swupdate encrypt images does't work

31 views
Skip to first unread message

rathee...@pixcellence.com

unread,
Mar 22, 2019, 10:47:50 AM3/22/19
to swupdate
Hi All,

Thanks swupdate team for sharing your work.
We would like to use signed encrypted image(kernel +rootfs) for OTA purpose.

The signed images procedure works perfectly,however till now I don't have working setup with encryption enabled.

we are using a raw nand flash for persistent storage.
.config for swupdate has the following flag enabled.
CONFIG_HASH_VERIFY=y
CONFIG_SIGNED_IMAGES=y
CONFIG_SIGALG_RAWRSA=y
CONFIG_ENCRYPTED_IMAGES=y
CONFIG_GUNZIP=y

kernel and rootfs images encrypted following the link below
https://sbabic.github.io/swupdate/encrypted_images.html

my sw-description looks like the one below.

images: (
{

filename = "m5s_zImage.dtb.enc";
device = "/dev/kernal";
type = "flash";
sha256 = "94cd0f4969f8e4f087d007952523c25ce808220c5438c4d77b97274706af728e"
encrypted = true
},
{

filename = "rootfs.squashfs.enc";
device = "/dev/rootfs";
type = "flash";
sha256 = "c994c7f58c34b54e3db65652fe5fefd6b9429e84e0a974a7b8f386c5083cfcea"
encrypted = true;
}

with this setup swupdate is parsing and flash the images to appropriate partition as it is without the decrypt procedure called.

I would be glad if any one share their experience in fixing this issue.

Ratheendran

austin....@planetinnovation.com.au

unread,
Mar 29, 2019, 1:57:30 AM3/29/19
to swupdate
Hi,

May not be the issue, but I noticed some missing semicolons in your sw-description file (end of sha256 and encrypted variables).

Does output from swupdate during an upgrade give any clues? I'm using type="archive", compressed = true, encrypted = true and the update process appears to work as expected.

Check that swupdate thinks encryption is enabled on the SWU image. swupdate displays the following line during an encrypted update on my system:
[TRACE] : SWUPDATE running : [lua_dump_table] : (2) [table ] encrypted = true

Regards
Austin

Reply all
Reply to author
Forward
0 new messages