From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56968C433EF for ; Fri, 29 Oct 2021 04:56:46 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AFD266113B for ; Fri, 29 Oct 2021 04:56:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AFD266113B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 066D183390; Fri, 29 Oct 2021 06:56:44 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="rcMBXk9P"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9B9F382FE7; Fri, 29 Oct 2021 06:56:41 +0200 (CEST) Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 987A982FE7 for ; Fri, 29 Oct 2021 06:56:37 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x636.google.com with SMTP id n11so6050489plf.4 for ; Thu, 28 Oct 2021 21:56:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=enL1Oku+pfw5E2GavP/tzGHfiLF9J+8rOyGfKH2s1I8=; b=rcMBXk9Pz0ReZX2iG85OzDVx9V8oy+oZWJzTxvK7iZHVkCyIn89NJ1xMTQpVwzjlKa EBavZqZE0aixZxmQLseLjEt4NW8h3GpQLsVdqDLaB38opNu5TPLR54EsSXVMtomOMch4 X4O2PX2D2s9ULItEjU6KfR5bKjCnpMEei/3+z+D34PnmPv11skSAygmso3uC8VCz3RX2 FmxPCm5sOZQyk5VDRc29WywvN0M9jh1q8OzqoH5FM6EX26k8yer9YLDMgJwDJkkg3xgZ c82vpujuMW/xGm/MmdpDnsUhWBPd2ZYPxod+7FK99IcMmC77ptrv0w5cQzH1snG3wZfH u4/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=enL1Oku+pfw5E2GavP/tzGHfiLF9J+8rOyGfKH2s1I8=; b=BatrGyII8KsMHYB8rfIugl/au/JfxhHf7pRphHimsfqCTgynqLM9BaQrBqBCP0njqP qHh3HWWzdLCB8YBBh/2m/NDz2k22Rc74h6Otuo6v8sDj2S9bKygltf/DwVcoOeJCohDZ OJwbBevk23zadJbf/THhR5wcNEMxoIvwJZ1OTZO9f8N2M5AWKjVshaIb62paeQ4yn9Pe S0LO1OMU0MlNsB184dX0shj9M3MnSYq08+OFIIKotVPQJ1pINPU815f46XY+n0c7dyEn 1Pv18p351+kSIlnejGYgiXEf+oFCgtTCMNqqextk/iPsoZeW5XbQ32xSY4W1Nsr5NT9K 5erA== X-Gm-Message-State: AOAM531inNiRUqJ5zV57EM8j5osXviL/vj0C2x5qZ4GLdEAF5nGMQiVd GDkqBzmWGHXe87O1INenAqIAuw== X-Google-Smtp-Source: ABdhPJxLa3A55Cqy2x3yP6G21ZyHprzz8YsT3UmqltJZITx6+YLwSzFQNENTR8eP3abSgDsqJ1bFNQ== X-Received: by 2002:a17:90a:1a4c:: with SMTP id 12mr17398647pjl.89.1635483395735; Thu, 28 Oct 2021 21:56:35 -0700 (PDT) Received: from laputa ([2400:4050:c3e1:100:99fd:f5c5:d3a8:a6cf]) by smtp.gmail.com with ESMTPSA id t4sm5411726pfj.13.2021.10.28.21.56.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Oct 2021 21:56:35 -0700 (PDT) Date: Fri, 29 Oct 2021 13:56:28 +0900 From: AKASHI Takahiro To: Simon Glass Cc: Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , u-boot@lists.denx.de Subject: Re: [PATCH v5 02/11] tools: mkeficapsule: add firmwware image signing Message-ID: <20211029045628.GA33977@laputa> Mail-Followup-To: AKASHI Takahiro , Simon Glass , Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , u-boot@lists.denx.de References: <20211028062356.98224-1-takahiro.akashi@linaro.org> <20211028062356.98224-3-takahiro.akashi@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Thu, Oct 28, 2021 at 09:17:45PM -0600, Simon Glass wrote: > Hi Takahiro, > > On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro > wrote: > > > > With this enhancement, mkeficapsule will be able to sign a capsule > > file when it is created. A signature added will be used later > > in the verification at FMP's SetImage() call. > > > > To do that, We need specify additional command parameters: > > -monotonic-cout : monotonic count > > -private-key : private key file > > -certificate : certificate file > > Only when all of those parameters are given, a signature will be added > > to a capsule file. > > > > Users are expected to maintain and increment the monotonic count at > > every time of the update for each firmware image. > > > > Signed-off-by: AKASHI Takahiro > > --- > > tools/Kconfig | 8 + > > tools/Makefile | 8 +- > > tools/mkeficapsule.c | 435 +++++++++++++++++++++++++++++++++++++++---- > > 3 files changed, 417 insertions(+), 34 deletions(-) > > Reviewed-by: Simon Glass Thank you for your reviewing. > This looks OK but I have some suggestions > > - I don't think you should return -1 from main exit(EXIT_FAILURE)? Yeah, but when I first wrote this tool (without authentication support), 'return -1' was used everywhere. So I didn't want to have mixed styles in this patch. I will make a change with the tweak below. > - could you split up your create_fwbin() to return the number of gotos? Yeah, lots of gotos are messy. > - could we have a man page for the tool? Patch#3 > - should the files be opened in binary mode? Well, the man page of fopen() says, This is strictly for compatibility with C89 and has no effect; the 'b' is ignored on all POSIX conforming sys- tems, including Linux. U-Boot now requires C11, and so no need? > - can we just build the tool always? This is one of my questions. Why do you want to do so while there are bunch of tools that are not always built. # I saw some discussion in another topic thread, and some distro guy said # that they used sandbox_defconfig for tool packaging. -Takahiro Akashi > Regards, > Simon