From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AD6D0C433EF for ; Mon, 21 Feb 2022 00:44:13 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2B24883BCD; Mon, 21 Feb 2022 01:44:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YDD8dqTU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 237A083BD5; Mon, 21 Feb 2022 01:44:09 +0100 (CET) Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5121383BCA for ; Mon, 21 Feb 2022 01:44:05 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x532.google.com with SMTP id 195so12866504pgc.6 for ; Sun, 20 Feb 2022 16:44:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=Y8ikWs6/bYQxh5AiM2w3nsKdh+RsJLHr7h6GA5SS2mA=; b=YDD8dqTUX3hpvoQkl85sUBP+vFdSyuNJRfSSfV/2rEo70ihYjRsdOnWScIq90A6YmJ QHQn3CLIlQww6cJs7oId7tvJwe98ul7g2AwCXu0fzOop9fzZJHzwRA9RtpSfBJDkiMT+ NUpbr3xkmzhIAUF9rqvJhr95azmJVc+YIWaq1uUapt+4fXkVYgoKHssSUxqNq1qRJq7c vXIJybGrtDQDWAW+vX9G6bJCCgH5n8Hmmv/a7rndi1IEvEwCvgELbL630ejncaBrwLJX bjxJRuWLc6D0m7pgMuwh1fj6QHAccO4lMVW0JS/vZdugUs0KY6pZ99s/Bg1bScNsewiP AtJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=Y8ikWs6/bYQxh5AiM2w3nsKdh+RsJLHr7h6GA5SS2mA=; b=xde81b4p4XNPWiqqXgeTEmrvCWHAYva7rX3XNgfSRgoWKoV3s8BSWu9SzuAFoO0KKr 9ejENNNdy258u3Z2ulyO6fKG0afBTUkVDbKZhGlSod9d4RNn7wQWQvBsIk95MBm4skOK PTY6a2nlKxcAOe844ocPOn/IfinjE+uMB81+boHdM1ygHR+Y5c0EIZ9h+BPUMT0Tq3mA dT9Oy6gQK4u0lwu4p1SYDh9/gViKcPMsOx2haK2fJ9/sgEnPmHpULnfAUcM5e4lFeTJz lga4U+SHM1mzKjpIeOS34DEA9BAmAd+weDuG0fzUclRYqHEGlyNhtmq8/dX7Jk0bGVUl dG/Q== X-Gm-Message-State: AOAM530aiqorweppgdiM/hGuScki3Auw9EcuN/DoypUr9QbmDVgClhut +QvKNK19+d1bXQMIPt9R5SMe1g== X-Google-Smtp-Source: ABdhPJz3rQ4FqhdeJHo/gYOd/kjy6jNr0Jm6fgQFEgsT9wVGAajKZ/rklc7KLeKcqbt82mx3u20J5g== X-Received: by 2002:a63:cd49:0:b0:373:5fbb:c790 with SMTP id a9-20020a63cd49000000b003735fbbc790mr14497061pgj.206.1645404243558; Sun, 20 Feb 2022 16:44:03 -0800 (PST) Received: from laputa ([2400:4050:c3e1:100:10db:56a3:86a1:2dd3]) by smtp.gmail.com with ESMTPSA id k18sm10441309pfi.10.2022.02.20.16.44.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 20 Feb 2022 16:44:03 -0800 (PST) Date: Mon, 21 Feb 2022 09:43:59 +0900 From: AKASHI Takahiro To: Simon Glass Cc: Heinrich Schuchardt , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , Mark Kettenis , U-Boot Mailing List , Tom Rini Subject: Re: [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing Message-ID: <20220221004359.GA41731@laputa> Mail-Followup-To: AKASHI Takahiro , Simon Glass , Heinrich Schuchardt , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , Mark Kettenis , U-Boot Mailing List , Tom Rini References: <20220209101042.78036-1-takahiro.akashi@linaro.org> <20220209101042.78036-3-takahiro.akashi@linaro.org> <8f054639-b37c-8636-4097-ce91087f4926@gmx.de> <20220214005420.GB39639@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Hi Simon, On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote: > Hi, > > On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro > wrote: > > > > Heinrich, > > > > On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote: > > > On 2/9/22 11:10, AKASHI Takahiro wrote: > > > > With this enhancement, mkeficapsule will be able to sign a capsule > > > > file when it is created. A signature added will be used later > > > > in the verification at FMP's SetImage() call. > > > > > > > > To do that, we need specify additional command parameters: > > > > -monotonic-cout : monotonic count > > > > -private-key : private key file > > > > -certificate : certificate file > > > > Only when all of those parameters are given, a signature will be added > > > > to a capsule file. > > > > > > > > Users are expected to maintain and increment the monotonic count at > > > > every time of the update for each firmware image. > > > > > > > > Signed-off-by: AKASHI Takahiro > > > > Reviewed-by: Simon Glass > > > > Acked-by: Ilias Apalodimas > > > > --- > > > > .azure-pipelines.yml | 2 +- > > > > tools/Makefile | 1 + > > > > tools/eficapsule.h | 115 +++++++++++++ > > > > tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++---- > > > > 4 files changed, 463 insertions(+), 35 deletions(-) > > > > create mode 100644 tools/eficapsule.h > > I'm not sure if it is this patch or something else, but building is > broken as it needs > > gnutls/gnutls.h > > Please update the docs in doc/build/gcc.rst to fix this. I have not noticed that there is *another* list of package dependency. It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev) is NOT the only component missing in the list. Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of such packages: gcc.rst | gitlab-ci.yml ====== ====== > automake > autopoint bc bc > binutils-dev bison bison build-essential build-essential coccinelle | clang-10 > coreutils > cpio > cppcheck > curl device-tree-compiler device-tree-compiler dfu-util | dosfstools > e2fsprogs efitools efitools > fakeroot flex flex gdisk gdisk > git > gnu-efi graphviz graphviz > grub-efi-amd64-bin > grub-efi-ia32-bin > help2man > iasl imagemagick imagemagick liblz4-tool | iputils-ping libguestfs-tools libguestfs-tools libncurses-dev | libgnutls28-dev libpython3-dev | libgnutls30 > libisl15 > liblz4-tool > libpixman-1-dev > libpython-dev > libsdl1.2-dev libsdl2-dev libsdl2-dev libssl-dev libssl-dev lz4 | libudev-dev lzma | libusb-1.0-0-dev lzma-alone lzma-alone > lzop > mount > mtd-utils > mtools openssl openssl > picocom > parted pkg-config pkg-config python3 | python python3-coverage | python-dev python3-pkg-resources | python-pip python3-pycryptodome | python-virtualenv python3-pyelftools | python3-pip python3-pytest | python3-sphinx python3-sphinxcontrib.apidoc | rpm2cpio python3-sphinx-rtd-theme | sbsigntool python3-virtualenv | sloccount > sparse > srecord > sudo swig swig > util-linux > uuid-dev > virtualenv > zip -Takahiro Akashi