[PATCH 2/3] mkeficapsule: Remove dtb related options

Simon Glass sjg at chromium.org
Fri Jul 16 16:03:23 CEST 2021


Hi Ilias,

On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
> added a bunch of options enabling the addition of the capsule public key
> in a dtb.  Since now we embeded the key in U-Boot's .rodata we don't this
> this functionality anymore
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
>  tools/mkeficapsule.c | 226 ++-----------------------------------------
>  1 file changed, 7 insertions(+), 219 deletions(-)

Here again I see EFI diverging from the impl in U-Boot. WIth U-Boot
you can add the public key after the build step, e.g. in a key-signing
server. With EFI and this change you will have to rebuild U-Boot (from
source) every time you sign something. Seems like a pain.

Regards,
Simon


More information about the U-Boot mailing list