The secure-boot-example does not tell you how to copy the boot.ug and boot.sig to the eMMC!

[torntrousers]

Describe the bug

Following the README here: https://github.com/raspberrypi/usbboot/tree/master/secure-boot-example at the very bottom it says:

Copy the boot.img and boot.sig files from the secure-boot-example stage to the mass storage drive

but it does not tell you how to do that! How do i do that? I can see the eMMC is available at /dev/sda, i could use dd to copy the boot.img but then how to copy the boot.sig???

The README should be updated with the commands to use?

Steps to reproduce the behaviour

.

Device(s)

Raspberry Pi CM4

Compute Module IO board.

.

RPIBOOT logs

.

Kernel logs

.

Device UART logs

.

[timg236]

You would use the mass-storage-gadget as with flashing any other OS image.

Presumably you have already verified your OS image before enabling secure-boot ?

[torntrousers]

Yes. I am using the mass-storage-gadget, and the eMMC is there at /dev/sda but then how can i make it so i can copy files to it?

For example:

cmura@pi4:~/usbboot $ ls /dev/sda*
/dev/sda  /dev/sda1
cmura@pi4:~/usbboot $ sudo cp secure-boot-example/boot.* /dev/sda1
cp: target '/dev/sda1': Not a directory
cmura@pi4:~/usbboot $ sudo mount /dev/sda1 /mnt
mount: /mnt: wrong fs type, bad option, bad superblock on /dev/sda1, missing codepage or helper program, or other error.
       dmesg(1) may have more information after failed mount system call.
cmura@pi4:~/usbboot $

[torntrousers]

(also, thanks so much for replying so quickly @timg236 !)

[nbuchwitz]

Can't use cp here as it copies a file on a Filesystem. Use dd or other tool which. Am write to the raw block dev

Eg. dd if=yourimage.img of=/dev/sda bs=1M conv=fsync

Make sure that sda is the correct path!!

[torntrousers]

ok, but with secure boot there are two files - boot IMG and boot.sig - so how can I copy both with the DD command?

On Monday, June 24, 2024, Nicolai @.***> wrote:

Can't use cp here as it copies a file on a Filesystem. Use dd or other tool which. Am write to the raw block dev

Eg. dd if=yourimage.img of=/dev/sda bs=1M conv=fsync

Make sure that sda is the correct path!!

— Reply to this email directly, view it on GitHub https://github.com/raspberrypi/usbboot/issues/225#issuecomment-2186802747, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCTVCXQRJNCZLFO5UPHGKLZJAY3LAVCNFSM6AAAAABJZ6ST2KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBWHAYDENZUG4 . You are receiving this because you authored the thread.Message ID: @.***>

[nbuchwitz]

My bad, you need to copy the files to a Bootable partition (eg vfat) on the emmc for secure boot. See secure boot example Readme file https://github.com/raspberrypi/usbboot/tree/master/secure-boot-example#loading-bootimg-from-sdemmc

[torntrousers]

Sorry its still not clear to me.

Its a brand new CM4 so the eMMC is completely empty. Once its mounted with the mass-storage-gadget does it need to be formatted?

Can you help with the exact commands for formatting and/or copying the two boot files?

Many thanks!

[timg236]

Use mass-storage-gadget to export the devices as block devices. Typically these will appear as /dev/sda Format and partition the drive according to your expected layout Copy the boot.img to the boot file-system.

Installing to EMMC is really outside the scope of this tutorial. It's just running from RAM to demonstrate that an code is loading and running.

[torntrousers]

Is there some other README somewhere that explains how to do it (i can't find one)?

There are examples of how to copy a boot.img to the eMMC by using the dd command , but how can that work for the boot.sig too?

I really think this this README should explain at least how to deal with coping the boot.sig, or atleast point to someother README that shows it, surely?

[nbuchwitz]

1. Make the compute module available as block device (eg ./rpiboot)
2. Check for the device path (eg. /dev/sda, verify with dmesg or something else)
3. Create partition table on device
4. Create first partition and format it with vfat
5. Mount the partition (reload partitions with partprobe or remove device and run rpiboot again)
6. Copy boot.img and boot.sig to mounted partition
7. Enjoy

[torntrousers]

Thanks @nbuchwitz - it doesn't seem quite as simple as that, we're still working on it, will post back here with progress ...