[WP760x][FW] Fail to load Yocto image that is enabled Secure Boot

Back Ground:
Regarding to legato training, we received the document as “Example on Secure boot implementation for WP76xx.docx” to enable Secure Boot.
(I could not upload the document in this forum, because of confidential).

So, we faced the issue that Yocto image, that is enabled Secure Boot, is not loaded to WP7605.
Regarding to “41112164 WP Series Secure Boot AppNote r3.pdf”. we failed “Step7-2”.
Please see the attached FDT console log that is failed to load Yocto image.

Note: Jack is also confirmed this behavior during our legato training.

Question:
Could you tell me work around of this issue?

Fail message is follows.

C:\Users\tanoue-kenta>cd Desktop

C:\Users\tanoue-kenta\Desktop>cd FDT

C:\Users\tanoue-kenta\Desktop\FDT>fdt2.exe -f C:\Users\tanoue-kenta\Desktop\signing_dir\yocto.cwe
FDT version: 1.0.1806.0
Awaiting suitable port or adapter …
Switching to boot & hold mode …
Disabling selective suspend …
Awaiting download port …
Switching to streaming mode …
Downloading images …
Writing image -
Flashing image -
Awaiting adapter …
Enabling selective suspend …
Firmware download failed.
Primary error code: 82 - Failed in checking modem mode.
Secondary error code: 0 - Not applicable.
Device error code: 0x0 - Unknown device error code.

Preexisting images information:
Current:
Firmware:
ImageId: 001.024_000
BuildId: 02.28.03.05_DOCOMO
Configuration:
ImageId: 001.024_000
BuildId: 02.28.03.05_DOCOMO
Final images information:
Current:
Firmware:
ImageId:
BuildId:
Configuration:
ImageId:
BuildId:

OEM PRI:

IMEI:

Total time elapsed: 276605 ms.

Time to switch to boot mode: 27425 ms.

Images downloaded:
Image ID:
Build ID:
write time: 6380 ms
additional flash time: 1670 ms

Time to reset to application mode: -1 ms.

Press Enter to continue …

Did you use the command prompt in admin mode?
From the log, the download has been finished.
Can you check ATI8 in AT command port and see if the yocto image is updated?

Hi, jyijyi

Did you use the command prompt in admin mode?

They use FDT tool for Windows in admin mode.

Can you check ATI8 in AT command port and see if the yocto image is updated?

No, it could not be updated, and previous message is shown as FW update fail as follows.
(I think the following information is not blank if FW update is succeeded.)

Final images information:
Current:
Firmware:
ImageId:
BuildId:
Configuration:
ImageId:
BuildId:

OEM PRI:

IMEI:

I don’t see problem in updating yocto image.
You can try my fdt2 attached fdt2.rar (623.9 KB) .exe

C:\Users\jyi\Desktop\WP76xx_Release13.3_GENERIC_GCF>fdt2.exe -f yocto_wp76xx.4k_no_sign.cwe
FDT version: 1.0.1902.1
Awaiting suitable port or adapter …
Switching to boot & hold mode …
Disabling selective suspend …
Awaiting download port …
Switching to streaming mode …
Downloading images …
Writing image
Flashing image
Awaiting adapter …
Checking update status …
Enabling selective suspend …
Firmware image download succeeded.
Final Firmware update succeeded.

Preexisting images information:
Current:
Firmware:
ImageId: 002.073_000
BuildId: 02.28.03.05_GENERIC
Configuration:
ImageId: 002.073_000
BuildId: 02.28.03.05_GENERIC
Final images information:
Current:
Firmware:
ImageId: 002.073_000
BuildId: 02.28.03.05_GENERIC
Configuration:
ImageId: 002.073_000
BuildId: 02.28.03.05_GENERIC

OEM PRI: 9908705 002.006

IMEI: 353532100020465

Total time elapsed: 88328 ms.

Time to switch to boot mode: 25531 ms.

Images downloaded:
Image ID:
Build ID:
write time: 13094 ms
additional flash time: 5672 ms

Time to reset to application mode: 39094 ms.

Press Enter to continue …

Hi, jyijyi

Sorry for double check.
In your side, have you never been failed Yocto image update that is enabled Secure Boot?

In our side, it is also succeeded Yocto/Modem image update by using FDT tool, so this question is not focused on FDT tool issue.

Do you mean issue only happen on secure boot enabled module?
Is it 100% failure? or just sometimes?
To me, that is no difference on the download process between normal download and secure boot download.

Hi, Jyijyi

Do you mean issue only happen on secure boot enabled module?
Is it 100% failure? or just sometimes?

Yes, the module, that is enabled secure boot, is 100% failure downloading Yocto.

So could you tell me the way how to proceed debug?

can you try with fwupdate command on module?
This can isolate if problem is on yocto image side or fdt tool side.

Hi, jyijyi
Sorry for late reply.

This can isolate if problem is on yocto image side or fdt tool side.

“fwupdate” command is also failed to update their yocto image that is enabled Secure boot.
Please see the attached file as “20191223_fwupdateFail_SecureBoot.txt”.

According to “Example on Secure boot implementation for WP76xx.docx”, we faced the issue that could not be sign kernel. (Sequence#13 in attached word file).
Please see the attached file as “20191223_remake_SecureBoot_cwe.txt”.

Could you check the attached logs and let us know the work around?
Or could you please provide your Linux console log that you can succeed to update yocto image as enabled secure boot?

[[20191223.zip (171.2 KB) ](http://)](http://)

you can use my folder for signing:

I don’t see problem in running (I used the same password “pass” as yours)

owner@CNHKG-EX-001367:~/Yocto/tools/signing_dir_test$ ./android_signature_add.sh /boot boot-yocto-mdm9x28.4k.unsigned.img boot-yocto-mdm9x28.4k.img
Password for the private key file:

Hi, jyijyi

I’m not sure the meaning of attached folder.

First, could you tell me the way how to make “siging_dir_test.7z”?
(Refer to "Example on Secure boot implementation for WP76xx.docx” ?)

We would like to know the debug way why we failed to update yocto image as enabled secure boot.
Should we re-test to update yocto image by using the attached folder?

you just extract the “siging_dir_test.7z” and run the command “./android_signature_add.sh /boot boot-yocto-mdm9x28.4k.unsigned.img boot-yocto-mdm9x28.4k.img” and see if there is any problem.
If no, then that means your PC has no problem but your working folder has problem.