| Message ID | 20210412150526.29822-5-sughosh.ganu@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | Add support for embedding public key in platform's dtb | expand |
On Mon, Apr 12, 2021 at 08:35:26PM +0530, Sughosh Ganu wrote: > Add provision for embedding the public key used for capsule > authentication in the platform's dtb. This is done by invoking the > mkeficapsule utility which puts the public key in the efi signature > list(esl) format into the dtb. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > > Changes since V1: None > > Makefile | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/Makefile b/Makefile > index b72d8d20c0..ebd4a6477c 100644 > --- a/Makefile > +++ b/Makefile > @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } > quiet_cmd_lzma = LZMA $@ > cmd_lzma = lzma -c -z -k -9 $< > $@ > > +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ > +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ > + -D $@ Instead, we can do $ dtc -@ -I dts -O dtb -o pubkey.dtbo pubkey.dts $ fdtoverlay -i test.dtb -o test_pubkey.dtb -v pubkey.dtbo -Takahiro Akashi > + > cfg: u-boot.cfg > > quiet_cmd_cfgcheck = CFGCHK $2 > @@ -1161,8 +1165,14 @@ endif > PHONY += dtbs > dtbs: dts/dt.dtb > @: > +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) > +dts/dt.dtb: u-boot tools > + $(Q)$(MAKE) $(build)=dts dtbs > + $(call cmd,mkeficapsule) > +else > dts/dt.dtb: u-boot > $(Q)$(MAKE) $(build)=dts dtbs > +endif > > quiet_cmd_copy = COPY $@ > cmd_copy = cp $< $@ > -- > 2.17.1 >
diff --git a/Makefile b/Makefile index b72d8d20c0..ebd4a6477c 100644 --- a/Makefile +++ b/Makefile @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } quiet_cmd_lzma = LZMA $@ cmd_lzma = lzma -c -z -k -9 $< > $@ +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ + -D $@ + cfg: u-boot.cfg quiet_cmd_cfgcheck = CFGCHK $2 @@ -1161,8 +1165,14 @@ endif PHONY += dtbs dtbs: dts/dt.dtb @: +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) +dts/dt.dtb: u-boot tools + $(Q)$(MAKE) $(build)=dts dtbs + $(call cmd,mkeficapsule) +else dts/dt.dtb: u-boot $(Q)$(MAKE) $(build)=dts dtbs +endif quiet_cmd_copy = COPY $@ cmd_copy = cp $< $@
Add provision for embedding the public key used for capsule authentication in the platform's dtb. This is done by invoking the mkeficapsule utility which puts the public key in the efi signature list(esl) format into the dtb. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V1: None Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.17.1