From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58061C432BE for ; Tue, 31 Aug 2021 06:14:10 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B994D60F4B for ; Tue, 31 Aug 2021 06:14:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B994D60F4B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 14B2483426; Tue, 31 Aug 2021 08:14:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="Mx8NBXyl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DA8F683426; Tue, 31 Aug 2021 08:14:04 +0200 (CEST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DF05883414 for ; Tue, 31 Aug 2021 08:13:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1630390438; bh=19QskR4BIDXiimebpV5rnR85kf5mV/1OHkd8kWjCOus=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=Mx8NBXylTr0uQy2BH39b82e2X4Bh29zY01ubJNLv51e4UZYCFEAdPYU8ycrYz2gRb l7mVUuJp41xnDu7EzI6PrjMPp3zlGME1zEVWic/1hsWdMk08Usr3lrGds2rt0ZJBi+ TG9HkopLOxhoLyw7CbQJJytI1l45cRf1hPo5wDlE= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.0.189] ([88.152.144.157]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M7sHy-1mPv761O30-004wtg; Tue, 31 Aug 2021 08:13:58 +0200 Subject: Re: [PATCH v3 0/5] efi_loader: capsule: improve capsule authentication support To: AKASHI Takahiro , agraf@csgraf.de Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de References: <20210831024659.53464-1-takahiro.akashi@linaro.org> From: Heinrich Schuchardt Message-ID: <965a7e58-1405-2b10-b0c1-d73d792c9846@gmx.de> Date: Tue, 31 Aug 2021 08:13:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210831024659.53464-1-takahiro.akashi@linaro.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:qfw8lebrUCVaX4LclD/FC0A1J1BJa+GrgxgPLm7mH1HPvh2Aoag drC3hb1oyJnVnBq+VAauGFJQpY9YPs7EsukNwi55BNOnAkZLUIQHjBOUbx8FHxkJyfSnv3P Za9umPwn+ZTLOlNd8mB6aus2hZjnut7hF9IacItdLS8Gp8tJaVi5RMICEJqJbEYiZ+Q7lRy LpsrbDlO54kDMfwcNsZjw== X-UI-Out-Filterresults: notjunk:1;V03:K0:DulXaqrgByY=:6Udc/9KNNicJvh1gccH/zR xYkt2Rhae7/rUhQibQM6Ho9ZB6wegZfNPetSkOixyp8UEvKeTZ9pORH7HRZ67AMKv1EDHYR+p rTZteDxQv9t/Nt9fTPFdTndEOyfnkKMaQuJdQfLPhIEs+bF44AK74GdK8tb+EbLXM6iXUypn4 I7tYiQ31HCZU2u8noPTbrar3NAJ22RutQyihStRk7ewOu0r//wcAbtsXYySyVpcaUuZY+UZsF aMUz468E6pONoNVc6UriqRsVcUm/t3Xb7du4EFS9KSHCNhAVCGjL9rQKAIHfLenx4a54rSTas sooG6ROMGePYueXuphe8n/p72oJlGiCUBqyfjhPcWfQv2n9EeU28Um3dCqm/IxfI0kn3KHQ0F /mP7rAjvDveKdx9TGTZjQYAda6GtFi5pCKJ7i7ZLbneY3l7DqZuGdq21cxH1w/TWx0RKde6ax Cac0xrZ4645PPh+EgEltcuM9a9IXIAGGumXOb4g46aFo/zIVZDHSWP+kWPnsbddaK1B8T1/jI XT1V9R3teXIpBszONdbhqzhBNQGty70FetRkPhjqp7kgGB27v+PXgZKVu4j9gDPogyoj9Tdy5 T42RIV6JhRXLDW1B527P5Q97izEoDmtSI5PxWoCrqdECdXXnbD7Ub0w7eezzl243pHQQBnUJ7 p44GiwO7faWldyuQraaQWGkpHfCQDeE4RZJzr8vRclX9iASc1pACtt6f9OLnXmAC2N/rocs3l 0bAIvJ3g+iExGitXigfughujzsjVvQZF2naCSEScJPVKpjZN20U9bMDTobDhHHAIWDFk4P/7C sq/wsvAKlwogo2OY14ni0WZ0eOxg4A94lOQ8x+mn6INkMRV5HCmwpMh4CZgcB5kMd3pH8JgAv Ks6mJdO/iKJmg5kunsktoju4QIssKOcQrVA2jae3VqZmv7rG9K1wCVctrBlby0kIWXwOSyKGT qUtOI7OmzwbW3HJLQoiHuSt1gSSMd7Pcv0gezNNjBK8lrA+dmIIWO2rgefyiorugUPJw/T81L 6ciA4WmtbSXzHXW8kfAGYVbXacLQcTEIn8wfG5MixVR7FpqI8U2mNUVlqK7C+sUXlLQMjVsiq CRfWmM8j5VEptTKvXghvJlf9sfrg7oAFfxNDmKgn1XIuk1ydN/0z+46rA== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 8/31/21 4:46 AM, AKASHI Takahiro wrote: > # This patch set is basically the same as v2, but removed authentication= - > # related pytest because the discussion about where to save a public > # key is still going on. The command, mkeficapule, is independent from > # the result. > > As I proposed and discussed in [1] and [2], I have made a couple of > improvements on the current implementation of capsule update in this > patch set. > > * add signing feature to mkeficapsule > * add "--guid" option to mkeficapsule > * add man page of mkeficapsule Thanks a lot for getting around the requirement to use an EDK II tool. My main concern is that there should be only mkeficapsule version. If signed and unsigned capsules are of interest, mkeficapsule should support both. Best regards Heinrich > > [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html > [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html > > Prerequisite patches > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > None > > Test > =3D=3D=3D=3D > * locally passed the pytest which is included in this patch series > on sandbox built. > > Todo > =3D=3D=3D=3D > * add capsule authentication pytest > > Changes > =3D=3D=3D=3D=3D=3D=3D > v3 (Aug 31, 2021) > * rebased on v2021.10-rc3 > * remove pytest-related patches > * add function descriptions in mkeficapsule.c > * correct format specifiers in printf() > * let main() return 0 or -1 only > * update doc/develop/uefi/uefi.rst for syntax change of mkeficapsule > > v2 (July 28, 2021) > * rebased on v2021.10-rc* > * removed dependency on target's configuration > * removed fdtsig.sh and others > * add man page > * update the UEFI document > * add dedicate defconfig for testing on sandbox > * add gitlab CI support > * add "--guid" option to mkeficapsule > (yet rather RFC) > > Initial release (May 12, 2021) > * based on v2021.07-rc2 > > AKASHI Takahiro (5): > tools: mkeficapsule: add firmwware image signing > tools: mkeficapsule: add man page > doc: update UEFI document for usage of mkeficapsule > tools: mkeficapsule: allow for specifying GUID explicitly > test/py: efi_capsule: align with the syntax change of mkeficapsule > > MAINTAINERS | 1 + > doc/develop/uefi/uefi.rst | 31 +- > doc/mkeficapsule.1 | 98 +++++ > test/py/tests/test_efi_capsule/conftest.py | 4 +- > tools/Kconfig | 7 + > tools/Makefile | 8 +- > tools/mkeficapsule.c | 471 +++++++++++++++++++-- > 7 files changed, 554 insertions(+), 66 deletions(-) > create mode 100644 doc/mkeficapsule.1 >