On 12.05.21 10:01, Ilias Apalodimas wrote:
> On Wed, May 12, 2021 at 04:49:02PM +0900, Masami Hiramatsu wrote:
>> Hi Ilias,
>>
>> 2021年5月12日(水) 16:21 Ilias Apalodimas <ilias.apalodi...@linaro.org>:
>>>
>>> Akashi-san,
>>>
>>> On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
>>>> As we discussed, "-K" and "-D" options have nothing to do with
>>>> creating a capsule file. The same result can be obtained by
>>>> using standard commands like:
>>>> === signature.dts ===
>>>> /dts-v1/;
>>>> /plugin/;
>>>>
>>>> &{/} {
>>>> signature {
>>>> capsule-key = /incbin/("SIGNER.esl");
>>>> };
>>>> };
>>>> ===
>>>> $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
>>>> $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
>>>>
>>>> So just remove this feature.
>>>> (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support
>>>> for embedding public key in a dtb").)
>>>>
>>>> The same feature is implemented by a shell script (tools/fdtsig.sh).
>>>
>>>
>>> The only reason I can see to keep this, is if mkeficapsule gets included
>>> intro distro packages in the future. That would make end users life a bit
>>> easier, since they would need a single binary to create the whole
>>> CapsuleUpdate sequence.
>>
>> Hmm, I think it is better to write a manpage of mkeficapsule which
>> also describes
>> how to embed the key into dtb as in the above example if it is so short.
>> Or, distros can package the above shell script with mkeficapsule.
>>
>> Embedding a key and signing a capsule are different operations but
>> using the same tool may confuse users (at least me).
>
> Sure fair enough. I am merely pointing out we need a way to explain all of
> those to users.
This is currently our only documentation:
https://u-boot.readthedocs.io/en/latest/board/emulation/qemu_capsule_update.html?highlight=mkeficapsule
For mkimage we have a man-page ./doc/mkimage.1 that is packaged with
Debians u-boot-tools package. Please, provide a similar man-page as
./doc/mkeficapsule.1.
Best regards
Heinrich
