u-boot hangs after enabling secured boot : on overo

Question

I was trying to enable the secured boot in u-boot for gumstix overo storm. based on http://www.denx-cs.de/doku/?q=m28verifiedboot

After I prepared by SD cards, u-boot is not able to boot and gives the below error message.

U-Boot SPL 2015.07 (Apr 28 2016 - 13:53:06)
SPL: Please implement spl_start_uboot() for your board
SPL: Direct Linux boot not active!
reading u-boot.img
spl_load_image_fat: error reading image u-boot.img, err - -1
SPL: Please implement spl_start_uboot() for your board
SPL: Direct Linux boot not active!
Failed to mount ext2 filesystem...
spl_load_image_ext: ext4fs mount err - 0

================

This is the u-boot.dts file that I am using.

/dts-v1/;

/ {
        model = "Keys";

        signature {
                key-dev {
                        required = "conf";
                        algo = "sha1,rsa2048";
                        key-name-hint = "my_key";
                };
        };
};

to generate u-boot.dtb, dtc -p 0x1000 /work/u-boot.dts -O dtb -o /work/u-boot.dtb

And these are the conf that I have added to include/configs/omap3_overo.h

 #define CONFIG_OF_CONTROL
 #define CONFIG_OF_SEPARATE
 #define CONFIG_FIT
 #define CONFIG_FIT_SIGNATURE
 #define CONFIG_RSA
 #define CONFIG_FIT_VERBOSE

and I am compiling u-boot by using below line :

make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- EXT_DTB=/work/u-boot.dtb all -j4

Please let me know if you have any ideas on how to debug this issue.

===================

There is an update.

1. changed u-boot-dtb.img name to u-boot.img .
2. then board is able to boot, but gives the below message when I tried to use bootm.

**

Overo # 
## Loading kernel from FIT Image at 82000000 ...
   Using 'conf@1' configuration
   Verifying Hash Integrity ... sha1,rsa2048:my_keyRSA: Can't find Modular Exp implementation
RSA: Can't find Modular Exp implementation
- Failed to verify required signature 'key-my_key'
Bad Data Hash
ERROR: can't get kernel image!
Overo #

**

As mentioned in doc/uImage.FIT/beaglebone_vboot.txt, I tried the script - tools/fit_check_sign, and its output is normal. Able to verify the signature.

So still dont know, what is the exact issue, why I am getting the above error message. I searched for UCLASS_MOD_EXP, /* RSA Mod Exp device */, but couldn't get much info.

What is RSA Mod Exp device and how to make sure that I have that ?

Any input to debugging will be greatly helpful.

EDIT :

diff include/configs/omap3_overo.h ../../u-boot2015.07/include/configs/omap3_overo.h 
        191a192,199
        > 
        > #define CONFIG_OF_CONTROL                                                               
        > #define CONFIG_OF_SEPARATE  
        > #define CONFIG_FIT
        > #define CONFIG_FIT_SIGNATURE
        > #define CONFIG_RSA
        > #define CONFIG_FIT_VERBOSE
        >

Answer 1

Well, the first problem to fix is here:

reading u-boot.img
spl_load_image_fat: error reading image u-boot.img, err - -1

So does your SD card have u-boot.img? Note that the example you link to does NOT do SPL but instead does the old style (but still functional and supported) imximage format instead, as it is on i.MX and you're using an OMAP3 platform. In this case reading doc/uImage.FIT/beaglebone_vboot.txt would be very helpful to you as am335x (what is found in beaglebone boards) is an evolution of the OMAP3 parts rather than a different SoC vendor (like i.MX vs OMAP3 is).

EDIT: Now that we're loading the correct file, in v2015.07 these haven't been migrated to Kconfig. Did you enable CONFIG_RSA? Look at what is done under ENABLE_VBOOT in the various config headers and the rest of the tree, you will need to do similar.