When we follow the document procedure rpiboot command getting stuck below.
./rpiboot -d recovery
RPIBOOT: build-date Jul 23 2024 version 20240422~085300 bbd60338
Loading: recovery/bootcode4.bin
Waiting for BCM2835/6/7/2711/2712...
And when we are following below commands to enable secure boot , we are getting "Missing or bad public key" as shared image in above chats.
Generated certs
openssl genrsa 2048 > private.pem
openssl rsa -in private.pem -out public.pem -pubout -outform PEM
Make boot.img and sign it
cp public.pem /boot/firmware
make-boot-image -a 64 -b pi4 -d /boot/firmware -o /boot/boot.img
rpi-eeprom-digest -i /boot/boot.img -o /boot/boot.sig -k private_key.pem
cat boot.conf file
BOOT_UART=1
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
BOOT_ORDER=0xf1
ENABLE_SELF_UPDATE=0
FREEZE_VERSION=1
SIGNED_BOOT=1
Sign the configuration using rpi-eeprom-digest
rpi-eeprom-digest -k private.pem -i boot.conf -o boot.conf.sig
Generate a new bootloader binary using rpi-eeprom-config:
rpi-eeprom-config -p private.pem -c boot.conf -d boot.conf.sig -o pieeprom.bin /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-05-17.bin
rpi-eeprom-digest -i pieeprom.bin -o pieeprom.sig -k private.pem
move pieeprom.bin and pieeprom.sig into below directory
Dir :- /lib/firmware/raspberrypi/bootloader-2711/latest/
-rw-r--r-- 1 root root 101K May 17 12:55 recovery.bin
-rw-r--r-- 1 root root 80 Jul 23 11:23 pieeprom.sig
-rw-r--r-- 1 root root 2.0M Jul 23 11:23 pieeprom.bin
-rw-r--r-- 1 root root 451 Jul 23 11:23 public.pem
rpi-eeprom-config -a boot.conf
when we apply boot.conf and reboot system , system doesnt come up and error image we have already shared.
below is verifying sig.
rpi-eeprom-digest -k public.pem -i pieeprom.bin -v pieeprom.sig
Verified OK
rpi-eeprom-digest -k public.pem -i boot.img -v boot.sig
Verified OK
Can you please check if any steps are missing or need to be add in order to enable secure boot.
./rpiboot -d recovery
RPIBOOT: build-date Jul 23 2024 version 20240422~085300 bbd60338
Loading: recovery/bootcode4.bin
Waiting for BCM2835/6/7/2711/2712...
And when we are following below commands to enable secure boot , we are getting "Missing or bad public key" as shared image in above chats.
Generated certs
openssl genrsa 2048 > private.pem
openssl rsa -in private.pem -out public.pem -pubout -outform PEM
Make boot.img and sign it
cp public.pem /boot/firmware
make-boot-image -a 64 -b pi4 -d /boot/firmware -o /boot/boot.img
rpi-eeprom-digest -i /boot/boot.img -o /boot/boot.sig -k private_key.pem
cat boot.conf file
BOOT_UART=1
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
BOOT_ORDER=0xf1
ENABLE_SELF_UPDATE=0
FREEZE_VERSION=1
SIGNED_BOOT=1
Sign the configuration using rpi-eeprom-digest
rpi-eeprom-digest -k private.pem -i boot.conf -o boot.conf.sig
Generate a new bootloader binary using rpi-eeprom-config:
rpi-eeprom-config -p private.pem -c boot.conf -d boot.conf.sig -o pieeprom.bin /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-05-17.bin
rpi-eeprom-digest -i pieeprom.bin -o pieeprom.sig -k private.pem
move pieeprom.bin and pieeprom.sig into below directory
Dir :- /lib/firmware/raspberrypi/bootloader-2711/latest/
-rw-r--r-- 1 root root 101K May 17 12:55 recovery.bin
-rw-r--r-- 1 root root 80 Jul 23 11:23 pieeprom.sig
-rw-r--r-- 1 root root 2.0M Jul 23 11:23 pieeprom.bin
-rw-r--r-- 1 root root 451 Jul 23 11:23 public.pem
rpi-eeprom-config -a boot.conf
when we apply boot.conf and reboot system , system doesnt come up and error image we have already shared.
below is verifying sig.
rpi-eeprom-digest -k public.pem -i pieeprom.bin -v pieeprom.sig
Verified OK
rpi-eeprom-digest -k public.pem -i boot.img -v boot.sig
Verified OK
Can you please check if any steps are missing or need to be add in order to enable secure boot.
Statistics: Posted by Nitishthakur306 — Wed Jul 24, 2024 9:15 am
