| Message ID | 20230817054856.2019253-7-sughosh.ganu@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | capsule: Embed the public key ESL as part of build | expand |
Hi Sughosh On Thu, 17 Aug 2023 at 08:49, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > Update the document to specify how the EFI Signature List(ESL) file > can be embedded into the platform's dtb as part of the U-Boot build. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > Changes since V1: None > > doc/develop/uefi/uefi.rst | 19 +++++-------------- > 1 file changed, 5 insertions(+), 14 deletions(-) > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > index 3ce579d46e..950f4d1a5a 100644 > --- a/doc/develop/uefi/uefi.rst > +++ b/doc/develop/uefi/uefi.rst > @@ -539,20 +539,11 @@ and used by the steps highlighted below. > ... > } > > -You can do step-4 manually with > - > -.. code-block:: console > - > - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts > - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo > - > -where signature.dts looks like:: > - > - &{/} { > - signature { > - capsule-key = /incbin/("CRT.esl"); > - }; > - }; > +You can perform step-4 by defining the Kconfig symbol > +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol defines the path to the esl > +file generated in step-2. It doesn't define it. It needs to point to the file generated in step-2 no? > Once the symbol has been populated with the > +path to the esl file, the esl file will automatically get embedded it will automatically get included etc Thanks /Ilias > +into the platform's dtb as part of U-Boot build. > > Anti-rollback Protection > ************************ > -- > 2.34.1 >
hi Ilias, On Thu, 17 Aug 2023 at 17:31, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > > Hi Sughosh > > On Thu, 17 Aug 2023 at 08:49, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > > > Update the document to specify how the EFI Signature List(ESL) file > > can be embedded into the platform's dtb as part of the U-Boot build. > > > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > > --- > > Changes since V1: None > > > > doc/develop/uefi/uefi.rst | 19 +++++-------------- > > 1 file changed, 5 insertions(+), 14 deletions(-) > > > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > > index 3ce579d46e..950f4d1a5a 100644 > > --- a/doc/develop/uefi/uefi.rst > > +++ b/doc/develop/uefi/uefi.rst > > @@ -539,20 +539,11 @@ and used by the steps highlighted below. > > ... > > } > > > > -You can do step-4 manually with > > - > > -.. code-block:: console > > - > > - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts > > - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo > > - > > -where signature.dts looks like:: > > - > > - &{/} { > > - signature { > > - capsule-key = /incbin/("CRT.esl"); > > - }; > > - }; > > +You can perform step-4 by defining the Kconfig symbol > > +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol defines the path to the esl > > +file generated in step-2. > > It doesn't define it. It needs to point to the file generated in step-2 no? Yes, I will rephrase. > > > Once the symbol has been populated with the > > +path to the esl file, the esl file will automatically get embedded > > it will automatically get included etc Okay -sughosh > > Thanks > /Ilias > > +into the platform's dtb as part of U-Boot build. > > > > Anti-rollback Protection > > ************************ > > -- > > 2.34.1 > >
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 3ce579d46e..950f4d1a5a 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -539,20 +539,11 @@ and used by the steps highlighted below. ... } -You can do step-4 manually with - -.. code-block:: console - - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo - -where signature.dts looks like:: - - &{/} { - signature { - capsule-key = /incbin/("CRT.esl"); - }; - }; +You can perform step-4 by defining the Kconfig symbol +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol defines the path to the esl +file generated in step-2. Once the symbol has been populated with the +path to the esl file, the esl file will automatically get embedded +into the platform's dtb as part of U-Boot build. Anti-rollback Protection ************************
Update the document to specify how the EFI Signature List(ESL) file can be embedded into the platform's dtb as part of the U-Boot build. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V1: None doc/develop/uefi/uefi.rst | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-)