EXTERNAL - [PATCH 2/2] binman: Accept pkcs11 URI tokens for capsule updates
Wojciech Dubowik
Wojciech.Dubowik at mt.com
Mon Jan 5 09:48:39 CET 2026
On Sat, Dec 27, 2025 at 07:52:36AM -0700, Simon Glass wrote:
> Hi Wojciech,
>
> On Tue, 16 Dec 2025 at 08:09, Wojciech Dubowik <Wojciech.Dubowik at mt.com> wrote:
> >
> > With pkcs11 support in mkeficapsule we can now accept URI
> > tokens and not only files.
> >
> > Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik at mt.com>
> > ---
> > tools/binman/etype/efi_capsule.py | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py
> > index 9f06cc88e6e5..8ab022915d9d 100644
> > --- a/tools/binman/etype/efi_capsule.py
> > +++ b/tools/binman/etype/efi_capsule.py
> > @@ -125,9 +125,9 @@ class Entry_efi_capsule(Entry_section):
> > private_key = ''
> > public_key_cert = ''
> > if self.auth:
> > - if not os.path.isabs(self.private_key):
> > + if not os.path.isabs(self.private_key) and not 'pkcs11:' in self.private_key:
> > private_key = tools.get_input_filename(self.private_key)
> > - if not os.path.isabs(self.public_key_cert):
> > + if not os.path.isabs(self.public_key_cert) and not 'pkcs11:' in self.public_key_cert:
> > public_key_cert = tools.get_input_filename(self.public_key_cert)
> > data, payload, uniq = self.collect_contents_to_file(
> > self._entries.values(), 'capsule_in')
> > --
> > 2.47.3
> >
>
> Does this have a test case?
Not yet. I have seen that pkcs11 engine and softhsm test framework have been recently merged into
next so I will try to make a testcase for it.
Regards,
Wojtek
>
> Regards,
> Simon
More information about the U-Boot
mailing list