| Message ID | 20210412150526.29822-1-sughosh.ganu@linaro.org |
|---|---|
| Headers | show
Delivered-To: patch@linaro.org Received: by 2002:a17:906:6d12:0:0:0:0 with SMTP id m18csp1702288ejr; Mon, 12 Apr 2021 08:06:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwReEbBA22JHtOat9VLkbtK+ffoynbacG5grE5hCMywFvJANB4J5y3gtINALo2m94ebgjcT X-Received: by 2002:a05:6402:27ce:: with SMTP id c14mr29700769ede.263.1618239966955; Mon, 12 Apr 2021 08:06:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618239966; cv=none; d=google.com; s=arc-20160816; b=wZ8dR6LSa0sa+m3PkykYE3xKEmqr4zF6WB6AuW5/urpZLC2z+SGIZJoylnSPtLg9ZM J9WTRPg2+PVoPbMcsPVoYKcwta1VzsRqaZzox9/CVbAvGKFkVCRROqT8Dhhfrtby4RS2 oTOEZJ/rZnN3UjGsRoOGT6pFfgyGBTTw9n25+jMolQSgFS+4Eqalx/sPOLEWzX++B1c2 xGyq896cyXgqMsHBD3BSjlMJDI7Lk9f+c3ehnnW7EUIKfewMBFPKM8+sYnb1fQGBONes 02/syzEydR0HqT8vaypUnCaIfJfi4PXd2wjc7nuOnkjdSIi5X1kwKWkm6qj5RhcD2vHQ u1fQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=eWGL1VqL8hUkt4IYBcjupb/KJELXkrbWM7oMtN3HFY4=; b=wDYMBsWXu2od+xgoXKhc68QBlEI3FphruVW0BurP6UsifuB8WkknV1P1ZOe+4/qoLS XQKOERpKUZWHCovNwgZ5ZHCRJMn2lWfYc21SbuDJYwEnnlBzWRBZ/WJxb2OFxLMNuo4Q f7LyRPU1aAbVk0aujLYby/76npJh0reyYcfXUxypIGENIQQWuZKOVK9axI3IONKpIA/e EP4g4BXX698K4Yjv5HXJMxoWSug5gg86qZ13vitX5AI76bV+CyZkdVTs2bSGBZKQNAOx AlRlCoL9EUtiMToZPTNm+V7SdwECeCe1OgB6CrhZOgWwir+zdGeZVAtQpjwlCFcq8+ew XY9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: <u-boot-bounces@lists.denx.de> Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id jp23si8159820ejb.643.2021.04.12.08.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Apr 2021 08:06:06 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0ED9281607; Mon, 12 Apr 2021 17:05:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 8CA6C81607; Mon, 12 Apr 2021 17:05:55 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 6DB1281578 for <u-boot@lists.denx.de>; Mon, 12 Apr 2021 17:05:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 05EE911FB; Mon, 12 Apr 2021 08:05:50 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 24E0B3F694; Mon, 12 Apr 2021 08:05:47 -0700 (PDT) From: Sughosh Ganu <sughosh.ganu@linaro.org> To: u-boot@lists.denx.de Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>, Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>, Pali Rohar <pali@kernel.org> Subject: [PATCH v2 0/4] Add support for embedding public key in platform's dtb Date: Mon, 12 Apr 2021 20:35:22 +0530 Message-Id: <20210412150526.29822-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean |
| Series |
Add support for embedding public key in platform's dtb
|
expand
|
These patches add support for embedding the public key efi signature list(esl) file into the platform's device tree. The current solution for the Qemu arm64 platform has the public key as part of an overlay, and stored on the Efi System Partition(ESP). Having the provision to embed the public key into the platform's dtb which is then concatenated with the u-boot binary is a better approach, recommended by Heinrich[1]. Patch 1 removes the existing additional check for authenticating the capsule using the env variable. Patch 2 add two config symbols, EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are used for enabling embedding of the public key in the dtb, and specifying the esl file name. Patch 3 adds a function for retrieving the public key which has been embedded in the platform's dtb. Patch 4 adds the functionality to embed the esl file into the platform's dtb during the platform build. I have tested this functionality on the STM32MP157C DK2 board, and it works as expected. [1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html Changes since V1: * As pointed out by Heinrich in the review, remove the extra check of the env variable 'capsule_authentication_enabled'for authenticating the capsule. The capsule authentication will now be done based on whether the corresponding config symbol is enabled. * Provide a default name for public key file, eficapsule.esl as suggested by Heinrich. * Remove the superfluous default n statement for EFI_PKEY_DTB_EMBED * Remove the weak function, and add the functionality to retrieve the public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED. Sughosh Ganu (4): efi_loader: capsule: Remove the check for capsule_authentication_enabled environment variable efi_loader: Kconfig: Add symbols for embedding the public key into the platform's dtb efi_capsule: Add a function to get the public key needed for capsule authentication Makefile: Add provision for embedding public key in platform's dtb Makefile | 10 +++++++ board/emulation/common/qemu_capsule.c | 6 ---- lib/efi_loader/Kconfig | 15 ++++++++++ lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++---- lib/efi_loader/efi_firmware.c | 5 ++-- 5 files changed, 65 insertions(+), 14 deletions(-) -- 2.17.1