Okay going through the document, I believe I missed to notice the addition of the image folder so this can be changed as per the location on individual setup as here:
Also for the legatFS Authentication can we also use the rhash.bin and legato.squashfs generated from systocwe of the legato system.update file as seen below:
yes, you can take that ubinize.cfg.
Actually this file is more or less the same as mine attached before, just the path is pointing to the LEAF directory.
For your second question, as mentioned before, you can first test the default one, and then if it works, you can try your method and see if it works.
On my side, i only use “make wp76xx” to generate all the legato image, that is why i recommend to build the application into the legato.cwe by “make wp76xx”.
Hi,
For some reason I cannot load the LGT0-keys.cwe file. The fdt tool says
Firmware download failed.
Primary error code: 77 - Failed in streaming download stage.
Secondary error code: 68 - Received incorrect response.
Device error code: 0x97 - Not allowed.
I have already loaded the keys generated when generating signed yocto image
How does the fdt tool know where to put swi-keys.cwe file and LGT0-keys.cwe file?
Yes. The secure boot for kernel and bootloader works fine.
The input keys to generate swi-keys.cwe and LGT0-keys.swe are same, that is, same keys that are copied to security/verity.pk8 and security/verity.x509.pem
I can load both signed and unsigned legato images.
Yes. I always run fdt as administrator.
I will try in another module and see
The question I have is how does fdt tool know which key we are loading, whether it is the keys for the kernel and boot loader or the key for signed legato image?
Ok.If we cannot combine the three keys, then can we download three keys one after the other?
If accidentally wrong key is flashed, can we download the correct key?
Have you verified your three keys are ok to work with signed images?
If they are working fine, you can try the following command to download at one time on another new module after loading the signed image to it:
fdt2 -f swi-keys.cwe RFS0-keys.cwe LGT0-keys.cwe
BTW, for your previous module, error code 0x97 is returned to FDT , this error code means that a keystore CWE has already been stored on the module.
As the module uses ‘write-once’ storage for the keystore CWE image – once written, the keystore cannot be replaced or removed.
Ok.
I tried with a new module and loading of LGT0-keys.cwe works fine. Looks like I generated the LGT0-keys.cwe more than once.
So, now I have have signed yocto and legato images. I haven’t tried signing of root fs yet