[PATCH v11 2/9] tools: mkeficapsule: add firmware image signing
Heinrich Schuchardt
xypron.glpk at gmx.de
Mon Feb 21 19:59:26 CET 2022
On 2/21/22 01:43, AKASHI Takahiro wrote:
> Hi Simon,
>
> On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote:
>> Hi,
>>
>> On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
>> <takahiro.akashi at linaro.org> wrote:
>>>
>>> Heinrich,
>>>
>>> On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
>>>> On 2/9/22 11:10, AKASHI Takahiro wrote:
>>>>> With this enhancement, mkeficapsule will be able to sign a capsule
>>>>> file when it is created. A signature added will be used later
>>>>> in the verification at FMP's SetImage() call.
>>>>>
>>>>> To do that, we need specify additional command parameters:
>>>>> -monotonic-cout <count> : monotonic count
>>>>> -private-key <private key file> : private key file
>>>>> -certificate <certificate file> : certificate file
>>>>> Only when all of those parameters are given, a signature will be added
>>>>> to a capsule file.
>>>>>
>>>>> Users are expected to maintain and increment the monotonic count at
>>>>> every time of the update for each firmware image.
>>>>>
>>>>> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
>>>>> Reviewed-by: Simon Glass <sjg at chromium.org>
>>>>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>>>>> ---
>>>>> .azure-pipelines.yml | 2 +-
>>>>> tools/Makefile | 1 +
>>>>> tools/eficapsule.h | 115 +++++++++++++
>>>>> tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
>>>>> 4 files changed, 463 insertions(+), 35 deletions(-)
>>>>> create mode 100644 tools/eficapsule.h
>>
>> I'm not sure if it is this patch or something else, but building is
>> broken as it needs
>>
>> gnutls/gnutls.h
>>
>> Please update the docs in doc/build/gcc.rst to fix this.
>
> I have not noticed that there is *another* list of package dependency.
> It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev)
> is NOT the only component missing in the list.
>
> Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of
> such packages:
>
> gcc.rst | gitlab-ci.yml
> ====== ======
> > automake
> > autopoint
> bc bc
> > binutils-dev
> bison bison
> build-essential build-essential
> coccinelle | clang-10
> > coreutils
> > cpio
> > cppcheck
> > curl
> device-tree-compiler device-tree-compiler
> dfu-util | dosfstools
> > e2fsprogs
> efitools efitools
> > fakeroot
> flex flex
> gdisk gdisk
> > git
> > gnu-efi
> graphviz graphviz
> > grub-efi-amd64-bin
> > grub-efi-ia32-bin
There are some package that are not needed for building at all like
these GRUB packages which just serve as test binaries.
> > help2man
> > iasl
> imagemagick imagemagick
> liblz4-tool | iputils-ping
> libguestfs-tools libguestfs-tools
> libncurses-dev | libgnutls28-dev
> libpython3-dev | libgnutls30
> > libisl15
> > liblz4-tool
> > libpixman-1-dev
> > libpython-dev
libpython-dev does not even exist in Ubuntu 22.04. Who cares about
Python2 package anymore?
Best regards
Heinrich
> > libsdl1.2-dev
> libsdl2-dev libsdl2-dev
> libssl-dev libssl-dev
> lz4 | libudev-dev
> lzma | libusb-1.0-0-dev
> lzma-alone lzma-alone
> > lzop
> > mount
> > mtd-utils
> > mtools
> openssl openssl
> > picocom
> > parted
> pkg-config pkg-config
> python3 | python
> python3-coverage | python-dev
> python3-pkg-resources | python-pip
> python3-pycryptodome | python-virtualenv
> python3-pyelftools | python3-pip
> python3-pytest | python3-sphinx
> python3-sphinxcontrib.apidoc | rpm2cpio
> python3-sphinx-rtd-theme | sbsigntool
> python3-virtualenv | sloccount
> > sparse
> > srecord
> > sudo
> swig swig
> > util-linux
> > uuid-dev
> > virtualenv
> > zip
>
> -Takahiro Akashi
More information about the U-Boot
mailing list