[PATCH v2 6/9] sandbox: add config for efi capsule authentication test
AKASHI Takahiro
takahiro.akashi at linaro.org
Sun Aug 1 06:29:32 CEST 2021
Simon,
On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> Hi Takahiro,
>
> On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> <takahiro.akashi at linaro.org> wrote:
> >
> > This new configuration, which was derived from sandbox_defconfig, will be
> > used solely to run efi capsule authentication test as the test requires
> > a public key (esl file) to be embedded in U-Boot binary.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > ---
> > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> > 1 file changed, 307 insertions(+)
> > create mode 100644 configs/sandbox_capsule_auth_defconfig
>
> NAK.
>
> Please just add it to sandbox_defconfig. We sometimes have to create
Unfortunately, I can't.
Look, we now have two tests, test_capsule_firmware.py and
test_capsule_firmware_signed.py, and we need U-Boot binaries,
respectively, without a key and with a key.
A single configuration cannot satisfy both.
> new variants when dealing with actual build variations (e.g. SPL,
> building without OF_LIVE), but here we should just enable the feature
> in sandbox_defconfig.
>
> We already covered embedding key in the binary on another thread.
> Please don't do that. After that debacle I sent a patch explaining
> this:
>
> http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/
Please discuss and make an agreement with Heinrich.
The patch for embedding a key has already been merged in -rc1.
In my personal opinion, neither approaches won't apply to production
any way.
-Takahiro Akashi
> Regards,
> Simon
More information about the U-Boot
mailing list