kinoshita3322
2025年8月19日 17時41分
==========
製品型番:Armadillo-Iot-A9E
Debian/ABOSバージョン:3.22.1-at.1
カーネルバージョン:5.10.240-0-at
==========
お世話になります。
A9Eでセキュアブートを有効化するためにセキュリティーブートガイドの手順に従い、
secureboot.sh buildで下記三つのファイルを作成しました。
1_write_srk_install_kernel.swu
2_secureboot_close.swu
3_disk_encryption.swu
そこで、1_write_srk_install_kernel.swu をATDEからA9Eにインストールしているのですが下記のエラーが出力されました。
原因わかりますでしょうか。
'/home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu' install on armadillo.local
{"stdout":"SWUpdate v2024.12.0-git20250421-r0\n"}
{"stdout":"\n"}
{"stdout":"Licensed under GPLv2. See source distribution for detailed copyright notices.\n"}
{"stdout":"\n"}
{"stdout":"[INFO ] : SWUPDATE running : [print_registered_handlers] : \tno handler registered.\n"}
{"stdout":"[INFO ] : SWUPDATE running : [main] : Running on iot-a9e Revision at1\n"}
{"stdout":"[INFO ] : SWUPDATE started : Software Update started !\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing pre_script\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : No base os update: copying current os over\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Waiting for btrfs to flush deleted subvolumes\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check installed version...\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check overlays.txt\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e.dtbo listed in overlays.txt but not installed, will be skipped!\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e-lbes5pl2el.dtbo listed in overlays.txt but not installed, will be skipped!\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e-sim7672.dtbo listed in overlays.txt but not installed, will be skipped!\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Remove old kernel and DTB\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Writing signed boot loader\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Write signed kernel image (open)\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.AcDJek/scripts/install_boot_linux: not found\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Command failed: sh -c '{ ${TMPDIR:-/var/tmp}/scripts/install_boot_linux $1; }' -- /var/tmp/swupdate-abosweb-upload.AcDJek/Image.signed\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Error streaming enc.zst._home_atmark_secureb..boot_linux__1________80be3212a14f2de7e99ea4e03ba51eb822a2708e\n"}
{"stderr":"swupdate_image_write failed: Connection reset by peer\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : SWUpdate *failed* !\n"}
{"stderr":"[ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...\n"}
{"exit_code":1}
SWU installation has been completed
SWU install Failedまた、secureboot.sh buildを実行するときは、secureboot.confでdtboを以下の通り指定しています。
LINUX_DTB_OVERLAYS_PREAPPLY=( armadillo_iotg_a9e.dtbo )
コメント
at_satoshi.ohta
太田です。
2点目のエラーですが、secureboot.sh の 712 行目あたりの
# create SWU image to write srk hash and install linux kernel image and others
info "Building 1_write_srk_install_kernel.swu..."
DTBOS="${LINUX_DTB_OVERLAYS[*]##*/}" \ ★
mkswu "$IMXBOOT_DIR/secureboot/swu/1_write_srk_install_kernel.desc" \
-o "$SWU_OUT_DIR/1_write_srk_install_kernel.swu" \
|| error "could not create $SWU_OUT_DIR/1_write_srk_install_kernel.swu"のスクリプト部分でDTBOS変数への代入に使用する変数として LINUX_DTB_OVERLAYS を使用しているのが原因でした。
正しくは、LINUX_DTB_OVERLAYS_PREAPPLY を使用する必要があります。
DTBOS="${LINUX_DTB_OVERLAYS_PREAPPLY[*]##*/}" \現在のままでも LINUX_DTB_OVERLAYS_PREAPPLY で設定した btbo は適応されますが、エラー出力を解消できるはずです。
また、エラー内容に
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e-lbes5pl2el.dtbo listed in overlays.txt but not installed, will be skipped!\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e-sim7672.dtbo listed in overlays.txt but not installed, will be skipped!\n"}とありましたので、
secureboot.conf の LINUX_DTB_OVERLAYS_PREAPPLY に armadillo_iotg_a9e-lbes5pl2el.dtbo と armadillo_iotg_a9e-sim7672.dtbo も追加するのが良いかと思います。
どうぞよろしくお願いいたします。
kinoshita3322
お世話になっております。
下記コマンドを実行しましたが、一つ目のエラーが消えませんでした。
atmark@atde9:~$ curl -O https://raw.githubusercontent.com/atmark-techno/mkswu/refs/heads/master/scripts/install_boot_linux atmark@atde9:~$ sudo mv install_boot_linux /usr/share/mkswu/scripts/install_boot_linux
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.AcDJek/scripts/install_boot_linux: not found\n"}←こちらのエラーが消えるかと思いましたが消えませんでした。
at_satoshi.ohta
太田です。
install_boot_linux に実行権限を与えた上でもう一度 secureboot.sh build を実行した後、再度 Armadillo に SWU イメージをインストールしてみて頂いてもよろしいでしょうか?
atmark@atde9:~$ sudo chmod +x /usr/share/mkswu/scripts/install_boot_linux atmark@atde9:~$ cd secureboot_a900 atmark@atde9:~/secureboot_a900$ ./secureboot.sh build
どうぞよろしくお願いいたします。
kinoshita3322
下記について実施してみます。
> install_boot_linux に実行権限を与えた上でもう一度 secureboot.sh build を実行した後、再度 Armadillo に SWU イメージをインストールしてみて頂いてもよろしいでしょうか?
>
>
> atmark@atde9:~$ sudo chmod +x /usr/share/mkswu/scripts/install_boot_linux > atmark@atde9:~$ cd secureboot_a900 > atmark@atde9:~/secureboot_a900$ ./secureboot.sh build >
>
> どうぞよろしくお願いいたします。
kinoshita3322
secureboot.shの712行目あたりの変更と、
secureboot.confに2つのdtboを追加して、
secureboot.sh buildとswuのインストールを実行してみました。
別のエラーが出たようで見ていただきたく。
atmark@atde9:~/imx-boot-2023.04-at6$ ./secureboot.sh build Logging build outputs to /home/atmark/secureboot_a900/tmp/build.log Secure boot signing keys already setup Building imx-boot (boot loader)... fatal: No names found, cannot describe anything. fatal: No names found, cannot describe anything. Created /home/atmark/secureboot_a900/out/imx-boot_armadillo-900.signed Signing linux image... Created /home/atmark/secureboot_a900/out/Image.signed Building initrd for mmc (first time is slow) Signing linux image (mmc)... Created /home/atmark/secureboot_a900/out/Image.signed-mmc Building 1_write_srk_install_kernel.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Building 2_secureboot_close.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Building 3_disk_encryption.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Please install SWU images in the following order: - /home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu - /home/atmark/secureboot_a900/swu/2_secureboot_close.swu - /home/atmark/secureboot_a900/swu/3_disk_encryption.swu
以下、1_write_srk_install_kernel.swuのインストール
'/home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu' install on armadillo.local
{"stdout":"SWUpdate v2024.12.0-git20250421-r0\n"}
{"stdout":"\n"}
{"stdout":"Licensed under GPLv2. See source distribution for detailed copyright notices.\n"}
{"stdout":"\n"}
{"stdout":"[INFO ] : SWUPDATE running : [print_registered_handlers] : \tno handler registered.\n"}
{"stdout":"[INFO ] : SWUPDATE running : [main] : Running on iot-a9e Revision at1\n"}
{"stdout":"[INFO ] : SWUPDATE started : Software Update started !\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing pre_script\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : No base os update: copying current os over\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Waiting for btrfs to flush deleted subvolumes\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check installed version...\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check overlays.txt\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Remove old kernel and DTB\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Writing signed boot loader\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Write signed kernel image (open)\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.kpkpJN/scripts/install_boot_linux: Permission denied\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Command failed: sh -c '{ ${TMPDIR:-/var/tmp}/scripts/install_boot_linux $1; }' -- /var/tmp/swupdate-abosweb-upload.kpkpJN/Image.signed\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Error streaming enc.zst._home_atmark_secureb..boot_linux__1________80be3212a14f2de7e99ea4e03ba51eb822a2708e\n"}
{"stderr":"swupdate_image_write failed: Connection reset by peer\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : SWUpdate *failed* !\n"}
{"stderr":"[ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...\n"}
{"exit_code":1}
SWU installation has been completed
SWU install Failedat_satoshi.ohta
太田です。
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.kpkpJN/scripts/install_boot_linux: Permission denied\n"}なので install_boot_linux に実行権限が無いのが原因だと思われます。
以下をもう一度実行して、試してもらってもよろしいでしょうか?
atmark@atde9:~$ sudo chmod +x /usr/share/mkswu/scripts/install_boot_linux
どうぞよろしくお願いいたします。
kinoshita3322
実行権限を付与して再度実行してみました。
atmark@atde9:~$ sudo chmod +x /usr/share/mkswu/scripts/install_boot_linux atmark@atde9:~$ ls -l /usr/share/mkswu/scripts/install_boot_linux -rwxr-xr-x 1 atmark atmark 2495 8月 20 13:35 /usr/share/mkswu/scripts/install_boot_linux atmark@atde9:~$ cd secureboot_a900 atmark@atde9:~/secureboot_a900$ ./secureboot.sh build Logging build outputs to /home/atmark/secureboot_a900/tmp/build.log Secure boot signing keys already setup Building imx-boot (boot loader)... fatal: No names found, cannot describe anything. fatal: No names found, cannot describe anything. Created /home/atmark/secureboot_a900/out/imx-boot_armadillo-900.signed Signing linux image... Created /home/atmark/secureboot_a900/out/Image.signed Building initrd for mmc (first time is slow) Signing linux image (mmc)... Created /home/atmark/secureboot_a900/out/Image.signed-mmc Building 1_write_srk_install_kernel.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Building 2_secureboot_close.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Building 3_disk_encryption.swu... Enter pass phrase for /home/atmark/mkswu/swupdate.key: Please install SWU images in the following order: - /home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu - /home/atmark/secureboot_a900/swu/2_secureboot_close.swu - /home/atmark/secureboot_a900/swu/3_disk_encryption.swu
以下は、swuインストール時の結果になります。
'/home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu' install on armadillo.local
{"stdout":"SWUpdate v2024.12.0-git20250421-r0\n"}
{"stdout":"\n"}
{"stdout":"Licensed under GPLv2. See source distribution for detailed copyright notices.\n"}
{"stdout":"\n"}
{"stdout":"[INFO ] : SWUPDATE running : [print_registered_handlers] : \tno handler registered.\n"}
{"stdout":"[INFO ] : SWUPDATE running : [main] : Running on iot-a9e Revision at1\n"}
{"stdout":"[INFO ] : SWUPDATE started : Software Update started !\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing pre_script\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : No base os update: copying current os over\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Waiting for btrfs to flush deleted subvolumes\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check installed version...\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check overlays.txt\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Remove old kernel and DTB\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Writing signed boot loader\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Write signed kernel image (open)\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.JBMfjI/scripts/install_boot_linux: Permission denied\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Command failed: sh -c '{ ${TMPDIR:-/var/tmp}/scripts/install_boot_linux $1; }' -- /var/tmp/swupdate-abosweb-upload.JBMfjI/Image.signed\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Error streaming enc.zst._home_atmark_secureb..boot_linux__1________80be3212a14f2de7e99ea4e03ba51eb822a2708e\n"}
{"stderr":"swupdate_image_write failed: Connection reset by peer\n"}
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : SWUpdate *failed* !\n"}
{"stderr":"[ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...\n"}at_satoshi.ohta
kinoshita3322
下記の通り無事インストールできたいみたいです。
大変お手数おかけしました。
'/home/atmark/secureboot_a900/swu/1_write_srk_install_kernel.swu' install on armadillo.local
{"stdout":"SWUpdate v2024.12.0-git20250421-r0\n"}
{"stdout":"\n"}
{"stdout":"Licensed under GPLv2. See source distribution for detailed copyright notices.\n"}
{"stdout":"\n"}
{"stdout":"[INFO ] : SWUPDATE running : [print_registered_handlers] : \tno handler registered.\n"}
{"stdout":"[INFO ] : SWUPDATE running : [main] : Running on iot-a9e Revision at1\n"}
{"stdout":"[INFO ] : SWUPDATE started : Software Update started !\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing pre_script\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : No base os update: copying current os over\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Waiting for btrfs to flush deleted subvolumes\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check installed version...\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Check overlays.txt\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Remove old kernel and DTB\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Writing signed boot loader\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Write signed kernel image (open)\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Wrote linux to mmcblk0p10\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Write kernel modules\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing Burn secureboot hash in\n"}
{"stdout":"[INFO ] : SWUPDATE running : [install_single_image] : Installing post_script\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : Removing unused containers\n"}
{"stdout":"[INFO ] : SWUPDATE running : [read_lines_notify] : swupdate triggering reboot!\n"}
{"stdout":"[INFO ] : SWUPDATE running : Installation in progress\n"}
{"stdout":"[INFO ] : SWUPDATE successful ! SWUPDATE successful !\n"}
{"stdout":"[INFO ] : No SWUPDATE running : Waiting for requests...\n"}
{"exit_code":0}
SWU installation has been completed
Successfully installed SWU
at_satoshi.ohta
2025年8月20日 11時53分
太田です。
申し訳ありません。
2点ほどこちらの不手際で問題が分かりました。
1点目は以下のエラーです。
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : --: line 0: /var/tmp/swupdate-abosweb-upload.AcDJek/scripts/install_boot_linux: not found\n"}こちらは添付した install_boot_linux を以下のコマンドで ATDE に配置すれば解決するはずです。
2点目は以下のエラーです。
{"stderr":"[ERROR] : SWUPDATE failed [0] ERROR : Overlay armadillo_iotg_a9e.dtbo listed in overlays.txt but not installed, will be skipped!\n"}armadillo_iotg_a9e.dtbo を secureboot.conf で指定しているにも関わらず、エラー出力されています。
こちらは修正パッチを作成次第、修正方法をご連絡します。
ひとまずは install_boot_linux を配置いただければと思います。
どうぞよろしくお願いいたします。