[PATCH v7 03/11] sandbox: capsule: Add keys and certificates needed for capsule update testing
Sughosh Ganu
sughosh.ganu at linaro.org
Sat Aug 5 20:50:05 CEST 2023
hi Simon,
On Sun, 6 Aug 2023 at 00:06, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Sughosh,
>
> On Sat, 5 Aug 2023 at 11:50, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > hi Simon,
> >
> > On Sat, 5 Aug 2023 at 20:34, Simon Glass <sjg at chromium.org> wrote:
> > >
> > > Hi Sughosh,
> > >
> > > On Sat, 5 Aug 2023 at 05:35, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> > > >
> > > > Add the private keys and public key certificates which are to be used
> > > > for capsule authentication while testing the EFI capsule update
> > > > functionality. There are two pairs of private and public keys. The
> > > > SIGNER.{key,crt} pair will be used for signing capsules, whilst the
> > > > SIGNER2.{key,crt} pair is to be used as malicious keys for testing
> > > > authentication failure cases. The SIGNER.crt is also converted to an
> > > > EFI Signature List(ESL) file, SIGNER.esl, which is embedded in the
> > > > platform's device-tree for capsule authentication.
> > > >
> > > > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > > > ---
> > > > Changes since V6:
> > > > * New patch that puts the keys and cert files under board/sandbox/
> > > > directory as suggested Simon Glass.
> > > >
> > > > board/sandbox/SIGNER.crt | 19 +++++++++++++++++++
> > > > board/sandbox/SIGNER.esl | Bin 0 -> 831 bytes
> > > > board/sandbox/SIGNER.key | 28 ++++++++++++++++++++++++++++
> > > > board/sandbox/SIGNER2.crt | 19 +++++++++++++++++++
> > > > board/sandbox/SIGNER2.key | 28 ++++++++++++++++++++++++++++
> > > > 5 files changed, 94 insertions(+)
> > > > create mode 100644 board/sandbox/SIGNER.crt
> > > > create mode 100644 board/sandbox/SIGNER.esl
> > > > create mode 100644 board/sandbox/SIGNER.key
> > > > create mode 100644 board/sandbox/SIGNER2.crt
> > > > create mode 100644 board/sandbox/SIGNER2.key
> > >
> > > Can we call these good.* and bad.* so it is clear what they are for?
> > > Also, please avoid capital letters in filenames.
> >
> > I was using the same nomenclature that was being used currently by the
> > efi capsule update tests. But I guess I can change this.
>
> Yes please. You could use a patch at the start of your series, perhaps?
Er, this is actually at the start of the series, isn't it. Well, at
least before we start adding relevant stuff like the ESL file incbin
logic in the u-boot.dtsi file -- this patch precedes patch 4 which is
adding the incbin logic to u-boot.dtsi.
-sughosh
More information about the U-Boot
mailing list