On Fri, Jun 14, 2024 at 11:54:41AM -0500, Jon Humphreys wrote: > Ilias Apalodimas <ilias.apalodi...@linaro.org> writes: > > > Hi Jonathan > > > > On Thu, 13 Jun 2024 at 23:28, Jonathan Humphreys <j-humphr...@ti.com> wrote: > >> > >> Use the capsule's public key certificate rather than a prebuilt ESL > >> generated from the certificate. The ESL is now generated as part of the > >> build. > > > > Is there a reason to do this? I understand that the .crt extension > > might be well known while the .esl is not, but OTOH the system you > > build on after this change *needs* to have cert-to-efi-sig-list > > installed > > > Hi Ilias, > > In general, I am following the principle that it is better to not include > in your source repo derived binaries that can be built at buildtime. > > As far as the need to have cert-to-efi-sig-list, it is part of efitools and > that is already documented as a requirement for the build host ([0] and > [1]), and our baseline Docker file also includes it.
Ok we already have the tool on the CI Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org> > > [0] > https://docs.u-boot.org/en/latest/develop/uefi/uefi.html#enabling-capsule-authentication > [1] > https://docs.u-boot.org/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot > > Jon > > > Thanks > > /Ilias > >> > >> Changes from v1: > >> - Converted the single patch to a series to include a bug fix found during > >> development. > >> - Created an explicit rule for creating the ESL file for proper makefile > >> dependency tracking. v1 had combined creating the ESL file and > >> generating the .dtsi include in a single command. > >> > >> Jonathan Humphreys (2): > >> scripts/Makefile.lib: fixes: Embed capsule public key in platform's > >> dtb > >> scripts/Makefile.lib: EFI: Use capsule CRT instead of ESL file > >> > >> board/sandbox/capsule_pub_esl_good.esl | Bin 831 -> 0 bytes > >> configs/sandbox_defconfig | 2 +- > >> configs/sandbox_flattree_defconfig | 2 +- > >> doc/develop/uefi/uefi.rst | 8 ++++---- > >> lib/efi_loader/Kconfig | 12 +++++++----- > >> scripts/Makefile.lib | 24 +++++++++++++++--------- > >> 6 files changed, 28 insertions(+), 20 deletions(-) > >> delete mode 100644 board/sandbox/capsule_pub_esl_good.esl > >> > >> -- > >> 2.34.1 > >>
