[PATCH 3/3] Revert "doc: Update authenticated capsules documentation"

Simon Glass sjg at chromium.org
Sat May 24 14:09:03 CEST 2025


Restore the documentation for using signatures in the devicetree.

This reverts commit 8082116dff3351277a019f7f35a0aeb62fe235ce.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 doc/develop/uefi/uefi.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index 3ca22b572a9..48d6110b2ad 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -597,6 +597,21 @@ and used by the steps highlighted below.
       [--fit | --raw | --guid <guid-string] \
       <image_blob> <capsule_file_name>
 
+4. Insert the signature list into a device tree in the following format::
+
+    {
+            signature {
+                    capsule-key = [ <binary of signature list> ];
+            }
+            ...
+    }
+
+You can perform step-4 through the Kconfig symbol
+CONFIG_EFI_CAPSULE_CRT_FILE. This symbol points to the signing key
+generated in step-2. As part of U-Boot build, the ESL certificate file will
+be generated from the signing key and automatically get embedded into the
+platform's dtb.
+
 Anti-rollback Protection
 ************************
 
-- 
2.34.1



More information about the U-Boot mailing list