[PATCH v5 02/11] tools: mkeficapsule: add firmwware image signing
Simon Glass
sjg at chromium.org
Fri Oct 29 05:17:45 CEST 2021
Hi Takahiro,
On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> With this enhancement, mkeficapsule will be able to sign a capsule
> file when it is created. A signature added will be used later
> in the verification at FMP's SetImage() call.
>
> To do that, We need specify additional command parameters:
> -monotonic-cout <count> : monotonic count
> -private-key <private key file> : private key file
> -certificate <certificate file> : certificate file
> Only when all of those parameters are given, a signature will be added
> to a capsule file.
>
> Users are expected to maintain and increment the monotonic count at
> every time of the update for each firmware image.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
> tools/Kconfig | 8 +
> tools/Makefile | 8 +-
> tools/mkeficapsule.c | 435 +++++++++++++++++++++++++++++++++++++++----
> 3 files changed, 417 insertions(+), 34 deletions(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
This looks OK but I have some suggestions
- I don't think you should return -1 from main
- could you split up your create_fwbin() to return the number of gotos?
- could we have a man page for the tool?
- should the files be opened in binary mode?
- can we just build the tool always?
Regards,
Simon
More information about the U-Boot
mailing list