Akashi-san,
On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
> As we discussed, "-K" and "-D" options have nothing to do with
> creating a capsule file. The same result can be obtained by
> using standard commands like:
> === signature.dts ===
> /dts-v1/;
> /plugin/;
>
> &{/} {
> signature {
> capsule-key = /incbin/("SIGNER.esl");
> };
> };
> ===
> $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
> $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
>
> So just remove this feature.
> (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support
> for embedding public key in a dtb").)
>
> The same feature is implemented by a shell script (tools/fdtsig.sh).
The only reason I can see to keep this, is if mkeficapsule gets included
intro distro packages in the future. That would make end users life a bit
easier, since they would need a single binary to create the whole
CapsuleUpdate sequence.
Regards
/Ilias
