EXTERNAL - [PATCH 2/2] binman: Accept pkcs11 URI tokens for capsule updates
Simon Glass
sjg at chromium.org
Tue Jan 6 00:30:22 CET 2026
Hi Wojciech,
On Mon, 5 Jan 2026 at 01:48, Wojciech Dubowik <Wojciech.Dubowik at mt.com> wrote:
>
> On Sat, Dec 27, 2025 at 07:52:36AM -0700, Simon Glass wrote:
> > Hi Wojciech,
> >
> > On Tue, 16 Dec 2025 at 08:09, Wojciech Dubowik <Wojciech.Dubowik at mt.com> wrote:
> > >
> > > With pkcs11 support in mkeficapsule we can now accept URI
> > > tokens and not only files.
> > >
> > > Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik at mt.com>
> > > ---
> > > tools/binman/etype/efi_capsule.py | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py
> > > index 9f06cc88e6e5..8ab022915d9d 100644
> > > --- a/tools/binman/etype/efi_capsule.py
> > > +++ b/tools/binman/etype/efi_capsule.py
> > > @@ -125,9 +125,9 @@ class Entry_efi_capsule(Entry_section):
> > > private_key = ''
> > > public_key_cert = ''
> > > if self.auth:
> > > - if not os.path.isabs(self.private_key):
> > > + if not os.path.isabs(self.private_key) and not 'pkcs11:' in self.private_key:
> > > private_key = tools.get_input_filename(self.private_key)
> > > - if not os.path.isabs(self.public_key_cert):
> > > + if not os.path.isabs(self.public_key_cert) and not 'pkcs11:' in self.public_key_cert:
> > > public_key_cert = tools.get_input_filename(self.public_key_cert)
> > > data, payload, uniq = self.collect_contents_to_file(
> > > self._entries.values(), 'capsule_in')
> > > --
> > > 2.47.3
> > >
> >
> > Does this have a test case?
>
> Not yet. I have seen that pkcs11 engine and softhsm test framework have been recently merged into
> next so I will try to make a testcase for it.
We may have lost the history here. You can mock things as needed to
simplify the test.
Regards,
Simon
More information about the U-Boot
mailing list