From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Subject: [RESEND PATCH v1 0/5] Add support for embedding public key in platform's dtb
Date: Wed, 7 Apr 2021 20:11:42 +0530 [thread overview]
Message-ID: <20210407144147.29251-1-sughosh.ganu@linaro.org> (raw)
Resending the same set of patches. For some reason, the first
paragraph of the cover letter got deleted in the original
set. Hopefully this will go through fine.
These patches add support for embedding the public key efi signature
list(esl) file into the platform's device tree. The current solution
for the Qemu arm64 platform has the public key as part of an overlay,
and stored on the Efi System Partition(ESP). Having the provision to
embed the public key into the platform's dtb which is then
concatenated with the u-boot binary is a better approach, recommended
by Heinrich[1].
Patch 1 fixes an issue of selection of IMAGE_SIGN_INFO config option
when capsule authentication is enabled.
Patch 2 add two config symbols, EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE
which are used for enabling embedding of the public key in the dtb,
and specifying the esl file name.
Patch 3 moves efi_capsule_auth_enabled as a weak function, which can
be used as a default mechanism for checking if capsule authentication
has been enabled.
Patch 4 adds a default weak function for retrieving the public key
from the platform's dtb.
Patch 5 adds the functionality to embed the esl file into the
platform's dtb during the platform build.
I have tested this functionality on the STM32MP157C DK2 board, and it
works as expected.
[1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html
Sughosh Ganu (5):
efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule
authentication is enabled
efi_loader: Kconfig: Add symbols for embedding the public key into the
platform's dtb
efi_capsule: Add a weak function to check whether capsule
authentication is enabled
efi_capsule: Add a weak function to get the public key needed for
capsule authentication
Makefile: Add provision for embedding public key in platform's dtb
Makefile | 10 ++++++
board/emulation/common/qemu_capsule.c | 6 ----
lib/efi_loader/Kconfig | 16 ++++++++++
lib/efi_loader/efi_capsule.c | 44 ++++++++++++++++++++++++---
4 files changed, 66 insertions(+), 10 deletions(-)
--
2.17.1
next reply other threads:[~2021-04-07 14:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 14:41 Sughosh Ganu [this message]
2021-04-07 14:41 ` [RESEND PATCH v1 1/5] efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule authentication is enabled Sughosh Ganu
2021-04-07 16:14 ` Simon Glass
2021-04-07 14:41 ` [RESEND PATCH v1 2/5] efi_loader: Kconfig: Add symbols for embedding the public key into the platform's dtb Sughosh Ganu
2021-04-07 14:41 ` [RESEND PATCH v1 3/5] efi_capsule: Add a weak function to check whether capsule authentication is enabled Sughosh Ganu
2021-04-07 14:41 ` [RESEND PATCH v1 4/5] efi_capsule: Add a weak function to get the public key needed for capsule authentication Sughosh Ganu
2021-04-07 14:41 ` [RESEND PATCH v1 5/5] Makefile: Add provision for embedding public key in platform's dtb Sughosh Ganu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210407144147.29251-1-sughosh.ganu@linaro.org \
--to=sughosh.ganu@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.