From patchwork Mon Aug 14 09:03:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713465 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp1129801wrp; Mon, 14 Aug 2023 02:03:58 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEBTmIOm1s3SWG520agK+Yhe7alU+0YcpvTftPsPZxK+E+LkvxSmbmdewU94j/q+p0J3nA9 X-Received: by 2002:a5d:6646:0:b0:319:7487:9144 with SMTP id f6-20020a5d6646000000b0031974879144mr2425615wrw.69.1692003837938; Mon, 14 Aug 2023 02:03:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692003837; cv=none; d=google.com; s=arc-20160816; b=yV5F96+VxMHdD8llIyqI+HNkQo1zeLPd5pVNQ0aP3C7kyo6S4LkHaGK77n/C0Cg50U uzBfTwqqkfOrGAuh0dv3nTmPFrgvOiA6/lCqsEHLjeAgSGtLGOfJj36I50lwA+Lm9akI 183TknHS0/VkDGAq45Fg8JiJkP8+7mp2DrUQeywKgKNHdPfs/3dzrKze+xEC89bm1Euy +ZNDg491IBGR8pINl1zEaiBRUuGAmFKlg+P7UWY14LQwTPZkD96txzGl9Bwy0tm2FcZM 0AraG5kceHdh3ZQ3Jgl/AU5i0kTsigIlYhHIflQDR2OLqLcqxQeV+xKGiIaTVeOj5HSH puVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=SmnCumYFVsGnhsZ1zY4uSziMworJEAUAqy0mKPPZ0QA=; fh=ikJSK2WVWLZPtKfyjzYjMbDKcRMYT5CY2x/iGdlGnWY=; b=dWqRmUoqyJn8ekhrCv/2wDy8z/FfsJ6kFvlhfXP5c/tL3liN6+ppUIkPcugEAfobUz BpOVrbivhrdu5ouC3jgNZRS3SeWRj6o02RFQdw2OGcgp4OfX0EDSrJ8mU+aAqC9JrNUR h86fd1bgK1MVUKS9Az/enXm7yXG+6/vy60MiFlNKamCfICo0VF2J6GGWTVJHhv+HmWSb 1OIhA/B7rXgv7PdsLaE5lCOj9Hel5oUZzhkA5mPo2igiNcRF4XQfl4WKDcIoAx597bxE NBfQiLSVdpbQu7ctc0Iv6qsMn5sVNQOlPKwR0Mnf/dQbYc6vLN78nwFFyFk+MSUDX5qc obSg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id d16-20020adfe890000000b003175debcfb3si75594wrm.520.2023.08.14.02.03.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Aug 2023 02:03:57 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3AE3E8664F; Mon, 14 Aug 2023 11:03:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 733B68679C; Mon, 14 Aug 2023 11:03:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 8A20C86614 for ; Mon, 14 Aug 2023 11:03:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5859F2F4; Mon, 14 Aug 2023 02:04:27 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CBF983F6C4; Mon, 14 Aug 2023 02:03:42 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Tom Rini , Sughosh Ganu Subject: [RFC PATCH 1/4] scripts/Makefile.lib: Collate all dtsi files for inclusion Date: Mon, 14 Aug 2023 14:33:06 +0530 Message-Id: <20230814090309.1548310-2-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230814090309.1548310-1-sughosh.ganu@linaro.org> References: <20230814090309.1548310-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean At the time of building a device-tree file, all the *u-boot.dtsi files are looked for, in a particular order, and the first file found is included. Then, the list of files specified in the CONFIG_DEVICE_TREE_INCLUDES symbol are included. Combine these files that are to be included into a variable, and then include all these files in one go. Signed-off-by: Sughosh Ganu --- scripts/Makefile.lib | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index f5ab7af0f4..f41b16781d 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -179,10 +179,13 @@ ifdef DEVICE_TREE_DEBUG u_boot_dtsi_options_debug = $(warning $(u_boot_dtsi_options_raw)) endif -# We use the first match -u_boot_dtsi = $(strip $(u_boot_dtsi_options_debug) \ +# We use the first match to be included +include_files = $(strip $(u_boot_dtsi_options_debug) \ $(notdir $(firstword $(u_boot_dtsi_options)))) +# The CONFIG_DEVICE_TREE_INCLUDES also need to be included +include_files += $(CONFIG_DEVICE_TREE_INCLUDES) + # Modified for U-Boot dtc_cpp_flags = -Wp,-MD,$(depfile).pre.tmp -nostdinc \ $(UBOOTINCLUDE) \ @@ -320,8 +323,8 @@ quiet_cmd_dtc = DTC $@ # Bring in any U-Boot-specific include at the end of the file # And finally any custom .dtsi fragments specified with CONFIG_DEVICE_TREE_INCLUDES cmd_dtc = mkdir -p $(dir ${dtc-tmp}) ; \ - (cat $<; $(if $(u_boot_dtsi),echo '$(pound)include "$(u_boot_dtsi)"')) > $(pre-tmp); \ - $(foreach f,$(subst $(quote),,$(CONFIG_DEVICE_TREE_INCLUDES)), \ + (cat $< > $(pre-tmp)); \ + $(foreach f,$(subst $(quote),,$(include_files)), \ echo '$(pound)include "$(f)"' >> $(pre-tmp);) \ $(HOSTCC) -E $(dtc_cpp_flags) -x assembler-with-cpp -o $(dtc-tmp) $(pre-tmp) ; \ $(DTC) -O dtb -o $@ -b 0 \ From patchwork Mon Aug 14 09:03:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713466 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp1129872wrp; Mon, 14 Aug 2023 02:04:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8Hw6/nI/Zk56kOEGjwVx/FOsILf5p/kJtrxD3eo4FQF8hT8Rx22XFwjQQO4PZ6GpgNDrW X-Received: by 2002:a05:600c:5121:b0:3fe:1b4e:c484 with SMTP id o33-20020a05600c512100b003fe1b4ec484mr7778412wms.5.1692003848059; Mon, 14 Aug 2023 02:04:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692003848; cv=none; d=google.com; s=arc-20160816; b=Q9iJoMZrIlJ10ss4o9vfouDdKBHLTaahzexyI2M6/2J/Pz514VmTRaNd7D5x5gQkm5 3/9b7FRNmCrLhtvNrpeu5UMdntIvCssKSt+IoIK+JhEwlswLEOn76OSO9dLQmm6pWcn/ qiRlVWJVfv+tQlUwpP0+C2H4jsxwKVX2b8ANNOSKRfNJ4d3w3VmYAip9uHlrokxCiAas UzvxWjgkt3HfecjQ72LMIf7XbUHOoXzonJ0sngx7m+WRvInRtpPAH3Mrw5afQEN2j8v7 kJK5DXIE+78GWDpMs52olxtQMbtb+fUfhA6vQqsojG2GvjxYWqTxSdIcEz/IFnFwYv/o pV7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=N71lTZ94cTvtIQ0JwDdC9KusTDZB/rbheoqfxA0v3L4=; fh=ikJSK2WVWLZPtKfyjzYjMbDKcRMYT5CY2x/iGdlGnWY=; b=hKABehawLDPPxKkHLJpkCFTJSa1p2JACiAFNo+W4iEwslcyYCt7NkZ1MI18Y/+3Ls+ 2AiACI5OkZD+zOTzklv6NndBUotsPkuSP/Iq5QjYy2XoY3TS019hZ+8hVNSSa2zFsv0+ CouGQ1DsunCBbiGRubQ0YU72heKYTd7VKnyO9jpHioybuj9Zhx3ocQLnOJhwmC1VKoKg i6IWC2qF8lSiVl1sxiVY5bk3TF8g6ucPown2uqAwEnDlq/JRBb+DyicVZJZBa+PF5z4r arLtN8yYdVMdtNSl2RnuILbbelv4/7hvz7DfMi0z8UQH1ZqadAVKwq6Mx0HBcaElwhHi P/HQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id t14-20020a05600c198e00b003fe219ddfe5si6922862wmq.0.2023.08.14.02.04.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Aug 2023 02:04:08 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7F9F186889; Mon, 14 Aug 2023 11:03:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 674858692C; Mon, 14 Aug 2023 11:03:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4949B867B4 for ; Mon, 14 Aug 2023 11:03:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 107BD2F4; Mon, 14 Aug 2023 02:04:30 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8AD2B3F6C4; Mon, 14 Aug 2023 02:03:45 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Tom Rini , Sughosh Ganu Subject: [RFC PATCH 2/4] scripts/Makefile.lib: Embed capsule public key in platform's dtb Date: Mon, 14 Aug 2023 14:33:07 +0530 Message-Id: <20230814090309.1548310-3-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230814090309.1548310-1-sughosh.ganu@linaro.org> References: <20230814090309.1548310-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The EFI capsule authentication logic in u-boot expects the public key in the form of an EFI Signature List(ESL) to be provided as part of the platform's dtb. Currently, the embedding of the ESL file into the dtb needs to be done manually. Add a target for generating a dtsi file which contains the signature node with the ESL file included as a property under the signature node. Include the dtsi file in the dtb. This brings the embedding of the ESL in the dtb into the U-Boot build flow. The path to the ESL file is specified through the CONFIG_EFI_CAPSULE_ESL_FILE symbol. Signed-off-by: Sughosh Ganu --- lib/efi_loader/Kconfig | 9 +++++++++ lib/efi_loader/capsule_esl.dtsi.in | 11 +++++++++++ scripts/Makefile.lib | 17 +++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 lib/efi_loader/capsule_esl.dtsi.in diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 9989e3f384..f40a62a0ba 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -272,6 +272,15 @@ config EFI_CAPSULE_MAX Select the max capsule index value used for capsule report variables. This value is used to create CapsuleMax variable. +config EFI_CAPSULE_ESL_FILE + string "Path to the EFI Signature List File" + default "" + depends on EFI_CAPSULE_AUTHENTICATE + help + Provides the path to the EFI Signature List file which will + be embedded in the platform's device tree and used for + capsule authentication at the time of capsule update. + config EFI_DEVICE_PATH_TO_TEXT bool "Device path to text protocol" default y diff --git a/lib/efi_loader/capsule_esl.dtsi.in b/lib/efi_loader/capsule_esl.dtsi.in new file mode 100644 index 0000000000..61a9f2b25e --- /dev/null +++ b/lib/efi_loader/capsule_esl.dtsi.in @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: GPL-2.0+ +/** + * Devicetree file with the public key EFI Signature List(ESL) + * node. This file is used to generate the dtsi file to be + * included into the DTB. +*/ +/ { + signature { + capsule-key = /incbin/("ESL_BIN_FILE"); + }; +}; diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index f41b16781d..cf4eef0b05 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -334,8 +334,25 @@ cmd_dtc = mkdir -p $(dir ${dtc-tmp}) ; \ ; \ sed "s:$(pre-tmp):$(<):" $(depfile).pre.tmp $(depfile).dtc.tmp > $(depfile) +ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE +quiet_cmd_capsule_esl_gen = CAPSULE_ESL_GEN $@ +cmd_capsule_esl_gen = \ + $(shell sed "s:ESL_BIN_FILE:$(capsule_esl_path):" $(capsule_esl_input_file) > $@) + +$(obj)/.capsule_esl.dtsi: + $(call cmd_capsule_esl_gen) + +capsule_esl_input_file=$(srctree)/lib/efi_loader/capsule_esl.dtsi.in +capsule_esl_dtsi = .capsule_esl.dtsi +capsule_esl_path=$(abspath $(srctree)/$(subst $(quote),,$(CONFIG_EFI_CAPSULE_ESL_FILE))) +include_files += $(capsule_esl_dtsi) + +$(obj)/%.dtb: $(src)/%.dts $(DTC) $(obj)/.capsule_esl.dtsi FORCE + $(call if_changed_dep,dtc) +else $(obj)/%.dtb: $(src)/%.dts $(DTC) FORCE $(call if_changed_dep,dtc) +endif pre-tmp = $(subst $(comma),_,$(dot-target).pre.tmp) dtc-tmp = $(subst $(comma),_,$(dot-target).dts.tmp) From patchwork Mon Aug 14 09:03:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713467 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp1129944wrp; Mon, 14 Aug 2023 02:04:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFmlf8hJ3U3uGl7lbip0BSK3lXGiYMUctzL9PjALXOOdHT63GHWdho9kO+g5lc2QheQBMK/ X-Received: by 2002:a5d:4e91:0:b0:317:39e3:7c68 with SMTP id e17-20020a5d4e91000000b0031739e37c68mr6438378wru.18.1692003858367; Mon, 14 Aug 2023 02:04:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692003858; cv=none; d=google.com; s=arc-20160816; b=bgxPD+BnhVapEvc3X0/yRgoywsitPSmw038kOh8vocA5SoGOqBD/YyL52gSPSr22B8 Qqv7y+e7l1diYZ1hNDWpAfdNVPNHXkoJtoZCtMbshDU1XjIoIBRD201amo3+CCFYV/Hz 6jv5IRemRUmGQLXwgZ6CKveA3PkBDXPJ8UPhvTdFY+0Vqcmg2ZEuY9XAw7NTPs+6ae+l V26chjGh68m+/enjrgQ3ox1xojQAgoi2fh7RJPfgCzR/jdlfhcN90r+VwhiWttkOsvD2 mK2lkQyjmSA/c4cRdzzBzCW1CCVhvNYG2bQdd7KHcH59N1NRhkUKVbtsgtcPYN4wExcD 57qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=QAYNFTuJijYDp3gJwV+6kxIbSlZccoDYzkk76C8iDSM=; fh=ikJSK2WVWLZPtKfyjzYjMbDKcRMYT5CY2x/iGdlGnWY=; b=RmZRFeH13c0kSaT9m6VYqcrAX/YpDOCteGio5fvV954uYh4FKq8nh1Kcf98LciYM8d 5jfxlvtFQoSHo97T00xJmdlhYPkPENe7Aqqy1xBOxkK0impDa1AMi/w06bF77PSa91ml Y7uQEf77UK/fwCaWvDy8X8QvSBYX0jo/DswwwbMOAJmTWBG5YWj3NnPetP0FRtrP+kAV qgU+DVlymW16sy2KzmYOujEuoas30S4sXGQcruzb2+doHA9UQnjQCzY9Tx7LfQvXk6mf ipBtU1R2489lNDrDT6jfbHcSQrvIOg00SiLf6XkuvQU0II4NCaaCwKvav0l7ADyjRMx9 FGXg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id w8-20020adff9c8000000b0031412b685d5si4772307wrr.413.2023.08.14.02.04.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Aug 2023 02:04:18 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C0D4B86895; Mon, 14 Aug 2023 11:03:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 519D580750; Mon, 14 Aug 2023 11:03:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 60E1986918 for ; Mon, 14 Aug 2023 11:03:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BBFCD2F4; Mon, 14 Aug 2023 02:04:32 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 41AC43F6C4; Mon, 14 Aug 2023 02:03:48 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Tom Rini , Sughosh Ganu Subject: [RFC PATCH 3/4] sandbox: capsule: Add path to the public key ESL file Date: Mon, 14 Aug 2023 14:33:08 +0530 Message-Id: <20230814090309.1548310-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230814090309.1548310-1-sughosh.ganu@linaro.org> References: <20230814090309.1548310-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add the path to the public key EFI Signature List(ESL) file for the sandbox variants which enable capsule authentication. This ESL file gets embedded into the platform's device-tree as part of the build. Signed-off-by: Sughosh Ganu --- configs/sandbox_defconfig | 1 + configs/sandbox_flattree_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 1cd1c2ed7c..9f349d482b 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -340,6 +340,7 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_ESL_FILE="board/sandbox/capsule_pub_esl_good.esl" CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig index 8aa295686d..2a24b38cfb 100644 --- a/configs/sandbox_flattree_defconfig +++ b/configs/sandbox_flattree_defconfig @@ -227,6 +227,7 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_ESL_FILE="board/sandbox/capsule_pub_esl_good.esl" CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y From patchwork Mon Aug 14 09:03:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713468 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp1130013wrp; Mon, 14 Aug 2023 02:04:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFBZu2DCrxQ7x/+TybyRFSGiZdnIxNxtOTYt4Psag2GGkrVmG1y3XnKgs3Lj0cd3uFbny7G X-Received: by 2002:adf:f150:0:b0:314:15a8:7879 with SMTP id y16-20020adff150000000b0031415a87879mr6444009wro.34.1692003868616; Mon, 14 Aug 2023 02:04:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692003868; cv=none; d=google.com; s=arc-20160816; b=HiBA3MHScJWrHdGIE+hRQiFKXrPARBoEpStjMy/RNNqK9MbWYcqPWCS61VxXb45I4s x7bSFcYqlZy1N0x6wGInmU6Zx8+8hWyJQMR7F4lKZhNhFjDJp1si/s2fYAGh5YW3U4LV npUdkVN7c4cc6aIpebYQtfG9H5V4Y4Nq/tLkkNrw16jiGw+K+mQgJwqFeoibDMpoSXqn aTn9pm9AfjWp0vRr2iAdrLDFIilXUdrn8pBTMMg29stnjrWS/OkZ0c6+QZGuPNI0xHHQ TEmVjTwoSn1DjIq3A0b2P1nYQFqzrINxrJWWHgT2qYmr8cRy0Id2byhTtPnEysp3wceL RKEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=qyJHjc9gP5lytXrVwD8G6jSyJLF7XgG954pVxPqdHNo=; fh=ikJSK2WVWLZPtKfyjzYjMbDKcRMYT5CY2x/iGdlGnWY=; b=zEJzN6tsXeMYAk34Mdh3YQA8DNsmaK8S3zf9uPiZZ6a6dVjBnfylYdUlWvDu2ZnQGW wVwZSZFGpfPiCp2ro0n//t/Bl2IEdGMWrFYmbjZfgEVQ8VlvyqXXDDFlO2bF8OdfJ2nW 8zLAz3ovKkV290+kqPyMHRD+D5K8JLLUeZzDO3XM2adeX2W+fMy6cNnY96QQd7hZ1+yQ ls4IBqruLmiQ7dhz57iJVr/6GlZ4KTMxg2FMYgGBjqqwxy7PKKHhwQxDMfYGjaH9Xx8t g8BDAeQUyp6dP4EmezYhLcxyvrxyleZGu8/ji6rjoHJj32OO4akrtwkLrcsqMZX3dEF1 tuMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id c13-20020adfed8d000000b003197bc522a1si516023wro.866.2023.08.14.02.04.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Aug 2023 02:04:28 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 11F6E86824; Mon, 14 Aug 2023 11:04:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 607DD86824; Mon, 14 Aug 2023 11:04:00 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id AC6A680750 for ; Mon, 14 Aug 2023 11:03:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7735D2F4; Mon, 14 Aug 2023 02:04:35 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EC9E83F6C4; Mon, 14 Aug 2023 02:03:50 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Tom Rini , Sughosh Ganu Subject: [RFC PATCH 4/4] doc: capsule: Document the new mechanism to embed ESL file into dtb Date: Mon, 14 Aug 2023 14:33:09 +0530 Message-Id: <20230814090309.1548310-5-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230814090309.1548310-1-sughosh.ganu@linaro.org> References: <20230814090309.1548310-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Update the document to specify how the EFI Signature List(ESL) file can be embedded into the platform's dtb as part of the u-boot build. Signed-off-by: Sughosh Ganu --- doc/develop/uefi/uefi.rst | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 1ab5e5e2d1..6a0709efe3 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -538,20 +538,11 @@ and used by the steps highlighted below. ... } -You can do step-4 manually with - -.. code-block:: console - - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo - -where signature.dts looks like:: - - &{/} { - signature { - capsule-key = /incbin/("CRT.esl"); - }; - }; +You can perform step-4 by defining the Kconfig symbol +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol defines the path to the esl +file generated in step-2. Once the symbol has been populated with the +path to the esl file, the esl file will automatically get embedded +into the platform's dtb as part of U-Boot build. Anti-rollback Protection ************************