[PATCH v7 03/11] sandbox: capsule: Add keys and certificates needed for capsule update testing

Simon Glass sjg at chromium.org
Sat Aug 5 21:06:30 CEST 2023


Hi Sughosh,

On Sat, 5 Aug 2023 at 12:50, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> hi Simon,
>
> On Sun, 6 Aug 2023 at 00:06, Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Sughosh,
> >
> > On Sat, 5 Aug 2023 at 11:50, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> > >
> > > hi Simon,
> > >
> > > On Sat, 5 Aug 2023 at 20:34, Simon Glass <sjg at chromium.org> wrote:
> > > >
> > > > Hi Sughosh,
> > > >
> > > > On Sat, 5 Aug 2023 at 05:35, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> > > > >
> > > > > Add the private keys and public key certificates which are to be used
> > > > > for capsule authentication while testing the EFI capsule update
> > > > > functionality. There are two pairs of private and public keys. The
> > > > > SIGNER.{key,crt} pair will be used for signing capsules, whilst the
> > > > > SIGNER2.{key,crt} pair is to be used as malicious keys for testing
> > > > > authentication failure cases. The SIGNER.crt is also converted to an
> > > > > EFI Signature List(ESL) file, SIGNER.esl, which is embedded in the
> > > > > platform's device-tree for capsule authentication.
> > > > >
> > > > > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > > > > ---
> > > > > Changes since V6:
> > > > > * New patch that puts the keys and cert files under board/sandbox/
> > > > >   directory as suggested Simon Glass.
> > > > >
> > > > >  board/sandbox/SIGNER.crt  |  19 +++++++++++++++++++
> > > > >  board/sandbox/SIGNER.esl  | Bin 0 -> 831 bytes
> > > > >  board/sandbox/SIGNER.key  |  28 ++++++++++++++++++++++++++++
> > > > >  board/sandbox/SIGNER2.crt |  19 +++++++++++++++++++
> > > > >  board/sandbox/SIGNER2.key |  28 ++++++++++++++++++++++++++++
> > > > >  5 files changed, 94 insertions(+)
> > > > >  create mode 100644 board/sandbox/SIGNER.crt
> > > > >  create mode 100644 board/sandbox/SIGNER.esl
> > > > >  create mode 100644 board/sandbox/SIGNER.key
> > > > >  create mode 100644 board/sandbox/SIGNER2.crt
> > > > >  create mode 100644 board/sandbox/SIGNER2.key
> > > >
> > > > Can we call these good.* and bad.* so it is clear what they are for?
> > > > Also, please avoid capital letters in filenames.
> > >
> > > I was using the same nomenclature that was being used currently by the
> > > efi capsule update tests. But I guess I can change this.
> >
> > Yes please. You could use a patch at the start of your series, perhaps?
>
> Er, this is actually at the start of the series, isn't it. Well, at
> least before we start adding relevant stuff like the ESL file incbin
> logic in the u-boot.dtsi file -- this patch precedes patch 4 which is
> adding the incbin logic to u-boot.dtsi.

OK, well anyway if you can rename them to be more meaningful that would help.

Regards,
Simon


More information about the U-Boot mailing list