Rootfs.hash & rootfs.rhash.unsigned file generation

sharath_n · May 23, 2023, 6:40am

Hi All,

For Secure boot in WP76xx module, as part of the Rootfs Signing process following files are taken from yocto build :

mkdir output
cp /opt/buildserver-git/Legato_Releases/WP76_R16_01/yocto/build_bin/tmp/deploy/images/swi-mdm9x28-wp/mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs ./output/
cp /opt/buildserver-git/Legato_Releases/WP76_R16_01/yocto/build_bin/tmp/deploy/images/swi-mdm9x28-wp/rootfs.hash ./output/
cp /opt/buildserver-git/Legato_Releases/WP76_R16_01/yocto/build_bin/tmp/deploy/images/swi-mdm9x28-wp/rootfs.rhash.unsigned ./output/

These 3 files (highlighted) are used while creating the Signed Image. This has been tested and works fine. I want to extract “mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs” add some additional files and repack it into the .squashfs file.

I tried the following to re-create the rootfs.hash & rootfs.rhash.unsigned files but I did not work.

I used the unsquashfs to extract data from "mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs”.
unsquashfs mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs
I added a few test files inside the /etc and re-created the squash file.
sudo mksquashfs squashfs-root/ mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs
I found some hints within the yocto build system on how to generate the rootfs.hash & rootfs.rhash.unsigned file, so I used the following commands to generate them.

test_pic2_edited888×192 8.13 KB

This will create the file rootfs.hash and I copied the “Root Hash :xxxxx” Contents into rootfs.rhash.unsigned file
Then I used the newly created rootfs.hash, rootfs.rhash.unsigned file and mdm9x28-image-minimal-swi-mdm9x28-wp.squashfs to create the signed Image and it flashed successfully but device is not booting up due to squashfs error.

Need some help/suggestions on this. Thanks

sharath_n · May 23, 2023, 6:42am

Squashfs error

sharath_n · May 23, 2023, 6:45am

yocto build hints

image732×474 90.9 KB

jyijyi · May 23, 2023, 7:00am

how about you rebuild with “make clean” and “make”?

sharath_n · May 23, 2023, 7:04am

The problem is after building the yocto these files are generated and will be used in the different processes where there is no yocto build supported, so I had to manually inject some sensitive data into the .squashfs file and then form a complete .cwe image.

jyijyi · May 23, 2023, 7:08am

what do you mean by “no yocto build supported”?

sharath_n · May 23, 2023, 7:12am

We build the image using yocto on a system/team (Ex: PC, Server) this is used only for building the image.

Then the components of the image are passed on to different teams/processes where minimal activities like image secure boot signing will take place. There yocto is not necessary.

jyijyi · May 23, 2023, 7:13am

no idea, never work like this to inject file to the image.
I would suggest you keep the yocto build

sharath_n · May 23, 2023, 7:13am

Is there a way I can see what exactly the steps/process used to create these components?

jyijyi · May 23, 2023, 7:14am

no, i don’t know, normally i just did “make clean” and “make”, and it works for me

Topic		Replies	Views
WP76xx Disable UBIFS in R17 Yocto Build Legato Linux distribution (Yocto project)	1	323	September 8, 2023
Reflash custom yocto build	3	757	May 15, 2018
Secure Boot -Generating cwe file	37	1189	December 9, 2022
WP77 firmware release 5.1 swi-linux-src won't build Legato Linux distribution (Yocto project)	1	407	May 20, 2021
Error in Section "sysfs_volume" during Yocto build WP76xx Legato Linux distribution (Yocto project)	16	420	July 21, 2023

Rootfs.hash & rootfs.rhash.unsigned file generation

Related Topics