[PATCH 3/3] Revert "doc: Update authenticated capsules documentation"
Simon Glass
sjg at chromium.org
Sat May 24 14:09:03 CEST 2025
Restore the documentation for using signatures in the devicetree.
This reverts commit 8082116dff3351277a019f7f35a0aeb62fe235ce.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
doc/develop/uefi/uefi.rst | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index 3ca22b572a9..48d6110b2ad 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -597,6 +597,21 @@ and used by the steps highlighted below.
[--fit | --raw | --guid <guid-string] \
<image_blob> <capsule_file_name>
+4. Insert the signature list into a device tree in the following format::
+
+ {
+ signature {
+ capsule-key = [ <binary of signature list> ];
+ }
+ ...
+ }
+
+You can perform step-4 through the Kconfig symbol
+CONFIG_EFI_CAPSULE_CRT_FILE. This symbol points to the signing key
+generated in step-2. As part of U-Boot build, the ESL certificate file will
+be generated from the signing key and automatically get embedded into the
+platform's dtb.
+
Anti-rollback Protection
************************
--
2.34.1
More information about the U-Boot
mailing list