[PATCH v2 6/9] sandbox: add config for efi capsule authentication test

AKASHI Takahiro takahiro.akashi at linaro.org
Sun Aug 1 06:29:32 CEST 2021


Simon,

On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> Hi Takahiro,
> 
> On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> <takahiro.akashi at linaro.org> wrote:
> >
> > This new configuration, which was derived from sandbox_defconfig, will be
> > used solely to run efi capsule authentication test as the test requires
> > a public key (esl file) to be embedded in U-Boot binary.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > ---
> >  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> >  1 file changed, 307 insertions(+)
> >  create mode 100644 configs/sandbox_capsule_auth_defconfig
> 
> NAK.
> 
> Please just add it to sandbox_defconfig. We sometimes have to create

Unfortunately, I can't.
Look, we now have two tests, test_capsule_firmware.py and
test_capsule_firmware_signed.py, and we need U-Boot binaries,
respectively, without a key and with a key.
A single configuration cannot satisfy both.

> new variants when dealing with actual build variations (e.g. SPL,
> building without OF_LIVE), but here we should just enable the feature
> in sandbox_defconfig.
> 
> We already covered embedding key in the binary on another thread.
> Please don't do that. After that debacle I sent a patch explaining
> this:
> 
> http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/

Please discuss and make an agreement with Heinrich.
The patch for embedding a key has already been merged in -rc1.

In my personal opinion, neither approaches won't apply to production
any way.

-Takahiro Akashi

> Regards,
> Simon


More information about the U-Boot mailing list