[PATCH v3 03/11] doc: capsule: Document the new mechanism to embed ESL file into dtb

Sughosh Ganu sughosh.ganu at linaro.org
Sun Jul 9 15:33:18 CEST 2023

Update the document to specify how the EFI Signature List(ESL) file
can be embedded into the platform's dtb as part of the u-boot build.

Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
Changes since V2:
* Highlight the need to use the u-boot.dtsi file for embedding the
  public key ESL into the DTB.

 doc/develop/uefi/uefi.rst | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index ffe25ca231..c04e62f3a5 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -495,20 +495,16 @@ and used by the steps highlighted below.
-You can do step-4 manually with
+You can perform step-4 by defining the Kconfig symbol
+CONFIG_EFI_CAPSULE_ESL_FILE. Once this has been done, the signature
+node can be added to the u-boot.dtsi file. For reference, check the
+u-boot.dtsi file for the sandbox architecture. If this node has not
+been added to the architecture's u-boot.dtsi file, this needs to be
+done. The node has currently been added for the sandbox and arm
+architectures' in the u-boot.dtsi file. Once the u-boot.dtsi file has
+been added with the signature node, the esl file will automatically
+get embedded into the platform's dtb as part of u-boot build.
-.. code-block:: console
-    $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
-    $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo
-where signature.dts looks like::
-    &{/} {
-            signature {
-                    capsule-key = /incbin/("CRT.esl");
-            };
-    };
 Executing the boot manager

More information about the U-Boot mailing list