Message ID | 20240408213349.96610-1-j-humphreys@ti.com |
---|---|
Headers | show |
Series | EFI: capsule: ti: enable authenticated capsules | expand |
On 4/8/24 23:33, Jonathan Humphreys wrote: > Create an EFI signature list (.esl) file based on the TI dummy key. > Enable capsule authentication for several TI SoC based platforms: AM64, AM62, > AM62p, BeaglePlay, J7, and BeagleboneAI. Hello Jonathan, with the patch a capsule update will not be possible if the capsule is not signed with the private key matching the ESL signature key in patch 1/13. Why should a user want to lock down their board to a private key over which he has no control? Wouldn't it be in their best interest to create a key pair themselves? I would have expected a documentation change explaining this to the users. Best regards Heinrich > > Jonathan Humphreys (13): > ti:keys Add EFI signature list > configs: am64x: Set capsule update signature list file > configs: am64x: Enable capsule authentication > configs: j721e: Set capsule update signature list file > configs: j721e: Enable capsule authentication > configs: beagleplay: Set capsule update signature list file > configs: beagleplay: Enable capsule authentication > configs: am62px: Set capsule update signature list file > configs: am62px: Enable capsule authentication > configs: am62x: Set capsule update signature list file > configs: am62x: Enable capsule authentication > configs: beagleboneai64: Set capsule update signature list file > configs: beagleboneai64: Enable capsule authentication > > arch/arm/mach-k3/keys/custMpk.esl | Bin 0 -> 1523 bytes > configs/am62px_evm_a53_defconfig | 2 ++ > configs/am62x_beagleplay_a53_defconfig | 2 ++ > configs/am62x_evm_a53_defconfig | 2 ++ > configs/am64x_evm_a53_defconfig | 2 ++ > configs/j721e_beagleboneai64_a72_defconfig | 2 ++ > configs/j721e_evm_a72_defconfig | 2 ++ > 7 files changed, 12 insertions(+) > create mode 100644 arch/arm/mach-k3/keys/custMpk.esl >