EXTERNAL - [PATCH v6 4/6] binman: Add dump signature option to mkeficapsule

Simon Glass sjg at chromium.org
Mon Feb 23 18:51:22 CET 2026 

Hi Wojciech,

On Thu, 19 Feb 2026 at 08:23, Wojciech Dubowik <Wojciech.Dubowik at mt.com> wrote:
>
> On Thu, Feb 19, 2026 at 07:31:08AM -0700, Simon Glass wrote:
> Hi Simon,
>
> > Hi Wojciech,
> >
> > On Tue, 17 Feb 2026 at 04:54, Wojciech Dubowik <Wojciech.Dubowik at mt.com> wrote:
> > >
> > > It will be used to capsule signature verification.
> > >
> > > Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik at mt.com>
> > > ---
> > >  tools/binman/btool/mkeficapsule.py | 6 +++++-
> > >  1 file changed, 5 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tools/binman/btool/mkeficapsule.py b/tools/binman/btool/mkeficapsule.py
> > > index f2ac654db81e..7638c941a8ee 100644
> > > --- a/tools/binman/btool/mkeficapsule.py
> > > +++ b/tools/binman/btool/mkeficapsule.py
> > > @@ -38,7 +38,8 @@ class Bintoolmkeficapsule(bintool.Bintool):
> > >
> > >      def generate_capsule(self, image_index, image_guid, hardware_instance,
> > >                           payload, output_fname, priv_key, pub_key,
> > > -                         monotonic_count=0, version=0, oemflags=0):
> > > +                         monotonic_count=0, version=0, oemflags=0,
> > > +                         dump_sig=False):
> > >          """Generate a capsule through commandline-provided parameters
> > >
> > >          Args:
> > > @@ -53,6 +54,7 @@ class Bintoolmkeficapsule(bintool.Bintool):
> > >              monotonic_count (int): Count used when signing an image
> > >              version (int): Image version (Optional)
> > >              oemflags (int): Optional 16 bit OEM flags
> > > +            dump_sig (bool): Dump signature to a file (Optional). Default no.
> > >
> > >          Returns:
> > >              str: Tool output
> > > @@ -73,6 +75,8 @@ class Bintoolmkeficapsule(bintool.Bintool):
> > >                  f'--private-key={priv_key}',
> > >                  f'--certificate={pub_key}'
> > >              ]
> > > +        if dump_sig:
> > > +            args += [f'--dump-sig']
> > >
> > >          args += [
> > >              payload,
> > > --
> > > 2.47.3
> > >
> >
> > It looks like there are still two problems with test coverage:
> >
> > tools/binman/etype/efi_capsule.py                          65      2    97%
>
> Do you know what the second one is? I see on my setup only one:
>            if 'pkcs11:' in self.public_key_cert:
> ***            public_key_cert = self.public_key_cert

It looks like you have fixed both, in v7!


>
> Regards,
> Wojtek
>
> > tools/binman/etype/fit.py                                 358      1    99%

Regards,
Simon

More information about the U-Boot mailing list