[PATCH 2/3] mkeficapsule: Remove dtb related options
Simon Glass
sjg at chromium.org
Fri Jul 16 16:03:23 CEST 2021
Hi Ilias,
On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
> added a bunch of options enabling the addition of the capsule public key
> in a dtb. Since now we embeded the key in U-Boot's .rodata we don't this
> this functionality anymore
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> tools/mkeficapsule.c | 226 ++-----------------------------------------
> 1 file changed, 7 insertions(+), 219 deletions(-)
Here again I see EFI diverging from the impl in U-Boot. WIth U-Boot
you can add the public key after the build step, e.g. in a key-signing
server. With EFI and this change you will have to rebuild U-Boot (from
source) every time you sign something. Seems like a pain.
Regards,
Simon
More information about the U-Boot
mailing list