From patchwork Wed Apr 7 14:41:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 416719 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp531774jai; Wed, 7 Apr 2021 07:43:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfnnm+zuxoryEYrGWzr1mqK0jhOF/wVwYHPSNXh59dd9bSStS39suOV0UDFoNy5g294PJL X-Received: by 2002:a50:9b12:: with SMTP id o18mr4914211edi.376.1617806611277; Wed, 07 Apr 2021 07:43:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617806611; cv=none; d=google.com; s=arc-20160816; b=towCbi+N4affY6L6onDQB7pCpf9iASUe+hIiR1Q8v2rN8mkWbdJeZ/bAgslwUoYkQF MosaLX5TNNcDb4Y51044ivauR+n3DTpJ/g0k9BdrWKoFmQceSRUEsbvd089JBLmnJByS u+2hwgmbsokcL3UFgE9VOYLGLvs77mZl7oZ19wQ6UWveR+bgSPJ8eO3dGGtpJpLtqXcc 5NzFBEX8PIiM/wkWGHFD3ECA5OpQzMQjkjDVEH4cjKERL/DcWyXCSt++5ByF6sG7bo0G zuWJY86BAMR6n7xebWGYxYmiAx8QyLmDJlTd8gGyZ5lrQhMMZ1I31EmMbkvqMl7+QvQ0 wXsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from; bh=d1r+mG5+DHpL0bjcGs1IbZDZQy+e8TjIcLyuxruKn8Y=; b=nC0//fSFzObK6/0nIpQmLOh6g201AalwFOcbUf0M98MxKK1wlAPFQ+28s+mJisi57Q nChKFaB8MilXGSkAwuzF4VIh4OjzWe1k2EM6/gIZIUDgrjeg9pBAU9qO2h93gCTrBJWC hsBMyklZMXrhoDb5/O57rbQbZyUZrZqAJbOl7WlhT38/zYaWyYEb1UAQANa8S8W3mTSr Iinzo1kV+YjIgMYopPtDwBSI6478VqO1AnMfak9A2vE9LEJwjK7V0ifqiSe24qnxX+bZ NKindlIFok3ANEEHXwGuLIzR0xDcOLcx1he9GsmKL52QkyQMbUaxkcSbyE4QGLSNEdJ8 Kgxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id v5si5352849edi.582.2021.04.07.07.43.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Apr 2021 07:43:31 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 59D3F817FD; Wed, 7 Apr 2021 16:42:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 92B1F817A1; Wed, 7 Apr 2021 16:42:32 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 370B881784 for ; Wed, 7 Apr 2021 16:42:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F88113D5; Wed, 7 Apr 2021 07:42:25 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1712D3F792; Wed, 7 Apr 2021 07:42:22 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Alexander Graf , Simon Glass , Bin Meng , Pali Rohar , Sughosh Ganu Subject: [RESEND PATCH v1 5/5] Makefile: Add provision for embedding public key in platform's dtb Date: Wed, 7 Apr 2021 20:11:47 +0530 Message-Id: <20210407144147.29251-6-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210407144147.29251-1-sughosh.ganu@linaro.org> References: <20210407144147.29251-1-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Add provision for embedding the public key used for capsule authentication in the platform's dtb. This is done by invoking the mkeficapsule utility which puts the public key in the efi signature list(esl) format into the dtb. Signed-off-by: Sughosh Ganu --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.17.1 diff --git a/Makefile b/Makefile index 193aa4d1c9..0d50c6a805 100644 --- a/Makefile +++ b/Makefile @@ -1010,6 +1010,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } quiet_cmd_lzma = LZMA $@ cmd_lzma = lzma -c -z -k -9 $< > $@ +quiet_cmd_mkeficapsule = MKEFICAPSULE $@ +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ + -D $@ + cfg: u-boot.cfg quiet_cmd_cfgcheck = CFGCHK $2 @@ -1104,8 +1108,14 @@ endif PHONY += dtbs dtbs: dts/dt.dtb @: +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) +dts/dt.dtb: u-boot tools + $(Q)$(MAKE) $(build)=dts dtbs + $(call cmd,mkeficapsule) +else dts/dt.dtb: u-boot $(Q)$(MAKE) $(build)=dts dtbs +endif quiet_cmd_copy = COPY $@ cmd_copy = cp $< $@