From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Wed, 28 Apr 2021 14:43:50 +0900 Subject: [PATCH 5/5] Makefile: Add provision for embedding public key in platform's dtb In-Reply-To: <5a137b94-d797-e245-6f70-9eaaf474df72@gmx.de> References: <20210407115335.8615-1-sughosh.ganu@linaro.org> <20210407115335.8615-6-sughosh.ganu@linaro.org> <5a137b94-d797-e245-6f70-9eaaf474df72@gmx.de> Message-ID: <20210428054350.GE25322@laputa> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Thu, Apr 08, 2021 at 09:58:17PM +0200, Heinrich Schuchardt wrote: > On 4/7/21 1:53 PM, Sughosh Ganu wrote: > > Add provision for embedding the public key used for capsule > > authentication in the platform's dtb. This is done by invoking the > > mkeficapsule utility which puts the public key in the efi signature > > list(esl) format into the dtb. > > > > Signed-off-by: Sughosh Ganu > > --- > > Makefile | 10 ++++++++++ > > 1 file changed, 10 insertions(+) > > > > diff --git a/Makefile b/Makefile > > index 193aa4d1c9..0d50c6a805 100644 > > --- a/Makefile > > +++ b/Makefile > > @@ -1010,6 +1010,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } > > quiet_cmd_lzma = LZMA $@ > > cmd_lzma = lzma -c -z -k -9 $< > $@ > > > > +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ > > +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ > > + -D $@ > > + > > tools/mkeficapsule --help does neither show a parameter -K nor a > parameter -D. This clearly shows that the feature with -K/-D has nothing to do with creating a capsule file. Two totally different things in one place (command). And the dtb overlay operation can be achieved by using standard commands. I believe that the feature should be removed from mkeficapsule. -Takahiro Akashi > Please, update tools/mkeficapsule.c before using these. A > man-page for mkeficapsule in doc/usage/ would be helpful. > > $ tools/mkeficapsule --help > Usage: mkeficapsule [options] > Options: > --fit new FIT image file > --raw new raw image file > --index update image index > --instance update hardware instance > --public-key public key esl file > --dtb dtb file > --overlay the dtb file is an overlay > --help print a help message > > Best regards > > Heinrich > > > cfg: u-boot.cfg > > > > quiet_cmd_cfgcheck = CFGCHK $2 > > @@ -1104,8 +1108,14 @@ endif > > PHONY += dtbs > > dtbs: dts/dt.dtb > > @: > > +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) > > +dts/dt.dtb: u-boot tools > > + $(Q)$(MAKE) $(build)=dts dtbs > > + $(call cmd,mkeficapsule) > > +else > > dts/dt.dtb: u-boot > > $(Q)$(MAKE) $(build)=dts dtbs > > +endif > > > > quiet_cmd_copy = COPY $@ > > cmd_copy = cp $< $@ > > >