Hi Takahiro,
On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro
<takahiro.aka...@linaro.org> wrote:
>
> With this script, a public key is added to a device tree blob
> as the default efi_get_public_key_data() expects.
>
> Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org>
> ---
> MAINTAINERS | 1 +
> tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 41 insertions(+)
> create mode 100755 tools/fdtsig.sh
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 813674eb2898..8233a53c29dc 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -742,6 +742,7 @@ F: cmd/bootefi.c
> F: cmd/efidebug.c
> F: cmd/nvedit_efi.c
> F: tools/efivar.py
> +F: tools/fdtsig.sh
> F: tools/file2include.c
> F: tools/mkeficapsule.c
>
> diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh
> new file mode 100755
> index 000000000000..c2b2a6dc5ec8
> --- /dev/null
> +++ b/tools/fdtsig.sh
> @@ -0,0 +1,40 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0+
> +#
> +# script to add a certificate (efi-signature-list) to dtb blob
> +
> +usage() {
> + if [ -n "$*" ]; then
> + echo "ERROR: $*"
> + fi
> + echo "Usage: "$(basename $0) " <esl file> <dtb file>"
> +}
> +
> +if [ "$#" -ne 2 ]; then
> + usage "Arguments missing"
> + exit 1
> +fi
> +
> +ESL=$1
> +DTB=$2
> +NEW_DTB=$(basename $DTB)_tmp
> +SIG=signature
> +
> +cat << 'EOF' > $SIG.dts
> +/dts-v1/;
> +/plugin/;
> +
> +&{/} {
> + signature {
> +EOF
> +echo "capsule-key = /incbin/(\"$ESL\");" >> $SIG.dts
> +cat << 'EOF' >> $SIG.dts
> + };
> +};
> +EOF
> +
> +dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts
> +fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo
> +mv $NEW_DTB $DTB
> +
> +rm $SIG.dts $SIG.dtsn $SIG.dtbo
> --
> 2.33.0
>
As mentioned, let's get binman working here.
Regards,
Simon
