[PATCH 0/5] Add support for embedding public key in platform's dtb

Simon Glass sjg at chromium.org
Wed Apr 7 18:14:06 CEST 2021


Hi,

On Wed, 7 Apr 2021 at 23:54, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> Patch 1 fixes an issue of selection of IMAGE_SIGN_INFO config option
> when capsule authentication is enabled.
>
> Patch 2 add two config symbols, EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE
> which are used for enabling embedding of the public key in the dtb,
> and specifying the esl file name.
>
> Patch 3 moves efi_capsule_auth_enabled as a weak function, which can
> be used as a default mechanism for checking if capsule authentication
> has been enabled.
>
> Patch 4 adds a default weak function for retrieving the public key
> from the platform's dtb.
>
> Patch 5 adds the functionality to embed the esl file into the
> platform's dtb during the platform build.
>
> I have tested this functionality on the STM32MP157C DK2 board.
>
> [1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html
>
> Sughosh Ganu (5):
>   efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule
>     authentication is enabled
>   efi_loader: Kconfig: Add symbols for embedding the public key into the
>     platform's dtb
>   efi_capsule: Add a weak function to check whether capsule
>     authentication is enabled
>   efi_capsule: Add a weak function to get the public key needed for
>     capsule authentication
>   Makefile: Add provision for embedding public key in platform's dtb
>
>  Makefile                              | 10 ++++++
>  board/emulation/common/qemu_capsule.c |  6 ----
>  lib/efi_loader/Kconfig                | 16 ++++++++++
>  lib/efi_loader/efi_capsule.c          | 44 ++++++++++++++++++++++++---
>  4 files changed, 66 insertions(+), 10 deletions(-)
>
> --
> 2.17.1
>

We need to rethink the use of weak functions for this sort of thing,
or we will end up with an unnavigable mess at some point. If we need
to adjust the flow of boot, let's adjust the flow rather than adding
hooks everywhere.

Regards,
Simon


More information about the U-Boot mailing list