[PATCH 0/3] efi_loader: Move the public cerificate back to the devicetree

Ilias Apalodimas ilias.apalodimas at linaro.org
Sat May 24 20:12:50 CEST 2025


Hi Simon,

On Sat, 24 May 2025 at 15:09, Simon Glass <sjg at chromium.org> wrote:
>
> A previously rejected patch to move the EFI public cerificate out of the
> devicetree has recently been applied. This series reverts the change,
> pending further discussion as to why it was accepted.

I spent a good amount of time, writing the commit message an
explaining why this patch was sent(which btw wasn't 'rejected', you
forcefully reverted it back then with no agreements from anyone) and
why we prefer to do it this way. tl;dr early boot loaders that pass as
a DT is a problem now.
If there's a good reason to revert it, please explain it on the commit message

Thanks
/Ilias

>
>
> Simon Glass (3):
>   Revert "efi_loader: Moved the generated ESL file to objtree"
>   Revert "efi_loader: Move public cert for capsules to .rodata"
>   Revert "doc: Update authenticated capsules documentation"
>
>  .gitignore                         |  1 -
>  doc/develop/uefi/uefi.rst          | 15 ++++++++++++
>  include/asm-generic/sections.h     |  2 --
>  lib/efi_loader/Makefile            | 18 ---------------
>  lib/efi_loader/capsule_esl.dtsi.in | 11 +++++++++
>  lib/efi_loader/efi_capsule.c       | 37 ++++++++++++++++++++++--------
>  lib/efi_loader/efi_capsule_key.S   | 17 --------------
>  scripts/Makefile.lib               | 27 ++++++++++++++++++++++
>  8 files changed, 81 insertions(+), 47 deletions(-)
>  create mode 100644 lib/efi_loader/capsule_esl.dtsi.in
>  delete mode 100644 lib/efi_loader/efi_capsule_key.S
>
> --
> 2.34.1
>
> base-commit: bab54f5942c428be698216224fd10b91d974d4da
> branch: efis-us


More information about the U-Boot mailing list