From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org,
ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org,
masami.hiramatsu@linaro.org, u-boot@lists.denx.de
Subject: Re: [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support
Date: Mon, 2 Aug 2021 14:00:05 +0900 [thread overview]
Message-ID: <20210802050005.GE7965@laputa> (raw)
In-Reply-To: <b63a2c6c-5943-ef6b-19f4-cc401da2dd56@gmx.de>
Heinrich,
On Sun, Aug 01, 2021 at 11:40:14AM +0200, Heinrich Schuchardt wrote:
> On 7/27/21 11:10 AM, AKASHI Takahiro wrote:
> > As I proposed and discussed in [1] and [2], I have made a couple of
> > improvements on the current implementation of capsule update in this
> > patch set.
> >
> > * add signing feature to mkeficapsule
> > * add "--guid" option to mkeficapsule
> > * add man page of mkeficapsule
> > * add pytest for capsule authentication (on sandbox)
> >
> > NOTE:
> > Due to Ilias's commit[3], we need to have a customized configuration
> > for sandbox to properly set up and run capsule authentication test.
> > See patch#5,#6 and #7.
> >
> > [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
> > [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html
> > [3] commit ddf67daac39d ("efi_capsule: Move signature from DTB to
> > .rodata")
>
>
> Dear Takahiro,
>
> thanks for driving this topic. I have finished with my review and will
> be waiting for v2.
Thanks for your review comments.
I'd like to know what's your thought on Patch#8 (and #9)
as I have not seen your comment at [2] above.
It is more or less an RFC since it breaks the compatibility
of command syntax although I believe that the change is
quite useful.
-Takahiro Akashi
> Best regards
>
> Heinrich
>
> >
> > Prerequisite patches
> > ====================
> > None
> >
> > Test
> > ====
> > * locally passed the pytest which is included in this patch series
> > on sandbox built.
> >
> > Todo
> > ====
> > * Confirm that the change in .gitlab-ci.yml works.
> > * Azure support(?)
> >
> > Changes
> > =======
> > v2 (July 28, 2021)
> > * rebased on v2021.10-rc*
> > * removed dependency on target's configuration
> > * removed fdtsig.sh and others
> > * add man page
> > * update the UEFI document
> > * add dedicate defconfig for testing on sandbox
> > * add gitlab CI support
> > * add "--guid" option to mkeficapsule
> > (yet rather RFC)
> >
> > Initial release (May 12, 2021)
> > * based on v2021.07-rc2
> >
> > AKASHI Takahiro (9):
> > tools: mkeficapsule: add firmwware image signing
> > tools: mkeficapsule: add man page
> > doc: update UEFI document for usage of mkeficapsule
> > efi_loader: ease the file path check for public key
> > test/py: efi_capsule: add image authentication test
> > sandbox: add config for efi capsule authentication test
> > GitLab: add a test rule for efi capsule authentication test
> > tools: mkeficapsule: allow for specifying GUID explicitly
> > test/py: efi_capsule: align with the syntax change of mkeficapsule
> >
> > .gitlab-ci.yml | 6 +
> > MAINTAINERS | 1 +
> > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++
> > doc/develop/uefi/uefi.rst | 31 +-
> > doc/mkeficapsule.1 | 98 +++++
> > lib/efi_loader/Makefile | 5 +-
> > test/py/tests/test_efi_capsule/SIGNER.crt | 19 +
> > test/py/tests/test_efi_capsule/SIGNER.esl | Bin 0 -> 829 bytes
> > test/py/tests/test_efi_capsule/SIGNER.key | 28 ++
> > test/py/tests/test_efi_capsule/SIGNER2.crt | 19 +
> > test/py/tests/test_efi_capsule/SIGNER2.key | 28 ++
> > .../py/tests/test_efi_capsule/capsule_defs.py | 5 +
> > test/py/tests/test_efi_capsule/conftest.py | 39 +-
> > .../test_capsule_firmware_signed.py | 228 +++++++++++
> > tools/Kconfig | 7 +
> > tools/Makefile | 8 +-
> > tools/mkeficapsule.c | 368 ++++++++++++++++--
> > 17 files changed, 1129 insertions(+), 68 deletions(-)
> > create mode 100644 configs/sandbox_capsule_auth_defconfig
> > create mode 100644 doc/mkeficapsule.1
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.crt
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.esl
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.key
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.crt
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.key
> > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
> >
>
prev parent reply other threads:[~2021-08-02 5:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 9:10 [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 1/9] tools: mkeficapsule: add firmwware image signing AKASHI Takahiro
2021-07-28 8:12 ` Masami Hiramatsu
2021-08-01 9:21 ` Heinrich Schuchardt
2021-08-02 3:30 ` AKASHI Takahiro
2021-08-02 6:18 ` Heinrich Schuchardt
2021-08-02 6:55 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 2/9] tools: mkeficapsule: add man page AKASHI Takahiro
2021-08-01 9:28 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 3/9] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2021-08-01 9:31 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 4/9] efi_loader: ease the file path check for public key AKASHI Takahiro
2021-08-01 9:35 ` Heinrich Schuchardt
2021-08-02 4:50 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 5/9] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2021-08-01 9:38 ` Heinrich Schuchardt
2021-08-02 4:02 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 6/9] sandbox: add config for efi capsule " AKASHI Takahiro
2021-07-28 20:21 ` Heinrich Schuchardt
2021-07-29 0:39 ` AKASHI Takahiro
2021-07-31 16:59 ` Simon Glass
2021-08-01 4:29 ` AKASHI Takahiro
2021-08-01 19:00 ` Simon Glass
2021-08-01 22:57 ` AKASHI Takahiro
2021-08-02 19:19 ` Simon Glass
2021-07-27 9:10 ` [PATCH v2 7/9] GitLab: add a test rule " AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 8/9] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 9/9] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2021-08-01 9:40 ` [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support Heinrich Schuchardt
2021-08-02 5:00 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210802050005.GE7965@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=ilias.apalodimas@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.