-bsp/u-boot/u-boot-toradex_2019.07.bb:do_compile) failed with exit code '1'

For me is seems like there is a problem with the format of the u-boot file. A u-boot file without a filename Extension and a u-boot.bin exists. u-boot-dtb.img and u-boot-ivt.img are also existing.

Would apreciate suggestioins to solve the problem a lot.

Thank you,
Sebastian

2

Hi @Seb_F

Unfortunately you can’t just use the existing Yocto recipe to build u-boot with secure boot. You have to sign the SPL and u-boot separately that’s why you don’t get any u-boot.img when building with secure boot enabled. Please check this document for more information… We plan to document it publicly in the future.

Regards,
Stefan

3

Thank you a lot for the advices! Have a good day.

Regards,
Sebastian

4

Thank you a lot for the advices! Have a good day.

Regards,
Sebastian