At first thanks to Brendlefly62 for his docs. https://wiki.gentoo.org/wiki/User:Brendlefly62/Radxa_ROCK_Pi_4C_Plus/Build-Install-Kernel
https://wiki.gentoo.org/wiki/User:Brendlefly62/Radxa_ROCK_Pi_4C_Plus/Build-Install-U-BootInstalling one gentoo hardened with one RSBAC patched kernel in a Rockpi4c+ is a Pain in the ass big enough to make me return after death in the future to torment Radxa and u-boot devs (going to live to their homes maybe....)
I think it would be useful to point some questions in this docs.Kernel size and format: I couldn't make rock pi4c+ boot from u-boot if kernel size is big enough (kernel uncompressed of near 60 MB won't boot.
Kernel size of about 42 MB or less boots fine (I did not check kernel biggers than this, I use monolitic kernels without modules and with firmware integrated). There is one option in u-boot .config to make it bigger, however since I could only make it to boot with the idbloader.img and the u-boot.itb from Brendlefly62 gentoo overlay and after one thousand aprox. of bl31 and u-boot compilations ( black screen after restart but I have to test with my dietished kernel).
"CONFIG_SYS_BOOTM_LEN=0x4000000" controls this behaviour I suppose. a 62 MB kernel won't get loaded so I suppose that I'm even unable to convert hex to MB properly :\
A lot of times make rk3399_defconfig won't create "a could be compiled u-boot", a lot of times undefined references appears from there and from here and causes a lot of "what the hell line of code has this" to enable or disable the damned CONFIG that enable/disables that.
The kernel format has to be this one:/boot/Image: Linux kernel ARM64 boot executable Image, little-endian, 4K pages
-so nothing of vmlinuz, commpressed kernels, uncompressed (I think compressed kernels are supported but I think that its needed to change u-boot .config and use other instructions in boot.cmd......
There are a lot of recipes, a lot of posts, a lot of mails, a lot of articles made in internet about how the kernel must be named and the initrd and where must the hell your kernel made dtbs must be located.
WRONG WRONG ALL WRONG.
The Path are in my case (the answer is in boot.cmd):
For kernel:
setenv prefix "/boot/"
load ${devtype} ${devnum} ${kernel_addr_r} ${prefix}Image
So:
/boot/Image
for initrd:
if load ${devtype} ${devnum} ${ramdisk_addr_r} ${prefix}uInitrd;
So:
/boot/uInitrd
Which hell format must have the initrd to work?
THIS:
boot/uInitrd: u-boot legacy uImage, uinitrd_rsbac, Linux/ARM 64-bit,
RAMDisk Image (Not compressed), 16379980 bytes, Sat Jun 28 01:01:22
2025, Load Address: 00000000, Entry Point: 00000000, Header CRC:
0XD3D3CDBD, Data CRC: 0X55073033
However, I use genkernel just only to create initramfs (sorry folks, I started in times with "make dep, make clean, make bzImage and make bzlilo) and I'm old enough to change this. But genkernel initramfs I found it very useful, however it does not work to uboot, you have to:
"cpio -ivF path_to_genkernel_created_initramfs" It creates a dir with the included files, after that in the created dir: find . |cpio --quiet --dereference -o -H newc|gzip -9 > /tmp/initrd.gzmkimage -A arm64 -O linux -T ramdisk -C gzip -n initrd-name -d /tmp/initrd.gz /boot/uInitrd
And with that you have it.
Armbian way seems to be correct using this to flash
(from /boot/u-boot_reflash_resources/u-boot_reflash_instructions)
"dd if=idbloader.img of=${target} seek=64 conv=notrunc status=none"
"dd if=u-boot.itb of=${target} seek=16384 conv=notrunc status=none"
However it doesn't work with my u-boot compiled idbloader.img and
u-boot.itb with my bl31.elf neither with bl31.bin one x(, just with this
ones. I have to test with my little kernel also to discard kernel size
as cause of trouble.
There are a lot of recipes that indicates flashing u-boot.img and other ones, I have almost killed my sdcard by this reason (too many dd ofs to my poor sd)
However, wifi using rockchip/rk3399-rock-4c-plus.dtbdoes not work, I suspect it's needed to use overlays (some .dtbo files that changes things in the dtb file)
I think this three are needed which are used in armbian: rockchip-dwc3-0-host rockchip-rockpi4cplus-usb-host rockchip-pcie-gen2How could I create them myself is one mistery that I will resolv in the next 15 years, or after my death and returned to live in the home of some radxa/u-boot developer x|....
So for now I could run one rsbac kernel with a gentoo hardened os in a rock pi 4c+ at least until bootmisc make system to die (by some reason I could not understand indicates that every command in the openrc init bootmisc script (as checkpath) does not exists AFTER rootfs gets checked and probably mounted) Of course no wifi and for now no ethernet (with:
CONFIG_REALTEK_PHY=y CONFIG_R8169=y that acording to https://dl.radxa.com/rockpi4/docs/hw/rockpi4/rockpi4c_plus_v12_sch_220304.pdfis a RTL8211F and should be supported by this two kernel option in one 6.12 kernel, so my theory is that I probably need activate one of prior overlays to make it work)
So, in resume, I'm near having one hardened gentoo perfectly functional in a rockpi4c+.....
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
