All of lore.kernel.org
 help / color / mirror / Atom feed
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>,
	Sughosh Ganu <sughosh.ganu@linaro.org>,
	Masami Hiramatsu <masami.hiramatsu@linaro.org>,
	Mark Kettenis <mark.kettenis@xs4all.nl>,
	U-Boot Mailing List <u-boot@lists.denx.de>,
	Tom Rini <trini@konsulko.com>
Subject: Re: [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing
Date: Mon, 21 Feb 2022 09:43:59 +0900	[thread overview]
Message-ID: <20220221004359.GA41731@laputa> (raw)
In-Reply-To: <CAPnjgZ1vbyUGYJQUvTKb8NrTH9-EQwtKT-aD0WX7JouRdevRrw@mail.gmail.com>

Hi Simon,

On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote:
> Hi,
> 
> On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > Heinrich,
> >
> > On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
> > > On 2/9/22 11:10, AKASHI Takahiro wrote:
> > > > With this enhancement, mkeficapsule will be able to sign a capsule
> > > > file when it is created. A signature added will be used later
> > > > in the verification at FMP's SetImage() call.
> > > >
> > > > To do that, we need specify additional command parameters:
> > > >    -monotonic-cout <count> : monotonic count
> > > >    -private-key <private key file> : private key file
> > > >    -certificate <certificate file> : certificate file
> > > > Only when all of those parameters are given, a signature will be added
> > > > to a capsule file.
> > > >
> > > > Users are expected to maintain and increment the monotonic count at
> > > > every time of the update for each firmware image.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > Reviewed-by: Simon Glass <sjg@chromium.org>
> > > > Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > > > ---
> > > >   .azure-pipelines.yml |   2 +-
> > > >   tools/Makefile       |   1 +
> > > >   tools/eficapsule.h   | 115 +++++++++++++
> > > >   tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++----
> > > >   4 files changed, 463 insertions(+), 35 deletions(-)
> > > >   create mode 100644 tools/eficapsule.h
> 
> I'm not sure if it is this patch or something else, but building is
> broken as it needs
> 
> gnutls/gnutls.h
> 
> Please update the docs in doc/build/gcc.rst to fix this.

I have not noticed that there is *another* list of package dependency.
It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev)
is NOT the only component missing in the list.

Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of
such packages:

gcc.rst                           |  gitlab-ci.yml
======                               ======
                                  >  automake
                                  >  autopoint
bc                                   bc
                                  >  binutils-dev
bison                                bison
build-essential                      build-essential
coccinelle                        |  clang-10
                                  >  coreutils
                                  >  cpio
                                  >  cppcheck
                                  >  curl
device-tree-compiler                 device-tree-compiler
dfu-util                          |  dosfstools
                                  >  e2fsprogs
efitools                             efitools
                                  >  fakeroot
flex                                 flex
gdisk                                gdisk
                                  >  git
                                  >  gnu-efi
graphviz                             graphviz
                                  >  grub-efi-amd64-bin
                                  >  grub-efi-ia32-bin
                                  >  help2man
                                  >  iasl
imagemagick                          imagemagick
liblz4-tool                       |  iputils-ping
libguestfs-tools                     libguestfs-tools
libncurses-dev                    |  libgnutls28-dev
libpython3-dev                    |  libgnutls30
                                  >  libisl15
                                  >  liblz4-tool
                                  >  libpixman-1-dev
                                  >  libpython-dev
                                  >  libsdl1.2-dev
libsdl2-dev                          libsdl2-dev
libssl-dev                           libssl-dev
lz4                               |  libudev-dev
lzma                              |  libusb-1.0-0-dev
lzma-alone                           lzma-alone
                                  >  lzop
                                  >  mount
                                  >  mtd-utils
                                  >  mtools
openssl                              openssl
                                  >  picocom
                                  >  parted
pkg-config                           pkg-config
python3                           |  python
python3-coverage                  |  python-dev
python3-pkg-resources             |  python-pip
python3-pycryptodome              |  python-virtualenv
python3-pyelftools                |  python3-pip
python3-pytest                    |  python3-sphinx
python3-sphinxcontrib.apidoc      |  rpm2cpio
python3-sphinx-rtd-theme          |  sbsigntool
python3-virtualenv                |  sloccount
                                  >  sparse
                                  >  srecord
                                  >  sudo
swig                                 swig
                                  >  util-linux
                                  >  uuid-dev
                                  >  virtualenv
                                  >  zip

-Takahiro Akashi

  reply	other threads:[~2022-02-21  0:44 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-09 10:10 [PATCH v11 0/9] efi_loader: capsule: improve capsule authentication support AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 1/9] tools: build mkeficapsule with tools-only_defconfig AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing AKASHI Takahiro
2022-02-11 19:16   ` Heinrich Schuchardt
2022-02-14  0:54     ` AKASHI Takahiro
2022-02-19 23:11       ` Simon Glass
2022-02-21  0:43         ` AKASHI Takahiro [this message]
2022-02-21 18:59           ` Heinrich Schuchardt
2022-03-13  6:05             ` Simon Glass
2022-02-09 10:10 ` [PATCH v11 3/9] tools: mkeficapsule: add man page AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 4/9] doc: update UEFI document for usage of mkeficapsule AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 5/9] test/py: efi_capsule: add image authentication test AKASHI Takahiro
2022-02-11 19:25   ` Heinrich Schuchardt
2022-02-14  0:43     ` AKASHI Takahiro
2022-02-16  8:40       ` Heinrich Schuchardt
2022-02-09 10:10 ` [PATCH v11 6/9] tools: mkeficapsule: allow for specifying GUID explicitly AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 7/9] test/py: efi_capsule: align with the syntax change of mkeficapsule AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 8/9] test/py: efi_capsule: add a test for "--guid" option AKASHI Takahiro
2022-02-09 10:10 ` [PATCH v11 9/9] test/py: efi_capsule: check the results in case of CAPSULE_AUTHENTICATE AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220221004359.GA41731@laputa \
    --to=takahiro.akashi@linaro.org \
    --cc=ilias.apalodimas@linaro.org \
    --cc=mark.kettenis@xs4all.nl \
    --cc=masami.hiramatsu@linaro.org \
    --cc=sjg@chromium.org \
    --cc=sughosh.ganu@linaro.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.