[PATCH v7 12/12] (RFC) efi_loader, dts: add public keys for capsules to device tree

Simon Glass sjg at chromium.org
Tue Dec 7 16:07:28 CET 2021


Hi Takahiro,

On Wed, 24 Nov 2021 at 19:21, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> Hi Simon,
>
> On Wed, Nov 24, 2021 at 05:11:49PM -0700, Simon Glass wrote:
> > Hi Takahiro,
> >
> > On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro
> > <takahiro.akashi at linaro.org> wrote:
> > >
> > > By specifying CONFIG_EFI_CAPSULE_KEY_PATH, the build process will
> > > automatically insert the given key into the device tree.
> > > Otherwise, users are required to do so manually, possibly, with
> > > the utility script, fdtsig.sh.
> > >
> > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > > ---
> > >  doc/develop/uefi/uefi.rst |  4 ++++
> > >  dts/Makefile              | 23 +++++++++++++++++++++--
> > >  lib/efi_loader/Kconfig    |  7 +++++++
> > >  3 files changed, 32 insertions(+), 2 deletions(-)
> > >
> >
> > This should be handled by binman. I can create an etype for it if you like.
>
> Basically I'd defer to you, but I don't still understand
> when and how binman be invoked in this particular use case.

OK I will give it a try. Basically we need to create an etype for
with, with a entry argument that specifies the key file. See

https://github.com/u-boot/u-boot/blob/master/tools/binman/etype/vblock.py

This one collects the data to sign, calls a tool to sign it, then puts
the signature in the entry.

It is really easy (TM).

Regards,
SImon


More information about the U-Boot mailing list