[PATCH v11 2/9] tools: mkeficapsule: add firmware image signing

Simon Glass sjg at chromium.org
Sun Feb 20 00:11:08 CET 2022


Hi,

On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> Heinrich,
>
> On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
> > On 2/9/22 11:10, AKASHI Takahiro wrote:
> > > With this enhancement, mkeficapsule will be able to sign a capsule
> > > file when it is created. A signature added will be used later
> > > in the verification at FMP's SetImage() call.
> > >
> > > To do that, we need specify additional command parameters:
> > >    -monotonic-cout <count> : monotonic count
> > >    -private-key <private key file> : private key file
> > >    -certificate <certificate file> : certificate file
> > > Only when all of those parameters are given, a signature will be added
> > > to a capsule file.
> > >
> > > Users are expected to maintain and increment the monotonic count at
> > > every time of the update for each firmware image.
> > >
> > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > > Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > > ---
> > >   .azure-pipelines.yml |   2 +-
> > >   tools/Makefile       |   1 +
> > >   tools/eficapsule.h   | 115 +++++++++++++
> > >   tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
> > >   4 files changed, 463 insertions(+), 35 deletions(-)
> > >   create mode 100644 tools/eficapsule.h

I'm not sure if it is this patch or something else, but building is
broken as it needs

gnutls/gnutls.h

Please update the docs in doc/build/gcc.rst to fix this.

Regards,
Simon


More information about the U-Boot mailing list