[PATCH v11 2/9] tools: mkeficapsule: add firmware image signing
Simon Glass
sjg at chromium.org
Sun Feb 20 00:11:08 CET 2022
Hi,
On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> Heinrich,
>
> On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
> > On 2/9/22 11:10, AKASHI Takahiro wrote:
> > > With this enhancement, mkeficapsule will be able to sign a capsule
> > > file when it is created. A signature added will be used later
> > > in the verification at FMP's SetImage() call.
> > >
> > > To do that, we need specify additional command parameters:
> > > -monotonic-cout <count> : monotonic count
> > > -private-key <private key file> : private key file
> > > -certificate <certificate file> : certificate file
> > > Only when all of those parameters are given, a signature will be added
> > > to a capsule file.
> > >
> > > Users are expected to maintain and increment the monotonic count at
> > > every time of the update for each firmware image.
> > >
> > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > > Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > > ---
> > > .azure-pipelines.yml | 2 +-
> > > tools/Makefile | 1 +
> > > tools/eficapsule.h | 115 +++++++++++++
> > > tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
> > > 4 files changed, 463 insertions(+), 35 deletions(-)
> > > create mode 100644 tools/eficapsule.h
I'm not sure if it is this patch or something else, but building is
broken as it needs
gnutls/gnutls.h
Please update the docs in doc/build/gcc.rst to fix this.
Regards,
Simon
More information about the U-Boot
mailing list