[PATCH v7 03/11] sandbox: capsule: Add keys and certificates needed for capsule update testing
Simon Glass
sjg at chromium.org
Sat Aug 5 20:36:23 CEST 2023
Hi Sughosh,
On Sat, 5 Aug 2023 at 11:50, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> hi Simon,
>
> On Sat, 5 Aug 2023 at 20:34, Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Sughosh,
> >
> > On Sat, 5 Aug 2023 at 05:35, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> > >
> > > Add the private keys and public key certificates which are to be used
> > > for capsule authentication while testing the EFI capsule update
> > > functionality. There are two pairs of private and public keys. The
> > > SIGNER.{key,crt} pair will be used for signing capsules, whilst the
> > > SIGNER2.{key,crt} pair is to be used as malicious keys for testing
> > > authentication failure cases. The SIGNER.crt is also converted to an
> > > EFI Signature List(ESL) file, SIGNER.esl, which is embedded in the
> > > platform's device-tree for capsule authentication.
> > >
> > > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > > ---
> > > Changes since V6:
> > > * New patch that puts the keys and cert files under board/sandbox/
> > > directory as suggested Simon Glass.
> > >
> > > board/sandbox/SIGNER.crt | 19 +++++++++++++++++++
> > > board/sandbox/SIGNER.esl | Bin 0 -> 831 bytes
> > > board/sandbox/SIGNER.key | 28 ++++++++++++++++++++++++++++
> > > board/sandbox/SIGNER2.crt | 19 +++++++++++++++++++
> > > board/sandbox/SIGNER2.key | 28 ++++++++++++++++++++++++++++
> > > 5 files changed, 94 insertions(+)
> > > create mode 100644 board/sandbox/SIGNER.crt
> > > create mode 100644 board/sandbox/SIGNER.esl
> > > create mode 100644 board/sandbox/SIGNER.key
> > > create mode 100644 board/sandbox/SIGNER2.crt
> > > create mode 100644 board/sandbox/SIGNER2.key
> >
> > Can we call these good.* and bad.* so it is clear what they are for?
> > Also, please avoid capital letters in filenames.
>
> I was using the same nomenclature that was being used currently by the
> efi capsule update tests. But I guess I can change this.
Yes please. You could use a patch at the start of your series, perhaps?
Regards,
Simon
More information about the U-Boot
mailing list