Nothing happens after Keywriter

[claaudiam]

Trying 1.1.0 release. This is my config file:

CUSTOMER_KEY_FILE_PEM=/home/cmura/private.pem
GOLD_MASTER_OS_FILE=/home/cmura/pi-gen/work/raspios/export-image/2024-09-17-raspios-lite.img
RPI_DEVICE_STORAGE_TYPE=emmc
RPI_DEVICE_FAMILY=4
RPI_DEVICE_BOOTLOADER_CONFIG_FILE=/usr/share/misc/bootloader.config
RPI_DEVICE_LOCK_JTAG=
RPI_DEVICE_EEPROM_WP_SET=
DEVICE_SERIAL_STORE=/usr/local/etc/rpi-sb-provisioner/seen
DEMO_MODE_ONLY=
RPI_SB_WORKDIR=

monitor.sh briefly shows something but after disappear and then nothing happens.

Looking in the file system these are the logs

cmura@newpi5:~ $ ls /var/log/rpi-sb-provisioner/40072fe5
keywriter.log  metadata  progress
cmura@newpi5:~ $ ls /var/log/rpi-sb-provisioner/40072fe5/metadata/
40072fe5.json
cmura@newpi5:~ $ cat /var/log/rpi-sb-provisioner/40072fe5/metadata/40072fe5.json
{
        "USER_SERIAL_NUM" : "40072fe5",
        "MAC_ADDR" : "d8:3a:dd:db:02:6d",
        "CUSTOMER_KEY_HASH" : "4b0ee8f9ac5ef76128ac87bad844cd5c3c8a263dc1fa03fab040a5ccd566a5fb",
        "BOOT_ROM" : "000048b0",
        "BOARD_ATTR" : "00000000",
        "USER_BOARDREV" : "c03141",
        "JTAG_LOCKED" : "0",
        "ADVANCED_BOOT" : "0000e8e8"
}cmura@newpi5:~ $ cat /var/log/rpi-sb-provisioner/40072fe5/progress
KEYWRITER-FINISHED
KEYWRITER-EXITED
KEYWRITER-FINISHED
KEYWRITER-EXITED
KEYWRITER-FINISHED
KEYWRITER-EXITED
KEYWRITER-FINISHED
KEYWRITER-EXITED
KEYWRITER-FINISHED
KEYWRITER-EXITED
KEYWRITER-FINISHED
KEYWRITER-EXITED
cmura@newpi5:~ $ cat /var/log/rpi-sb-provisioner/40072fe5/keywriter.log
+ . /usr/local/bin/terminal-functions.sh
+ OPENSSL=openssl
+ CUSTOMER_PUBLIC_KEY_FILE=
+ read_config
+ [ -f /etc/rpi-sb-provisioner/config ]
+ . /etc/rpi-sb-provisioner/config
+ CUSTOMER_KEY_FILE_PEM=/home/cmura/private.pem
+ GOLD_MASTER_OS_FILE=/home/cmura/pi-gen/work/raspios/export-image/2024-09-17-raspios-lite.img
+ RPI_DEVICE_STORAGE_TYPE=emmc
+ RPI_DEVICE_FAMILY=4
+ RPI_DEVICE_BOOTLOADER_CONFIG_FILE=/usr/share/misc/bootloader.config
+ RPI_DEVICE_LOCK_JTAG=
+ RPI_DEVICE_EEPROM_WP_SET=
+ DEVICE_SERIAL_STORE=/usr/local/etc/rpi-sb-provisioner/seen
+ DEMO_MODE_ONLY=
+ RPI_SB_WORKDIR=
+ TARGET_DEVICE_SERIAL=40072fe5
+ TMP_DIR=
+ trap cleanup EXIT
+ OPTSTRING=c:vh:
+ getopts c:vh: opt
+ mktemp -d
+ FLASHING_DIR=/tmp/tmp.CpmA8zCMOc
+ derivePublicKey
+ mktemp
+ CUSTOMER_PUBLIC_KEY_FILE=/tmp/tmp.VsvsyaZHSw
+ openssl rsa -in /home/cmura/private.pem -pubout
writing RSA key
+ identifyBootloaderConfig
+ [ ! -f /usr/share/misc/bootloader.config ]
+ mktemp
+ RPI_DEVICE_BOOTLOADER_CONFIG_FILE=/tmp/tmp.cbjbECSufV
+ enforceSecureBootloaderConfig
+ grep -Fxq SIGNED_BOOT=1 /tmp/tmp.cbjbECSufV
+ echo SIGNED_BOOT=1
+ sed -i -e s/SIGNED_BOOT=0//g /tmp/tmp.cbjbECSufV
+ echo boot_ramdisk=1
+ echo uart_2ndstage=1
+ SOURCE_EEPROM_IMAGE=
+ DESTINATION_EEPROM_IMAGE=
+ DESTINATION_EEPROM_SIGNATURE=
+ BOOTCODE_BINARY_IMAGE=
+ BOOTCODE_FLASHING_NAME=
+ SOURCE_EEPROM_IMAGE=/lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin
+ BOOTCODE_BINARY_IMAGE=/lib/firmware/raspberrypi/bootloader-2711/latest/recovery.bin
+ BOOTCODE_FLASHING_NAME=/tmp/tmp.CpmA8zCMOc/bootcode4.bin
+ DESTINATION_EEPROM_IMAGE=/tmp/tmp.CpmA8zCMOc/pieeprom.bin
+ DESTINATION_EEPROM_SIGNATURE=/tmp/tmp.CpmA8zCMOc/pieeprom.sig
+ [ ! -e /tmp/tmp.CpmA8zCMOc/pieeprom.sig ]
+ [ ! -e /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin ]
+ update_eeprom /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin /tmp/tmp.CpmA8zCMOc/pieeprom.bin /home/cmura/private.pem /tmp/tmp.VsvsyaZHSw
+ src_image=/lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin
+ dst_image=/tmp/tmp.CpmA8zCMOc/pieeprom.bin
+ pem_file=/home/cmura/private.pem
+ public_pem_file=/tmp/tmp.VsvsyaZHSw
+ sign_args=
+ [ -n /home/cmura/private.pem ]
+ grep -q SIGNED_BOOT=1 /tmp/tmp.cbjbECSufV
+ mktemp
+ TMP_CONFIG_SIG=/tmp/tmp.Rq67aB1CIA
+ echo Signing bootloader config
Signing bootloader config
+ writeSig /tmp/tmp.cbjbECSufV /tmp/tmp.Rq67aB1CIA
+ mktemp
+ SIG_TMP=/tmp/tmp.cPGRywDw6t
+ IMAGE=/tmp/tmp.cbjbECSufV
+ OUTPUT=/tmp/tmp.Rq67aB1CIA
+ sha256sum /tmp/tmp.cbjbECSufV
+ awk {print $1}
+ date -u +%s
+ echo ts: 1726580042
+ get_signing_directives
+ [ -n  ]
+ [ -n /home/cmura/private.pem ]
+ [ -f /home/cmura/private.pem ]
+ echo /home/cmura/private.pem -keyform PEM
+ [ -n /home/cmura/private.pem -keyform PEM ]
+ get_signing_directives
+ [ -n  ]
+ [ -n /home/cmura/private.pem ]
+ [ -f /home/cmura/private.pem ]
+ echo /home/cmura/private.pem -keyform PEM
+ openssl dgst -sign /home/cmura/private.pem -keyform PEM -sha256 -out /tmp/tmp.cPGRywDw6t /tmp/tmp.cbjbECSufV
+ xxd -c 4096 -p
+ echo rsa2048: 345d2c4ed058bfddd64d4bb8f994218a0cd59003b592259ecab234cee94f94bfe149d69d7289bd51025967a76d3d72441d668d08508056ba7bae89b524bde372130696b0dabc6f57a1d0c10ae61df531948cbdd49fcb141fef5300bb4634286530646ce617ac2f9aec138b24242a15e30a916bee485043be1f8711c4fbe995ceb42ba6985bf347ae0e52944797374692a46848e40523c6e43162c0e3e4b3f38a1d49c375598fd6048a52cd83821cbb5a0a2e2b667e77dbf316285b93e7e77493ec52a0d74785537c162bb5e9011cb49cfe1cd1257d31db7d71e6e6601135d68f76299410a8395358e97616382c7e89ab412507e67b08c846f9d07a7a87403e42
+ rm /tmp/tmp.cPGRywDw6t
+ cat /tmp/tmp.Rq67aB1CIA
173fb7fa1524008590f6f2028cbdb3f61e5314fc04dbc3054569c496eb6947d8
ts: 1726580042
rsa2048: 345d2c4ed058bfddd64d4bb8f994218a0cd59003b592259ecab234cee94f94bfe149d69d7289bd51025967a76d3d72441d668d08508056ba7bae89b524bde372130696b0dabc6f57a1d0c10ae61df531948cbdd49fcb141fef5300bb4634286530646ce617ac2f9aec138b24242a15e30a916bee485043be1f8711c4fbe995ceb42ba6985bf347ae0e52944797374692a46848e40523c6e43162c0e3e4b3f38a1d49c375598fd6048a52cd83821cbb5a0a2e2b667e77dbf316285b93e7e77493ec52a0d74785537c162bb5e9011cb49cfe1cd1257d31db7d71e6e6601135d68f76299410a8395358e97616382c7e89ab412507e67b08c846f9d07a7a87403e42
+ sign_args=-d /tmp/tmp.Rq67aB1CIA -p /tmp/tmp.VsvsyaZHSw
+ cp /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin /tmp/tmp.CpmA8zCMOc/pieeprom.bin.intermediate
+ rm -f /tmp/tmp.CpmA8zCMOc/pieeprom.bin
+ set -x
+ rpi-eeprom-config --config /tmp/tmp.cbjbECSufV --out /tmp/tmp.CpmA8zCMOc/pieeprom.bin -d /tmp/tmp.Rq67aB1CIA -p /tmp/tmp.VsvsyaZHSw /tmp/tmp.CpmA8zCMOc/pieeprom.bin.intermediate
+ rm -f /tmp/tmp.CpmA8zCMOc/pieeprom.bin.intermediate
+ set +x
new-image: /tmp/tmp.CpmA8zCMOc/pieeprom.bin
source-image: /lib/firmware/raspberrypi/bootloader-2711/latest/pieeprom-2024-09-05.bin
config: /tmp/tmp.cbjbECSufV
RPIBOOT: build-date Aug 20 2024 version 20240820~105714
Loading: /tmp/tmp.CpmA8zCMOc/bootcode4.bin
Waiting for BCM2835/6/7/2711/2712...
Loading: /tmp/tmp.CpmA8zCMOc/bootcode4.bin
Sending bootcode.bin
Successful read 4 bytes
Waiting for BCM2835/6/7/2711/2712...
Loading: /tmp/tmp.CpmA8zCMOc/bootcode4.bin
Second stage boot server
Created metadata file: /var/log/rpi-sb-provisioner/40072fe5/metadata//40072fe5.json
Loading: /tmp/tmp.CpmA8zCMOc/config.txt
File read: config.txt
Loading: /tmp/tmp.CpmA8zCMOc/pieeprom.bin
Loading: /tmp/tmp.CpmA8zCMOc/pieeprom.bin
Loading: /tmp/tmp.CpmA8zCMOc/pieeprom.sig
File read: pieeprom.sig
Loading: /tmp/tmp.CpmA8zCMOc/pieeprom.bin
File read: pieeprom.bin
Second stage boot server done
Board is: CM4, with revision number 1. Has Processor BCM2711 with Memory 4GB. Was manufactured by Sony UK
Keywriting completed. Rebooting for next phase.
cmura@newpi5:~ $

I have a UART terminal attached to the CM4 which shows this:

What am I doing wrong? Please

[tdewey-rpi]

Thanks for the report, @claaudiam

This isn't expected behaviour. I would have expected your device to automatically reboot at this point, and then be recognised by rpi-sb-triage and sent into the rpi-sb-provisioner phase.

Paging @timg236 for visibility - I bumped the eeprom horizon for rpi-sb-provisioner, and that's the only particularly interesting part of this change.

Separately, I'll try to reproduce this on our test rig.