From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDC69C07E95 for ; Tue, 20 Jul 2021 18:43:53 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 67BA361186 for ; Tue, 20 Jul 2021 18:43:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 67BA361186 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C5AFF82D8D; Tue, 20 Jul 2021 20:43:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="plxGo7nO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 947FC82D9A; Tue, 20 Jul 2021 20:43:48 +0200 (CEST) Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3D73982959 for ; Tue, 20 Jul 2021 20:43:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-yb1-xb2c.google.com with SMTP id r132so34119703yba.5 for ; Tue, 20 Jul 2021 11:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pNKkziqRV2el/uKc1uiwvFz1Ji4RkMea/BaZh82koAY=; b=plxGo7nOqJVWPlNpfDb557rD66w4hmLvdOol4IvmcxabBFQicBtHd/+pi+slq/+AdF plnn03z2O2TLaZJIsPXTwmP+53z3xLWe45LTRTfBbbLBV17fQIl5aDuBiv128PXtmgUV TRx+P1KW228TZZijQ4LLhOR0AjjrBM+qeLZOW9xIFjE28WrtRx8Q27i7YopcORHrzjmY dccbFjL6c9SnQqjn2hv7BBVv9HrdE/OUONiuCs3DoZD01QvX+gUvW36AscGSwVViDYHw cQiY04ZoLVbHrzR2QdtxiLVvd9JsMqrRtWL/cR7gxeMR2ySBiViOQ73bLz6bgceV3GD5 2CpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pNKkziqRV2el/uKc1uiwvFz1Ji4RkMea/BaZh82koAY=; b=WZrtIENTZvDWCoD0NRCuXzKcO8v9H+JGpfZgCRtXdNFw2xgHz+A/l1jZFCca6ITsnz CVWHss8Pglf8juPehNY0/4X2NhKQlsk9DJnF0cJy3X4yslVHh0gbzEPzexEs/AoDYG/w OBsH1L5RNVLMJACU4VYeJnTtHh4tkXaiUbaUCiLXQFL7Ry2Z0vMezHLNTLGlrEQ0rX8o 2v4YZNGWyPi7XotO+R0CfySM5dsdjsTMP8LtQvEjdfP2VLc+K8dx2f38rMauUM0CDAq6 CALV30KRci01HQGlITrPRiflM3RHmlZ4YWDGRfIzZzl8rZdy0ZatlyQ0g67vPc+TXGNG Etxw== X-Gm-Message-State: AOAM531AqqikzwPqWKwmF9f0lWGTlRiVOoyCjB3u/Py3JQg+IwxE20BH Z8PD9Bm5qI+qggqGw0UO9npdjeWew3gcNzQeL7wIAQ== X-Google-Smtp-Source: ABdhPJziXIvk56gmL/YC0LbkJRlTUiEXXaK27YdUYAYOoDW7yKo1ClSHrZjFVbQwN1DnmhQar8qNIk0xWLNmlxcgMOQ= X-Received: by 2002:a25:dfd4:: with SMTP id w203mr37575086ybg.201.1626806623917; Tue, 20 Jul 2021 11:43:43 -0700 (PDT) MIME-Version: 1.0 References: <20210715170030.97758-1-ilias.apalodimas@linaro.org> <20210715170030.97758-2-ilias.apalodimas@linaro.org> In-Reply-To: From: Ilias Apalodimas Date: Tue, 20 Jul 2021 21:43:07 +0300 Message-ID: Subject: Re: [PATCH 2/3] mkeficapsule: Remove dtb related options To: Simon Glass Cc: Heinrich Schuchardt , Masami Hiramatsu , AKASHI Takahiro , Alexander Graf , Sughosh Ganu , U-Boot Mailing List Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Tue, 20 Jul 2021 at 21:33, Simon Glass wrote: > > Hi Ilias, > > On Sat, 17 Jul 2021 at 01:24, Ilias Apalodimas > wrote: > > > > On Fri, Jul 16, 2021 at 08:03:23AM -0600, Simon Glass wrote: > > > Hi Ilias, > > > > > > On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas > > > wrote: > > > > > > > > commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") > > > > added a bunch of options enabling the addition of the capsule public key > > > > in a dtb. Since now we embeded the key in U-Boot's .rodata we don't this > > > > this functionality anymore > > > > > > > > Signed-off-by: Ilias Apalodimas > > > > --- > > > > tools/mkeficapsule.c | 226 ++----------------------------------------- > > > > 1 file changed, 7 insertions(+), 219 deletions(-) > > > > > > Here again I see EFI diverging from the impl in U-Boot. WIth U-Boot > > > you can add the public key after the build step, e.g. in a key-signing > > > server. With EFI and this change you will have to rebuild U-Boot (from > > > source) every time you sign something. Seems like a pain. > > > > I don't see why either of this is a problem. You need the public key to > > update the binary it self, so rebuilding from source is a prerequisite. > > Please can you have a look at binman and the concept of packaging > separate from building? Rebuilding from source is definitely not > needed to update a binary. Sure I'll take a look. We already have an mkeficapsule.c though, which in theory could take care of the capsule signing. The point is that we don't uses that key to sign anything, we use it to authenticate the capsule that tries to update the firmware. > > > > > Apart from a signing server, you can also have special hardware that provides > > the public key you need (which is not implemented yet). So this is the bare > > minimum functionality you need for authenticated capsule updates. > > As discussed on the mailing list you have not included the motivation > for this. To be fair, I did on patch 1/3. > Now that I understand the motivation, which is to avoid > someone changing the key at runtime, I believe that this change does > not actually help...I've replied separately on the mailing list. It does help, but you need combined code which doesn't exist in either case. Anyway, I'll reply on the other thread Cheers /Ilias > > Regards, > Simon