[PATCH v7 12/12] (RFC) efi_loader, dts: add public keys for capsules to device tree
Simon Glass
sjg at chromium.org
Tue Dec 7 16:07:28 CET 2021
Hi Takahiro,
On Wed, 24 Nov 2021 at 19:21, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> Hi Simon,
>
> On Wed, Nov 24, 2021 at 05:11:49PM -0700, Simon Glass wrote:
> > Hi Takahiro,
> >
> > On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro
> > <takahiro.akashi at linaro.org> wrote:
> > >
> > > By specifying CONFIG_EFI_CAPSULE_KEY_PATH, the build process will
> > > automatically insert the given key into the device tree.
> > > Otherwise, users are required to do so manually, possibly, with
> > > the utility script, fdtsig.sh.
> > >
> > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > > ---
> > > doc/develop/uefi/uefi.rst | 4 ++++
> > > dts/Makefile | 23 +++++++++++++++++++++--
> > > lib/efi_loader/Kconfig | 7 +++++++
> > > 3 files changed, 32 insertions(+), 2 deletions(-)
> > >
> >
> > This should be handled by binman. I can create an etype for it if you like.
>
> Basically I'd defer to you, but I don't still understand
> when and how binman be invoked in this particular use case.
OK I will give it a try. Basically we need to create an etype for
with, with a entry argument that specifies the key file. See
https://github.com/u-boot/u-boot/blob/master/tools/binman/etype/vblock.py
This one collects the data to sign, calls a tool to sign it, then puts
the signature in the entry.
It is really easy (TM).
Regards,
SImon
More information about the U-Boot
mailing list