[PATCH 2/4] tools: mkeficapsule: remove device-tree related operation
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed May 12 10:01:34 CEST 2021
On Wed, May 12, 2021 at 04:49:02PM +0900, Masami Hiramatsu wrote:
> Hi Ilias,
>
> 2021年5月12日(水) 16:21 Ilias Apalodimas <ilias.apalodimas at linaro.org>:
> >
> > Akashi-san,
> >
> > On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
> > > As we discussed, "-K" and "-D" options have nothing to do with
> > > creating a capsule file. The same result can be obtained by
> > > using standard commands like:
> > > === signature.dts ===
> > > /dts-v1/;
> > > /plugin/;
> > >
> > > &{/} {
> > > signature {
> > > capsule-key = /incbin/("SIGNER.esl");
> > > };
> > > };
> > > ===
> > > $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
> > > $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
> > >
> > > So just remove this feature.
> > > (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support
> > > for embedding public key in a dtb").)
> > >
> > > The same feature is implemented by a shell script (tools/fdtsig.sh).
> >
> >
> > The only reason I can see to keep this, is if mkeficapsule gets included
> > intro distro packages in the future. That would make end users life a bit
> > easier, since they would need a single binary to create the whole
> > CapsuleUpdate sequence.
>
> Hmm, I think it is better to write a manpage of mkeficapsule which
> also describes
> how to embed the key into dtb as in the above example if it is so short.
> Or, distros can package the above shell script with mkeficapsule.
>
> Embedding a key and signing a capsule are different operations but
> using the same tool may confuse users (at least me).
Sure fair enough. I am merely pointing out we need a way to explain all of
those to users.
Thanks!
/Ilias
>
> Thank you,
>
> --
> Masami Hiramatsu
More information about the U-Boot
mailing list