From patchwork Wed Apr 7 14:41:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 416714 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp531049jai; Wed, 7 Apr 2021 07:42:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzG/XHQizXRvYdJkqBBhDhtvT4dShIfFiGDIVHcwqt2cXlPJ/m+mZIMPzcyib+cqW5PBYXx X-Received: by 2002:a05:6402:4388:: with SMTP id o8mr4834303edc.262.1617806546415; Wed, 07 Apr 2021 07:42:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617806546; cv=none; d=google.com; s=arc-20160816; b=bRpVOWsPhGO/d0RLcg8LGPjz8FlIfWC1n0FnwC9b2yYSGWfst971UnFNztSkdnS+6B ScY6aNtetauyNLIzlo9U1QWBiXk4CLKXJVIRcx0L1bRgPPaDbPtXWPIsPJwZ3t0bRaPe vsegdVSyP7826d8fr+5cJiuCNyRDGCwQ/c8q6n6kUBhLbBELkIZ0J747mSV4O6qauqbC 6iONFxcUs5FU6wJEwzNEnHawMkGC1nGp0Efpp/eDRgBvjzxenz/kysW4uuvGriyZJbsi pynwWpsF9dUsygSkTSplEuoW9lWGIWTdqiQoe3osh5l+Fund7k+FUKQM0GrFs7W7715k 4cDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=VFNCv0oPhcKo3Fpmf2r1re+c8aEIi0Nd3dg8LfUnmtE=; b=LkUczYqkpAT7e96UUK50N2IYpTEJEU2SmW4afYoaibhhJQdp1UNqfNo782B8HBsSBu plZqai0Edho94DUObsM01QfrY7tZJGluoUxd/bdGZH0QW0+iqvD9qxh+bxSccdfLKQgg OR4CMiAw1IUvyG5W44blEoSinhyWljsylwZ3ntECjYY/5apOfx6NJLmAEp5vdwmI2DQb N02d4htoCKG042ATJ9UJWVlAa/B22Xo8FccsxtByQozA6O3BjXa8LQ4/liGvZoQWGXJy fB2UJoYkADNE9A3F1ffy2aLVmGlbN+PWlI7u8MHA/BfZE5JkTda5VovYuKExUtZjH2EB BEUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id w25si19059235ejv.100.2021.04.07.07.42.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Apr 2021 07:42:26 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6A6F380C6A; Wed, 7 Apr 2021 16:42:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id CD5BB80C6A; Wed, 7 Apr 2021 16:42:17 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 10E1F8039D for ; Wed, 7 Apr 2021 16:42:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 717FA1FB; Wed, 7 Apr 2021 07:42:12 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9217D3F792; Wed, 7 Apr 2021 07:42:10 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Alexander Graf , Simon Glass , Bin Meng , Pali Rohar Subject: [RESEND PATCH v1 0/5] Add support for embedding public key in platform's dtb Date: Wed, 7 Apr 2021 20:11:42 +0530 Message-Id: <20210407144147.29251-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Resending the same set of patches. For some reason, the first paragraph of the cover letter got deleted in the original set. Hopefully this will go through fine. These patches add support for embedding the public key efi signature list(esl) file into the platform's device tree. The current solution for the Qemu arm64 platform has the public key as part of an overlay, and stored on the Efi System Partition(ESP). Having the provision to embed the public key into the platform's dtb which is then concatenated with the u-boot binary is a better approach, recommended by Heinrich[1]. Patch 1 fixes an issue of selection of IMAGE_SIGN_INFO config option when capsule authentication is enabled. Patch 2 add two config symbols, EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are used for enabling embedding of the public key in the dtb, and specifying the esl file name. Patch 3 moves efi_capsule_auth_enabled as a weak function, which can be used as a default mechanism for checking if capsule authentication has been enabled. Patch 4 adds a default weak function for retrieving the public key from the platform's dtb. Patch 5 adds the functionality to embed the esl file into the platform's dtb during the platform build. I have tested this functionality on the STM32MP157C DK2 board, and it works as expected. [1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html Sughosh Ganu (5): efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule authentication is enabled efi_loader: Kconfig: Add symbols for embedding the public key into the platform's dtb efi_capsule: Add a weak function to check whether capsule authentication is enabled efi_capsule: Add a weak function to get the public key needed for capsule authentication Makefile: Add provision for embedding public key in platform's dtb Makefile | 10 ++++++ board/emulation/common/qemu_capsule.c | 6 ---- lib/efi_loader/Kconfig | 16 ++++++++++ lib/efi_loader/efi_capsule.c | 44 ++++++++++++++++++++++++--- 4 files changed, 66 insertions(+), 10 deletions(-) -- 2.17.1