On Mon, Apr 12, 2021 at 08:35:26PM +0530, Sughosh Ganu wrote: > Add provision for embedding the public key used for capsule > authentication in the platform's dtb. This is done by invoking the > mkeficapsule utility which puts the public key in the efi signature > list(esl) format into the dtb. > > Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org> > --- > > Changes since V1: None > > Makefile | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/Makefile b/Makefile > index b72d8d20c0..ebd4a6477c 100644 > --- a/Makefile > +++ b/Makefile > @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f > $@; false; } > quiet_cmd_lzma = LZMA $@ > cmd_lzma = lzma -c -z -k -9 $< > $@ > > +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ > +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ > + -D $@
Instead, we can do $ dtc -@ -I dts -O dtb -o pubkey.dtbo pubkey.dts $ fdtoverlay -i test.dtb -o test_pubkey.dtb -v pubkey.dtbo -Takahiro Akashi > + > cfg: u-boot.cfg > > quiet_cmd_cfgcheck = CFGCHK $2 > @@ -1161,8 +1165,14 @@ endif > PHONY += dtbs > dtbs: dts/dt.dtb > @: > +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) > +dts/dt.dtb: u-boot tools > + $(Q)$(MAKE) $(build)=dts dtbs > + $(call cmd,mkeficapsule) > +else > dts/dt.dtb: u-boot > $(Q)$(MAKE) $(build)=dts dtbs > +endif > > quiet_cmd_copy = COPY $@ > cmd_copy = cp $< $@ > -- > 2.17.1 >