| Message ID | 20211116043238.67226-12-takahiro.akashi@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | efi_loader: capsule: improve capsule authentication support | expand |
Hi Takahiro, On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > With this script, a public key is added to a device tree blob > as the default efi_get_public_key_data() expects. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > MAINTAINERS | 1 + > tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 41 insertions(+) > create mode 100755 tools/fdtsig.sh > > diff --git a/MAINTAINERS b/MAINTAINERS > index 813674eb2898..8233a53c29dc 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -742,6 +742,7 @@ F: cmd/bootefi.c > F: cmd/efidebug.c > F: cmd/nvedit_efi.c > F: tools/efivar.py > +F: tools/fdtsig.sh > F: tools/file2include.c > F: tools/mkeficapsule.c > > diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh > new file mode 100755 > index 000000000000..c2b2a6dc5ec8 > --- /dev/null > +++ b/tools/fdtsig.sh > @@ -0,0 +1,40 @@ > +#!/bin/sh > +# SPDX-License-Identifier: GPL-2.0+ > +# > +# script to add a certificate (efi-signature-list) to dtb blob > + > +usage() { > + if [ -n "$*" ]; then > + echo "ERROR: $*" > + fi > + echo "Usage: "$(basename $0) " <esl file> <dtb file>" > +} > + > +if [ "$#" -ne 2 ]; then > + usage "Arguments missing" > + exit 1 > +fi > + > +ESL=$1 > +DTB=$2 > +NEW_DTB=$(basename $DTB)_tmp > +SIG=signature > + > +cat << 'EOF' > $SIG.dts > +/dts-v1/; > +/plugin/; > + > +&{/} { > + signature { > +EOF > +echo "capsule-key = /incbin/(\"$ESL\");" >> $SIG.dts > +cat << 'EOF' >> $SIG.dts > + }; > +}; > +EOF > + > +dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts > +fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo > +mv $NEW_DTB $DTB > + > +rm $SIG.dts $SIG.dtsn $SIG.dtbo > -- > 2.33.0 > As mentioned, let's get binman working here. Regards, Simon
diff --git a/MAINTAINERS b/MAINTAINERS index 813674eb2898..8233a53c29dc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -742,6 +742,7 @@ F: cmd/bootefi.c F: cmd/efidebug.c F: cmd/nvedit_efi.c F: tools/efivar.py +F: tools/fdtsig.sh F: tools/file2include.c F: tools/mkeficapsule.c diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh new file mode 100755 index 000000000000..c2b2a6dc5ec8 --- /dev/null +++ b/tools/fdtsig.sh @@ -0,0 +1,40 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0+ +# +# script to add a certificate (efi-signature-list) to dtb blob + +usage() { + if [ -n "$*" ]; then + echo "ERROR: $*" + fi + echo "Usage: "$(basename $0) " <esl file> <dtb file>" +} + +if [ "$#" -ne 2 ]; then + usage "Arguments missing" + exit 1 +fi + +ESL=$1 +DTB=$2 +NEW_DTB=$(basename $DTB)_tmp +SIG=signature + +cat << 'EOF' > $SIG.dts +/dts-v1/; +/plugin/; + +&{/} { + signature { +EOF +echo "capsule-key = /incbin/(\"$ESL\");" >> $SIG.dts +cat << 'EOF' >> $SIG.dts + }; +}; +EOF + +dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts +fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo +mv $NEW_DTB $DTB + +rm $SIG.dts $SIG.dtsn $SIG.dtbo
With this script, a public key is added to a device tree blob as the default efi_get_public_key_data() expects. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- MAINTAINERS | 1 + tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 tools/fdtsig.sh