[PATCH 0/5] Add support for embedding public key in platform's dtb

Sughosh Ganu sughosh.ganu at linaro.org
Wed Apr 7 13:53:30 CEST 2021

Patch 1 fixes an issue of selection of IMAGE_SIGN_INFO config option
when capsule authentication is enabled.

Patch 2 add two config symbols, EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE
which are used for enabling embedding of the public key in the dtb,
and specifying the esl file name.

Patch 3 moves efi_capsule_auth_enabled as a weak function, which can
be used as a default mechanism for checking if capsule authentication
has been enabled.

Patch 4 adds a default weak function for retrieving the public key
from the platform's dtb.

Patch 5 adds the functionality to embed the esl file into the
platform's dtb during the platform build.

I have tested this functionality on the STM32MP157C DK2 board.

[1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html 

Sughosh Ganu (5):
  efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule
    authentication is enabled
  efi_loader: Kconfig: Add symbols for embedding the public key into the
    platform's dtb
  efi_capsule: Add a weak function to check whether capsule
    authentication is enabled
  efi_capsule: Add a weak function to get the public key needed for
    capsule authentication
  Makefile: Add provision for embedding public key in platform's dtb

 Makefile                              | 10 ++++++
 board/emulation/common/qemu_capsule.c |  6 ----
 lib/efi_loader/Kconfig                | 16 ++++++++++
 lib/efi_loader/efi_capsule.c          | 44 ++++++++++++++++++++++++---
 4 files changed, 66 insertions(+), 10 deletions(-)


More information about the U-Boot mailing list