[PATCH v11 2/9] tools: mkeficapsule: add firmware image signing
AKASHI Takahiro
takahiro.akashi at linaro.org
Mon Feb 21 01:43:59 CET 2022
Hi Simon,
On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote:
> Hi,
>
> On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
> <takahiro.akashi at linaro.org> wrote:
> >
> > Heinrich,
> >
> > On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
> > > On 2/9/22 11:10, AKASHI Takahiro wrote:
> > > > With this enhancement, mkeficapsule will be able to sign a capsule
> > > > file when it is created. A signature added will be used later
> > > > in the verification at FMP's SetImage() call.
> > > >
> > > > To do that, we need specify additional command parameters:
> > > > -monotonic-cout <count> : monotonic count
> > > > -private-key <private key file> : private key file
> > > > -certificate <certificate file> : certificate file
> > > > Only when all of those parameters are given, a signature will be added
> > > > to a capsule file.
> > > >
> > > > Users are expected to maintain and increment the monotonic count at
> > > > every time of the update for each firmware image.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > > > Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > > > ---
> > > > .azure-pipelines.yml | 2 +-
> > > > tools/Makefile | 1 +
> > > > tools/eficapsule.h | 115 +++++++++++++
> > > > tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
> > > > 4 files changed, 463 insertions(+), 35 deletions(-)
> > > > create mode 100644 tools/eficapsule.h
>
> I'm not sure if it is this patch or something else, but building is
> broken as it needs
>
> gnutls/gnutls.h
>
> Please update the docs in doc/build/gcc.rst to fix this.
I have not noticed that there is *another* list of package dependency.
It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev)
is NOT the only component missing in the list.
Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of
such packages:
gcc.rst | gitlab-ci.yml
====== ======
> automake
> autopoint
bc bc
> binutils-dev
bison bison
build-essential build-essential
coccinelle | clang-10
> coreutils
> cpio
> cppcheck
> curl
device-tree-compiler device-tree-compiler
dfu-util | dosfstools
> e2fsprogs
efitools efitools
> fakeroot
flex flex
gdisk gdisk
> git
> gnu-efi
graphviz graphviz
> grub-efi-amd64-bin
> grub-efi-ia32-bin
> help2man
> iasl
imagemagick imagemagick
liblz4-tool | iputils-ping
libguestfs-tools libguestfs-tools
libncurses-dev | libgnutls28-dev
libpython3-dev | libgnutls30
> libisl15
> liblz4-tool
> libpixman-1-dev
> libpython-dev
> libsdl1.2-dev
libsdl2-dev libsdl2-dev
libssl-dev libssl-dev
lz4 | libudev-dev
lzma | libusb-1.0-0-dev
lzma-alone lzma-alone
> lzop
> mount
> mtd-utils
> mtools
openssl openssl
> picocom
> parted
pkg-config pkg-config
python3 | python
python3-coverage | python-dev
python3-pkg-resources | python-pip
python3-pycryptodome | python-virtualenv
python3-pyelftools | python3-pip
python3-pytest | python3-sphinx
python3-sphinxcontrib.apidoc | rpm2cpio
python3-sphinx-rtd-theme | sbsigntool
python3-virtualenv | sloccount
> sparse
> srecord
> sudo
swig swig
> util-linux
> uuid-dev
> virtualenv
> zip
-Takahiro Akashi
More information about the U-Boot
mailing list