[PATCH 2/4] tools: mkeficapsule: remove device-tree related operation

Wed May 12 09:49:02 CEST 2021

Hi Ilias,

2021年5月12日(水) 16:21 Ilias Apalodimas <ilias.apalodimas at linaro.org>:
>
> Akashi-san,
>
> On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
> > As we discussed, "-K" and "-D" options have nothing to do with
> > creating a capsule file. The same result can be obtained by
> > using standard commands like:
> >   === signature.dts ===
> >   /dts-v1/;
> >   /plugin/;
> >
> >   &{/} {
> >         signature {
> >                 capsule-key = /incbin/("SIGNER.esl");
> >         };
> >   };
> >   ===
> >   $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
> >   $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
> >
> > So just remove this feature.
> > (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support
> > for embedding public key in a dtb").)
> >
> > The same feature is implemented by a shell script (tools/fdtsig.sh).
>
>
> The only reason I can see to keep this, is if mkeficapsule gets included
> intro distro packages in the future.  That would make end users life a bit
> easier, since they would need a single binary to create the whole
> CapsuleUpdate sequence.

Hmm, I think it is better to write a manpage of mkeficapsule which
also describes
how to embed the key into dtb as in the above example if it is so short.
Or, distros can package the above shell script with mkeficapsule.

Embedding a key and signing a capsule are different operations but
using the same tool may confuse users (at least me).

Thank you,

-- 
Masami Hiramatsu