From patchwork Wed Apr 7 11:53:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 416682 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp393991jai; Wed, 7 Apr 2021 04:55:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwr0gCM/8mH0C1uFz3DpIxD2miM+sfXKh6tgEpN+fPftafd0Ku/xzFoVYawIQzb3U+a8N8r X-Received: by 2002:aa7:c952:: with SMTP id h18mr3962243edt.269.1617796521911; Wed, 07 Apr 2021 04:55:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617796521; cv=none; d=google.com; s=arc-20160816; b=xYOQUmlB5QUCh8MG8iU/6vCnm7OoEbETD0RKs6p1zvlVkRm+Gi6C6qj/Xa9YS0NmMW YOTJv6XVla6swE6eL9/uSgYMRB7X24MkXmujbkLofMhK625jxlR5eXdAP26FbBpuB0x7 FhIRbZPBFe6KkdFK+NyBwV5oJTpwcdfgpYYHD+W1g5dPJ7O4d4416uNKnEJwGlKD7BGj jsl6z29uHg0zo3SqZbtU8/AiFv4jGS8lCduWe7DJPbQfHj5ZEIt8mIj8ahGy+ePy5vEF W1TSlKjVyUdMWcuP3sLBF64p+M0+s9uLsZC9Ek0B2CtlXYe2NcKKjNbbcn4o4dWpji3Y 9hlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from; bh=d1r+mG5+DHpL0bjcGs1IbZDZQy+e8TjIcLyuxruKn8Y=; b=Wc3UqahOBWlG1jdq1Os3ZZMNUTaeknwCPDTpCY2TmlHLkKQfj5YqIlbsB6oCPHE6Jb 5solD8YEL56dPnFPdjVcRN6yydRMYrYsCIBMaKiCjtIkFIUt1l35bPTbV19UdXUouNIx 6PKF3Hv3ZwG32yYgTCEkq/OzQ6UWdReAT+sQuK8lCxuwGpPxmYhd2M4vYXRL/uQS4KjK jtYvwurs1VmIPw5lH2P782nL1gFM4uRkwgziuMGroT64FL76ALRMX/Lnv1u5swQmJbku g/tCDXh0bQXncbqwWdtx/2VAekiV4pDIlaE90vCZHZzGxiKeB0UUN+wNsW1JevvaljBX 84qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id bg8si14239749ejb.592.2021.04.07.04.55.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Apr 2021 04:55:21 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8B10481782; Wed, 7 Apr 2021 13:54:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id C373E816AF; Wed, 7 Apr 2021 13:54:33 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 22103812B2 for ; Wed, 7 Apr 2021 13:54:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D49DE13D5; Wed, 7 Apr 2021 04:54:26 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BDAE73F792; Wed, 7 Apr 2021 04:54:24 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Alexander Graf , Simon Glass , Bin Meng , =?utf-8?q?Pali_Roh=C3=A1r?= , Sughosh Ganu Subject: [PATCH 5/5] Makefile: Add provision for embedding public key in platform's dtb Date: Wed, 7 Apr 2021 17:23:35 +0530 Message-Id: <20210407115335.8615-6-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210407115335.8615-1-sughosh.ganu@linaro.org> References: <20210407115335.8615-1-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Add provision for embedding the public key used for capsule authentication in the platform's dtb. This is done by invoking the mkeficapsule utility which puts the public key in the efi signature list(esl) format into the dtb. Signed-off-by: Sughosh Ganu --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.17.1 diff --git a/Makefile b/Makefile index 193aa4d1c9..0d50c6a805 100644 --- a/Makefile +++ b/Makefile @@ -1010,6 +1010,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } quiet_cmd_lzma = LZMA $@ cmd_lzma = lzma -c -z -k -9 $< > $@ +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ + -D $@ + cfg: u-boot.cfg quiet_cmd_cfgcheck = CFGCHK $2 @@ -1104,8 +1108,14 @@ endif PHONY += dtbs dtbs: dts/dt.dtb @: +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) +dts/dt.dtb: u-boot tools + $(Q)$(MAKE) $(build)=dts dtbs + $(call cmd,mkeficapsule) +else dts/dt.dtb: u-boot $(Q)$(MAKE) $(build)=dts dtbs +endif quiet_cmd_copy = COPY $@ cmd_copy = cp $< $@