From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org,
ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org,
masami.hiramatsu@linaro.org, u-boot@lists.denx.de
Subject: Re: [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support
Date: Mon, 2 Aug 2021 14:00:05 +0900 [thread overview]
Message-ID: <20210802050005.GE7965@laputa> (raw)
In-Reply-To: <b63a2c6c-5943-ef6b-19f4-cc401da2dd56@gmx.de>
Heinrich,
On Sun, Aug 01, 2021 at 11:40:14AM +0200, Heinrich Schuchardt wrote:
> On 7/27/21 11:10 AM, AKASHI Takahiro wrote:
> > As I proposed and discussed in [1] and [2], I have made a couple of
> > improvements on the current implementation of capsule update in this
> > patch set.
> >
> > * add signing feature to mkeficapsule
> > * add "--guid" option to mkeficapsule
> > * add man page of mkeficapsule
> > * add pytest for capsule authentication (on sandbox)
> >
> > NOTE:
> > Due to Ilias's commit[3], we need to have a customized configuration
> > for sandbox to properly set up and run capsule authentication test.
> > See patch#5,#6 and #7.
> >
> > [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
> > [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html
> > [3] commit ddf67daac39d ("efi_capsule: Move signature from DTB to
> > .rodata")
>
>
> Dear Takahiro,
>
> thanks for driving this topic. I have finished with my review and will
> be waiting for v2.
Thanks for your review comments.
I'd like to know what's your thought on Patch#8 (and #9)
as I have not seen your comment at [2] above.
It is more or less an RFC since it breaks the compatibility
of command syntax although I believe that the change is
quite useful.
-Takahiro Akashi
> Best regards
>
> Heinrich
>
> >
> > Prerequisite patches
> > ====================
> > None
> >
> > Test
> > ====
> > * locally passed the pytest which is included in this patch series
> > on sandbox built.
> >
> > Todo
> > ====
> > * Confirm that the change in .gitlab-ci.yml works.
> > * Azure support(?)
> >
> > Changes
> > =======
> > v2 (July 28, 2021)
> > * rebased on v2021.10-rc*
> > * removed dependency on target's configuration
> > * removed fdtsig.sh and others
> > * add man page
> > * update the UEFI document
> > * add dedicate defconfig for testing on sandbox
> > * add gitlab CI support
> > * add "--guid" option to mkeficapsule
> > (yet rather RFC)
> >
> > Initial release (May 12, 2021)
> > * based on v2021.07-rc2
> >
> > AKASHI Takahiro (9):
> > tools: mkeficapsule: add firmwware image signing
> > tools: mkeficapsule: add man page
> > doc: update UEFI document for usage of mkeficapsule
> > efi_loader: ease the file path check for public key
> > test/py: efi_capsule: add image authentication test
> > sandbox: add config for efi capsule authentication test
> > GitLab: add a test rule for efi capsule authentication test
> > tools: mkeficapsule: allow for specifying GUID explicitly
> > test/py: efi_capsule: align with the syntax change of mkeficapsule
> >
> > .gitlab-ci.yml | 6 +
> > MAINTAINERS | 1 +
> > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++
> > doc/develop/uefi/uefi.rst | 31 +-
> > doc/mkeficapsule.1 | 98 +++++
> > lib/efi_loader/Makefile | 5 +-
> > test/py/tests/test_efi_capsule/SIGNER.crt | 19 +
> > test/py/tests/test_efi_capsule/SIGNER.esl | Bin 0 -> 829 bytes
> > test/py/tests/test_efi_capsule/SIGNER.key | 28 ++
> > test/py/tests/test_efi_capsule/SIGNER2.crt | 19 +
> > test/py/tests/test_efi_capsule/SIGNER2.key | 28 ++
> > .../py/tests/test_efi_capsule/capsule_defs.py | 5 +
> > test/py/tests/test_efi_capsule/conftest.py | 39 +-
> > .../test_capsule_firmware_signed.py | 228 +++++++++++
> > tools/Kconfig | 7 +
> > tools/Makefile | 8 +-
> > tools/mkeficapsule.c | 368 ++++++++++++++++--
> > 17 files changed, 1129 insertions(+), 68 deletions(-)
> > create mode 100644 configs/sandbox_capsule_auth_defconfig
> > create mode 100644 doc/mkeficapsule.1
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.crt
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.esl
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.key
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.crt
> > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.key
> > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
> >
>
prev parent reply other threads:[~2021-08-02 5:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 9:10 [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 1/9] tools: mkeficapsule: add firmwware image signing AKASHI Takahiro
2021-07-28 8:12 ` Masami Hiramatsu
2021-08-01 9:21 ` Heinrich Schuchardt
2021-08-02 3:30 ` AKASHI Takahiro
2021-08-02 6:18 ` Heinrich Schuchardt
2021-08-02 6:55 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 2/9] tools: mkeficapsule: add man page AKASHI Takahiro
2021-08-01 9:28 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 3/9] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2021-08-01 9:31 ` Heinrich Schuchardt
2021-07-27 9:10 ` [PATCH v2 4/9] efi_loader: ease the file path check for public key AKASHI Takahiro
2021-08-01 9:35 ` Heinrich Schuchardt
2021-08-02 4:50 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 5/9] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2021-08-01 9:38 ` Heinrich Schuchardt
2021-08-02 4:02 ` AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 6/9] sandbox: add config for efi capsule " AKASHI Takahiro
2021-07-28 20:21 ` Heinrich Schuchardt
2021-07-29 0:39 ` AKASHI Takahiro
2021-07-31 16:59 ` Simon Glass
2021-08-01 4:29 ` AKASHI Takahiro
2021-08-01 19:00 ` Simon Glass
2021-08-01 22:57 ` AKASHI Takahiro
2021-08-02 19:19 ` Simon Glass
2021-07-27 9:10 ` [PATCH v2 7/9] GitLab: add a test rule " AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 8/9] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2021-07-27 9:10 ` [PATCH v2 9/9] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2021-08-01 9:40 ` [PATCH v2 0/9] efi_loader: capsule: improve capsule authentication support Heinrich Schuchardt
2021-08-02 5:00 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210802050005.GE7965@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=ilias.apalodimas@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox