| Message ID | 20210512045753.62288-1-takahiro.akashi@linaro.org |
|---|---|
| Headers | show |
| Series | efi_loader: capsule: improve capsule authentication support | expand |
Am 12. Mai 2021 06:57:49 MESZ schrieb AKASHI Takahiro <takahiro.akashi@linaro.org>: >As I discussed in [1], I have made a couple of improvements on >the current implemenation of capsule update. > >Among others, this patch series >1. add signing feature to mkeficapsule >2. remove dtb operation from mkeficapsule >3. add pytest for capsule authentication (on sandbox) > >NOTE: >I temporarily include Patch#3 in order to show that it is not worth >implementing in C as we can do the same thing with a very small >shell script. > >My intent is *NOT* to merge Patch#3 in upstream. > Should you need to resend the series, please, put "DO NOT MERGE" into the title of patch 3. Best regards Heinrich >Prerequisite patches >==================== >See Sughosh's [2] and my [3]. > >Test >==== >* passed the pytest which is included in this patch series > on sandbox built locally. > >Todo >==== >* review and update the document for capsule update > doc/board/emulation/qemu_capsule_update.rst > (but not in this patch series) > >[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html >[2] https://lists.denx.de/pipermail/u-boot/2021-April/447183.html >[3] https://lists.denx.de/pipermail/u-boot/2021-May/449347.html > https://lists.denx.de/pipermail/u-boot/2021-May/449348.html > https://lists.denx.de/pipermail/u-boot/2021-May/449349.html > https://lists.denx.de/pipermail/u-boot/2021-May/449350.html > https://lists.denx.de/pipermail/u-boot/2021-May/449351.html > >Changes >======= >Initial release (May 12, 2021) >* based on v2021.07-rc2 > >AKASHI Takahiro (4): > tools: mkeficapsule: add firmwware image signing > tools: mkeficapsule: remove device-tree related operation > tools: add fdtsig command > test/py: efi_capsule: add image authentication test > > Makefile | 7 +- > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > test/py/tests/test_efi_capsule/conftest.py | 35 +- > test/py/tests/test_efi_capsule/signature.dts | 8 + > .../test_capsule_firmware_signed.py | 234 +++++++++ > tools/Makefile | 7 +- > tools/fdtsig.c | 274 +++++++++++ > tools/fdtsig.sh | 40 ++ > tools/mkeficapsule.c | 455 ++++++++++-------- > 9 files changed, 856 insertions(+), 209 deletions(-) > create mode 100644 test/py/tests/test_efi_capsule/signature.dts >create mode 100644 >test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > create mode 100644 tools/fdtsig.c > create mode 100755 tools/fdtsig.sh
As I discussed in [1], I have made a couple of improvements on the current implemenation of capsule update. Among others, this patch series 1. add signing feature to mkeficapsule 2. remove dtb operation from mkeficapsule 3. add pytest for capsule authentication (on sandbox) NOTE: I temporarily include Patch#3 in order to show that it is not worth implementing in C as we can do the same thing with a very small shell script. My intent is *NOT* to merge Patch#3 in upstream. Prerequisite patches ==================== See Sughosh's [2] and my [3]. Test ==== * passed the pytest which is included in this patch series on sandbox built locally. Todo ==== * review and update the document for capsule update doc/board/emulation/qemu_capsule_update.rst (but not in this patch series) [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html [2] https://lists.denx.de/pipermail/u-boot/2021-April/447183.html [3] https://lists.denx.de/pipermail/u-boot/2021-May/449347.html https://lists.denx.de/pipermail/u-boot/2021-May/449348.html https://lists.denx.de/pipermail/u-boot/2021-May/449349.html https://lists.denx.de/pipermail/u-boot/2021-May/449350.html https://lists.denx.de/pipermail/u-boot/2021-May/449351.html Changes ======= Initial release (May 12, 2021) * based on v2021.07-rc2 AKASHI Takahiro (4): tools: mkeficapsule: add firmwware image signing tools: mkeficapsule: remove device-tree related operation tools: add fdtsig command test/py: efi_capsule: add image authentication test Makefile | 7 +- .../py/tests/test_efi_capsule/capsule_defs.py | 5 + test/py/tests/test_efi_capsule/conftest.py | 35 +- test/py/tests/test_efi_capsule/signature.dts | 8 + .../test_capsule_firmware_signed.py | 234 +++++++++ tools/Makefile | 7 +- tools/fdtsig.c | 274 +++++++++++ tools/fdtsig.sh | 40 ++ tools/mkeficapsule.c | 455 ++++++++++-------- 9 files changed, 856 insertions(+), 209 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py create mode 100644 tools/fdtsig.c create mode 100755 tools/fdtsig.sh -- 2.31.0