From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63ECEC4338F for ; Sun, 1 Aug 2021 22:57:56 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 63B4261075 for ; Sun, 1 Aug 2021 22:57:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 63B4261075 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0ACF8832C3; Mon, 2 Aug 2021 00:57:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Duds1Cym"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0A8D6831CC; Mon, 2 Aug 2021 00:57:51 +0200 (CEST) Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7027C831CC for ; Mon, 2 Aug 2021 00:57:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id u9-20020a17090a1f09b029017554809f35so28786653pja.5 for ; Sun, 01 Aug 2021 15:57:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=KDW659XBP5wFGtVrFINzLxmnpjllJpJOPatpRMN0sMA=; b=Duds1CymdozAU0nBX0odteGWgwNlHYMvdpPQJgMuhWJlthXJPvZ16t8pVMcor+MsM5 PQrs1vHuZX7NTjaeOVygshoVdd2R8vQFNLs9MAZQB/vNdv+ent7rjIP8nMX9L5HMxkl+ SA1g60M221IlGd86S/6rKRHSeuqKELKKgHU5AShNNZdXj3Hv1HTfXOERqvv10pnGEF9m z47ifgpzMutarJITHxyW9DsdtwJD5rCSzwIGyiW7pkx0hjD6gpmPo/a7zxpopn76hkYK 9p0p8bLFb3H7R9KsqOURFdItVmqX1LcVtQUab4h0pd8p98Q3tUTYNzvpUlMSE704xaqS F2UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=KDW659XBP5wFGtVrFINzLxmnpjllJpJOPatpRMN0sMA=; b=JoOHOl50raGdUcR2clbmsR9vgNSHFFn0sPwrZvBftSTCsLBTebKqIJVDb0FXCwllso Z8Y45vJjjfsQIomBqkI9U8BdEw2K29RqOdD8ovNI7xyUaF7gjN/63FL4nDzVBT2rr/MR yVPdmneDKLBs7dVaNMxwOTjRcpEQxTG5w0Fs0afFWO5kjC0v31gDh8rRgiZBlyadu9FG iWtS8padHJfYlU2Pgx4ony4EibAAKAaSs17ylt4l6FCnuhl6ZxNcAssb8HfZrO0x1A9t 0bv7TdMi9+bo1WxqbwIz7LkunmUGnHJ8gfESusedErX1nRuVNKJcR5GduQ6s2zAgNXEk r//w== X-Gm-Message-State: AOAM532YTbby+Tv1L/IvWZXLN/vRlMnl9fbt/5HRQKWafSMstJq6jxhk 7hNouceh4fW9dw0QlB3EdDpU1A== X-Google-Smtp-Source: ABdhPJwDLPYKW2NR09TB/7maQ9icXGgO2MMm6qPeuvyCXpL/yCO5bpbTCTqRlf2hmUXakK6ykH3VHA== X-Received: by 2002:aa7:8d94:0:b029:3a0:a513:e13a with SMTP id i20-20020aa78d940000b02903a0a513e13amr13934603pfr.56.1627858665558; Sun, 01 Aug 2021 15:57:45 -0700 (PDT) Received: from laputa (pdb6272b1.tkyea130.ap.so-net.ne.jp. [219.98.114.177]) by smtp.gmail.com with ESMTPSA id m21sm9027992pfo.159.2021.08.01.15.57.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Aug 2021 15:57:45 -0700 (PDT) Date: Mon, 2 Aug 2021 07:57:40 +0900 From: AKASHI Takahiro To: Simon Glass Cc: Heinrich Schuchardt , Alex Graf , Tom Rini , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , U-Boot Mailing List Subject: Re: [PATCH v2 6/9] sandbox: add config for efi capsule authentication test Message-ID: <20210801225740.GA7965@laputa> Mail-Followup-To: AKASHI Takahiro , Simon Glass , Heinrich Schuchardt , Alex Graf , Tom Rini , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , U-Boot Mailing List References: <20210727091054.512050-1-takahiro.akashi@linaro.org> <20210727091054.512050-7-takahiro.akashi@linaro.org> <20210801042932.GA53902@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Simon, On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote: > Hi Takahiro, > > On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro > wrote: > > > > Simon, > > > > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote: > > > Hi Takahiro, > > > > > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro > > > wrote: > > > > > > > > This new configuration, which was derived from sandbox_defconfig, will be > > > > used solely to run efi capsule authentication test as the test requires > > > > a public key (esl file) to be embedded in U-Boot binary. > > > > > > > > Signed-off-by: AKASHI Takahiro > > > > --- > > > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > > > 1 file changed, 307 insertions(+) > > > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > > > > > NAK. > > > > > > Please just add it to sandbox_defconfig. We sometimes have to create > > > > Unfortunately, I can't. > > Look, we now have two tests, test_capsule_firmware.py and > > test_capsule_firmware_signed.py, and we need U-Boot binaries, > > respectively, without a key and with a key. > > A single configuration cannot satisfy both. > > > > > new variants when dealing with actual build variations (e.g. SPL, > > > building without OF_LIVE), but here we should just enable the feature > > > in sandbox_defconfig. > > > > > > We already covered embedding key in the binary on another thread. > > > Please don't do that. After that debacle I sent a patch explaining > > > this: > > > > > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ > > > > Please discuss and make an agreement with Heinrich. > > The patch for embedding a key has already been merged in -rc1. > > Which patch was that? I thought I pushed back on the one that did that. The commit ddf67daac39d Author: Ilias Apalodimas Date: Sat Jul 17 17:26:44 2021 +0300 efi_capsule: Move signature from DTB to .rodata -Takahiro Akashi > > In my personal opinion, neither approaches won't apply to production > > any way. > > Regards, > Simon