[PATCH v2 0/6] capsule: Embed the public key ESL as part of build

[Sughosh Ganu]

This series takes a different approach to embedding the public key EFI
Signature List(ESL) needed for capsule authentication into the
platform's DTB.

The earlier approach [1] was using a u-boot.dtsi file to embed the
key. But this approach has a few issues. 1) The path of the incbin file
is not relative to $(srctree), but relative to the directory of the
dts file which is using incbin directive -- this causes problems when
the dts files are located in different directories and they try to
include the same binary. 2) The u-boot.dtsi file only gets included in
the DTB if there are no other *u-boot.dtsi files being included. 3) A
separate u-boot.dtsi is needed per arch.

To get around these issues, this approach generates a dtsi
file(.capsule_esl.dtsi) with the public key node during build. This
generated dtsi file contains the resolved path to the ESL and is then
included for the DTB generation.

The first patch of the series also cleans up the logic to include the
dtsi files, by collating all the dtsi files to be included into a
single variable.

These patches need to be applied on top of the series for generating
the capsules as part of the build [2].

[1] - https://lists.denx.de/pipermail/u-boot/2023-August/526323.html
[2] - https://lore.kernel.org/u-boot/20230812153024.334563-1-sughosh.ganu@linaro.org/T/#m85a50079007acf8943cfe8efcc7d78d23a40db7c

Changes since V1:
* New patch which only sets the dependencies for the dtb build.
* Put only the setting of dtsi_include_list under the ifdef, moving
  the rest of the logic out of the ifdef.


Sughosh Ganu (6):
  scripts/Makefile.lib: Collate all dtsi files for inclusion
  scripts/Makefile.lib: Add dtsi include files as deps for building DTB
  scripts/Makefile.lib: Embed capsule public key in platform's dtb
  sandbox: capsule: Add path to the public key ESL file
  test: capsule: Remove logic to add public key ESL
  doc: capsule: Document the new mechanism to embed ESL file into dtb

 configs/sandbox_defconfig                    |  1 +
 configs/sandbox_flattree_defconfig           |  1 +
 doc/develop/uefi/uefi.rst                    | 19 ++++---------
 lib/efi_loader/Kconfig                       |  8 ++++++
 lib/efi_loader/capsule_esl.dtsi.in           | 11 +++++++
 scripts/Makefile.lib                         | 30 ++++++++++++++++----
 test/py/tests/test_efi_capsule/conftest.py   | 28 +++++-------------
 test/py/tests/test_efi_capsule/signature.dts | 10 -------
 8 files changed, 58 insertions(+), 50 deletions(-)
 create mode 100644 lib/efi_loader/capsule_esl.dtsi.in
 delete mode 100644 test/py/tests/test_efi_capsule/signature.dts

-- 
2.34.1