Usage of SHA384 signature for FIT image instead of SHA256

Gangadhar N gangadhar.ubuntu at gmail.com
Mon May 30 19:26:10 AEST 2022 

Hi All,
I am facing an issue while using SHA384 signature for FIT image instead of
SHA256. I get build errors.

ERROR: linux-obmc-5.8.17+gitAUTOINC+c26e1233f9-r0 do_assemble_fitimage:
Execution of
'/home/gangadhar/openbmc/build/tmp/work/linux-gnueabi/linux-obmc/5.8.17+gitAUTOINC+c26e1233f9-r0/temp/run.do_assemble_fitimage.17762'
failed with exit code 255:
none
fit-image.its:8.26-20.19: Warning (unit_address_vs_reg): /images/kernel at 1:
node has a unit name, but no reg property
fit-image.its:17.32-19.27: Warning (unit_address_vs_reg): /images/kernel at 1
/hash at 1: node has a unit name, but no reg property
fit-image.its:21.29-31.19: Warning (unit_address_vs_reg): /images/fdt at ...:
node has a unit name, but no reg property
fit-image.its:28.32-30.27: Warning (unit_address_vs_reg): /images/fdt@
.../hash at 1: node has a unit name, but no reg property
fit-image.its:36.30-50.19: Warning (unit_address_vs_reg):
/configurations/conf at ...: node has a unit name, but no reg property
fit-image.its:42.32-44.27: Warning (unit_address_vs_reg):
/configurations/conf at .../hash at 1: node has a unit name, but no reg property
fit-image.its:45.37-49.27: Warning (unit_address_vs_reg):
/configurations/conf at .../signature at 1: node has a unit name, but no reg
property
uboot-mkimage Can't add hashes to FIT blob: -93
Unsupported hash algorithm (sha384) for 'hash at 1' hash node in 'kernel at 1'
image node
WARNING: exit code 255 from a shell command.

Yocto changes that I have done,

diff --git a/poky/meta/classes/kernel-fitimage.bbclass
b/poky/meta/classes/kernel-fitimage.bbclass
index bb2f3c4cc..d4f9dddf2 100644
--- a/poky/meta/classes/kernel-fitimage.bbclass
+++ b/poky/meta/classes/kernel-fitimage.bbclass
@@ -51,13 +51,13 @@ python __anonymous () {
 UBOOT_MKIMAGE_DTCOPTS ??= ""

 # fitImage Hash Algo
-FIT_HASH_ALG ?= "sha256"
+FIT_HASH_ALG ?= "sha384"

 # fitImage Signature Algo
 FIT_SIGN_ALG ?= "rsa2048"

 # Generate keys for signing fitImage
-FIT_GENERATE_KEYS ?= "0"
+FIT_GENERATE_KEYS ?= "1"

 # Size of private key in number of bits
 FIT_SIGN_NUMBITS ?= "2048"

Thanks & Regards,
Gangadhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220530/64192fba/attachment-0001.htm>

More information about the openbmc mailing list