[PATCH v2 4/4] Makefile: Add provision for embedding public key in platform's dtb
Sughosh Ganu
sughosh.ganu at linaro.org
Mon Apr 12 17:05:26 CEST 2021
Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
---
Changes since V1: None
Makefile | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/Makefile b/Makefile
index b72d8d20c0..ebd4a6477c 100644
--- a/Makefile
+++ b/Makefile
@@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; }
quiet_cmd_lzma = LZMA $@
cmd_lzma = lzma -c -z -k -9 $< > $@
+quiet_cmd_mkeficapsule = MKEFICAPSULE $@
+cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \
+ -D $@
+
cfg: u-boot.cfg
quiet_cmd_cfgcheck = CFGCHK $2
@@ -1161,8 +1165,14 @@ endif
PHONY += dtbs
dtbs: dts/dt.dtb
@:
+ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy)
+dts/dt.dtb: u-boot tools
+ $(Q)$(MAKE) $(build)=dts dtbs
+ $(call cmd,mkeficapsule)
+else
dts/dt.dtb: u-boot
$(Q)$(MAKE) $(build)=dts dtbs
+endif
quiet_cmd_copy = COPY $@
cmd_copy = cp $< $@
--
2.17.1
More information about the U-Boot
mailing list