[PATCH 1/4] tools: mkeficapsule: add firmwware image signing
Heinrich Schuchardt
xypron.glpk at gmx.de
Fri May 14 10:45:48 CEST 2021
On 5/14/21 9:13 AM, AKASHI Takahiro wrote:
>> E.g for IMAGE_ATTRIBUTE_IN_USE
>>
>> AttributesSupported | AttributesSetting | Meaning
>> --------------------+-------------------+--------------------
>> 0 | 0 | state is unknown
>> 0 | 1 | state is unknown
>> 1 | 0 | image is not in use
>> 1 | 1 | image is in use
> We are discussing *_REQUIRED.
> Can you give me the same table for *_REQUIRED?
>
> -Takahiro Akashi
>
>
IMAGE_ATTRIBUTE_RESET_REQUIRED
AttributesSupported | AttributesSetting | Meaning
--------------------+-------------------+--------------------
0 | 0 | state is unknown
0 | 1 | state is unknown
1 | 0 | reset is not needed
| | to complete upgrade
1 | 1 | reset is needed
| | to complete upgrade
IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED
AttributesSupported | AttributesSetting | Meaning
--------------------+-------------------+--------------------
0 | 0 | state is unknown
0 | 1 | state is unknown
1 | 0 | signed and unsigned
| | capsules are accepted
1 | 1 | capsules are only
| | accepted after
| | checking the signature
For both bits AttributesSupported=0 does not make much sense.
IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED is a property of the current
image and should only be deleted by installing a new capsule.
A vendor might send you a special firmware image for unlocking your
device after registering as a developer. Xiaomi handled it like this for
one of my routers.
Best regards
Heinrich
More information about the U-Boot
mailing list