[PATCH v4 04/11] tools: add fdtsig.sh

AKASHI Takahiro takahiro.akashi at linaro.org
Thu Oct 7 08:23:33 CEST 2021


With this script, a public key is added to a device tree blob
as the default efi_get_public_key_data() expects.

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 MAINTAINERS     |  1 +
 tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100755 tools/fdtsig.sh

diff --git a/MAINTAINERS b/MAINTAINERS
index 5370b550648e..650e428b6cb4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -713,6 +713,7 @@ F:	cmd/bootefi.c
 F:	cmd/efidebug.c
 F:	cmd/nvedit_efi.c
 F:	tools/efivar.py
+F:	tools/fdtsig.sh
 F:	tools/file2include.c
 F:	tools/mkeficapsule.c
 
diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh
new file mode 100755
index 000000000000..5ce7357614d7
--- /dev/null
+++ b/tools/fdtsig.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0+
+#
+# script to add a certificate (efi-signature-list) to dtb blob
+
+usage() {
+	if [ -n "$*" ]; then
+		echo "ERROR: $*"
+	fi
+	echo "Usage: "$(basename $0) " <esl file> <dtb file>"
+}
+
+if [ "$#" -ne 2 ]; then
+	usage "Arguments missing"
+	exit 1
+fi
+
+ESL=$1
+DTB=$2
+NEW_DTB=$(basename $DTB)_tmp
+SIG=signature
+
+cat << 'EOF' > $SIG.dts
+/dts-v1/;
+/plugin/;
+
+&{/} {
+    signature {
+	    capsule-key = /incbin/("ESL");
+    };
+};
+EOF
+
+sed -in "s/ESL/$ESL/" $SIG.dts
+
+dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts
+fdtoverlay -i $DTB -o $NEW_DTB -v $SIG.dtbo
+mv $NEW_DTB $DTB
+
+#rm $SIG.dts $SIG.dtbo $NEW_DTB
-- 
2.33.0



More information about the U-Boot mailing list