[PATCH 2/4] tools: mkeficapsule: remove device-tree related operation

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed May 12 10:01:34 CEST 2021


On Wed, May 12, 2021 at 04:49:02PM +0900, Masami Hiramatsu wrote:
> Hi Ilias,
> 
> 2021年5月12日(水) 16:21 Ilias Apalodimas <ilias.apalodimas at linaro.org>:
> >
> > Akashi-san,
> >
> > On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
> > > As we discussed, "-K" and "-D" options have nothing to do with
> > > creating a capsule file. The same result can be obtained by
> > > using standard commands like:
> > >   === signature.dts ===
> > >   /dts-v1/;
> > >   /plugin/;
> > >
> > >   &{/} {
> > >         signature {
> > >                 capsule-key = /incbin/("SIGNER.esl");
> > >         };
> > >   };
> > >   ===
> > >   $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
> > >   $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
> > >
> > > So just remove this feature.
> > > (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support
> > > for embedding public key in a dtb").)
> > >
> > > The same feature is implemented by a shell script (tools/fdtsig.sh).
> >
> >
> > The only reason I can see to keep this, is if mkeficapsule gets included
> > intro distro packages in the future.  That would make end users life a bit
> > easier, since they would need a single binary to create the whole
> > CapsuleUpdate sequence.
> 
> Hmm, I think it is better to write a manpage of mkeficapsule which
> also describes
> how to embed the key into dtb as in the above example if it is so short.
> Or, distros can package the above shell script with mkeficapsule.
> 
> Embedding a key and signing a capsule are different operations but
> using the same tool may confuse users (at least me).

Sure fair enough.  I am merely pointing out we need a way to explain all of
those to users. 

Thanks!
/Ilias
> 
> Thank you,
> 
> -- 
> Masami Hiramatsu


More information about the U-Boot mailing list