From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Wed, 28 Apr 2021 14:39:07 +0900 Subject: [PATCH v2 4/4] Makefile: Add provision for embedding public key in platform's dtb In-Reply-To: <20210412150526.29822-5-sughosh.ganu@linaro.org> References: <20210412150526.29822-1-sughosh.ganu@linaro.org> <20210412150526.29822-5-sughosh.ganu@linaro.org> Message-ID: <20210428053907.GD25322@laputa> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Mon, Apr 12, 2021 at 08:35:26PM +0530, Sughosh Ganu wrote: > Add provision for embedding the public key used for capsule > authentication in the platform's dtb. This is done by invoking the > mkeficapsule utility which puts the public key in the efi signature > list(esl) format into the dtb. > > Signed-off-by: Sughosh Ganu > --- > > Changes since V1: None > > Makefile | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/Makefile b/Makefile > index b72d8d20c0..ebd4a6477c 100644 > --- a/Makefile > +++ b/Makefile > @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } > quiet_cmd_lzma = LZMA $@ > cmd_lzma = lzma -c -z -k -9 $< > $@ > > +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ > +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ > + -D $@ Instead, we can do $ dtc -@ -I dts -O dtb -o pubkey.dtbo pubkey.dts $ fdtoverlay -i test.dtb -o test_pubkey.dtb -v pubkey.dtbo -Takahiro Akashi > + > cfg: u-boot.cfg > > quiet_cmd_cfgcheck = CFGCHK $2 > @@ -1161,8 +1165,14 @@ endif > PHONY += dtbs > dtbs: dts/dt.dtb > @: > +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) > +dts/dt.dtb: u-boot tools > + $(Q)$(MAKE) $(build)=dts dtbs > + $(call cmd,mkeficapsule) > +else > dts/dt.dtb: u-boot > $(Q)$(MAKE) $(build)=dts dtbs > +endif > > quiet_cmd_copy = COPY $@ > cmd_copy = cp $< $@ > -- > 2.17.1 >