Tegrabl_fm_read problem with package kernel image and signature

I’m using a yocto recipe to create/package my kernel and device tree in /boot along with /boot/extlinux/extlinux.conf as well as the associated signature files.

Upon first boot the dtb and dtb.sig are read fine but the sha256sum of the kernel image is not computed correctly. I’ve modified the cboot code to print out the hash that is computed along with what is read from the signature file. The signature looks fine but the computed checksum is wrong.

Now, if I have cboot ignore the extlinux, scp off the Image and scp it back then it works fine. There seems to be something about how cboot reads the initially packaged file that causes problems.

Is there something about how cboot reads files that could be causing this problem?

hello bike_works,

may I know… had you enable Secureboot on the Xavier NX?
thanks

I have not enabled secureboot. I’m using an empty string when generating the signature file.

But, I’m not sure this is related to secure boot. It’s more about whether cboot’s tegra_fm_read function is working correctly. It doesn’t seem to be reading in the bytes correctly. If I do a simple sum of those bytes they change based on actions in the OP

   word = (uint8_t *)load_addr;
    sum = 0;
    for (i1 = 0; i1 < file_size; i1++)
      sum += word[i1];
    pr_info("sum1: %u\n", sum);

hello bike_works,

you may access download center for L4T sources package.
please refer to bootloader sources as below, it’s tegrabl_fm_read() to read the binaries from extlinux.conf file or from the partition.
you may also see there’s function load_binary_with_sig() to load binaries with sign.
for example,
$L4T_Sources/r32.4.3/Linux_for_Tegra/source/public$ vim ./cboot/bootloader/partner/common/lib/linuxboot/extlinux_boot.c

@JerryChang the problem appears to be cboot ext4 support doesn’t support sparse files. This would be nice to add.