Understanding Verified Uboot on Embedded Board - linux

I've scoured the presentations and documentation for verified u-boot and have several questions. I'll try to walk any users through where I am as I suspect I am not the only one who is having some slight difficulty understanding the process for verified u-boot.
I have a compiled zImage that has a working external DTB for use without verification. It boots and works (let's call this normal-board.dts)
Secondly, I have u-boot compiled with the following config entries:
CONFIG_ARM=y
CONFIG_ARCH_AT91=y
CONFIG_TARGET_AT91SAM9260EK=y
CONFIG_SYS_EXTRA_OPTIONS="AT91SAM9G20,SYS_USE_DATAFLASH_CS1"
CONFIG_SYS_PROMPT="#> "
# CONFIG_CMD_BDI is not set
CONFIG_CMD_IMI=y
# CONFIG_CMD_IMLS is not set
# CONFIG_CMD_LOADS is not set
# CONFIG_CMD_FPGA is not set
# CONFIG_CMD_SOURCE is not set
CONFIG_CMD_SETEXPR=y
CONFIG_DEFAULT_DEVICE_TREE="myboard"
CONFIG_CMD_MMC=y
CONFIG_CMD_FAT=y
CONFIG_MTD_CMDLINE_PARTS=y
CONFIG_RSA=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_OF_CONTROL=y
My board has a partition scheme similar to:
... boot strap, uboot and env
0xD00084000 (zImage)
0xD0020AA00 (normal-board.dtb)
The rootfs is on NAND (external to this chip)
The device can be booted in a standard configuration using a command such as:
cp.b 0xD0084000 0x22000000 0x186A00;cp.b 0xD020AA00 0x28000000 0x61A8;bootm 0x22000000 - 0x28000000
At this point, I've recompiled u-boot, but the nomenclature is a bit confusing as there are several elements.
FIT Control DTS (I assume that this is one used by u-boot and needs to be in its own partition)
FIT DTB (the same DTB more or less as the non-FIT one (normal-board.dtb), but with FIT magic somewhere in it)
FIT kernel image (I assume that some magic gets added to the zImage here too?)
Having seen that there is a uboot control FIT FDT, will this need its own partition? and will the FIT DTB be the same as the working kernel DTB (just flash this instead of the non-FIT one)???
Next, given this script I started hashing out from various documentation and slides, we can see that u-boot.{dts,dtb} is the control FDT, and the ITS file is the one with the fit (I assume that its the same as normal-board.dts, BUT has a FIT node added).
Eg. u-boot.dts
/dts-v1/;
/ {
model = "Keys";
compatible = "myboard";
signature {
dev_key {
required = "conf";
algo = "sha1,rsa2048";
key-name-hint = "dev_key";
};
};
};
Now the example DTS for myboard WITH THE FIT section:
/dts-v1/;
/ {
description = "Linux kernel2";
#address-cells = <1>;
images {
kernel#1 {
description = "Linux kernel";
data = /incbin/("../linux/arch/arm/boot/zImage");
arch = "arm";
os = "linux";
type = "kernel_noload";
compression = "none";
load = <0x80080000>;
entry = <0x80080000>;
kernel-version = <1>;
hash#1 {
algo = "sha1";
};
};
};
configurations {
default = "conf#1";
conf#1 {
description = "Boot Linux kernel";
kernel = "kernel#1";
signature#1 {
algo = "sha1, rsa2048 ";
key-name-hint = "dev_key";
sign-images = "kernel";
};
};
};
};
However, what the heck is fitImage (see below script - this is from the examples)? is it zImage? I couldn't find any documentation describing its first mention - what it is where it comes from etc... or is it an output generated by the reference from within the ITS for an incbin?
#!/bin/bash
key_dir=/tmp/keys
key_name=dev_key
FIT_IMG="fitImage"
rm -rf ${key_dir}
mkdir ${key_dir}
MKIMG="/home/dev/lede/staging_dir/host/bin/mkimage"
DTC="/usr/bin/dtc"
#Generate a private signing key (RSA2048):
openssl genrsa -F4 -out \
"${key_dir}"/"${key_name}".key 2048
# Generate a public key:
openssl req -batch -new -x509 \
-key "${key_dir}"/"${key_name}".key \
-out "${key_dir}"/"${key_name}".crt
# Control FDT (u-boot.dts) - hits uboot to have keys etc...
CTRL_FDT="u-boot.dts"
# FIT image ITS - describes the node
FIT_ITS="fit-image.its"
#Assemble control FDT for U-Boot with space for public key:
$DTC -p 0x1000 $CTRL_FDT -O dtb -o u-boot.dtb
# Generate fitImage with space for signature:
$MKIMG -D "-I dts -O dtb -p 2000" \
-f f$FIT_ITS $FIT_IMG
# Sign fitImage and add public key into u-boot.dtb:
$MKIMG -D "-I dts -O dtb -p 2000" -F \
-k "${key dir}" -K u-boot.dtb -r $FIT_IMG
# Signing subsequent fitImage:
$MKIMG -D "-I dts -O dtb -p 2000" \
-k "${key dir}" -f $FIT_ITS -r $FIT_IMG
Iminfo gets me this far:
#> iminfo
## Checking Image at 20000000 ...
FIT image found
FIT description: Configuration to load a Basic Kernel
Image 0 (linux_kernel#1)
Description: Linux zImage
Type: Kernel Image
Compression: uncompressed
Data Start: 0x200000dc
Data Size: 1465544 Bytes = 1.4 MiB
Architecture: ARM
OS: Linux
Load Address: 0x20000000
Entry Point: 0x20008000
Hash node: 'hash#1'
Hash algo: sha256
Hash value: bf1d62a9ac777310746c443f2500cf197967f1e7c9cb56ff5c33206670e12d8f
Hash len: 32
Image 1 (fdt#1)
Description: FDT blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x20165ea4
Data Size: 21681 Bytes = 21.2 KiB
Architecture: ARM
Hash node: 'hash#1'
Hash algo: sha256
Hash value: c7f32d039871d858dda8d397c3b6a685bc914c78cf70f03d1860f61ecfe9c689
Hash len: 32
Default Configuration: 'config#1'
Configuration 0 (config#1)
Description: Plain Linux
Kernel: linux_kernel#1
FDT: fdt#1
## Checking hash(es) for FIT Image at 20000000 ...
Hash(es) for Image 0 (linux_kernel#1): sha256+
Hash(es) for Image 1 (fdt#1): sha256+
The zImage is prepared (and this is likely the wrong way)
mkimage -A arm -O linux -C none -T kernel -a 0x22000000 -e 0x22008000 -n linux-4.4.36 \
-d $(KDIR)/zImage $(BIN_DIR)/$(IMG_PREFIX)-zImage-nDTB
Even along the lines of the following (I seem to get this, what do I do for addresses - is the reallocation part of the issue? such as the fdt_high variables?)
#> bootm 0x23000000
## Current stack ends at 0x23f119b8 * kernel: cmdline image address = 0x23000000
## Loading kernel from FIT Image at 23000000 ...
No configuration specified, trying default...
Found default configuration: 'config#1'
Using 'config#1' configuration
Trying 'linux_kernel#1' kernel subimage
Description: Linux zImage
Type: Kernel Image
Compression: uncompressed
Data Start: 0x230000dc
Data Size: 1465544 Bytes = 1.4 MiB
Architecture: ARM
OS: Linux
Load Address: 0x23000000
Entry Point: 0x23000000
Hash node: 'hash#1'
Hash algo: sha256
Hash value: bb397db1ec90ec8526c6d215c9ded2a1357a258c2145f97fda9898e810e847d7
Hash len: 32
Verifying Hash Integrity ... sha256+ OK
kernel data at 0x230000dc, len = 0x00165cc8 (1465544)
* ramdisk: using config 'config#1' from image at 0x23000000
* ramdisk: no 'ramdisk' in config
* fdt: using config 'config#1' from image at 0x23000000
## Checking for 'FDT'/'FDT Image' at 23000000
## Loading fdt from FIT Image at 23000000 ...
Using 'config#1' configuration
Trying 'fdt#1' fdt subimage
Description: FDT blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x23165ea4
Data Size: 21681 Bytes = 21.2 KiB
Architecture: ARM
Hash node: 'hash#1'
Hash algo: sha256
Hash value: c7f32d039871d858dda8d397c3b6a685bc914c78cf70f03d1860f61ecfe9c689
Hash len: 32
Verifying Hash Integrity ... sha256+ OK
Can't get 'load' property from FIT 0x23000000, node: offset 1465916, name fdt#1 (FDT_ERR_NOTFOUND)
Booting using the fdt blob at 0x23165ea4
of_flat_tree at 0x23165ea4 size 0x000054b1
Initial value for argc=3
Final value for argc=3
Loading Kernel Image ... OK
CACHE: Misaligned operation at range [23000000, 23165cc8]
kernel loaded at 0x23000000, end = 0x23165cc8
images.os.start = 0x23000000, images.os.end = 0x2316c911
images.os.load = 0x23000000, load_end = 0x23165cc8
ERROR: new format image overwritten - must RESET the board to recover

So, there's a lot in the above question, and I'll try and answer a few things which should help clear things up:
The U-Boot binary needs to contain the pubkey. So in this case, the "myboard" device tree you've listed is where that needs to end up. It is within the binary and not a separate partition in flash.
The next thing is that the FIT image is a container with lets say different ways to open it. The fitImage contains zImage and normal-board.dtb and logic so that you can say that each of these pieces needs to be signed by a particular public key. So in this case, instead of a flash partition for the zImage and another for normal-board.dtb you have a single partition for fitImage to reside in. It is the output from providing the "its" file to mkimage. This is similar to how "uImage" is the output from providing "zImage" to mkimage.

After alot of man-hours studying, reading, and trying - I created a full blog article about how verified uboot works, and how DTBs (both forms) come together when building the final images.
This article can be found here
However, the key things to note are indeed what Tom said and here are a few more (after quoting my article):
There are two kinds of DTBs (the kernel & uboot DTBS)
There is a file called an ITS - this describes the FIT image to be built
You will need an asynchronous key pair
You will need a version of mkimage that supports verified uboot/DTBs
Your bootloader will need support Verified uboot enabled
Uboot and the Linux kernel need to know about DTBs
Even though you sign your images, a copy of the public key and other cryptographic info will be needed in the final bootloader
It was a fun process :)

Related

Booting kernel from SD in qemu (ARM) with u-boot

I'm quite new to embedded systems and I'm playing around with ARM on qemu. So I've run into problem booting linux kernel image from an emulated SD on versatile express with cpu cortex-a9.
I prepared everything in the following order: first, I've built the kernel with vexpress_defconfig using appropriate ARM toolchain. Then I've built u-boot with vexpress_ca9x4_defconfig. Everything went just fine. The linux kernel source I took is at version 4.13 (latest stable from git). U-boot version is 2017.09-00100. Then I prepared an SD image:
dd if=/dev/zero of=sd.img bs=4096 count=4096
mkfs.vfat sd.img
mount sd.img /mnt/tmp -o loop,rw
cp kernel/arch/arm/boot/zImage /mnt/tmp
umount /mnt/tmp
Next I try to run qemu as follows:
qemu-system-arm -machine vexpress-a9 -cpu cortex-a9 -m 128M -dtb kernel/arch/arm/boot/dts/vexpress-v2p-ca9.dtb -kernel uboot/u-boot -sd sd.img -nographic
U-boot loads successfully and gives me command prompt. And SD is really there and attached:
=> mmcinfo
Device: MMC
Manufacturer ID: aa
OEM: 5859
Name: QEMU!
Tran Speed: 25000000
Rd Block Len: 512
SD version 1.0
High Capacity: No
Capacity: 16 MiB
Bus Width: 1-bit
Erase Group Size: 512 Bytes
I attempt to load compressed image from SD into memory and boot it:
fatload mmc 0:0 0x4000000 zImage
and everything looks ok
=> fatload mmc 0:0 0x4000000 zImage
reading zImage
3378968 bytes read in 1004 ms (3.2 MiB/s)
but then I want to boot the kernel and get an error:
=> bootz 0x4000000
Bad Linux ARM zImage magic!
I also tried U-boot images, crafted with u-boot's mkimage, like in this example:
uboot/tools/mkimage -A arm -C none -O linux -T kernel -d kernel/arch/arm/boot/Image -a 0x00010000 -e 0x00010000 uImage
also trying out -C gzip on zImage and different load/entry addresses, to no avail. The images were copied to sd.img. When I fatload the image and check it with iminfo, whichever options I try, I constantly get error:
=> iminfo 0x4000000
## Checking Image at 04000000 ...
Unknown image format!
I'm totally confused and this problem drives me nuts, while information on this subject in Internet is rather scarce. Please, hint me what I'm doing wrong and redirect into right direction.
qemu in use is QEMU emulator version 2.9.0.

Using GPIO-Poweroff on a Raspberry Pi Compute Module with DAS U-Boot to turn off the PSU

I've been trying to get GPIO-Poweroff to switch off the board PSU using GPIO but no matter what I try, it never seems to work. If I manually toggle the GPIO pin, the device immediately shuts down. If I take stock Raspbian-Lite and add the following line to config.txt it works. But U-Boot seems to be ignoring it. I am using Raspbian Lite 2017-07-5 with the latest mainline U-Boot: git://git.denx.de/u-boot.git compiled with rpi_defconfig.
dtoverlay=gpio-poweroff,gpiopin=6,active_low=1
With U-Boot the Raspberry Pi boots and works normally, it even shuts down but it never toggles GPIO6. This leaves the PSU running and the only way to fix it is by holding down the power button for at least 5 seconds. I know that dt-blob.bin is loaded and applied as the board has a camera which only works with the correct dt-blob.bin.
At thus point I am out of ideas. I have tried:
Updating the Linux kernel using rpi-update
Decompiling both gpio-poweroff.dtbo and dt-blob.bin. Changing 0x1a to 0x06 and 0x0 to 0x1 inside gpio -poweroff.dtbo, concatenating them together and it doesn't work.
Manually doing the above and intertwining the decompiled code.
Using fdt addr, and fdt apply inside boot.scr to apply it manually, this didn't work because fdt_overlay_apply FDT_ERR_NOSPACE and I couldn't seem to get past this.
Cloning linux and trying to make dtsb, target doesn't exist.
Cloning linux/arch/arm/boot/dts, writing a MakeFile and compiling them with my changes results in a U-Boot loading, Raspbian loading but gpio-poweroff not working.
Other attempts which are barely worth mentioning.
Nothing I try seems to work, and I'm not sure where to go forward.
For reference, here are some of the files in use:
boot.cmd:
#Setting default bootargs
setenv original_bootargs console=ttyS0 console=tty1 rootfstype=ext4 fsck.repair=yes hdmi.audio=0 disp.screen0_output_mode=1920x1080p60:1280x720p60:800x600p60:EDID rootwait panic=10 # console MUST be ttyS0 or it WILL NOT BOOT!
# Identify if we are using partition 2 or 3
if fatload mmc 0:1 ${loadaddr} swap; then echo "Using Partition 3"; setenv partition 3; else echo "Using Partition 2"; setenv partition 2; fi
# Check for recovery
if fatload mmc 0:1 ${loadaddr} recovery; then echo "Using Recovery Partition"; setenv partition 4; fi
#if gpio input 32 || fatload mmc 0:1 ${loadaddr} recovery; then echo "Using Recovery Partition"; setenv partition 4; fi
# Create an empty file to detect boot failures
fatwrite mmc 0:1 ${kernel_addr_r} recovery 0
# Set bootargs
setenv bootargs "${original_bootargs} root=/dev/mmcblk0p${partition}"
# Load the existing Linux kernel into RAM
echo Loading partition ${partition}
ext4load mmc 0:${partition} ${kernel_addr_r} kernel.img
# Boot the kernel we have just loaded
bootz ${kernel_addr_r} - ${fdt_addr}
Not sure why, but it boots with red and blue swapped, and at a low resolution. Compiled with mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "Boot Script" -d boot.cmd boot.scr
config.txt:
# For more options and information see
# http://rpf.io/configtxt
# Some settings may impact device functionality. See link above for details
# uncomment if you get no picture on HDMI for a default "safe" mode
#hdmi_safe=1
# uncomment this if your display has a black border of unused pixels visible
# and your display can output without overscan
disable_overscan=1
# uncomment the following to adjust overscan. Use positive numbers if console
# goes off screen, and negative if there is too much border
#overscan_left=16
#overscan_right=16
#overscan_top=16
#overscan_bottom=16
# uncomment to force a console size. By default it will be display's size minus
# overscan.
#framebuffer_width=1280
#framebuffer_height=720
# uncomment if hdmi display is not detected and composite is being output
#hdmi_force_hotplug=1
# uncomment to force a specific HDMI mode (this will force VGA)
#hdmi_group=1
#hdmi_mode=1
# uncomment to force a HDMI mode rather than DVI. This can make audio work in
# DMT (computer monitor) modes
#hdmi_drive=2
# uncomment to increase signal to HDMI, if you have interference, blanking, or
# no display
#config_hdmi_boost=4
# uncomment for composite PAL
#sdtv_mode=2
#uncomment to overclock the arm. 700 MHz is the default.
#arm_freq=800
# Uncomment some or all of these to enable the optional hardware interfaces
dtparam=i2c_arm=on
#dtparam=i2s=on
#dtparam=spi=on
# Uncomment this to enable the lirc-rpi module
#dtoverlay=lirc-rpi
# Additional overlays and parameters are documented /boot/overlays/README
# Enable audio (loads snd_bcm2835)
#dtparam=audio=on
gpu_mem=128
start_x=1
dtoverlay=gpio-poweroff,gpiopin=6,active_low=1
dtdebug=1
So, I've somewhat fixed it by compiling my own bcm27***.dtb files with the following concatenated after their original content:
/ {
compatible = "brcm,bcm2709";
power_ctrl: power_ctrl {
compatible = "gpio-poweroff";
gpios = <&gpio 6 1>;
};
};
However, this has completely broken GPIO and i2c. So this isn't a complete solution. My next step is to restore the original files, and try adding this to the end of dt-blob.bin
I did it, here is the answer:
# Manually apply overlay
setenv fdt_length 50000
setexpr kernel_addr_r ${fdt_addr} + ${fdt_length}
fdt addr ${fdt_addr} # Load the existing tree
fdt boardsetup # Device specific setup
fdt move ${fdt_addr} ${fdt_addr} ${fdt_length} # Resize the loaded fdt to ${fdt_length}
fatload mmc 0:1 ${kernel_addr_r} overlays/gpio-poweroff.dtbo
fdt apply ${kernel_addr_r} # Apply the overlay
Editing default device trees and dt-blob.bin ended being a fruitless endeavour. What you need to do is apply the overlay yourself, manually, inside uboot.src.
The first step is to find the source code of the desired overlay, and change the default value to you desired value, you cannot use overlay arguments inside U-Boot.
Before applying overlays you need to increase the size of the loaded device tree using fdt move, then you can load and apply from fat. If you wanted to apply more overlays you simply need to add additional lines such as:
fatload mmc 0:1 ${kernel_addr_r} overlays/rpi-tv.dtbo
fdt apply ${kernel_addr_r} # Apply the overlay
Be careful your device tree doesn't run out of space!

How to create a custom Oracle Linux 7u2 iso image

I have been using a some proven steps to create my own Oracle Linux 6uX ISO images with a custom kickstart script for a long time. What i basically do is mount the iso-image using hdiutil, copy the contents to a working folder, make the modifications and create an iso using makeiso (cdrutils).
Details have been described here; http://www.reddipped.com/2015/12/virtualbox-soa-bpm-osb-bam-33-minutes/
I just made my first attempts to create a custom Oracle Linux 7u2 ISO images, but miserably failed till now.
First opening the image using hdiutil gives and 'hdiutil: attach failed - no mountable file systems'. Instead i used Keka to extract the contents of the iso.
Modified the contents of the extracted iso-image;
Removing /isolinux/boot.cat,
Adding a new ks-bd.ks
Adding a menu item to the isolinux.cfg to be able to start installation using the kickstart file
label linux_basicserver_silent\
menu label ^Install basic server silent\
menu default\
kernel vmlinuz\
append initrd=initrd.img ks=cdrom:\/ks-bd.ks\
Then created an iso again;
## Make isolinux.bin writable
chmod u+w V100082-01U/isolinux/isolinux.bin
# Build the V100082-01Uiso
cdrtools/cdrtools-*/mkisofs/OBJ/i386-darwin-clang/mkisofs -r -J -T -o V100082-01U.iso -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R \
-m TRANS.TBL -v -V Oracle\ Linux\ 7.2 ./V100082-01U
After mounting the iso image and selecting the 'linux_basicserver_silent' installation option the installation seems to stall on the message 'Starting automated install'
When selecting a standard interactive installation in the installation menu the installation also freezes with the latest step 'Reached target Basic System'
After some minutes the same error 'dracut-initqueue timeout' is repeatedly shown .
Any hints how to fix this?
-- Update 10/27/2016 --
When comparing the orignal iso with the created iso using mkisofs there are no substantial differences, i think..
Original
./isoinfo -d -i V100082-01.iso
CD-ROM is in ISO 9660 format
System id: LINUX
Volume id: OL-7.2 Server.x86_64
Volume set id:
Publisher id:
Data preparer id:
Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 2178717
El Torito VD version 1 found, boot catalog is in sector 701
Joliet with UCS level 3 found.
SUSP signatures version 1 found
Rock Ridge signatures version 1 found
Rock Ridge id 'RRIP_1991A'
Eltorito validation header:
Hid 1
Arch 0 (x86)
ID ''
Cksum AA 55 OK
Key 55 AA
Eltorito defaultboot header:
Bootid 88 (bootable)
Boot media 0 (No Emulation Boot)
Load segment 0
Sys type 0
Nsect 4
Bootoff EFE 3838
Rebuild
./isoinfo -d -i V100082-01U.iso
CD-ROM is in ISO 9660 format
System id: Mac OS X
Volume id: Oracle Linux 7.2
Volume set id:
Publisher id:
Data preparer id:
Application id: MKISOFS ISO9660/HFS/UDF FILESYSTEM BUILDER & CDRECORD CD/DVD/BluRay CREATOR (C) 1993 E.YOUNGDALE (C) 1997 J.PEARSON/J.SCHILLING
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 2251903
El Torito VD version 1 found, boot catalog is in sector 718
Joliet with UCS level 3 found.
SUSP signatures version 1 found
Rock Ridge signatures version 1 found
Rock Ridge id 'RRIP_1991A'
Eltorito validation header:
Hid 1
Arch 0 (x86)
ID ''
Cksum AA 55 OK
Key 55 AA
Eltorito defaultboot header:
Bootid 88 (bootable)
Boot media 0 (No Emulation Boot)
Load segment 0
Sys type 0
Nsect 4
Bootoff 2CF 719
Instead of using 7zip, use the cdrtool utility isoinfo to extract the original iso image.
mkdir V100082-01U
cd V100082-01U
isoinfo -R -X -i ../V100082-01.iso
Then modify the image and rebuild using mkisofs
## Make isolinux.bin writable
chmod u+w work/isolinux/isolinux.bin
# Build the V100082-01Uiso
cdrtools/cdrtools-*/mkisofs/OBJ/i386-darwin-clang/mkisofs -r -J -T -o V100082-01U2.iso -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R -sysid LINUX \
-m TRANS.TBL -v -V OL-7.2\ Server.x86_64 ./work

Kernel Panic with ramfs on embedded device: No filesystem could mount root

I'm working on an embedded ARM device running Linux (kernel 3.10), with NAND memory for storage. I'm trying to build a minimal linux which will reside on its own partition and carry out updates of the main firmware.
The kernel uses a very minimal root fs which is stored in a ramfs. However, I can't get it to boot. I get the following error:
[ 0.794113] List of all partitions:
[ 0.797600] 1f00 128 mtdblock0 (driver?)
[ 0.802669] 1f01 1280 mtdblock1 (driver?)
[ 0.807697] 1f02 1280 mtdblock2 (driver?)
[ 0.812735] 1f03 8192 mtdblock3 (driver?)
[ 0.817761] 1f04 8192 mtdblock4 (driver?)
[ 0.822794] 1f05 8192 mtdblock5 (driver?)
[ 0.827820] 1f06 82944 mtdblock6 (driver?)
[ 0.832850] 1f07 82944 mtdblock7 (driver?)
[ 0.837876] 1f08 12288 mtdblock8 (driver?)
[ 0.842906] 1f09 49152 mtdblock9 (driver?)
[ 0.847928] No filesystem could mount root, tried: squashfs
[ 0.853569] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(1,0)
[ 0.861806] CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.73 #11
[ 0.867732] [<800133ec>] (unwind_backtrace+0x0/0x12c) from [<80011a50>] (show_stack+0x10/0x14)
(...etc)
The root fs is built by the build process, using the following (simplified for clarity):
# [Copy some things to $(ROOTFS_OUT_DIR)/mini_rootfs]
cd $(ROOTFS_OUT_DIR)/mini_rootfs && find . | cpio --quiet -o -H newc > $(ROOTFS_OUT_DIR)/backup.cpio
gzip -f -9 $(ROOTFS_OUT_DIR)/backup.cpio
This creates $(ROOTFS_OUT_DIR)/backup.cpio.gz
The kernel is then built like this:
#$(MAKE) -C $(LINUX_SRC_DIR) O=$(LINUX_OUT_DIR) \
CONFIG_INITRAMFS_SOURCE="$(ROOTFS_OUT_DIR)/backup.cpio.gz" \
CONFIG_INITRAMFS_ROOT_UID=0 CONFIG_INITRAMFS_ROOT_GID=0
I think this means it uses the same config as the main firmware (built elsewhere), but supplies the minimal ramfs image using CONFIG_INITRAMFS_SOURCE.
From Kernel.Org, the ramfs is always built anyway, and CONFIG_INITRAMFS_SOURCE is all that is needed to specify a pre-made root fs to use. There are no build errors to indicate that there is a problem creating the ramfs, and the size of the resulting kernel looks about right. backup.cpio.gz is about 3.6 MB; the final zImage is 6.1 MB; the image is written to a partition which is 8 MB in size.
To use this image, I set some flags used by the (custom) boot loader which tell it to boot from the minimal partition, and also set a different command line for the kernel. Here is the command line used to boot:
console=ttyS0 rootfs=ramfs root=/dev/ram rw rdinit=/linuxrc mem=220M
Note that the nimimal root fs contains "/linuxrc", which is actually a link to /bin/busybox:
lrwxrwxrwx 1 root root 11 Nov 5 2015 linuxrc -> bin/busybox
Why doesn't this boot? Why is it trying "squashfs" filesystem, and is this wrong?
SOLVED! It turned out that a file name used by the (custom) build system had changed as part of an update, and so it was not putting the correct kernel image into the firmware package. I was actually trying to boot the wrong kernel with the "rootfs=ramfs" parameter, one which didn't have a ramfs.
So, for future reference, this error occurs if you specify "rootfs=ramfs" but your kernel wasn't built with any rootfs built in (CONFIG_INITRAMFS_SOURCE=... NOT specified)

How to edit FreeBSD .gz bootfile?

I have virtual image of a FreeBSD system and when I mount it I don't see the /etc/ directory and other files, instead is a big loader.gz on the filesystem, that I believe that is extracted during the boot process. I decompressed the loader.gz with gzip and I got it:
$ file loader
loader: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked (uses shared libs), not stripped
Using grep I'm able to confirm that the files that I need to edit are inside, however I don't know how to edit it. I tried to mount it without success. How can I modify the contents of loader.gz and use it again?
Can you please give me an example?
I have a Linux system and a Mac to install tools and this FreeBSD image.
Please, help me.
The loader program is generally the last stage of the kernel bootstrapping process.
A recent image should have another signature. e.g. for a memory stick image;
> file tmp/FreeBSD-10.0-RELEASE-amd64-memstick.img
tmp/FreeBSD-10.0-RELEASE-amd64-memstick.img: Unix Fast File system
[v1] (little-endian), last mounted on ,
last written at Fri Jan 17 00:24:02 2014,
clean flag 1, number of blocks 681040, number of data blocks 679047,
number of cylinder groups 13, block size 8192, fragment size 1024,
minimum percentage of free blocks 8, rotational delay 0ms,
disk rotational speed 60rps, TIME optimization
Mounting an image on FreeBSD:
# mdconfig -a -t vnode -f tmp/FreeBSD-10.0-RELEASE-amd64-memstick.img -u 1
# mount /dev/md1a /mnt/root/
(Linux has the same capability, I just don't remember what its called.)
This image contains loader in the boot/ directory:
# ls /mnt/root/
.cshrc ERRATA.TXT README.TXT boot/ lib/ proc/ sys#
.profile HARDWARE.HTM RELNOTES.HTM dev/ libexec/ rescue/ tmp/
COPYRIGHT HARDWARE.TXT RELNOTES.TXT docbook.css media/ root/ usr/
ERRATA.HTM README.HTM bin/ etc/ mnt/ sbin/ var/
# ls /mnt/root/boot/
beastie.4th check-password.4th gptzfsboot menu.4th support.4th
boot color.4th kernel/ menu.rc userboot.so
boot0 defaults/ loader* menusets.4th version.4th
boot0sio delay.4th loader.4th modules/ zfs/
boot1 device.hints loader.help pmbr zfsboot
boot2 firmware/ loader.rc pxeboot zfsloader*
brand.4th frames.4th mbr screen.4th
cdboot gptboot menu-commands.4th shortcuts.4th
On my FreeBSD 10 system, loader has another signature;
/boot/loader: FreeBSD/i386 demand paged executable

Resources