From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH 0/4] efi_loader: capsule: improve capsule authentication support
Date: Wed, 12 May 2021 13:57:49 +0900 [thread overview]
Message-ID: <20210512045753.62288-1-takahiro.akashi@linaro.org> (raw)
As I discussed in [1], I have made a couple of improvements on
the current implemenation of capsule update.
Among others, this patch series
1. add signing feature to mkeficapsule
2. remove dtb operation from mkeficapsule
3. add pytest for capsule authentication (on sandbox)
NOTE:
I temporarily include Patch#3 in order to show that it is not worth
implementing in C as we can do the same thing with a very small
shell script.
My intent is *NOT* to merge Patch#3 in upstream.
Prerequisite patches
====================
See Sughosh's [2] and my [3].
Test
====
* passed the pytest which is included in this patch series
on sandbox built locally.
Todo
====
* review and update the document for capsule update
doc/board/emulation/qemu_capsule_update.rst
(but not in this patch series)
[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
[2] https://lists.denx.de/pipermail/u-boot/2021-April/447183.html
[3] https://lists.denx.de/pipermail/u-boot/2021-May/449347.html
https://lists.denx.de/pipermail/u-boot/2021-May/449348.html
https://lists.denx.de/pipermail/u-boot/2021-May/449349.html
https://lists.denx.de/pipermail/u-boot/2021-May/449350.html
https://lists.denx.de/pipermail/u-boot/2021-May/449351.html
Changes
=======
Initial release (May 12, 2021)
* based on v2021.07-rc2
AKASHI Takahiro (4):
tools: mkeficapsule: add firmwware image signing
tools: mkeficapsule: remove device-tree related operation
tools: add fdtsig command
test/py: efi_capsule: add image authentication test
Makefile | 7 +-
.../py/tests/test_efi_capsule/capsule_defs.py | 5 +
test/py/tests/test_efi_capsule/conftest.py | 35 +-
test/py/tests/test_efi_capsule/signature.dts | 8 +
.../test_capsule_firmware_signed.py | 234 +++++++++
tools/Makefile | 7 +-
tools/fdtsig.c | 274 +++++++++++
tools/fdtsig.sh | 40 ++
tools/mkeficapsule.c | 455 ++++++++++--------
9 files changed, 856 insertions(+), 209 deletions(-)
create mode 100644 test/py/tests/test_efi_capsule/signature.dts
create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
create mode 100644 tools/fdtsig.c
create mode 100755 tools/fdtsig.sh
--
2.31.0
next reply other threads:[~2021-05-12 4:57 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 4:57 AKASHI Takahiro [this message]
2021-05-12 4:57 ` [PATCH 1/4] tools: mkeficapsule: add firmwware image signing AKASHI Takahiro
2021-05-12 8:56 ` Heinrich Schuchardt
2021-05-13 3:08 ` AKASHI Takahiro
2021-05-13 4:22 ` Heinrich Schuchardt
2021-05-13 5:00 ` AKASHI Takahiro
2021-05-13 5:35 ` Heinrich Schuchardt
2021-05-13 6:36 ` AKASHI Takahiro
2021-05-13 6:45 ` Heinrich Schuchardt
2021-05-13 7:45 ` AKASHI Takahiro
2021-05-13 5:12 ` Masami Hiramatsu
2021-05-13 5:50 ` Heinrich Schuchardt
2021-05-13 6:44 ` Masami Hiramatsu
2021-05-13 6:52 ` Heinrich Schuchardt
2021-05-13 7:38 ` AKASHI Takahiro
2021-05-13 6:50 ` AKASHI Takahiro
2021-05-13 6:55 ` Heinrich Schuchardt
2021-05-13 7:23 ` AKASHI Takahiro
2021-05-13 8:18 ` Masami Hiramatsu
2021-05-13 8:38 ` AKASHI Takahiro
2021-05-13 10:27 ` Ilias Apalodimas
2021-05-13 16:12 ` Masami Hiramatsu
2021-05-13 16:32 ` Heinrich Schuchardt
2021-05-13 16:42 ` Ilias Apalodimas
2021-05-14 4:50 ` AKASHI Takahiro
2021-05-14 7:56 ` Ilias Apalodimas
2021-05-14 4:13 ` AKASHI Takahiro
2021-05-13 10:40 ` Heinrich Schuchardt
2021-05-13 18:25 ` Heinrich Schuchardt
2021-05-14 6:19 ` AKASHI Takahiro
2021-05-14 6:59 ` Heinrich Schuchardt
2021-05-14 7:13 ` AKASHI Takahiro
2021-05-14 8:45 ` Heinrich Schuchardt
2021-05-14 9:51 ` AKASHI Takahiro
2021-05-14 10:08 ` Heinrich Schuchardt
2021-05-14 13:09 ` Masami Hiramatsu
2021-05-14 13:39 ` Ilias Apalodimas
2021-05-15 2:03 ` Heinrich Schuchardt
2021-05-15 2:14 ` Masami Hiramatsu
2021-05-12 4:57 ` [PATCH 2/4] tools: mkeficapsule: remove device-tree related operation AKASHI Takahiro
2021-05-12 7:20 ` Ilias Apalodimas
2021-05-12 7:49 ` Masami Hiramatsu
2021-05-12 8:01 ` Ilias Apalodimas
2021-05-12 10:01 ` Heinrich Schuchardt
2021-05-13 2:33 ` AKASHI Takahiro
2021-05-13 5:08 ` Heinrich Schuchardt
2021-05-13 7:13 ` AKASHI Takahiro
2021-05-13 17:42 ` Heinrich Schuchardt
2021-05-14 2:21 ` [PATCH 2/4] tools: mkeficapsule: remove device-tree related operationy AKASHI Takahiro
2021-05-14 2:23 ` [PATCH 2/4] tools: mkeficapsule: remove device-tree related operation Masami Hiramatsu
2021-05-12 4:57 ` [PATCH 3/4] tools: add fdtsig command AKASHI Takahiro
2021-05-13 5:23 ` Heinrich Schuchardt
2021-05-13 7:03 ` AKASHI Takahiro
2021-05-12 4:57 ` [PATCH 4/4] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2021-05-12 5:04 ` [PATCH 0/4] efi_loader: capsule: improve capsule authentication support Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210512045753.62288-1-takahiro.akashi@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.