linux-armv7-xe303c12-only
linux-armv7-xe303c12-only copied to clipboard
Published
20 hours ago •
quarkscript
quarkscript
FATAL: do_vbutil_kernel: Missing required config file.
Hello my friend.
I'm trying to compile Xen on my ARM Chromebook following this tutorial :
https://wiki.xenproject.org/wiki/Xen_ARM_with_Virtualization_Extensions/Chromebook
I've reached almost on the end of tutorial when I got an error message that I'm not able to fix :
# ls (current directory)
exynos5250-snow.dtb Gringoli script xen.bin xen-chromebook-image zImage
nano script :
/dts-v1/;
/ {
description = "Chrome OS kernel image with one or more FDT blobs";
#address-cells = <1>;
images {
kernel@1 {
data = /incbin/("xen.bin");
type = "kernel";
arch = "arm";
os = "linux";
compression = "none";
load = <0x80200000>;
entry = <0x80200000>;
};
kernel@2 {
data = /incbin/("zImage");
type = "kernel_noload";
arch = "arm";
os = "linux";
compression = "none";
load = <0>;
entry = <0>;
};
fdt@1 {
description = "exynos5250-snow.dtb";
data = /incbin/("exynos5250-snow.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
hash@1 {
algo = "sha1";
};
};
};
configurations {
default = "conf@1";
conf@1 {
kernel = "kernel@1";
fdt = "fdt@1";
};
};
};
# mkimage -f script xen-chromebook-image
script:6.15-14.8: Warning (unit_address_vs_reg): /images/kernel@1: node has
a unit name, but no reg or ranges property
script:15.15-23.8: Warning (unit_address_vs_reg): /images/kernel@2: node
has a unit name, but no reg or ranges property
script:24.12-33.8: Warning (unit_address_vs_reg): /images/fdt@1: node has a
unit name, but no reg or ranges property
script:30.15-32.10: Warning (unit_address_vs_reg): /images/fdt@1/hash@1:
node has a unit name, but no reg or ranges property
script:37.13-40.8: Warning (unit_address_vs_reg): /configurations/conf@1:
node has a unit name, but no reg or ranges property
Image contains unit addresses @, this will break signing
FIT description: Chrome OS kernel image with one or more FDT blobs
Created: Sat Oct 28 00:29:40 2023
Image 0 (kernel@1)
Description: unavailable
Created: Sat Oct 28 00:29:40 2023
Type: Kernel Image
Compression: uncompressed
Data Size: 868291 Bytes = 847.94 KiB = 0.83 MiB
Architecture: ARM
OS: Linux
Load Address: 0x80200000
Entry Point: 0x80200000
Image 1 (kernel@2)
Description: unavailable
Created: Sat Oct 28 00:29:40 2023
Type: Kernel Image (no loading done)
Compression: uncompressed
Data Size: 2424696 Bytes = 2367.87 KiB = 2.31 MiB
Image 2 (fdt@1)
Description: exynos5250-snow.dtb
Created: Sat Oct 28 00:29:40 2023
Type: Flat Device Tree
Compression: uncompressed
Data Size: 26819 Bytes = 26.19 KiB = 0.03 MiB
Architecture: ARM
Hash algo: sha1
Hash value: d1c2a89560f84b6fd1e17d9b8edd45fb9bc5e588
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
Description: unavailable
Kernel: kernel@1
FDT: fdt@1
On ubuntu 23.04 :
# vbutil_kernel --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys /kernel_data_key.vbprivk --vmlinuz xen-chromebook-image --arch arm --pack signed-xen-chromebook-image
FATAL: do_vbutil_kernel: Missing required config file.
PS : I have tried to remove /incbin/ but it didn't work :
# mkimage -f script xen-chromebook-image
Error: script:7.15-16 syntax error
FATAL ERROR: Unable to parse input tree
mkimage: Can't open xen-chromebook-image.tmp: No such file or directory
Error: Bad parameters for FIT image type
Usage: mkimage [-T type] -l image
-l ==> list image header information
-T ==> parse image file as 'type'
-q ==> quiet
mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d
data_file[:data_file...] image
-A ==> set architecture to 'arch'
-O ==> set operating system to 'os'
-T ==> set image type to 'type'
-C ==> set compression type 'comp'
-a ==> set load address to 'addr' (hex)
-e ==> set entry point to 'ep' (hex)
-n ==> set image name to 'name'
-R ==> set second image name to 'name'
-d ==> use image data from 'datafile'
-x ==> set XIP (execute in place)
-s ==> create an image with no data
-v ==> verbose
mkimage [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b
<dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image
<dtb> file is used with -f auto, it may occur multiple times.
-D => set all options for device tree compiler
-f => input filename for FIT source
-i => input filename for ramdisk file
-E => place data outside of the FIT structure
-B => align size in hex for FIT structure and header
-b => append the device tree binary to the FIT
-t => update the timestamp in the FIT
Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p
addr] [-r] [-N engine]
-k => set directory containing private keys
-K => write public keys to this .dtb file
-g => set key name hint
-G => use this signing key (in lieu of -k)
-c => add comment in signature node
-F => re-sign existing FIT image
-p => place external data at a static position
-r => mark keys used as 'required' in dtb
-N => openssl engine to use for signing
-o => algorithm to use for signing
mkimage -V ==> print version information and exit
Use '-T list' to see a list of available image types
Long options are available; read the man page for details
It seems that the validation is enough to bypass the bootloader protection. So,signing the kernel files,I may stop using the virtual open systems patched u-boot and I can use another bootloader , like your.
