[PATCH 0/4] efi_loader: capsule: improve capsule authentication support

Heinrich Schuchardt xypron.glpk at gmx.de
Wed May 12 07:04:20 CEST 2021 

Am 12. Mai 2021 06:57:49 MESZ schrieb AKASHI Takahiro <takahiro.akashi at linaro.org>:
>As I discussed in [1], I have made a couple of improvements on
>the current implemenation of capsule update.
>
>Among others, this patch series
>1. add signing feature to mkeficapsule
>2. remove dtb operation from mkeficapsule
>3. add pytest for capsule authentication (on sandbox)
>
>NOTE:
>I temporarily include Patch#3 in order to show that it is not worth
>implementing in C as we can do the same thing with a very small
>shell script.
>
>My intent is *NOT* to merge Patch#3 in upstream.
>

Should you need to resend the series, please, put "DO NOT MERGE" into the title of patch 3.

Best regards

Heinrich


>Prerequisite patches
>====================
>See Sughosh's [2] and my [3].
>
>Test
>====
>* passed the pytest which is included in this patch series
>  on sandbox built locally.
>
>Todo
>====
>* review and update the document for capsule update
>    doc/board/emulation/qemu_capsule_update.rst
>  (but not in this patch series)
>
>[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
>[2] https://lists.denx.de/pipermail/u-boot/2021-April/447183.html
>[3] https://lists.denx.de/pipermail/u-boot/2021-May/449347.html
>    https://lists.denx.de/pipermail/u-boot/2021-May/449348.html
>    https://lists.denx.de/pipermail/u-boot/2021-May/449349.html
>    https://lists.denx.de/pipermail/u-boot/2021-May/449350.html
>    https://lists.denx.de/pipermail/u-boot/2021-May/449351.html
>
>Changes
>=======
>Initial release (May 12, 2021)
>* based on v2021.07-rc2
>
>AKASHI Takahiro (4):
>  tools: mkeficapsule: add firmwware image signing
>  tools: mkeficapsule: remove device-tree related operation
>  tools: add fdtsig command
>  test/py: efi_capsule: add image authentication test
>
> Makefile                                      |   7 +-
> .../py/tests/test_efi_capsule/capsule_defs.py |   5 +
> test/py/tests/test_efi_capsule/conftest.py    |  35 +-
> test/py/tests/test_efi_capsule/signature.dts  |   8 +
> .../test_capsule_firmware_signed.py           | 234 +++++++++
> tools/Makefile                                |   7 +-
> tools/fdtsig.c                                | 274 +++++++++++
> tools/fdtsig.sh                               |  40 ++
> tools/mkeficapsule.c                          | 455 ++++++++++--------
> 9 files changed, 856 insertions(+), 209 deletions(-)
> create mode 100644 test/py/tests/test_efi_capsule/signature.dts
>create mode 100644
>test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
> create mode 100644 tools/fdtsig.c
> create mode 100755 tools/fdtsig.sh

More information about the U-Boot mailing list