[PATCH v2 4/4] Makefile: Add provision for embedding public key in platform's dtb

Sughosh Ganu sughosh.ganu at linaro.org
Mon Apr 12 17:05:26 CEST 2021


Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.

Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
---

Changes since V1: None

 Makefile | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Makefile b/Makefile
index b72d8d20c0..ebd4a6477c 100644
--- a/Makefile
+++ b/Makefile
@@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; }
 quiet_cmd_lzma = LZMA    $@
 cmd_lzma = lzma -c -z -k -9 $< > $@
 
+quiet_cmd_mkeficapsule = MKEFICAPSULE     $@
+cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \
+	-D $@
+
 cfg: u-boot.cfg
 
 quiet_cmd_cfgcheck = CFGCHK  $2
@@ -1161,8 +1165,14 @@ endif
 PHONY += dtbs
 dtbs: dts/dt.dtb
 	@:
+ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy)
+dts/dt.dtb: u-boot tools
+	$(Q)$(MAKE) $(build)=dts dtbs
+	$(call cmd,mkeficapsule)
+else
 dts/dt.dtb: u-boot
 	$(Q)$(MAKE) $(build)=dts dtbs
+endif
 
 quiet_cmd_copy = COPY    $@
       cmd_copy = cp $< $@
-- 
2.17.1



More information about the U-Boot mailing list