.titleBar { margin-bottom: 5px!important; }

7590 - Help me sign - flashing my custom image

Dieses Thema im Forum "FRITZ!Box Fon: Modifikationen" wurde erstellt von GeorgeZ, 16 Sep. 2018.

  1. GeorgeZ

    GeorgeZ Neuer User

    Registriert seit:
    12 Sep. 2018
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    1
    I have a German 7590 (firmware_version avm) and I moved to an area which works annex A. So I have to change the f/w to the international one that supports this.

    The bootloader is locked so I have to modify the f/w image. I've read several threads and followed the wiki (http://trac.freetz.org/wiki/help/howtos/development/repack_fw) I manage to get a working image (with a modified rc.conf).

    The procedure to get a working image is easy to follow but it took me very long time and tries to flash my image to the box.
    From the (bad) google translate I'm not able to get how to correctly perform the flash - furthermore I did not understand what I need to do in order to sign my image and thus be able to flash easily a newer version next time.

    I must say here that it took me long time to realize that windows 7 powershell does not work. I used windows 10 PS with eva-ftp-client.ps1 to make it happen. With my bad understanding I must have tried 100 times to manage to get something custom into the box.

    Now the box runs my firmware. I did it, but I need to know the correct way.

    Using "make menuconfig" & fwmod, I get two files: "my7590.image" and "my7590.in-memory". Do I use the PS scripts to load the in-memory file and then flash the image? Or loading only the in-memory will move itself to flash?

    In menuconfig -> fwmod options, I've checked "sign image" and entered a password - 8 letters long. This created a file "\etc\avm_firmware_public_key9". Now that the box runs my firmware I checked the etc directory and the file is there (and has a long string of characters).

    But when I try to load a newer make (with some other modifications) I get signature error and will not flash. The newer make is signed using the same password.

    What I'm doing wrong?
     
  2. PeterPawn

    PeterPawn IPPF-Urgestein

    Registriert seit:
    10 Mai 2006
    Beiträge:
    10,919
    Zustimmungen:
    512
    Punkte für Erfolge:
    113
    Beruf:
    IT-Freelancer
    Ort:
    Berlin
    Which thread did you use with Google Translator? There are some threads present, where I describe some backgrounds for these operations in English, too. But these threads mostly don't cover the PowerShell based solution and therefore you should better look for the keyword "eva_tools" or even "eva_to_memory" (it's the shell-based counterpart of "BootDeviceFromImage") in this case.

    EVA-FTP-Client.ps1 contains a comment regarding the min. required version(s): https://github.com/PeterPawn/YourFritz/blob/master/eva_tools/EVA-FTP-Client.ps1#L376

    Yes, it's absolutely sufficient, if you load the in-memory image into the device and let it start ... it will install itself. The other version (the signed image) is usable with AVM's GUI update option (if the correct public key exists in the running version of FRITZ!OS on this device) and contains exactly the same system as the in-memory version (only with different format).

    If you really use the correct image for your update attempts via GUI and run into problems, you may check this image with "check_signed_image" from the "signimage" folder to ensure a proper signature. Then (and only then) it's useful to look for a software problem (and a closer look needs your image and the public key used to sign it) ... I'd bet, it's more a handling problem yet. The "usage help" within the scripts from "signimage" is solely in English - so this should not really be a problem.

    Alternatively you may use the "FirmwareImage.ps1" file to verify your own signature ... simply read the "README.md" file from "signimage".
     
  3. GeorgeZ

    GeorgeZ Neuer User

    Registriert seit:
    12 Sep. 2018
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    1
    Thanks for all the info.
    I've updated power-shell (to 5.1) on my w7 laptop and now the script EVA-FTP-Client.ps1 works well.

    And I solved my problem with signing.
    I was reading the wiki here: http://trac.freetz.org/wiki/help/howtos/development/repack_fw and there is no mention of the "-s" switch.
    So my packed files did not contain signature.

    Using wiki information unpacking / packing with fwmod will not generate the signature files and will not add the relevant files in the image. Despite the fact in the last console log (example) the procedure does sign the image. I didn't know that fwmod ignores the .config file generated by "make menuconfig".

    Now I can unpack using fwmod -u.
    Then I modify the rc.conf with my requirements and use fwmod -p -s to pack again.

    Now I have to read a bit more and make this an one step process...