From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
Alex Graf <agraf@csgraf.de>, Tom Rini <trini@konsulko.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Sughosh Ganu <sughosh.ganu@linaro.org>,
Masami Hiramatsu <masami.hiramatsu@linaro.org>,
U-Boot Mailing List <u-boot@lists.denx.de>
Subject: Re: [PATCH v2 6/9] sandbox: add config for efi capsule authentication test
Date: Mon, 2 Aug 2021 07:57:40 +0900 [thread overview]
Message-ID: <20210801225740.GA7965@laputa> (raw)
In-Reply-To: <CAPnjgZ04yKVRxkYUS7ATBmtXtnEu-UmHHZu3xnwS=7CdSOWw-w@mail.gmail.com>
Simon,
On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote:
> Hi Takahiro,
>
> On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > Simon,
> >
> > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> > > Hi Takahiro,
> > >
> > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> > > <takahiro.akashi@linaro.org> wrote:
> > > >
> > > > This new configuration, which was derived from sandbox_defconfig, will be
> > > > used solely to run efi capsule authentication test as the test requires
> > > > a public key (esl file) to be embedded in U-Boot binary.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > ---
> > > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> > > > 1 file changed, 307 insertions(+)
> > > > create mode 100644 configs/sandbox_capsule_auth_defconfig
> > >
> > > NAK.
> > >
> > > Please just add it to sandbox_defconfig. We sometimes have to create
> >
> > Unfortunately, I can't.
> > Look, we now have two tests, test_capsule_firmware.py and
> > test_capsule_firmware_signed.py, and we need U-Boot binaries,
> > respectively, without a key and with a key.
> > A single configuration cannot satisfy both.
> >
> > > new variants when dealing with actual build variations (e.g. SPL,
> > > building without OF_LIVE), but here we should just enable the feature
> > > in sandbox_defconfig.
> > >
> > > We already covered embedding key in the binary on another thread.
> > > Please don't do that. After that debacle I sent a patch explaining
> > > this:
> > >
> > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/
> >
> > Please discuss and make an agreement with Heinrich.
> > The patch for embedding a key has already been merged in -rc1.
>
> Which patch was that? I thought I pushed back on the one that did that.
The commit ddf67daac39d
Author: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Date: Sat Jul 17 17:26:44 2021 +0300
efi_capsule: Move signature from DTB to .rodata
-Takahiro Akashi
> > In my personal opinion, neither approaches won't apply to production
> > any way.
>
> Regards,
> Simon
next prev parent reply other threads:[~2021-08-01 22:57 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 9:10 [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 1/9] tools: mkeficapsule: add firmwware image signing AKASHI Takahiro
2021-07-28 8:12 ` Masami Hiramatsu
2021-08-01 9:21 ` Heinrich Schuchardt
2021-08-02 3:30 ` AKASHI Takahiro
2021-08-02 6:18 ` Heinrich Schuchardt
2021-08-02 6:55 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 2/9] tools: mkeficapsule: add man page AKASHI Takahiro
2021-08-01 9:28 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 3/9] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2021-08-01 9:31 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 4/9] efi_loader: ease the file path check for public key AKASHI Takahiro
2021-08-01 9:35 ` Heinrich Schuchardt
2021-08-02 4:50 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 5/9] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2021-08-01 9:38 ` Heinrich Schuchardt
2021-08-02 4:02 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 6/9] sandbox: add config for efi capsule " AKASHI Takahiro
2021-07-28 20:21 ` Heinrich Schuchardt
2021-07-29 0:39 ` AKASHI Takahiro
2021-07-31 16:59 ` Simon Glass
2021-08-01 4:29 ` AKASHI Takahiro
2021-08-01 19:00 ` Simon Glass
2021-08-01 22:57 ` AKASHI Takahiro [this message]
2021-08-02 19:19 ` Simon Glass
2021-07-27 9:10 ` [PATCH v2 7/9] GitLab: add a test rule " AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 8/9] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 9/9] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2021-08-01 9:40 ` [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support Heinrich Schuchardt
2021-08-02 5:00 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210801225740.GA7965@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=ilias.apalodimas@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox