On Mon, Apr 12, 2021 at 08:35:26PM +0530, Sughosh Ganu wrote:
> Add provision for embedding the public key used for capsule
> authentication in the platform's dtb. This is done by invoking the
> mkeficapsule utility which puts the public key in the efi signature
> list(esl) format into the dtb.
> 
> Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org>
> ---
> 
> Changes since V1: None
> 
>  Makefile | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/Makefile b/Makefile
> index b72d8d20c0..ebd4a6477c 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f 
> $@; false; }
>  quiet_cmd_lzma = LZMA    $@
>  cmd_lzma = lzma -c -z -k -9 $< > $@
>  
> +quiet_cmd_mkeficapsule = MKEFICAPSULE     $@
> +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \
> +     -D $@

Instead, we can do

$ dtc -@ -I dts -O dtb -o pubkey.dtbo pubkey.dts
$ fdtoverlay -i test.dtb -o test_pubkey.dtb -v pubkey.dtbo

-Takahiro Akashi


> +
>  cfg: u-boot.cfg
>  
>  quiet_cmd_cfgcheck = CFGCHK  $2
> @@ -1161,8 +1165,14 @@ endif
>  PHONY += dtbs
>  dtbs: dts/dt.dtb
>       @:
> +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy)
> +dts/dt.dtb: u-boot tools
> +     $(Q)$(MAKE) $(build)=dts dtbs
> +     $(call cmd,mkeficapsule)
> +else
>  dts/dt.dtb: u-boot
>       $(Q)$(MAKE) $(build)=dts dtbs
> +endif
>  
>  quiet_cmd_copy = COPY    $@
>        cmd_copy = cp $< $@
> -- 
> 2.17.1
> 

Reply via email to