FATAL: do_vbutil_kernel: Missing required config file.

Hello my friend.

I'm trying to compile Xen on my ARM Chromebook following this tutorial :

https://wiki.xenproject.org/wiki/Xen_ARM_with_Virtualization_Extensions/Chromebook

I've reached almost on the end of tutorial when I got an error message that I'm not able to fix :

# ls (current directory)

exynos5250-snow.dtb  Gringoli  script  xen.bin  xen-chromebook-image  zImage

nano script :

/dts-v1/;
 / {
   description = "Chrome OS kernel image with one or more FDT blobs";
   #address-cells = <1>;
   images {
     kernel@1 {
       data = /incbin/("xen.bin");
       type = "kernel";
       arch = "arm";
       os = "linux";
       compression = "none";
       load = <0x80200000>;
       entry = <0x80200000>;
     };
     kernel@2 {
       data = /incbin/("zImage");
       type = "kernel_noload";
       arch = "arm";
       os = "linux";
       compression = "none";
       load = <0>;
       entry = <0>;
     };
     fdt@1 {
       description = "exynos5250-snow.dtb";
       data = /incbin/("exynos5250-snow.dtb");
       type = "flat_dt";
       arch = "arm";
       compression = "none";
       hash@1 {
         algo = "sha1";
       };
     };
   };
   configurations {
     default = "conf@1";
     conf@1 {
       kernel = "kernel@1";
       fdt = "fdt@1";
     };
   };
 };

# mkimage -f script xen-chromebook-image

script:6.15-14.8: Warning (unit_address_vs_reg): /images/kernel@1: node has
a unit name, but no reg or ranges property

script:15.15-23.8: Warning (unit_address_vs_reg): /images/kernel@2: node
has a unit name, but no reg or ranges property

script:24.12-33.8: Warning (unit_address_vs_reg): /images/fdt@1: node has a
unit name, but no reg or ranges property

script:30.15-32.10: Warning (unit_address_vs_reg): /images/fdt@1/hash@1:
node has a unit name, but no reg or ranges property

script:37.13-40.8: Warning (unit_address_vs_reg): /configurations/conf@1:
node has a unit name, but no reg or ranges property

Image contains unit addresses @, this will break signing

FIT description: Chrome OS kernel image with one or more FDT blobs
Created:         Sat Oct 28 00:29:40 2023
Image 0 (kernel@1)
 Description:  unavailable
 Created:      Sat Oct 28 00:29:40 2023
 Type:         Kernel Image
 Compression:  uncompressed
 Data Size:    868291 Bytes = 847.94 KiB = 0.83 MiB
 Architecture: ARM
 OS:           Linux
 Load Address: 0x80200000
 Entry Point:  0x80200000
Image 1 (kernel@2)
 Description:  unavailable
 Created:      Sat Oct 28 00:29:40 2023
 Type:         Kernel Image (no loading done)
 Compression:  uncompressed
 Data Size:    2424696 Bytes = 2367.87 KiB = 2.31 MiB
Image 2 (fdt@1)
 Description:  exynos5250-snow.dtb
 Created:      Sat Oct 28 00:29:40 2023
 Type:         Flat Device Tree
 Compression:  uncompressed
 Data Size:    26819 Bytes = 26.19 KiB = 0.03 MiB
 Architecture: ARM
 Hash algo:    sha1
 Hash value:   d1c2a89560f84b6fd1e17d9b8edd45fb9bc5e588
Default Configuration: 'conf@1'
Configuration 0 (conf@1)
 Description:  unavailable
 Kernel:       kernel@1
 FDT:          fdt@1

On ubuntu 23.04 :

# vbutil_kernel --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys /kernel_data_key.vbprivk --vmlinuz xen-chromebook-image --arch arm --pack signed-xen-chromebook-image

FATAL: do_vbutil_kernel: Missing required config file.

PS : I have tried to remove /incbin/ but it didn't work :

# mkimage -f script xen-chromebook-image

Error: script:7.15-16 syntax error
FATAL ERROR: Unable to parse input tree
mkimage: Can't open xen-chromebook-image.tmp: No such file or directory
Error: Bad parameters for FIT image type
Usage: mkimage [-T type] -l image
         -l ==> list image header information
         -T ==> parse image file as 'type'
         -q ==> quiet
      mkimage [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d
data_file[:data_file...] image
         -A ==> set architecture to 'arch'
         -O ==> set operating system to 'os'
         -T ==> set image type to 'type'
         -C ==> set compression type 'comp'
         -a ==> set load address to 'addr' (hex)
         -e ==> set entry point to 'ep' (hex)
         -n ==> set image name to 'name'
         -R ==> set second image name to 'name'
         -d ==> use image data from 'datafile'
         -x ==> set XIP (execute in place)
         -s ==> create an image with no data
         -v ==> verbose
      mkimage [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b
<dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image
          <dtb> file is used with -f auto, it may occur multiple times.
         -D => set all options for device tree compiler
         -f => input filename for FIT source
         -i => input filename for ramdisk file
         -E => place data outside of the FIT structure
         -B => align size in hex for FIT structure and header
         -b => append the device tree binary to the FIT
         -t => update the timestamp in the FIT
Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p
addr] [-r] [-N engine]
         -k => set directory containing private keys
         -K => write public keys to this .dtb file
         -g => set key name hint
         -G => use this signing key (in lieu of -k)
         -c => add comment in signature node
         -F => re-sign existing FIT image
         -p => place external data at a static position
         -r => mark keys used as 'required' in dtb
         -N => openssl engine to use for signing
         -o => algorithm to use for signing
      mkimage -V ==> print version information and exit
Use '-T list' to see a list of available image types
Long options are available; read the man page for details

It seems that the validation is enough to bypass the bootloader protection. So,signing the kernel files,I may stop using the virtual open systems patched u-boot and I can use another bootloader , like your.

hexdump0815 / linux-mainline-on-arm-chromebooks

FATAL: do_vbutil_kernel: Missing required config file. #22