[PATCH v4 5/6] binman: DTS: Add dump-signature option for capsules
Quentin Schulz
quentin.schulz at cherry.de
Tue Jan 20 16:02:45 CET 2026
Hi Wojciech,
On 1/20/26 9:12 AM, Wojciech Dubowik wrote:
> Mkeficapsule can dump signature for signed capsules. It can
> be used in test to validate signature i.e. with openssl.
> Add an entry for device tree node.
>
> Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik at mt.com>
> ---
> tools/binman/entries.rst | 2 ++
> tools/binman/etype/efi_capsule.py | 5 ++++-
> 2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
> index a81fcbd3891f..1dace2087a2a 100644
> --- a/tools/binman/entries.rst
> +++ b/tools/binman/entries.rst
> @@ -552,6 +552,8 @@ Properties / Entry arguments:
> - public-key-cert: Path to PEM formatted .crt public key certificate
> file. Mandatory property for generating signed capsules.
> - oem-flags - OEM flags to be passed through capsule header.
> + - dump-signature: Instruct mkeficapsule to write signature data to
S/Instruct/Optional boolean (default: false). Instruct
> + a separete file. It might be used to verify capsule authentication.
>
s/separete/separate/
Can we predict where the file will be located and how it'll be named?
> Since this is a subclass of Entry_section, all properties of the parent
> class also apply here. Except for the properties stated as mandatory, the
> diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py
> index 3b30c12ea514..01d56723b98c 100644
> --- a/tools/binman/etype/efi_capsule.py
> +++ b/tools/binman/etype/efi_capsule.py
> @@ -101,6 +101,7 @@ class Entry_efi_capsule(Entry_section):
Please update the docstring so it's in sync with tools/binman/entries.rst.
Cheers,
Quentin
More information about the U-Boot
mailing list