From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Sughosh Ganu <sughosh.ganu@linaro.org>,
Masami Hiramatsu <masami.hiramatsu@linaro.org>,
Mark Kettenis <mark.kettenis@xs4all.nl>,
U-Boot Mailing List <u-boot@lists.denx.de>,
Tom Rini <trini@konsulko.com>
Subject: Re: [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing
Date: Mon, 21 Feb 2022 09:43:59 +0900 [thread overview]
Message-ID: <20220221004359.GA41731@laputa> (raw)
In-Reply-To: <CAPnjgZ1vbyUGYJQUvTKb8NrTH9-EQwtKT-aD0WX7JouRdevRrw@mail.gmail.com>
Hi Simon,
On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote:
> Hi,
>
> On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > Heinrich,
> >
> > On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
> > > On 2/9/22 11:10, AKASHI Takahiro wrote:
> > > > With this enhancement, mkeficapsule will be able to sign a capsule
> > > > file when it is created. A signature added will be used later
> > > > in the verification at FMP's SetImage() call.
> > > >
> > > > To do that, we need specify additional command parameters:
> > > > -monotonic-cout <count> : monotonic count
> > > > -private-key <private key file> : private key file
> > > > -certificate <certificate file> : certificate file
> > > > Only when all of those parameters are given, a signature will be added
> > > > to a capsule file.
> > > >
> > > > Users are expected to maintain and increment the monotonic count at
> > > > every time of the update for each firmware image.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > Reviewed-by: Simon Glass <sjg@chromium.org>
> > > > Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > > > ---
> > > > .azure-pipelines.yml | 2 +-
> > > > tools/Makefile | 1 +
> > > > tools/eficapsule.h | 115 +++++++++++++
> > > > tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
> > > > 4 files changed, 463 insertions(+), 35 deletions(-)
> > > > create mode 100644 tools/eficapsule.h
>
> I'm not sure if it is this patch or something else, but building is
> broken as it needs
>
> gnutls/gnutls.h
>
> Please update the docs in doc/build/gcc.rst to fix this.
I have not noticed that there is *another* list of package dependency.
It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev)
is NOT the only component missing in the list.
Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of
such packages:
gcc.rst | gitlab-ci.yml
====== ======
> automake
> autopoint
bc bc
> binutils-dev
bison bison
build-essential build-essential
coccinelle | clang-10
> coreutils
> cpio
> cppcheck
> curl
device-tree-compiler device-tree-compiler
dfu-util | dosfstools
> e2fsprogs
efitools efitools
> fakeroot
flex flex
gdisk gdisk
> git
> gnu-efi
graphviz graphviz
> grub-efi-amd64-bin
> grub-efi-ia32-bin
> help2man
> iasl
imagemagick imagemagick
liblz4-tool | iputils-ping
libguestfs-tools libguestfs-tools
libncurses-dev | libgnutls28-dev
libpython3-dev | libgnutls30
> libisl15
> liblz4-tool
> libpixman-1-dev
> libpython-dev
> libsdl1.2-dev
libsdl2-dev libsdl2-dev
libssl-dev libssl-dev
lz4 | libudev-dev
lzma | libusb-1.0-0-dev
lzma-alone lzma-alone
> lzop
> mount
> mtd-utils
> mtools
openssl openssl
> picocom
> parted
pkg-config pkg-config
python3 | python
python3-coverage | python-dev
python3-pkg-resources | python-pip
python3-pycryptodome | python-virtualenv
python3-pyelftools | python3-pip
python3-pytest | python3-sphinx
python3-sphinxcontrib.apidoc | rpm2cpio
python3-sphinx-rtd-theme | sbsigntool
python3-virtualenv | sloccount
> sparse
> srecord
> sudo
swig swig
> util-linux
> uuid-dev
> virtualenv
> zip
-Takahiro Akashi
next prev parent reply other threads:[~2022-02-21 0:44 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-09 10:10 [PATCH v11 0/9] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 1/9] tools: build mkeficapsule with tools-only_defconfig AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing AKASHI Takahiro
2022-02-11 19:16 ` Heinrich Schuchardt
2022-02-14 0:54 ` AKASHI Takahiro
2022-02-19 23:11 ` Simon Glass
2022-02-21 0:43 ` AKASHI Takahiro [this message]
2022-02-21 18:59 ` Heinrich Schuchardt
2022-03-13 6:05 ` Simon Glass
2022-02-09 10:10 ` [PATCH v11 3/9] tools: mkeficapsule: add man page AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 4/9] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 5/9] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2022-02-11 19:25 ` Heinrich Schuchardt
2022-02-14 0:43 ` AKASHI Takahiro
2022-02-16 8:40 ` Heinrich Schuchardt
2022-02-09 10:10 ` [PATCH v11 6/9] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 7/9] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 8/9] test/py: efi_capsule: add a test for "--guid" option AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 9/9] test/py: efi_capsule: check the results in case of CAPSULE_AUTHENTICATE AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220221004359.GA41731@laputa \
--to=takahiro.akashi@linaro.org \
--cc=ilias.apalodimas@linaro.org \
--cc=mark.kettenis@xs4all.nl \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox