Hello,
Here is the process to secure boot followed
For Raspberry pi secure boot
Generated the private key
[*]openssl genrsa 2048 > private.pem
[*]export KEY_FILE=$(pwd)/private.pem
Signed eeprom image and flashed using rpiboot on raspberrypi4
[*]cd secure-boot-recovery
# Generate the signed EEPROM image.
[*]../tools/update-pieeprom.sh -k "${KEY_FILE}"
[*]cd ..
# On Compute Modeule 4 or 4S
[*]./rpiboot -d secure-boot-recovery
Now once secure boot is enabled as per document raspberrypi4 expects boot.img
Process to create a signed yocto image
Dependecies: python virtual env and kas need to be installed
[*]source python/venv
[*]pip install kas
[*]mkdir mender-raspberrypi4 && cd mender-raspberrypi4
[*]git clone https://github.com/theyoctojester/meta-mender-community \
-b scarthgap
[*]cd meta-mender-community
[*]mkdir my-raspberrypi4 && cd my-raspberrypi4
So files https://github.com/mendersoftware/meta- ... mg.bbclass and https://github.com/mendersoftware/meta- ... es.bbclass modified to create vfat image boot.img and sign boot.img added code reference with the sign.sh script in secure-boot-example output boot.sig which then copied to boot partition. Modified files URL: https://www.dropbox.com/scl/fi/xmjn90nv ... awb1d&dl=0
Build Command
[*]kas build ../kas/demos/raspberrypi4-64-wifi.yml
To give a try here is the link: https://www.dropbox.com/scl/fi/xmjn90nv ... awb1d&dl=0 of generated image flash to sd card, sign with private key and flash secure-boot-recovery pieeprom via rpiboot and boot.
please let me know if anything I'm missing in it.
Full Error Logs:
2.62 RPi: BOOTLOADER release VERSION:69471177 DATE: 2025/05/08 TIME: 16:21:35
2.62 BOOTMODE: 0x06 partition 0 build-ts BUILD_TIMESTAMP=1746717695 serial 7c2
2.36 Unsupported boot order 6
2.61 Boot mode: SD (01) order f254
2.82 SD HOST: 200000000 CTL0: 0x00800000 BUS: 400000 Hz actual: 390625 HZ div6
2.83 SD HOST: 200000000 CTL0: 0x00800f00 BUS: 400000 Hz actual: 390625 HZ div6
2.98 OCR c0ff8000 [171]
CID: 000353444a554c494580d5b740550127
CSD: 400e00325b59000076b27f800a404000
2.98 SD: bus-width: 4 spec: 2 SCR: 0x02358043 0x00000000
2.99 SD HOST: 200000000 CTL0: 0x00800f04 BUS: 50000000 Hz actual: 50000000 HZ2
3.00 MBR: 0x0000c000, 206848 type: 0x0c
3.01 MBR: 0x00040000, 770048 type: 0x83
3.01 MBR: 0x000fc000, 770048 type: 0x83
3.01 MBR: 0x001b8000, 262144 type: 0x83
3.21 Trying partition: 0
3.49 type: 16 lba: 49152 'mkfs.fat' ' V ^ ' clusters 51603 (4)
3.05 rsc 4 fat-sectors 200 root dir cluster 1 sectors 32 entries 512
3.06 FAT16 clusters 51603
3.06 [sdcard] autoboot.txt not found
3.06 Select partition rsts 0 C(boot_partition) 0 EEPROM config 0 result 1
3.71 Trying partition: 1
3.76 type: 16 lba: 49152 'mkfs.fat' ' V ^ ' clusters 51603 (4)
3.08 rsc 4 fat-sectors 200 root dir cluster 1 sectors 32 entries 512
3.08 FAT16 clusters 51603
3.89 secure-boot
3.91 Loading boot.img ...
3.09 boot.sig
3.09 hash: b70a74e651e9bde92dd921ac6b26c9704077bcec431518c384aafd0c39f98fc7
3.10 ts: 1750829740
3.10 rsa2048: 7937a7eeacf12d1433011cc1fcbd57901e0d0796fafce03d811a44e54f255f8c
3.15 [sdcard] boot.img not found
3.53 Error 6 loading boot.img
3.55 Boot mode: USB-MSD (04) order f25
3.17 PCI0 init
3.17 PCI0 reset
3.34 PCIe scan 00001106:00003483
3.46 XHCI-STOP
3.46 xHC0 ver: 256 HCS: 05000420 fc000031 00e70004 HCC: 002841eb
3.47 USBSTS 11
3.47 xHC0 ver: 256 HCS: 05000420 fc000031 00e70004 HCC: 002841eb
3.48 xHC0 ports 5 slots 32 intrs 4
3.18 USB2[1] 400202e1 connected
3.33 USB2 root HUB port 1 init
3.53 DEV [01:00] 2.16 000000:01 class 9 VID 2109 PID 3431
3.53 HUB init [01:00] 2.16 000000:01
Here is the process to secure boot followed
For Raspberry pi secure boot
Generated the private key
[*]openssl genrsa 2048 > private.pem
[*]export KEY_FILE=$(pwd)/private.pem
Signed eeprom image and flashed using rpiboot on raspberrypi4
[*]cd secure-boot-recovery
# Generate the signed EEPROM image.
[*]../tools/update-pieeprom.sh -k "${KEY_FILE}"
[*]cd ..
# On Compute Modeule 4 or 4S
[*]./rpiboot -d secure-boot-recovery
Now once secure boot is enabled as per document raspberrypi4 expects boot.img
Process to create a signed yocto image
Dependecies: python virtual env and kas need to be installed
[*]source python/venv
[*]pip install kas
[*]mkdir mender-raspberrypi4 && cd mender-raspberrypi4
[*]git clone https://github.com/theyoctojester/meta-mender-community \
-b scarthgap
[*]cd meta-mender-community
[*]mkdir my-raspberrypi4 && cd my-raspberrypi4
So files https://github.com/mendersoftware/meta- ... mg.bbclass and https://github.com/mendersoftware/meta- ... es.bbclass modified to create vfat image boot.img and sign boot.img added code reference with the sign.sh script in secure-boot-example output boot.sig which then copied to boot partition. Modified files URL: https://www.dropbox.com/scl/fi/xmjn90nv ... awb1d&dl=0
Build Command
[*]kas build ../kas/demos/raspberrypi4-64-wifi.yml
To give a try here is the link: https://www.dropbox.com/scl/fi/xmjn90nv ... awb1d&dl=0 of generated image flash to sd card, sign with private key and flash secure-boot-recovery pieeprom via rpiboot and boot.
please let me know if anything I'm missing in it.
Full Error Logs:
2.62 RPi: BOOTLOADER release VERSION:69471177 DATE: 2025/05/08 TIME: 16:21:35
2.62 BOOTMODE: 0x06 partition 0 build-ts BUILD_TIMESTAMP=1746717695 serial 7c2
2.36 Unsupported boot order 6
2.61 Boot mode: SD (01) order f254
2.82 SD HOST: 200000000 CTL0: 0x00800000 BUS: 400000 Hz actual: 390625 HZ div6
2.83 SD HOST: 200000000 CTL0: 0x00800f00 BUS: 400000 Hz actual: 390625 HZ div6
2.98 OCR c0ff8000 [171]
CID: 000353444a554c494580d5b740550127
CSD: 400e00325b59000076b27f800a404000
2.98 SD: bus-width: 4 spec: 2 SCR: 0x02358043 0x00000000
2.99 SD HOST: 200000000 CTL0: 0x00800f04 BUS: 50000000 Hz actual: 50000000 HZ2
3.00 MBR: 0x0000c000, 206848 type: 0x0c
3.01 MBR: 0x00040000, 770048 type: 0x83
3.01 MBR: 0x000fc000, 770048 type: 0x83
3.01 MBR: 0x001b8000, 262144 type: 0x83
3.21 Trying partition: 0
3.49 type: 16 lba: 49152 'mkfs.fat' ' V ^ ' clusters 51603 (4)
3.05 rsc 4 fat-sectors 200 root dir cluster 1 sectors 32 entries 512
3.06 FAT16 clusters 51603
3.06 [sdcard] autoboot.txt not found
3.06 Select partition rsts 0 C(boot_partition) 0 EEPROM config 0 result 1
3.71 Trying partition: 1
3.76 type: 16 lba: 49152 'mkfs.fat' ' V ^ ' clusters 51603 (4)
3.08 rsc 4 fat-sectors 200 root dir cluster 1 sectors 32 entries 512
3.08 FAT16 clusters 51603
3.89 secure-boot
3.91 Loading boot.img ...
3.09 boot.sig
3.09 hash: b70a74e651e9bde92dd921ac6b26c9704077bcec431518c384aafd0c39f98fc7
3.10 ts: 1750829740
3.10 rsa2048: 7937a7eeacf12d1433011cc1fcbd57901e0d0796fafce03d811a44e54f255f8c
3.15 [sdcard] boot.img not found
3.53 Error 6 loading boot.img
3.55 Boot mode: USB-MSD (04) order f25
3.17 PCI0 init
3.17 PCI0 reset
3.34 PCIe scan 00001106:00003483
3.46 XHCI-STOP
3.46 xHC0 ver: 256 HCS: 05000420 fc000031 00e70004 HCC: 002841eb
3.47 USBSTS 11
3.47 xHC0 ver: 256 HCS: 05000420 fc000031 00e70004 HCC: 002841eb
3.48 xHC0 ports 5 slots 32 intrs 4
3.18 USB2[1] 400202e1 connected
3.33 USB2 root HUB port 1 init
3.53 DEV [01:00] 2.16 000000:01 class 9 VID 2109 PID 3431
3.53 HUB init [01:00] 2.16 000000:01
Statistics: Posted by Parag27 — Wed Jun 25, 2025 8:42 am