[PATCH 0/2] UEFI Capsule - PKCS11 Support
Wojciech Dubowik
Wojciech.Dubowik at mt.com
Tue Dec 16 16:08:27 CET 2025
Add support for pkcs11 URI's when generating UEFI capsules and
accept URI's for certificate in dts capsule nodes.
Example:
export PKCS11_MODULE_PATH=<pkcs11 provider path>/libsofthsm2.so
tools/mkeficapsule --monotonic-count 1 \
--private-key "pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt" \
--certificate "pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt" \
--index 1 \
--guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \
"capsule-payload" \
"capsule.cap
Wojciech Dubowik (2):
tools: mkeficapsule: Add support for pkcs11
binman: Accept pkcs11 URI tokens for capsule updates
tools/binman/etype/efi_capsule.py | 4 +-
tools/mkeficapsule.c | 102 ++++++++++++++++++++++--------
2 files changed, 76 insertions(+), 30 deletions(-)
--
2.47.3
More information about the U-Boot
mailing list