[PATCH v4 00/11] efi_loader: capsule: improve capsule authentication support

AKASHI Takahiro takahiro.akashi at linaro.org
Thu Oct 7 08:23:29 CEST 2021


As I proposed and discussed in [1] and [2], I have made a couple of
improvements on the current implementation of capsule update in this
patch set.

* add signing feature to mkeficapsule
* add "--guid" option to mkeficapsule
* add man page of mkeficapsule

[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
[2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html

Prerequisite patches
====================
None

Test
====
* locally passed the pytest which is included in this patch series
  on sandbox built.
  (CONFIG_EFI_CAPSULE_AUTHENTICATE is required for authentication test.)

Changes
=======
v4 (Oct 7, 2021)
* rebased on v2021.10
* align with "Revert "efi_capsule: Move signature from DTB to .rodata""
* add more missing *revert* commits (patch#1,#2,#3)
* add fdtsig.sh, replacing dtb support in mkeficapsule (patch#4)
* update/revise the man/uefi doc (patch#6,#7)
* fix a bug in parsing guid string (patch#8)
* add a test for "--guid" option (patch#10)
* use dtb-based authentication test as done in v1 (patch#11)

v3 (Aug 31, 2021)
* rebased on v2021.10-rc3
* remove pytest-related patches
* add function descriptions in mkeficapsule.c
* correct format specifiers in printf()
* let main() return 0 or -1 only
* update doc/develop/uefi/uefi.rst for syntax change of mkeficapsule

v2 (July 28, 2021)
* rebased on v2021.10-rc*
* removed dependency on target's configuration
* removed fdtsig.sh and others
* add man page
* update the UEFI document
* add dedicate defconfig for testing on sandbox
* add gitlab CI support
* add "--guid" option to mkeficapsule
  (yet rather RFC)

Initial release (May 12, 2021)
* based on v2021.07-rc2

AKASHI Takahiro (11):
  Revert "Revert "mkeficapsule: Remove dtb related options""
  Revert "Revert "doc: Update CapsuleUpdate READMEs""
  efi_loader: capsule: add back efi_get_public_key_data()
  tools: add fdtsig.sh
  tools: mkeficapsule: add firmwware image signing
  tools: mkeficapsule: add man page
  doc: update UEFI document for usage of mkeficapsule
  tools: mkeficapsule: allow for specifying GUID explicitly
  test/py: efi_capsule: align with the syntax change of mkeficapsule
  test/py: efi_capsule: add a test for "--guid" option
  test/py: efi_capsule: add image authentication test

 MAINTAINERS                                   |   2 +
 doc/develop/uefi/uefi.rst                     |  94 +++
 doc/mkeficapsule.1                            | 107 +++
 lib/efi_loader/efi_capsule.c                  |  36 +
 .../py/tests/test_efi_capsule/capsule_defs.py |   5 +
 test/py/tests/test_efi_capsule/conftest.py    |  42 +-
 test/py/tests/test_efi_capsule/signature.dts  |  10 +
 .../test_efi_capsule/test_capsule_firmware.py |  67 ++
 .../test_capsule_firmware_signed.py           | 233 +++++++
 tools/Kconfig                                 |   7 +
 tools/Makefile                                |   8 +-
 tools/fdtsig.sh                               |  40 ++
 tools/mkeficapsule.c                          | 638 ++++++++++++------
 13 files changed, 1062 insertions(+), 227 deletions(-)
 create mode 100644 doc/mkeficapsule.1
 create mode 100644 test/py/tests/test_efi_capsule/signature.dts
 create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
 create mode 100755 tools/fdtsig.sh

-- 
2.33.0



More information about the U-Boot mailing list