[PATCH v3 0/5] efi_loader: capsule: improve capsule authentication support

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Aug 31 08:13:57 CEST 2021 

On 8/31/21 4:46 AM, AKASHI Takahiro wrote:
> # This patch set is basically the same as v2, but removed authentication-
> # related pytest because the discussion about where to save a public
> # key is still going on. The command, mkeficapule, is independent from
> # the result.
>
> As I proposed and discussed in [1] and [2], I have made a couple of
> improvements on the current implementation of capsule update in this
> patch set.
>
> * add signing feature to mkeficapsule
> * add "--guid" option to mkeficapsule
> * add man page of mkeficapsule

Thanks a lot for getting around the requirement to use an EDK II tool.

My main concern is that there should be only mkeficapsule version.

If signed and unsigned capsules are of interest, mkeficapsule should
support both.

Best regards

Heinrich

>
> [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
> [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html
>
> Prerequisite patches
> ====================
> None
>
> Test
> ====
> * locally passed the pytest which is included in this patch series
>    on sandbox built.
>
> Todo
> ====
> * add capsule authentication pytest
>
> Changes
> =======
> v3 (Aug 31, 2021)
> * rebased on v2021.10-rc3
> * remove pytest-related patches
> * add function descriptions in mkeficapsule.c
> * correct format specifiers in printf()
> * let main() return 0 or -1 only
> * update doc/develop/uefi/uefi.rst for syntax change of mkeficapsule
>
> v2 (July 28, 2021)
> * rebased on v2021.10-rc*
> * removed dependency on target's configuration
> * removed fdtsig.sh and others
> * add man page
> * update the UEFI document
> * add dedicate defconfig for testing on sandbox
> * add gitlab CI support
> * add "--guid" option to mkeficapsule
>    (yet rather RFC)
>
> Initial release (May 12, 2021)
> * based on v2021.07-rc2
>
> AKASHI Takahiro (5):
>    tools: mkeficapsule: add firmwware image signing
>    tools: mkeficapsule: add man page
>    doc: update UEFI document for usage of mkeficapsule
>    tools: mkeficapsule: allow for specifying GUID explicitly
>    test/py: efi_capsule: align with the syntax change of mkeficapsule
>
>   MAINTAINERS                                |   1 +
>   doc/develop/uefi/uefi.rst                  |  31 +-
>   doc/mkeficapsule.1                         |  98 +++++
>   test/py/tests/test_efi_capsule/conftest.py |   4 +-
>   tools/Kconfig                              |   7 +
>   tools/Makefile                             |   8 +-
>   tools/mkeficapsule.c                       | 471 +++++++++++++++++++--
>   7 files changed, 554 insertions(+), 66 deletions(-)
>   create mode 100644 doc/mkeficapsule.1
>

More information about the U-Boot mailing list