From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C87AC433EF for ; Mon, 25 Oct 2021 03:06:55 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 86CF660F4F for ; Mon, 25 Oct 2021 03:06:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 86CF660F4F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D3B3E815CE; Mon, 25 Oct 2021 05:06:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dkaBeIKB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6F6B981F0B; Mon, 25 Oct 2021 05:06:49 +0200 (CEST) Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C45ED80EFB for ; Mon, 25 Oct 2021 05:06:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pf1-x42f.google.com with SMTP id t184so9401230pfd.0 for ; Sun, 24 Oct 2021 20:06:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=qgR2yFzApS3GAnsGh+SNt+YaLmdBaKmS9n9/hY/aM6c=; b=dkaBeIKB1kiIuSSgn/qg35n2T2Qm+Z3+8ffeSfM8/OXyEZpw7BWlIznvUEto6Rn2La QWDZMtrPFKesZM1Vdqom5Zehis/HKXW81h7dFGL0JePZ+t3UoXTqfETsJgGV2l7ToldY TXiNEXd/aGb82mXNUXmdYjvHVEVw+ACBwv2wfXjNd5licL/pBWRyEnF/ZaSjFi9WiD/E hOhigVw26B0BF7r8akP1Kv/sqVAm4BWX6kksMnez1t9HxqQPv3vDrInV+2CCwJbwJKeJ 3T+ANuFT/We07arixp8fmrVo2JWok+/e6ICLmwErj7tla0Tc05uJCBlCFOpaZFwikSWp eJqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=qgR2yFzApS3GAnsGh+SNt+YaLmdBaKmS9n9/hY/aM6c=; b=gmFVzf9LpW2VLUgi+YwtWpc9K4kvEw4b1npikO30SN/kLip9hIh4251Giw0Oo4AoqR 8Fx+1DsqGC9UDvi+D1vPyiAxHV91XV7JB3O5Zsm27nDDRkpOAGmqpH4dMRx8L4ovpka9 tLPNxUfD14+uPbjmgTHm3s2DMsEFCITukhM6sKm/2TZ0lDXtl7JvvVdys6LipmEygY/d EeQlm+Hm5hpJmYSECNTQZLkxgLlpoT3hNy6A/BEszTEws94Qh2UjK4TTBhGq5ibfRGCK VI/iUxLCK1Cat6oRydG7nOIdaoNL4Hjy6er1zcXa0arBejGMyf1JwYa4MyotHbyliIWR wZvQ== X-Gm-Message-State: AOAM531pb4LjCjvEkWl7cjfqpRMNz081WNLBsM96p4krbtsEfRVtdyuW z9q1na2F+kZe9w+UKsJstquMrQ== X-Google-Smtp-Source: ABdhPJzy6z0aO6zlTEVzfH6A1SAqzLM5qqzy7KiLwJ85ERd0ECj9/J08Rqz+ZJVXxjMHcFIGDFjb/g== X-Received: by 2002:a62:5ec2:0:b0:44d:47e2:4b3b with SMTP id s185-20020a625ec2000000b0044d47e24b3bmr15901071pfb.38.1635131203914; Sun, 24 Oct 2021 20:06:43 -0700 (PDT) Received: from laputa ([2400:4050:c3e1:100:fd04:2165:af57:a7ad]) by smtp.gmail.com with ESMTPSA id g25sm444462pfh.216.2021.10.24.20.06.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Oct 2021 20:06:43 -0700 (PDT) Date: Mon, 25 Oct 2021 12:06:39 +0900 From: AKASHI Takahiro To: Simon Glass Cc: Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , U-Boot Mailing List Subject: Re: [PATCH v4 04/11] tools: add fdtsig.sh Message-ID: <20211025030639.GA44989@laputa> Mail-Followup-To: AKASHI Takahiro , Simon Glass , Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , U-Boot Mailing List References: <20211007062340.72207-1-takahiro.akashi@linaro.org> <20211007062340.72207-5-takahiro.akashi@linaro.org> <20211012014212.GC38222@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Simon, On Thu, Oct 14, 2021 at 06:40:24PM -0600, Simon Glass wrote: > Hi Takahiro, > > On Mon, 11 Oct 2021 at 19:42, AKASHI Takahiro > wrote: > > > > Simon, > > > > On Mon, Oct 11, 2021 at 08:54:09AM -0600, Simon Glass wrote: > > > Hi Takahiro, > > > > > > On Thu, 7 Oct 2021 at 00:25, AKASHI Takahiro wrote: > > > > > > > > With this script, a public key is added to a device tree blob > > > > as the default efi_get_public_key_data() expects. > > > > > > > > Signed-off-by: AKASHI Takahiro > > > > --- > > > > MAINTAINERS | 1 + > > > > tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++ > > > > 2 files changed, 41 insertions(+) > > > > create mode 100755 tools/fdtsig.sh > > > > > > Instead of an ad-hoc script with no tests, > > > > Basically I intended to provide fdtsig.sh as a *sample* script so that > > people may want to integrate the logic into their own build rule/systems. > > But I could use this script in my 'capsule authentication' test > > that is also added in patch#22. > > > > > could we use binman for > > > putting the image together and inserting it? > > > > First, as you can see, the script is quite simple and secondly, > > the purpose of binman, IIUC, is to help handle/manipulate U-Boot > > image binaries. > > So I'm not sure whether it is really useful to add such a feature to binman. > > I'm not sure. The script seems very ad-hoc to me, for a feature that > Linaro is pushing so hard. To be honest, I've never used binman :) So I'm not sure whether binman is the best place to add this feature. For example, README under tools/binman says, "It seems better to use the mkimage tool to generate binaries and avoid blurring the boundaries between building input files (mkimage) and packaging then into a final image (binman)." Obviously, dtb is not the final image. > I don't see where the script is used in the tests or even mentioned in > the documentation. Am I missing something? Due to the history of submissions of this series, the current pytest scenario doesn't use the script, but you can see the exact same sequence of commands at test/py/tests/test_efi_capsule/conftest.py: ---8<--- # Update dtb adding capsule certificate check_call('cd %s; cp %s/test/py/tests/test_efi_capsule/signature.dts .' % (data_dir, u_boot_config.source_dir), shell=True) check_call('cd %s; dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; fdtoverlay -i %s/arch/sandbox/dts/test.dtb -o test_sig.dtb signature.dtbo' % (data_dir, u_boot_config.build_dir), shell=True) --->8--- (Please see my patch#11.) What I meant is that we can directly use fdtsig.sh here if your concern is that the script is *not exercised* anywhere. -Takahiro Akashi > Regards, > Simon