| Message ID | 20210407115335.8615-3-sughosh.ganu@linaro.org |
|---|---|
| State | Superseded |
| Delegated to: | Heinrich Schuchardt |
| Headers | show |
| Series | Add support for embedding public key in platform's dtb | expand |
On 4/7/21 1:53 PM, Sughosh Ganu wrote: > Add config options EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are to > be used for embedding the public key to be used for capsule > authentication into the platform's device tree. > > The embedding of the public key would take place during the platform > build process. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > lib/efi_loader/Kconfig | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > index 0b99d7c774..de3083a979 100644 > --- a/lib/efi_loader/Kconfig > +++ b/lib/efi_loader/Kconfig > @@ -179,6 +179,21 @@ config EFI_CAPSULE_AUTHENTICATE > Select this option if you want to enable capsule > authentication > > +config EFI_PKEY_DTB_EMBED > + bool "Embed the public key in the Device Tree" > + default n "default n" has no effect. So this line is superfluous. But shouldn't this be default=y and tested via Python tests? > + depends on EFI_CAPSULE_AUTHENTICATE > + help > + Select this option if the public key used for capsule > + authentication is to be embedded into the platform's > + device tree. > + > +config EFI_PKEY_FILE > + string "Public Key esl file to be embedded into the Device Tree" Please, provide a default value (e.g. "eficapsule.esl") that we can rely on in our Python tests. Best regards Heinrich > + help > + Specify the absolute path of the public key esl file that is > + to be embedded in the platform's device tree. > + > config EFI_CAPSULE_FIRMWARE_FIT > bool "FMP driver for FIT image" > depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT >
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 0b99d7c774..de3083a979 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -179,6 +179,21 @@ config EFI_CAPSULE_AUTHENTICATE Select this option if you want to enable capsule authentication +config EFI_PKEY_DTB_EMBED + bool "Embed the public key in the Device Tree" + default n + depends on EFI_CAPSULE_AUTHENTICATE + help + Select this option if the public key used for capsule + authentication is to be embedded into the platform's + device tree. + +config EFI_PKEY_FILE + string "Public Key esl file to be embedded into the Device Tree" + help + Specify the absolute path of the public key esl file that is + to be embedded in the platform's device tree. + config EFI_CAPSULE_FIRMWARE_FIT bool "FMP driver for FIT image" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
Add config options EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are to be used for embedding the public key to be used for capsule authentication into the platform's device tree. The embedding of the public key would take place during the platform build process. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- lib/efi_loader/Kconfig | 15 +++++++++++++++ 1 file changed, 15 insertions(+)