Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2198589/?format=api
{ "id": 2198589, "url": "http://patchwork.ozlabs.org/api/patches/2198589/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260220091518.180641-7-Wojciech.Dubowik@mt.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260220091518.180641-7-Wojciech.Dubowik@mt.com>", "list_archive_url": null, "date": "2026-02-20T09:15:16", "name": "[v7,6/6] test: binman: Add test for pkcs11 signed capsule", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "257ac0d58e9cf7415f9983908352e8a373d3dbd0", "submitter": { "id": 90988, "url": "http://patchwork.ozlabs.org/api/people/90988/?format=api", "name": "Wojciech Dubowik", "email": "Wojciech.Dubowik@mt.com" }, "delegate": { "id": 3184, "url": "http://patchwork.ozlabs.org/api/users/3184/?format=api", "username": "sjg", "first_name": "Simon", "last_name": "Glass", "email": "sjg@chromium.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260220091518.180641-7-Wojciech.Dubowik@mt.com/mbox/", "series": [ { "id": 492764, "url": "http://patchwork.ozlabs.org/api/series/492764/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=492764", "date": "2026-02-20T09:15:10", "name": "UEFI Capsule - PKCS11 Support", "version": 7, "mbox": "http://patchwork.ozlabs.org/series/492764/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2198589/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2198589/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.a=rsa-sha256\n header.s=selector2 header.b=Vp3zbYd4;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.b=\"Vp3zbYd4\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=fail smtp.mailfrom=Wojciech.Dubowik@mt.com", "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=mt.com;" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fHPkg1XZzz1xvS\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 20 Feb 2026 20:16:27 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 2C5E283E96;\n\tFri, 20 Feb 2026 10:15:37 +0100 (CET)", "by phobos.denx.de (Postfix, from userid 109)\n id 3469A83E7F; Fri, 20 Feb 2026 10:15:34 +0100 (CET)", "from AM0PR83CU005.outbound.protection.outlook.com\n (mail-westeuropeazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c201::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 0DC8783E96\n for <u-boot@lists.denx.de>; Fri, 20 Feb 2026 10:15:32 +0100 (CET)", "from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13)\n by GV1PR03MB8544.eurprd03.prod.outlook.com (2603:10a6:150:9c::11)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.16; Fri, 20 Feb\n 2026 09:15:28 +0000", "from DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9632.010; Fri, 20 Feb 2026\n 09:15:28 +0000" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=Ze9XaxNQkqyxKk/j9FEEEFOgr+4MRxS8dGKj4LcffqWWfGHF5+/S2SRxcEhU53YQNFun+a82s02GtDx5xTSn34qJsXknE0lii+gZIoM5MYKoGlSTB0ExwY0vsPTf5g2e24ddCEIYD1hAc9V8rOoK7zxYs90B+kqwyFPeoxSX6xIWHjQH8KVua2bXxXfjChUHhp3+ytcsgYyuF9BBTqss971NeVUpmBbzJHDEXJQaMDol4d/woOdq8HKr5V/YVJqdz5f3c4nfIekmhX3toEaZ6t+w6K5zmn/ZQRdeKujtGTGa8HGHaY2HEa1iryWI96dvc045FgdOqRxbQZDDkMjGmw==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=FCUMWnFgRDij/FhFFtE3U9IqeNgArrbzm+Mp4QpWP7E=;\n b=aLKJlGC8vpeaDnfYvXrI2fmNLQL2LmelmNgOsdrtmU2kEX+92uXnbxMZDBTsLfwzljQuxTWcuIOaYwUYhahmPa49QwWPtQOqCvh2oB87rIgADV8NjH+RU0mg45iPdH2HTg3ddJSy41OUB62BNUgFu5gp10xWdVuqJ+iDVMje4h2iKPDyJ4c+17gKw6KW9WKBS/KkQcyS62n//OfUGGcCgHtZBPKcQw5k+aONaIzp16es2eaHnQz2+V9dfum1QQidnvCMLpjRr4majDgoNpymTZPq9nKHIZBGBJIjAjRnc+viF18YRl2hkCbrFV+49TfAFY7btYgY7BJdt+GAe1wfOw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass\n header.d=mt.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=FCUMWnFgRDij/FhFFtE3U9IqeNgArrbzm+Mp4QpWP7E=;\n b=Vp3zbYd4H3e/KxvJicnxqSyUCXtMP04MGWvEE2RXaZMyvIoP18Zx0c4LZP1kimfQtGh681EFWmejZ7qRsJPVmq72GsWTtNt72jH3bLZ6FcZt1Cffn/R22/ZSzlSWSpNrufj6bsnNFYoAqFsZVMlcbhad5ypg8ymtIWyOroBEVk6tfJoiLOMyHqb7HUbMPeZyVji6T7gPSy3cPYkbafBiE5Et53CuV1i9dIc9RbYfIq5N6IdOfwhZx7q8T4wcv+jF3Z0FHe4QsTg2zXqp6hKkGky0Y+wqhJxIa1SUmIiaJWu/ttm5R+SeaMULPT+HA85Fr3M95fHqCc25K+6M8Cjvlg==", "From": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>", "To": "u-boot@lists.denx.de", "Cc": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>, ilias.apalodimas@linaro.org,\n trini@konsulko.com, simon.glass@canonical.com, quentin.schulz@cherry.de", "Subject": "[PATCH v7 6/6] test: binman: Add test for pkcs11 signed capsule", "Date": "Fri, 20 Feb 2026 10:15:16 +0100", "Message-ID": "<20260220091518.180641-7-Wojciech.Dubowik@mt.com>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260220091518.180641-1-Wojciech.Dubowik@mt.com>", "References": "<20260220091518.180641-1-Wojciech.Dubowik@mt.com>", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "ZR2P278CA0013.CHEP278.PROD.OUTLOOK.COM\n (2603:10a6:910:50::17) To DB9PR03MB7180.eurprd03.prod.outlook.com\n (2603:10a6:10:22d::13)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "DB9PR03MB7180:EE_|GV1PR03MB8544:EE_", "X-MS-Office365-Filtering-Correlation-Id": "806d92d7-4881-474f-e0ac-08de70609708", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|366016|10070799003|19092799006|376014|52116014|1800799024|7142099003;", "X-Microsoft-Antispam-Message-Info": "\n T6bxNuB4wfoggwu+jLdpt3YA8yRCVhok0eyLJ/OXZwpaEDH7haAReqs5uhp/avEir1J0KS7SFXKy4NaAuX/6ERGI0x6R6rcNrW3qTs08OmnJyli2TASUWQHdqTQxPTmYo066sA5n4wKfZ4Cp8foz7qUP/Jx4KQ73bTJYYEVmZ83OzsUUgHcrl0oppnZ0T+EoMNhFp0Gysh1rL1cTUHh1NsP4SLPl5CiSa+Jl2FlMPgC7bXTBHVlIP0IfObRDcoS0jekhJUKQJHGgP1UqzaBeTmGVRoBoELU4ieiTqidSfLxk2+mr9lVMLBN4EzNkSrYQlDNOti38AUXUBx/JemeWY+r28A/rioTQjLqM/H+Jf5CpddSDCrqM5p9z90fYievuOZ3fzAIDVaqR4r+dC1w55vJjhjBYt4zkF3pyhEhiLYLkEoQJDlnyyWBOxTU2XT7igH9Sh7CvFQPVVt+MuroEPwhc+9i8h02HGxjNgtJf3K72V140rATPhtmzNmm+4XMNC1KuY/KLoVTB52zcb7NKYzP+nsLYeRJkqHj7V3wx3akPqT1j0LSiHCfTIY+r/gJo2kkimEBDseOPIZ5D7B0UpD4WvguRxGXYoaPO1WIELUMXQFDi3Zb59q3P0rEsC5gO6EDLuKgnMtSLtlJLbD7u3Ka3753bgYJxlxfvFe+g1P2dQJwZ2JOd4cfRJkrIQx7bBygfYPijErelPzh02cpw0l4Mwws+xCacBtNgUXUgga9DNhT4vVt17sZ7P85FaJU7XZ7X7mnb1qTOBu4gwY7L7Mw5TFI8+S7mkLK9f5ZOc5/WU4z749l3h3egRjvvFRfxUORiQjDCaTkZkmil0fhmZ8Ygm2DslbVVCXSlepDkSdNugPEBsaxhRq6wiNY6CSZlRG91UENDNsNt58NHDuH6WrCd2LTL9mFvHB+MLdG3FrMZ/r5O08wcB72ELWexzo8cqTRD+rm65spMtysmk5C1csM/8rP2au4yQ5/g6cdv1Pd6aP+ppFMDTNCA+Wc/h9D3wZTZ61n1mjQkgeWy/zL8sQQMq7jeBWUYeVPdJwOKEC8lW/CDik/CWAgq9U74a4V/OAXWQZARVcQnNYMChaOk2VSwmatl3Q1/y64ic65gR4Hc70xY5eApG/zaRLhnw1Ss96PpGL52MIIckRlc3fIQLpG7aZfyziDL9m32SdjKzK9WtmHWfHMxtT82HhIroFWEXpArqvss4l2HfC0s+e7CzMTFlXmon6/VgqP5by2HvNRwQKenIfLBdk3czjq/EUnRdHiGdS3rAcujGQU4r+m7NuJ6vfPIUID25Luj+M3jmMCAYuYEftlyxl/Q7XEpw7JhjKeUtqN624+I0TYzY24ODLBYvjm3rCtDG8rN4c5V7DVLEehFjuqxkObikmjiKAb0T+l71XXXq1QsL1DfaoqEzVwsXCpSfQEfmQcvhGGXr+cTolgluVdA4YzoBl0Q+hv9fihO9jfsLZZCfhG/JlUORRyybfKX42P2MjSsLHL5aaNqWKXy+kGTM5bF9ViUTvMRQU0p0MYrtpLyb/6+ayO9F2kFYBjgHBgeQ/g7QYC2mFE=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR03MB7180.eurprd03.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(366016)(10070799003)(19092799006)(376014)(52116014)(1800799024)(7142099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "2", "X-MS-Exchange-AntiSpam-MessageData-0": "\n ouQjp61yR3goLngi+TinSf38d32lGy0aOza+lLKJ53h5qhHfd0d8RU3S6yeAq2FkdR9buUP3sml8gDNo+YoiO/T8nKWBgEGw30S/C0qUlcaHcpfGzFP6obHhv+tKW4cgoYXihxzif/4k5Fi5vs8WkoMK2P5HDXvKb7jteIGf6RGsdDgLk7INZAwjhBtHEIjSg5dnMK8wA0weYVWEuVl4U+4DxXZDK2GB/FJGLlSoy+PLJ43SYR0Un3fnBX5HAuMCKuv0QF5TA+81QP66SOQkDreAo4NpB606OOEv+iHtWM3flpE9WBk79lyxLhp3bZUOnU1WcWLV1qsJ1N31iYQbaWW7tY6sRkJ3x8z624cHTO0I5MTxoiArquWZjW3vDE0Km/pyBzfSrhDEb3+fbbTWX+dDZIOJZqk4s+0t9b5wxIspNXynC8wJ1438le+/rR64uHSX3mXMt9fImxUVvs0OiwgE3wx9m/a3HN/IkHpx8zEuRFfHY4PPqwR2uvXb/eRURePGj9Vd7CJQPRcsLPC6IAOk96Ra/gT8iRimOw5gYoScplWEpUtvUwVhZZY/YtI15iL1V+/rPZuhRSJSogKMg9qlju+4u9hi6OWyrsBYvLjrDPrVrvefLEDPS4qSojkjpnkK4Q8RO4vbSoNTxU+rnSNb5DHYoHwqW0DSIW3HuhvO5FESsNtk8izxStt4LZ5hVibdw6tVotOmJcwb20PZv8JVXaVJRuqIHKItHMxsWj2TFH75OaOiPTV8ooOCLqgJSv4h/D5x8o4VebCNY/5JcnWTSMMfp66yzePLRMyXRaXGMGeuhjQ7rPMkHNt2Qq029UgPOFP8MAXndEmIfQMH9L6wx2m0UPUGkFwbnIcDp33jXmJ6ygJ1wGvdgud1d6kPt/tCGeYZBswT9fdwZ1RvsfaP+5M3aO2FhG1WE6E1gbKio6IaG+UMfuzT2q3RBuT6pFSOmE0wwgiveDNh1p2ehL708oirhlSA6TXmFun4JlBJ9m4qd5AjgXn5ScIn14DWvwh2C5znJ56kQp83kBuDN/cLFiKqS63ejn9zSPhnasIuE0iSKJB/oT/SrqbFfIHsdN4Z8WB9JdmCZyxLgMqXtmEUC9qoVst9ThjPFIDscLLl614zjOtToCEnNJOB5kxblXbENdpGv6FshcYRAboOOBLIP4zbLBxLI2zFpW0nNYUb9ugIpYapHFHyOjeRMEeEAFVSmQs4XHt6dW1F1nqTgXTV3cXWAotrnRCNYJdEQHc6OKgkmj3boW03xw30ArQ5qYa6Iy7z2KKcXIamYSbmoNVpinZVRh90rpSu+dCkMTL5V9CM55cRo28phkrf+OxQVrt2iIWj3iYgOaI8u4ZH7O/j5hk+PEAFBYhVUIe77ECWG+Hdv8ZHtmhVEzxqfXD/D4fBBAtNq6XT7J7GG+aMGnuQp+nDRUtT0LiqAEAVo50qOE8+ewcWh7pp+QEcXTkRqlIJ4tDAcTQbT4S2VbbMYBfpHLPmorUM8wYaqXnTs4v0VW2LTtaGFBYPgzE03/8dbnriMVwYLgUIztVOcRo9LURggluOW7PBaVnay9ewMFtektHQH19PFr+UNM5wplbwaf4Ubl3CjGicQTphqGVhZX6wr4dTou0niQzt7oox5HVAbFTsmRv9KeoA+Vov0VfE2a9KedFcbPDPNpIbyey0GygzRgWz23DGg6jNksC0Q2wAH8jSLsjjm9I7WXN1GQlWOTDO5AtuMZXshT108+89CKqJGbxAk4Su083TocIwV5o4V3wb7Y5PKkMpF2p34+SAViky0cfJ", "X-MS-Exchange-AntiSpam-MessageData-1": "soESOt+Vxm6Qi1de1zsOf4oGQ4bPwM4FnLY=", "X-OriginatorOrg": "mt.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n 806d92d7-4881-474f-e0ac-08de70609708", "X-MS-Exchange-CrossTenant-AuthSource": "DB9PR03MB7180.eurprd03.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "20 Feb 2026 09:15:28.7217 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fb4c0aee-6cd2-482f-a1a5-717e7c02496b", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n yY2jvTS55oY3lHWfrsJKLWY1sppsn5iajzbrH9Y6/3mJsjPl9t61yJLHcH+7lnSjKInHDxxV/LsSS4RuFyJ7qw==", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "GV1PR03MB8544", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Test pkcs11 URI support for UEFI capsule generation. Both\npublic certificate and private key are used over pkcs11\nprotocol.\nPkcs11-tool has been introduced as softhsm tool doesn't have\nfunctionality to import certificates in commonly distributed\nversion (only in the latest).\n\nSigned-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>\nReviewed-by: Simon Glass <simon.glass@canonical.com>\n---\n tools/binman/btool/p11_kit.py | 21 ++++++\n tools/binman/btool/pkcs11_tool.py | 21 ++++++\n tools/binman/ftest.py | 73 +++++++++++++++++++\n .../binman/test/351_capsule_signed_pkcs11.dts | 22 ++++++\n 4 files changed, 137 insertions(+)\n create mode 100644 tools/binman/btool/p11_kit.py\n create mode 100644 tools/binman/btool/pkcs11_tool.py\n create mode 100644 tools/binman/test/351_capsule_signed_pkcs11.dts", "diff": "diff --git a/tools/binman/btool/p11_kit.py b/tools/binman/btool/p11_kit.py\nnew file mode 100644\nindex 000000000000..9d8d5d848b44\n--- /dev/null\n+++ b/tools/binman/btool/p11_kit.py\n@@ -0,0 +1,21 @@\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright 2026 Mettler Toledo Technologies GmbH\n+#\n+\"\"\"Bintool implementation for p11-kit\"\"\"\n+\n+from binman import bintool\n+\n+\n+class Bintoolp11_kit(bintool.Bintool):\n+ \"\"\"p11-kit -- support tool for pkcs#11 libraries\"\"\"\n+ def __init__(self, name):\n+ super().__init__('p11-kit',\n+ 'Pkcs11 library modules tool',\n+ version_args='list modules')\n+\n+ def fetch(self, method):\n+ \"\"\"Install p11-kit via APT \"\"\"\n+ if method != bintool.FETCH_BIN:\n+ return None\n+\n+ return self.apt_install('p11-kit')\ndiff --git a/tools/binman/btool/pkcs11_tool.py b/tools/binman/btool/pkcs11_tool.py\nnew file mode 100644\nindex 000000000000..673c0ea0ac35\n--- /dev/null\n+++ b/tools/binman/btool/pkcs11_tool.py\n@@ -0,0 +1,21 @@\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright 2026 Mettler Toledo Technologies GmbH\n+#\n+\"\"\"Bintool implementation for pkcs11-tool\"\"\"\n+\n+from binman import bintool\n+\n+\n+class Bintoolpkcs11_tool(bintool.Bintool):\n+ \"\"\"pkcs11-tool -- support tool for managing pkcs#11 tokens\"\"\"\n+ def __init__(self, name):\n+ super().__init__('pkcs11-tool',\n+ 'PKCS #11 tokens managing tool',\n+ version_args='--show-info')\n+\n+ def fetch(self, method):\n+ \"\"\"Install opensc via APT \"\"\"\n+ if method != bintool.FETCH_BIN:\n+ return None\n+\n+ return self.apt_install('opensc')\ndiff --git a/tools/binman/ftest.py b/tools/binman/ftest.py\nindex a53e37f31b3e..d47364162188 100644\n--- a/tools/binman/ftest.py\n+++ b/tools/binman/ftest.py\n@@ -7,6 +7,7 @@\n # python -m unittest func_test.TestFunctional.testHelp\n \n import collections\n+import configparser\n import glob\n import gzip\n import hashlib\n@@ -7532,6 +7533,78 @@ fdt fdtmap Extract the devicetree blob from the fdtmap\n \n self._CheckCapsule(data, signed_capsule=True)\n \n+ def testPkcs11SignedCapsuleGen(self):\n+ \"\"\"Test generation of EFI capsule (with PKCS11)\"\"\"\n+ data = tools.read_file(self.TestFile(\"key.key\"))\n+ private_key = self._MakeInputFile(\"key.key\", data)\n+ data = tools.read_file(self.TestFile(\"key.pem\"))\n+ cert_file = self._MakeInputFile(\"key.crt\", data)\n+\n+ softhsm2_util = bintool.Bintool.create('softhsm2_util')\n+ self._CheckBintool(softhsm2_util)\n+\n+ pkcs11_tool = bintool.Bintool.create('pkcs11-tool')\n+ self._CheckBintool(pkcs11_tool)\n+\n+ prefix = \"testPkcs11SignedCapsuleGen.\"\n+ # Configure SoftHSMv2\n+ data = tools.read_file(self.TestFile('340_softhsm2.conf'))\n+ softhsm2_conf = self._MakeInputFile(f'{prefix}softhsm2.conf', data)\n+ softhsm2_tokens_dir = self._MakeInputDir(f'{prefix}softhsm2.tokens')\n+\n+ with open(softhsm2_conf, 'a') as f:\n+ f.write(f'directories.tokendir = {softhsm2_tokens_dir}\\n')\n+\n+ # Find the path to softhsm2 library\n+ p11_kit = bintool.Bintool.create('p11-kit')\n+ self._CheckBintool(p11_kit)\n+\n+ p11_kit_config = configparser.ConfigParser()\n+ out = tools.run('p11-kit', 'print-config')\n+ p11_kit_config.read_string(out)\n+ softhsm2_lib = p11_kit_config.get('softhsm2', 'module',\n+ fallback=None)\n+ self.assertIsNotNone(softhsm2_lib)\n+\n+ with unittest.mock.patch.dict('os.environ',\n+ {'SOFTHSM2_CONF': softhsm2_conf,\n+ 'PKCS11_MODULE_PATH': softhsm2_lib}):\n+ tools.run('softhsm2-util', '--init-token', '--free', '--label',\n+ 'U-Boot token', '--pin', '1111', '--so-pin',\n+ '222222')\n+ tools.run('pkcs11-tool', '--module', softhsm2_lib,\n+ '--write-object', cert_file, '--pin', '1111',\n+ '--type', 'cert', '--id', '999999', '--label',\n+ 'test_cert', '--login')\n+ tools.run('softhsm2-util', '--import', private_key, '--token',\n+ 'U-Boot token', '--label', 'test_key', '--id', '999999',\n+ '--pin', '1111')\n+ data = self._DoReadFile('351_capsule_signed_pkcs11.dts')\n+\n+ self._CheckCapsule(data, signed_capsule=True)\n+\n+ hdr = self._GetCapsuleHeaders(data)\n+ monotonic_count = hdr['EFI_FIRMWARE_IMAGE_AUTH.MONOTONIC_COUNT']\n+\n+ # UEFI standard requires that signature is checked over payload followed\n+ # by a monotonic count as little endian 64-bit integer.\n+ sig_input = self._MakeInputFile(\"sig_input\", EFI_CAPSULE_DATA)\n+ with open(sig_input, 'ab') as f:\n+ f.write(struct.pack('<Q', int(monotonic_count, 16)))\n+\n+ # Verify dumped capsule signature dumped by meficapsule during\n+ # generation\n+ openssl = bintool.Bintool.create('openssl')\n+ self._CheckBintool(openssl)\n+ openssl_args = ['smime', '-verify', '-inform', 'DER',\n+ '-in', tools.get_output_filename('capsule.efi-capsule.p7'),\n+ '-content', sig_input, '-CAfile', cert_file,\n+ '-no_check_time',\n+ '-out', tools.get_output_filename('decoded-capsule.bin')]\n+ result = openssl.run_cmd_result(*openssl_args)\n+ self.assertIsNotNone(result.stdout)\n+ self.assertIn('Verification successful', result.stderr)\n+\n def testCapsuleGenVersionSupport(self):\n \"\"\"Test generation of EFI capsule with version support\"\"\"\n data = self._DoReadFile('313_capsule_version.dts')\ndiff --git a/tools/binman/test/351_capsule_signed_pkcs11.dts b/tools/binman/test/351_capsule_signed_pkcs11.dts\nnew file mode 100644\nindex 000000000000..bb87e18a15fe\n--- /dev/null\n+++ b/tools/binman/test/351_capsule_signed_pkcs11.dts\n@@ -0,0 +1,22 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\tbinman {\n+\t\tefi-capsule {\n+\t\t\timage-index = <0x1>;\n+\t\t\t/* Image GUID for testing capsule update */\n+\t\t\timage-guid = \"binman-test\";\n+\t\t\thardware-instance = <0x0>;\n+\t\t\tmonotonic-count = <0x1>;\n+\t\t\tdump-signature;\n+\t\t\tprivate-key = \"pkcs11:token=U-Boot%20token;object=test_key;type=private;pin-value=1111\";\n+\t\t\tpublic-key-cert = \"pkcs11:token=U-Boot%20token;object=test_cert;type=cert;pin-value=1111\";\n+\n+\t\t\tblob {\n+\t\t\t\tfilename = \"capsule_input.bin\";\n+\t\t\t};\n+\t\t};\n+\t};\n+};\n", "prefixes": [ "v7", "6/6" ] }