| Message ID | 20210727091054.512050-7-takahiro.akashi@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | efi_loader: capsule: improve capsule authentication support | expand |
On 7/27/21 11:10 AM, AKASHI Takahiro wrote: > This new configuration, which was derived from sandbox_defconfig, will be > used solely to run efi capsule authentication test as the test requires > a public key (esl file) to be embedded in U-Boot binary. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > 1 file changed, 307 insertions(+) > create mode 100644 configs/sandbox_capsule_auth_defconfig > > diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig > new file mode 100644 > index 000000000000..8e0ffb1a6995 > --- /dev/null > +++ b/configs/sandbox_capsule_auth_defconfig > @@ -0,0 +1,307 @@ > +CONFIG_SYS_TEXT_BASE=0 > +CONFIG_NR_DRAM_BANKS=1 > +CONFIG_SYS_MEMTEST_START=0x00100000 > +CONFIG_SYS_MEMTEST_END=0x00101000 > +CONFIG_ENV_SIZE=0x2000 > +CONFIG_DEFAULT_DEVICE_TREE="sandbox" > +CONFIG_PRE_CON_BUF_ADDR=0xf0000 > +CONFIG_BOOTSTAGE_STASH_ADDR=0x0 > +CONFIG_DEBUG_UART=y > +CONFIG_DISTRO_DEFAULTS=y > +CONFIG_FIT=y > +CONFIG_FIT_SIGNATURE=y > +CONFIG_FIT_RSASSA_PSS=y > +CONFIG_FIT_CIPHER=y > +CONFIG_FIT_VERBOSE=y > +CONFIG_BOOTSTAGE=y > +CONFIG_BOOTSTAGE_REPORT=y > +CONFIG_BOOTSTAGE_FDT=y > +CONFIG_BOOTSTAGE_STASH=y > +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096 > +CONFIG_CONSOLE_RECORD=y > +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 > +CONFIG_PRE_CONSOLE_BUFFER=y > +CONFIG_LOG=y > +CONFIG_DISPLAY_BOARDINFO_LATE=y > +CONFIG_MISC_INIT_F=y > +CONFIG_STACKPROTECTOR=y > +CONFIG_ANDROID_AB=y > +CONFIG_CMD_CPU=y > +CONFIG_CMD_LICENSE=y > +CONFIG_CMD_BOOTZ=y > +CONFIG_CMD_BOOTEFI_HELLO=y > +CONFIG_CMD_ABOOTIMG=y > +# CONFIG_CMD_ELF is not set > +CONFIG_CMD_ASKENV=y > +CONFIG_CMD_GREPENV=y > +CONFIG_CMD_ERASEENV=y > +CONFIG_CMD_ENV_CALLBACK=y > +CONFIG_CMD_ENV_FLAGS=y > +CONFIG_CMD_NVEDIT_EFI=y > +CONFIG_CMD_NVEDIT_INFO=y > +CONFIG_CMD_NVEDIT_LOAD=y > +CONFIG_CMD_NVEDIT_SELECT=y > +CONFIG_LOOPW=y > +CONFIG_CMD_MD5SUM=y > +CONFIG_CMD_MEMINFO=y > +CONFIG_CMD_MEM_SEARCH=y > +CONFIG_CMD_MX_CYCLIC=y > +CONFIG_CMD_MEMTEST=y > +CONFIG_CMD_BIND=y > +CONFIG_CMD_DEMO=y > +CONFIG_CMD_GPIO=y > +CONFIG_CMD_PWM=y > +CONFIG_CMD_GPT=y > +CONFIG_CMD_GPT_RENAME=y > +CONFIG_CMD_IDE=y > +CONFIG_CMD_I2C=y > +CONFIG_CMD_LSBLK=y > +CONFIG_CMD_MUX=y > +CONFIG_CMD_OSD=y > +CONFIG_CMD_PCI=y > +CONFIG_CMD_READ=y > +CONFIG_CMD_REMOTEPROC=y > +CONFIG_CMD_SPI=y > +CONFIG_CMD_USB=y > +CONFIG_CMD_AXI=y > +CONFIG_CMD_AB_SELECT=y > +CONFIG_BOOTP_DNS2=y > +CONFIG_CMD_PCAP=y > +CONFIG_CMD_TFTPPUT=y > +CONFIG_CMD_TFTPSRV=y > +CONFIG_CMD_RARP=y > +CONFIG_CMD_CDP=y > +CONFIG_CMD_SNTP=y > +CONFIG_CMD_DNS=y > +CONFIG_CMD_LINK_LOCAL=y > +CONFIG_CMD_ETHSW=y > +CONFIG_CMD_BMP=y > +CONFIG_CMD_BOOTCOUNT=y > +CONFIG_CMD_EFIDEBUG=y > +CONFIG_CMD_RTC=y > +CONFIG_CMD_TIME=y > +CONFIG_CMD_TIMER=y > +CONFIG_CMD_SOUND=y > +CONFIG_CMD_QFW=y > +CONFIG_CMD_PSTORE=y > +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000 > +CONFIG_CMD_BOOTSTAGE=y > +CONFIG_CMD_PMIC=y > +CONFIG_CMD_REGULATOR=y > +CONFIG_CMD_AES=y > +CONFIG_CMD_TPM=y > +CONFIG_CMD_TPM_TEST=y > +CONFIG_CMD_BTRFS=y > +CONFIG_CMD_CBFS=y > +CONFIG_CMD_CRAMFS=y > +CONFIG_CMD_EXT4_WRITE=y > +CONFIG_CMD_SQUASHFS=y > +CONFIG_CMD_MTDPARTS=y > +CONFIG_CMD_STACKPROTECTOR_TEST=y > +CONFIG_MAC_PARTITION=y > +CONFIG_AMIGA_PARTITION=y > +CONFIG_OF_CONTROL=y > +CONFIG_OF_LIVE=y > +CONFIG_OF_HOSTFILE=y > +CONFIG_ENV_IS_NOWHERE=y > +CONFIG_ENV_IS_IN_EXT4=y > +CONFIG_ENV_EXT4_INTERFACE="host" > +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0" > +CONFIG_ENV_IMPORT_FDT=y > +CONFIG_BOOTP_SEND_HOSTNAME=y > +CONFIG_NETCONSOLE=y > +CONFIG_IP_DEFRAG=y > +CONFIG_DM_DMA=y > +CONFIG_REGMAP=y > +CONFIG_SYSCON=y > +CONFIG_DEVRES=y > +CONFIG_DEBUG_DEVRES=y > +CONFIG_SIMPLE_PM_BUS=y > +CONFIG_ADC=y > +CONFIG_ADC_SANDBOX=y > +CONFIG_AXI=y > +CONFIG_AXI_SANDBOX=y > +CONFIG_BOOTCOUNT_LIMIT=y > +CONFIG_DM_BOOTCOUNT=y > +CONFIG_DM_BOOTCOUNT_RTC=y > +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y > +CONFIG_BUTTON=y > +CONFIG_BUTTON_ADC=y > +CONFIG_BUTTON_GPIO=y > +CONFIG_CLK=y > +CONFIG_CLK_COMPOSITE_CCF=y > +CONFIG_CLK_SCMI=y > +CONFIG_CLK_K210=y > +CONFIG_CLK_K210_SET_RATE=y > +CONFIG_SANDBOX_CLK_CCF=y > +CONFIG_CPU=y > +CONFIG_DM_DEMO=y > +CONFIG_DM_DEMO_SIMPLE=y > +CONFIG_DM_DEMO_SHAPE=y > +CONFIG_DFU_SF=y > +CONFIG_DMA=y > +CONFIG_DMA_CHANNELS=y > +CONFIG_SANDBOX_DMA=y > +CONFIG_FASTBOOT_FLASH=y > +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 > +CONFIG_GPIO_HOG=y > +CONFIG_DM_GPIO_LOOKUP_LABEL=y > +CONFIG_PM8916_GPIO=y > +CONFIG_SANDBOX_GPIO=y > +CONFIG_DM_HWSPINLOCK=y > +CONFIG_HWSPINLOCK_SANDBOX=y > +CONFIG_I2C_CROS_EC_TUNNEL=y > +CONFIG_I2C_CROS_EC_LDO=y > +CONFIG_DM_I2C_GPIO=y > +CONFIG_SYS_I2C_SANDBOX=y > +CONFIG_I2C_MUX=y > +CONFIG_SPL_I2C_MUX=y > +CONFIG_I2C_ARB_GPIO_CHALLENGE=y > +CONFIG_CROS_EC_KEYB=y > +CONFIG_I8042_KEYB=y > +CONFIG_LED=y > +CONFIG_LED_BLINK=y > +CONFIG_LED_GPIO=y > +CONFIG_DM_MAILBOX=y > +CONFIG_SANDBOX_MBOX=y > +CONFIG_MISC=y > +CONFIG_CROS_EC=y > +CONFIG_CROS_EC_I2C=y > +CONFIG_CROS_EC_LPC=y > +CONFIG_CROS_EC_SANDBOX=y > +CONFIG_CROS_EC_SPI=y > +CONFIG_P2SB=y > +CONFIG_PWRSEQ=y > +CONFIG_SPL_PWRSEQ=y > +CONFIG_I2C_EEPROM=y > +CONFIG_MMC_PCI=y > +CONFIG_MMC_SANDBOX=y > +CONFIG_MMC_SDHCI=y > +CONFIG_MTD=y > +CONFIG_SPI_FLASH_SANDBOX=y > +CONFIG_SPI_FLASH_ATMEL=y > +CONFIG_SPI_FLASH_EON=y > +CONFIG_SPI_FLASH_GIGADEVICE=y > +CONFIG_SPI_FLASH_MACRONIX=y > +CONFIG_SPI_FLASH_SPANSION=y > +CONFIG_SPI_FLASH_STMICRO=y > +CONFIG_SPI_FLASH_SST=y > +CONFIG_SPI_FLASH_WINBOND=y > +CONFIG_MULTIPLEXER=y > +CONFIG_MUX_MMIO=y > +CONFIG_DM_ETH=y > +CONFIG_NVME=y > +CONFIG_PCI=y > +CONFIG_DM_PCI=y > +CONFIG_PCI_REGION_MULTI_ENTRY=y > +CONFIG_PCI_SANDBOX=y > +CONFIG_PHY=y > +CONFIG_PHY_SANDBOX=y > +CONFIG_PINCTRL=y > +CONFIG_PINCONF=y > +CONFIG_PINCTRL_SANDBOX=y > +CONFIG_PINCTRL_SINGLE=y > +CONFIG_POWER_DOMAIN=y > +CONFIG_SANDBOX_POWER_DOMAIN=y > +CONFIG_DM_PMIC=y > +CONFIG_PMIC_ACT8846=y > +CONFIG_DM_PMIC_PFUZE100=y > +CONFIG_DM_PMIC_MAX77686=y > +CONFIG_DM_PMIC_MC34708=y > +CONFIG_PMIC_PM8916=y > +CONFIG_PMIC_RK8XX=y > +CONFIG_PMIC_S2MPS11=y > +CONFIG_DM_PMIC_SANDBOX=y > +CONFIG_PMIC_S5M8767=y > +CONFIG_PMIC_TPS65090=y > +CONFIG_DM_REGULATOR=y > +CONFIG_REGULATOR_ACT8846=y > +CONFIG_DM_REGULATOR_PFUZE100=y > +CONFIG_DM_REGULATOR_MAX77686=y > +CONFIG_DM_REGULATOR_FIXED=y > +CONFIG_REGULATOR_RK8XX=y > +CONFIG_REGULATOR_S5M8767=y > +CONFIG_DM_REGULATOR_SANDBOX=y > +CONFIG_REGULATOR_TPS65090=y > +CONFIG_DM_REGULATOR_SCMI=y > +CONFIG_DM_PWM=y > +CONFIG_PWM_CROS_EC=y > +CONFIG_PWM_SANDBOX=y > +CONFIG_RAM=y > +CONFIG_REMOTEPROC_SANDBOX=y > +CONFIG_DM_RESET=y > +CONFIG_SANDBOX_RESET=y > +CONFIG_RESET_SYSCON=y > +CONFIG_RESET_SCMI=y > +CONFIG_DM_RNG=y > +CONFIG_DM_RTC=y > +CONFIG_RTC_RV8803=y > +CONFIG_SANDBOX_SERIAL=y > +CONFIG_SMEM=y > +CONFIG_SANDBOX_SMEM=y > +CONFIG_SOUND=y > +CONFIG_SOUND_DA7219=y > +CONFIG_SOUND_MAX98357A=y > +CONFIG_SOUND_SANDBOX=y > +CONFIG_SOC_DEVICE=y > +CONFIG_SANDBOX_SPI=y > +CONFIG_SPMI=y > +CONFIG_SPMI_SANDBOX=y > +CONFIG_SYSINFO=y > +CONFIG_SYSINFO_SANDBOX=y > +CONFIG_SYSINFO_GPIO=y > +CONFIG_SYSRESET=y > +CONFIG_TIMER=y > +CONFIG_TIMER_EARLY=y > +CONFIG_SANDBOX_TIMER=y > +CONFIG_USB=y > +CONFIG_DM_USB=y > +CONFIG_USB_EMUL=y > +CONFIG_USB_KEYBOARD=y > +CONFIG_DM_VIDEO=y > +CONFIG_VIDEO_COPY=y > +CONFIG_CONSOLE_ROTATION=y > +CONFIG_CONSOLE_TRUETYPE=y > +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y > +CONFIG_VIDEO_SANDBOX_SDL=y > +CONFIG_VIDEO_DSI_HOST_SANDBOX=y > +CONFIG_OSD=y > +CONFIG_SANDBOX_OSD=y > +CONFIG_SPLASH_SCREEN_ALIGN=y > +CONFIG_VIDEO_BMP_RLE8=y > +CONFIG_W1=y > +CONFIG_W1_GPIO=y > +CONFIG_W1_EEPROM=y > +CONFIG_W1_EEPROM_SANDBOX=y > +CONFIG_WDT=y > +CONFIG_WDT_SANDBOX=y > +CONFIG_FS_CBFS=y > +CONFIG_FS_CRAMFS=y > +CONFIG_CMD_DHRYSTONE=y > +CONFIG_TPM=y > +CONFIG_LZ4=y > +CONFIG_ERRNO_STR=y > +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y > +CONFIG_EFI_CAPSULE_ON_DISK=y > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > +CONFIG_EFI_CAPSULE_AUTHENTICATE=y > +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl" Is this path relative to the build directory? Will building fail if the build directory is not a direct subdirectory of the source directory? Best regards Heinrich > +CONFIG_EFI_SECURE_BOOT=y > +CONFIG_TEST_FDTDEC=y > +CONFIG_CRYPT_PW=y > +CONFIG_CRYPT_PW_SHA256=y > +CONFIG_CRYPT_PW_SHA512=y > +CONFIG_AUTOBOOT_KEYED=y > +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n" > +CONFIG_AUTOBOOT_ENCRYPTION=y > +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y > +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" > +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y > +CONFIG_AUTOBOOT_SHA256_FALLBACK=y > +CONFIG_UNIT_TEST=y > +CONFIG_UT_TIME=y > +CONFIG_UT_DM=y > +CONFIG_DM_REBOOT_MODE=y > +CONFIG_DM_REBOOT_MODE_GPIO=y > +CONFIG_DM_REBOOT_MODE_RTC=y >
On Wed, Jul 28, 2021 at 10:21:56PM +0200, Heinrich Schuchardt wrote: > > > On 7/27/21 11:10 AM, AKASHI Takahiro wrote: > > This new configuration, which was derived from sandbox_defconfig, will be > > used solely to run efi capsule authentication test as the test requires > > a public key (esl file) to be embedded in U-Boot binary. > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > --- > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > 1 file changed, 307 insertions(+) > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > > > diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig > > new file mode 100644 > > index 000000000000..8e0ffb1a6995 > > --- /dev/null > > +++ b/configs/sandbox_capsule_auth_defconfig > > @@ -0,0 +1,307 @@ > > +CONFIG_SYS_TEXT_BASE=0 > > +CONFIG_NR_DRAM_BANKS=1 > > +CONFIG_SYS_MEMTEST_START=0x00100000 > > +CONFIG_SYS_MEMTEST_END=0x00101000 > > +CONFIG_ENV_SIZE=0x2000 > > +CONFIG_DEFAULT_DEVICE_TREE="sandbox" > > +CONFIG_PRE_CON_BUF_ADDR=0xf0000 > > +CONFIG_BOOTSTAGE_STASH_ADDR=0x0 > > +CONFIG_DEBUG_UART=y > > +CONFIG_DISTRO_DEFAULTS=y > > +CONFIG_FIT=y > > +CONFIG_FIT_SIGNATURE=y > > +CONFIG_FIT_RSASSA_PSS=y > > +CONFIG_FIT_CIPHER=y > > +CONFIG_FIT_VERBOSE=y > > +CONFIG_BOOTSTAGE=y > > +CONFIG_BOOTSTAGE_REPORT=y > > +CONFIG_BOOTSTAGE_FDT=y > > +CONFIG_BOOTSTAGE_STASH=y > > +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096 > > +CONFIG_CONSOLE_RECORD=y > > +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 > > +CONFIG_PRE_CONSOLE_BUFFER=y > > +CONFIG_LOG=y > > +CONFIG_DISPLAY_BOARDINFO_LATE=y > > +CONFIG_MISC_INIT_F=y > > +CONFIG_STACKPROTECTOR=y > > +CONFIG_ANDROID_AB=y > > +CONFIG_CMD_CPU=y > > +CONFIG_CMD_LICENSE=y > > +CONFIG_CMD_BOOTZ=y > > +CONFIG_CMD_BOOTEFI_HELLO=y > > +CONFIG_CMD_ABOOTIMG=y > > +# CONFIG_CMD_ELF is not set > > +CONFIG_CMD_ASKENV=y > > +CONFIG_CMD_GREPENV=y > > +CONFIG_CMD_ERASEENV=y > > +CONFIG_CMD_ENV_CALLBACK=y > > +CONFIG_CMD_ENV_FLAGS=y > > +CONFIG_CMD_NVEDIT_EFI=y > > +CONFIG_CMD_NVEDIT_INFO=y > > +CONFIG_CMD_NVEDIT_LOAD=y > > +CONFIG_CMD_NVEDIT_SELECT=y > > +CONFIG_LOOPW=y > > +CONFIG_CMD_MD5SUM=y > > +CONFIG_CMD_MEMINFO=y > > +CONFIG_CMD_MEM_SEARCH=y > > +CONFIG_CMD_MX_CYCLIC=y > > +CONFIG_CMD_MEMTEST=y > > +CONFIG_CMD_BIND=y > > +CONFIG_CMD_DEMO=y > > +CONFIG_CMD_GPIO=y > > +CONFIG_CMD_PWM=y > > +CONFIG_CMD_GPT=y > > +CONFIG_CMD_GPT_RENAME=y > > +CONFIG_CMD_IDE=y > > +CONFIG_CMD_I2C=y > > +CONFIG_CMD_LSBLK=y > > +CONFIG_CMD_MUX=y > > +CONFIG_CMD_OSD=y > > +CONFIG_CMD_PCI=y > > +CONFIG_CMD_READ=y > > +CONFIG_CMD_REMOTEPROC=y > > +CONFIG_CMD_SPI=y > > +CONFIG_CMD_USB=y > > +CONFIG_CMD_AXI=y > > +CONFIG_CMD_AB_SELECT=y > > +CONFIG_BOOTP_DNS2=y > > +CONFIG_CMD_PCAP=y > > +CONFIG_CMD_TFTPPUT=y > > +CONFIG_CMD_TFTPSRV=y > > +CONFIG_CMD_RARP=y > > +CONFIG_CMD_CDP=y > > +CONFIG_CMD_SNTP=y > > +CONFIG_CMD_DNS=y > > +CONFIG_CMD_LINK_LOCAL=y > > +CONFIG_CMD_ETHSW=y > > +CONFIG_CMD_BMP=y > > +CONFIG_CMD_BOOTCOUNT=y > > +CONFIG_CMD_EFIDEBUG=y > > +CONFIG_CMD_RTC=y > > +CONFIG_CMD_TIME=y > > +CONFIG_CMD_TIMER=y > > +CONFIG_CMD_SOUND=y > > +CONFIG_CMD_QFW=y > > +CONFIG_CMD_PSTORE=y > > +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000 > > +CONFIG_CMD_BOOTSTAGE=y > > +CONFIG_CMD_PMIC=y > > +CONFIG_CMD_REGULATOR=y > > +CONFIG_CMD_AES=y > > +CONFIG_CMD_TPM=y > > +CONFIG_CMD_TPM_TEST=y > > +CONFIG_CMD_BTRFS=y > > +CONFIG_CMD_CBFS=y > > +CONFIG_CMD_CRAMFS=y > > +CONFIG_CMD_EXT4_WRITE=y > > +CONFIG_CMD_SQUASHFS=y > > +CONFIG_CMD_MTDPARTS=y > > +CONFIG_CMD_STACKPROTECTOR_TEST=y > > +CONFIG_MAC_PARTITION=y > > +CONFIG_AMIGA_PARTITION=y > > +CONFIG_OF_CONTROL=y > > +CONFIG_OF_LIVE=y > > +CONFIG_OF_HOSTFILE=y > > +CONFIG_ENV_IS_NOWHERE=y > > +CONFIG_ENV_IS_IN_EXT4=y > > +CONFIG_ENV_EXT4_INTERFACE="host" > > +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0" > > +CONFIG_ENV_IMPORT_FDT=y > > +CONFIG_BOOTP_SEND_HOSTNAME=y > > +CONFIG_NETCONSOLE=y > > +CONFIG_IP_DEFRAG=y > > +CONFIG_DM_DMA=y > > +CONFIG_REGMAP=y > > +CONFIG_SYSCON=y > > +CONFIG_DEVRES=y > > +CONFIG_DEBUG_DEVRES=y > > +CONFIG_SIMPLE_PM_BUS=y > > +CONFIG_ADC=y > > +CONFIG_ADC_SANDBOX=y > > +CONFIG_AXI=y > > +CONFIG_AXI_SANDBOX=y > > +CONFIG_BOOTCOUNT_LIMIT=y > > +CONFIG_DM_BOOTCOUNT=y > > +CONFIG_DM_BOOTCOUNT_RTC=y > > +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y > > +CONFIG_BUTTON=y > > +CONFIG_BUTTON_ADC=y > > +CONFIG_BUTTON_GPIO=y > > +CONFIG_CLK=y > > +CONFIG_CLK_COMPOSITE_CCF=y > > +CONFIG_CLK_SCMI=y > > +CONFIG_CLK_K210=y > > +CONFIG_CLK_K210_SET_RATE=y > > +CONFIG_SANDBOX_CLK_CCF=y > > +CONFIG_CPU=y > > +CONFIG_DM_DEMO=y > > +CONFIG_DM_DEMO_SIMPLE=y > > +CONFIG_DM_DEMO_SHAPE=y > > +CONFIG_DFU_SF=y > > +CONFIG_DMA=y > > +CONFIG_DMA_CHANNELS=y > > +CONFIG_SANDBOX_DMA=y > > +CONFIG_FASTBOOT_FLASH=y > > +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 > > +CONFIG_GPIO_HOG=y > > +CONFIG_DM_GPIO_LOOKUP_LABEL=y > > +CONFIG_PM8916_GPIO=y > > +CONFIG_SANDBOX_GPIO=y > > +CONFIG_DM_HWSPINLOCK=y > > +CONFIG_HWSPINLOCK_SANDBOX=y > > +CONFIG_I2C_CROS_EC_TUNNEL=y > > +CONFIG_I2C_CROS_EC_LDO=y > > +CONFIG_DM_I2C_GPIO=y > > +CONFIG_SYS_I2C_SANDBOX=y > > +CONFIG_I2C_MUX=y > > +CONFIG_SPL_I2C_MUX=y > > +CONFIG_I2C_ARB_GPIO_CHALLENGE=y > > +CONFIG_CROS_EC_KEYB=y > > +CONFIG_I8042_KEYB=y > > +CONFIG_LED=y > > +CONFIG_LED_BLINK=y > > +CONFIG_LED_GPIO=y > > +CONFIG_DM_MAILBOX=y > > +CONFIG_SANDBOX_MBOX=y > > +CONFIG_MISC=y > > +CONFIG_CROS_EC=y > > +CONFIG_CROS_EC_I2C=y > > +CONFIG_CROS_EC_LPC=y > > +CONFIG_CROS_EC_SANDBOX=y > > +CONFIG_CROS_EC_SPI=y > > +CONFIG_P2SB=y > > +CONFIG_PWRSEQ=y > > +CONFIG_SPL_PWRSEQ=y > > +CONFIG_I2C_EEPROM=y > > +CONFIG_MMC_PCI=y > > +CONFIG_MMC_SANDBOX=y > > +CONFIG_MMC_SDHCI=y > > +CONFIG_MTD=y > > +CONFIG_SPI_FLASH_SANDBOX=y > > +CONFIG_SPI_FLASH_ATMEL=y > > +CONFIG_SPI_FLASH_EON=y > > +CONFIG_SPI_FLASH_GIGADEVICE=y > > +CONFIG_SPI_FLASH_MACRONIX=y > > +CONFIG_SPI_FLASH_SPANSION=y > > +CONFIG_SPI_FLASH_STMICRO=y > > +CONFIG_SPI_FLASH_SST=y > > +CONFIG_SPI_FLASH_WINBOND=y > > +CONFIG_MULTIPLEXER=y > > +CONFIG_MUX_MMIO=y > > +CONFIG_DM_ETH=y > > +CONFIG_NVME=y > > +CONFIG_PCI=y > > +CONFIG_DM_PCI=y > > +CONFIG_PCI_REGION_MULTI_ENTRY=y > > +CONFIG_PCI_SANDBOX=y > > +CONFIG_PHY=y > > +CONFIG_PHY_SANDBOX=y > > +CONFIG_PINCTRL=y > > +CONFIG_PINCONF=y > > +CONFIG_PINCTRL_SANDBOX=y > > +CONFIG_PINCTRL_SINGLE=y > > +CONFIG_POWER_DOMAIN=y > > +CONFIG_SANDBOX_POWER_DOMAIN=y > > +CONFIG_DM_PMIC=y > > +CONFIG_PMIC_ACT8846=y > > +CONFIG_DM_PMIC_PFUZE100=y > > +CONFIG_DM_PMIC_MAX77686=y > > +CONFIG_DM_PMIC_MC34708=y > > +CONFIG_PMIC_PM8916=y > > +CONFIG_PMIC_RK8XX=y > > +CONFIG_PMIC_S2MPS11=y > > +CONFIG_DM_PMIC_SANDBOX=y > > +CONFIG_PMIC_S5M8767=y > > +CONFIG_PMIC_TPS65090=y > > +CONFIG_DM_REGULATOR=y > > +CONFIG_REGULATOR_ACT8846=y > > +CONFIG_DM_REGULATOR_PFUZE100=y > > +CONFIG_DM_REGULATOR_MAX77686=y > > +CONFIG_DM_REGULATOR_FIXED=y > > +CONFIG_REGULATOR_RK8XX=y > > +CONFIG_REGULATOR_S5M8767=y > > +CONFIG_DM_REGULATOR_SANDBOX=y > > +CONFIG_REGULATOR_TPS65090=y > > +CONFIG_DM_REGULATOR_SCMI=y > > +CONFIG_DM_PWM=y > > +CONFIG_PWM_CROS_EC=y > > +CONFIG_PWM_SANDBOX=y > > +CONFIG_RAM=y > > +CONFIG_REMOTEPROC_SANDBOX=y > > +CONFIG_DM_RESET=y > > +CONFIG_SANDBOX_RESET=y > > +CONFIG_RESET_SYSCON=y > > +CONFIG_RESET_SCMI=y > > +CONFIG_DM_RNG=y > > +CONFIG_DM_RTC=y > > +CONFIG_RTC_RV8803=y > > +CONFIG_SANDBOX_SERIAL=y > > +CONFIG_SMEM=y > > +CONFIG_SANDBOX_SMEM=y > > +CONFIG_SOUND=y > > +CONFIG_SOUND_DA7219=y > > +CONFIG_SOUND_MAX98357A=y > > +CONFIG_SOUND_SANDBOX=y > > +CONFIG_SOC_DEVICE=y > > +CONFIG_SANDBOX_SPI=y > > +CONFIG_SPMI=y > > +CONFIG_SPMI_SANDBOX=y > > +CONFIG_SYSINFO=y > > +CONFIG_SYSINFO_SANDBOX=y > > +CONFIG_SYSINFO_GPIO=y > > +CONFIG_SYSRESET=y > > +CONFIG_TIMER=y > > +CONFIG_TIMER_EARLY=y > > +CONFIG_SANDBOX_TIMER=y > > +CONFIG_USB=y > > +CONFIG_DM_USB=y > > +CONFIG_USB_EMUL=y > > +CONFIG_USB_KEYBOARD=y > > +CONFIG_DM_VIDEO=y > > +CONFIG_VIDEO_COPY=y > > +CONFIG_CONSOLE_ROTATION=y > > +CONFIG_CONSOLE_TRUETYPE=y > > +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y > > +CONFIG_VIDEO_SANDBOX_SDL=y > > +CONFIG_VIDEO_DSI_HOST_SANDBOX=y > > +CONFIG_OSD=y > > +CONFIG_SANDBOX_OSD=y > > +CONFIG_SPLASH_SCREEN_ALIGN=y > > +CONFIG_VIDEO_BMP_RLE8=y > > +CONFIG_W1=y > > +CONFIG_W1_GPIO=y > > +CONFIG_W1_EEPROM=y > > +CONFIG_W1_EEPROM_SANDBOX=y > > +CONFIG_WDT=y > > +CONFIG_WDT_SANDBOX=y > > +CONFIG_FS_CBFS=y > > +CONFIG_FS_CRAMFS=y > > +CONFIG_CMD_DHRYSTONE=y > > +CONFIG_TPM=y > > +CONFIG_LZ4=y > > +CONFIG_ERRNO_STR=y > > +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y > > +CONFIG_EFI_CAPSULE_ON_DISK=y > > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y > > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > > +CONFIG_EFI_CAPSULE_AUTHENTICATE=y > > +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl" > > Is this path relative to the build directory? No. > Will building fail if the build directory is not a direct subdirectory > of the source directory? No. "incbin" directive in assembly code works with "include directory" paths. As "-Iinclude" is passed on to the assembler, "../" will eventually be able to point to the source directory whatever the build directory is. -Takahiro Akashi > Best regards > > Heinrich > > > +CONFIG_EFI_SECURE_BOOT=y > > +CONFIG_TEST_FDTDEC=y > > +CONFIG_CRYPT_PW=y > > +CONFIG_CRYPT_PW_SHA256=y > > +CONFIG_CRYPT_PW_SHA512=y > > +CONFIG_AUTOBOOT_KEYED=y > > +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n" > > +CONFIG_AUTOBOOT_ENCRYPTION=y > > +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y > > +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" > > +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y > > +CONFIG_AUTOBOOT_SHA256_FALLBACK=y > > +CONFIG_UNIT_TEST=y > > +CONFIG_UT_TIME=y > > +CONFIG_UT_DM=y > > +CONFIG_DM_REBOOT_MODE=y > > +CONFIG_DM_REBOOT_MODE_GPIO=y > > +CONFIG_DM_REBOOT_MODE_RTC=y > >
Hi Takahiro, On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > This new configuration, which was derived from sandbox_defconfig, will be > used solely to run efi capsule authentication test as the test requires > a public key (esl file) to be embedded in U-Boot binary. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > 1 file changed, 307 insertions(+) > create mode 100644 configs/sandbox_capsule_auth_defconfig NAK. Please just add it to sandbox_defconfig. We sometimes have to create new variants when dealing with actual build variations (e.g. SPL, building without OF_LIVE), but here we should just enable the feature in sandbox_defconfig. We already covered embedding key in the binary on another thread. Please don't do that. After that debacle I sent a patch explaining this: http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ Regards, Simon
Simon, On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote: > Hi Takahiro, > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro > <takahiro.akashi@linaro.org> wrote: > > > > This new configuration, which was derived from sandbox_defconfig, will be > > used solely to run efi capsule authentication test as the test requires > > a public key (esl file) to be embedded in U-Boot binary. > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > --- > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > 1 file changed, 307 insertions(+) > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > NAK. > > Please just add it to sandbox_defconfig. We sometimes have to create Unfortunately, I can't. Look, we now have two tests, test_capsule_firmware.py and test_capsule_firmware_signed.py, and we need U-Boot binaries, respectively, without a key and with a key. A single configuration cannot satisfy both. > new variants when dealing with actual build variations (e.g. SPL, > building without OF_LIVE), but here we should just enable the feature > in sandbox_defconfig. > > We already covered embedding key in the binary on another thread. > Please don't do that. After that debacle I sent a patch explaining > this: > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ Please discuss and make an agreement with Heinrich. The patch for embedding a key has already been merged in -rc1. In my personal opinion, neither approaches won't apply to production any way. -Takahiro Akashi > Regards, > Simon
Hi Takahiro, On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > Simon, > > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote: > > Hi Takahiro, > > > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro > > <takahiro.akashi@linaro.org> wrote: > > > > > > This new configuration, which was derived from sandbox_defconfig, will be > > > used solely to run efi capsule authentication test as the test requires > > > a public key (esl file) to be embedded in U-Boot binary. > > > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > --- > > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > > 1 file changed, 307 insertions(+) > > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > > > NAK. > > > > Please just add it to sandbox_defconfig. We sometimes have to create > > Unfortunately, I can't. > Look, we now have two tests, test_capsule_firmware.py and > test_capsule_firmware_signed.py, and we need U-Boot binaries, > respectively, without a key and with a key. > A single configuration cannot satisfy both. > > > new variants when dealing with actual build variations (e.g. SPL, > > building without OF_LIVE), but here we should just enable the feature > > in sandbox_defconfig. > > > > We already covered embedding key in the binary on another thread. > > Please don't do that. After that debacle I sent a patch explaining > > this: > > > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ > > Please discuss and make an agreement with Heinrich. > The patch for embedding a key has already been merged in -rc1. Which patch was that? I thought I pushed back on the one that did that. > In my personal opinion, neither approaches won't apply to production > any way. Regards, Simon
Simon, On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote: > Hi Takahiro, > > On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro > <takahiro.akashi@linaro.org> wrote: > > > > Simon, > > > > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote: > > > Hi Takahiro, > > > > > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro > > > <takahiro.akashi@linaro.org> wrote: > > > > > > > > This new configuration, which was derived from sandbox_defconfig, will be > > > > used solely to run efi capsule authentication test as the test requires > > > > a public key (esl file) to be embedded in U-Boot binary. > > > > > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > > --- > > > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > > > 1 file changed, 307 insertions(+) > > > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > > > > > NAK. > > > > > > Please just add it to sandbox_defconfig. We sometimes have to create > > > > Unfortunately, I can't. > > Look, we now have two tests, test_capsule_firmware.py and > > test_capsule_firmware_signed.py, and we need U-Boot binaries, > > respectively, without a key and with a key. > > A single configuration cannot satisfy both. > > > > > new variants when dealing with actual build variations (e.g. SPL, > > > building without OF_LIVE), but here we should just enable the feature > > > in sandbox_defconfig. > > > > > > We already covered embedding key in the binary on another thread. > > > Please don't do that. After that debacle I sent a patch explaining > > > this: > > > > > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ > > > > Please discuss and make an agreement with Heinrich. > > The patch for embedding a key has already been merged in -rc1. > > Which patch was that? I thought I pushed back on the one that did that. The commit ddf67daac39d Author: Ilias Apalodimas <ilias.apalodimas@linaro.org> Date: Sat Jul 17 17:26:44 2021 +0300 efi_capsule: Move signature from DTB to .rodata -Takahiro Akashi > > In my personal opinion, neither approaches won't apply to production > > any way. > > Regards, > Simon
Hi Takahiro, On Sun, 1 Aug 2021 at 16:57, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > Simon, > > On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote: > > Hi Takahiro, > > > > On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro > > <takahiro.akashi@linaro.org> wrote: > > > > > > Simon, > > > > > > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote: > > > > Hi Takahiro, > > > > > > > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro > > > > <takahiro.akashi@linaro.org> wrote: > > > > > > > > > > This new configuration, which was derived from sandbox_defconfig, will be > > > > > used solely to run efi capsule authentication test as the test requires > > > > > a public key (esl file) to be embedded in U-Boot binary. > > > > > > > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > > > --- > > > > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ > > > > > 1 file changed, 307 insertions(+) > > > > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > > > > > > > NAK. > > > > > > > > Please just add it to sandbox_defconfig. We sometimes have to create > > > > > > Unfortunately, I can't. > > > Look, we now have two tests, test_capsule_firmware.py and > > > test_capsule_firmware_signed.py, and we need U-Boot binaries, > > > respectively, without a key and with a key. > > > A single configuration cannot satisfy both. > > > > > > > new variants when dealing with actual build variations (e.g. SPL, > > > > building without OF_LIVE), but here we should just enable the feature > > > > in sandbox_defconfig. > > > > > > > > We already covered embedding key in the binary on another thread. > > > > Please don't do that. After that debacle I sent a patch explaining > > > > this: > > > > > > > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/ > > > > > > Please discuss and make an agreement with Heinrich. > > > The patch for embedding a key has already been merged in -rc1. > > > > Which patch was that? I thought I pushed back on the one that did that. > > The commit ddf67daac39d > Author: Ilias Apalodimas <ilias.apalodimas@linaro.org> > Date: Sat Jul 17 17:26:44 2021 +0300 > > efi_capsule: Move signature from DTB to .rodata OK I sent a revert of that as you saw. Then I sent a v2 revert of three patches when you explained that was not enough. I hope we can figure this out quickly. > > > > > In my personal opinion, neither approaches won't apply to production > > > any way. I have not seen any design for how EFI signing would work in production but I am happy to review it. The existing FIT-signing scheme is widely used in production environments. If we use similar processes then we should be OK. Regards, Simon
diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig new file mode 100644 index 000000000000..8e0ffb1a6995 --- /dev/null +++ b/configs/sandbox_capsule_auth_defconfig @@ -0,0 +1,307 @@ +CONFIG_SYS_TEXT_BASE=0 +CONFIG_NR_DRAM_BANKS=1 +CONFIG_SYS_MEMTEST_START=0x00100000 +CONFIG_SYS_MEMTEST_END=0x00101000 +CONFIG_ENV_SIZE=0x2000 +CONFIG_DEFAULT_DEVICE_TREE="sandbox" +CONFIG_PRE_CON_BUF_ADDR=0xf0000 +CONFIG_BOOTSTAGE_STASH_ADDR=0x0 +CONFIG_DEBUG_UART=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_FIT_SIGNATURE=y +CONFIG_FIT_RSASSA_PSS=y +CONFIG_FIT_CIPHER=y +CONFIG_FIT_VERBOSE=y +CONFIG_BOOTSTAGE=y +CONFIG_BOOTSTAGE_REPORT=y +CONFIG_BOOTSTAGE_FDT=y +CONFIG_BOOTSTAGE_STASH=y +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096 +CONFIG_CONSOLE_RECORD=y +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 +CONFIG_PRE_CONSOLE_BUFFER=y +CONFIG_LOG=y +CONFIG_DISPLAY_BOARDINFO_LATE=y +CONFIG_MISC_INIT_F=y +CONFIG_STACKPROTECTOR=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_CPU=y +CONFIG_CMD_LICENSE=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_BOOTEFI_HELLO=y +CONFIG_CMD_ABOOTIMG=y +# CONFIG_CMD_ELF is not set +CONFIG_CMD_ASKENV=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_ENV_CALLBACK=y +CONFIG_CMD_ENV_FLAGS=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_NVEDIT_INFO=y +CONFIG_CMD_NVEDIT_LOAD=y +CONFIG_CMD_NVEDIT_SELECT=y +CONFIG_LOOPW=y +CONFIG_CMD_MD5SUM=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MEM_SEARCH=y +CONFIG_CMD_MX_CYCLIC=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_BIND=y +CONFIG_CMD_DEMO=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_PWM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_GPT_RENAME=y +CONFIG_CMD_IDE=y +CONFIG_CMD_I2C=y +CONFIG_CMD_LSBLK=y +CONFIG_CMD_MUX=y +CONFIG_CMD_OSD=y +CONFIG_CMD_PCI=y +CONFIG_CMD_READ=y +CONFIG_CMD_REMOTEPROC=y +CONFIG_CMD_SPI=y +CONFIG_CMD_USB=y +CONFIG_CMD_AXI=y +CONFIG_CMD_AB_SELECT=y +CONFIG_BOOTP_DNS2=y +CONFIG_CMD_PCAP=y +CONFIG_CMD_TFTPPUT=y +CONFIG_CMD_TFTPSRV=y +CONFIG_CMD_RARP=y +CONFIG_CMD_CDP=y +CONFIG_CMD_SNTP=y +CONFIG_CMD_DNS=y +CONFIG_CMD_LINK_LOCAL=y +CONFIG_CMD_ETHSW=y +CONFIG_CMD_BMP=y +CONFIG_CMD_BOOTCOUNT=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_RTC=y +CONFIG_CMD_TIME=y +CONFIG_CMD_TIMER=y +CONFIG_CMD_SOUND=y +CONFIG_CMD_QFW=y +CONFIG_CMD_PSTORE=y +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000 +CONFIG_CMD_BOOTSTAGE=y +CONFIG_CMD_PMIC=y +CONFIG_CMD_REGULATOR=y +CONFIG_CMD_AES=y +CONFIG_CMD_TPM=y +CONFIG_CMD_TPM_TEST=y +CONFIG_CMD_BTRFS=y +CONFIG_CMD_CBFS=y +CONFIG_CMD_CRAMFS=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SQUASHFS=y +CONFIG_CMD_MTDPARTS=y +CONFIG_CMD_STACKPROTECTOR_TEST=y +CONFIG_MAC_PARTITION=y +CONFIG_AMIGA_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_OF_LIVE=y +CONFIG_OF_HOSTFILE=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_EXT4=y +CONFIG_ENV_EXT4_INTERFACE="host" +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0" +CONFIG_ENV_IMPORT_FDT=y +CONFIG_BOOTP_SEND_HOSTNAME=y +CONFIG_NETCONSOLE=y +CONFIG_IP_DEFRAG=y +CONFIG_DM_DMA=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_DEVRES=y +CONFIG_DEBUG_DEVRES=y +CONFIG_SIMPLE_PM_BUS=y +CONFIG_ADC=y +CONFIG_ADC_SANDBOX=y +CONFIG_AXI=y +CONFIG_AXI_SANDBOX=y +CONFIG_BOOTCOUNT_LIMIT=y +CONFIG_DM_BOOTCOUNT=y +CONFIG_DM_BOOTCOUNT_RTC=y +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y +CONFIG_BUTTON=y +CONFIG_BUTTON_ADC=y +CONFIG_BUTTON_GPIO=y +CONFIG_CLK=y +CONFIG_CLK_COMPOSITE_CCF=y +CONFIG_CLK_SCMI=y +CONFIG_CLK_K210=y +CONFIG_CLK_K210_SET_RATE=y +CONFIG_SANDBOX_CLK_CCF=y +CONFIG_CPU=y +CONFIG_DM_DEMO=y +CONFIG_DM_DEMO_SIMPLE=y +CONFIG_DM_DEMO_SHAPE=y +CONFIG_DFU_SF=y +CONFIG_DMA=y +CONFIG_DMA_CHANNELS=y +CONFIG_SANDBOX_DMA=y +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_GPIO_HOG=y +CONFIG_DM_GPIO_LOOKUP_LABEL=y +CONFIG_PM8916_GPIO=y +CONFIG_SANDBOX_GPIO=y +CONFIG_DM_HWSPINLOCK=y +CONFIG_HWSPINLOCK_SANDBOX=y +CONFIG_I2C_CROS_EC_TUNNEL=y +CONFIG_I2C_CROS_EC_LDO=y +CONFIG_DM_I2C_GPIO=y +CONFIG_SYS_I2C_SANDBOX=y +CONFIG_I2C_MUX=y +CONFIG_SPL_I2C_MUX=y +CONFIG_I2C_ARB_GPIO_CHALLENGE=y +CONFIG_CROS_EC_KEYB=y +CONFIG_I8042_KEYB=y +CONFIG_LED=y +CONFIG_LED_BLINK=y +CONFIG_LED_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_SANDBOX_MBOX=y +CONFIG_MISC=y +CONFIG_CROS_EC=y +CONFIG_CROS_EC_I2C=y +CONFIG_CROS_EC_LPC=y +CONFIG_CROS_EC_SANDBOX=y +CONFIG_CROS_EC_SPI=y +CONFIG_P2SB=y +CONFIG_PWRSEQ=y +CONFIG_SPL_PWRSEQ=y +CONFIG_I2C_EEPROM=y +CONFIG_MMC_PCI=y +CONFIG_MMC_SANDBOX=y +CONFIG_MMC_SDHCI=y +CONFIG_MTD=y +CONFIG_SPI_FLASH_SANDBOX=y +CONFIG_SPI_FLASH_ATMEL=y +CONFIG_SPI_FLASH_EON=y +CONFIG_SPI_FLASH_GIGADEVICE=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_SST=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_MULTIPLEXER=y +CONFIG_MUX_MMIO=y +CONFIG_DM_ETH=y +CONFIG_NVME=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_PCI_REGION_MULTI_ENTRY=y +CONFIG_PCI_SANDBOX=y +CONFIG_PHY=y +CONFIG_PHY_SANDBOX=y +CONFIG_PINCTRL=y +CONFIG_PINCONF=y +CONFIG_PINCTRL_SANDBOX=y +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_SANDBOX_POWER_DOMAIN=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_ACT8846=y +CONFIG_DM_PMIC_PFUZE100=y +CONFIG_DM_PMIC_MAX77686=y +CONFIG_DM_PMIC_MC34708=y +CONFIG_PMIC_PM8916=y +CONFIG_PMIC_RK8XX=y +CONFIG_PMIC_S2MPS11=y +CONFIG_DM_PMIC_SANDBOX=y +CONFIG_PMIC_S5M8767=y +CONFIG_PMIC_TPS65090=y +CONFIG_DM_REGULATOR=y +CONFIG_REGULATOR_ACT8846=y +CONFIG_DM_REGULATOR_PFUZE100=y +CONFIG_DM_REGULATOR_MAX77686=y +CONFIG_DM_REGULATOR_FIXED=y +CONFIG_REGULATOR_RK8XX=y +CONFIG_REGULATOR_S5M8767=y +CONFIG_DM_REGULATOR_SANDBOX=y +CONFIG_REGULATOR_TPS65090=y +CONFIG_DM_REGULATOR_SCMI=y +CONFIG_DM_PWM=y +CONFIG_PWM_CROS_EC=y +CONFIG_PWM_SANDBOX=y +CONFIG_RAM=y +CONFIG_REMOTEPROC_SANDBOX=y +CONFIG_DM_RESET=y +CONFIG_SANDBOX_RESET=y +CONFIG_RESET_SYSCON=y +CONFIG_RESET_SCMI=y +CONFIG_DM_RNG=y +CONFIG_DM_RTC=y +CONFIG_RTC_RV8803=y +CONFIG_SANDBOX_SERIAL=y +CONFIG_SMEM=y +CONFIG_SANDBOX_SMEM=y +CONFIG_SOUND=y +CONFIG_SOUND_DA7219=y +CONFIG_SOUND_MAX98357A=y +CONFIG_SOUND_SANDBOX=y +CONFIG_SOC_DEVICE=y +CONFIG_SANDBOX_SPI=y +CONFIG_SPMI=y +CONFIG_SPMI_SANDBOX=y +CONFIG_SYSINFO=y +CONFIG_SYSINFO_SANDBOX=y +CONFIG_SYSINFO_GPIO=y +CONFIG_SYSRESET=y +CONFIG_TIMER=y +CONFIG_TIMER_EARLY=y +CONFIG_SANDBOX_TIMER=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_EMUL=y +CONFIG_USB_KEYBOARD=y +CONFIG_DM_VIDEO=y +CONFIG_VIDEO_COPY=y +CONFIG_CONSOLE_ROTATION=y +CONFIG_CONSOLE_TRUETYPE=y +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y +CONFIG_VIDEO_SANDBOX_SDL=y +CONFIG_VIDEO_DSI_HOST_SANDBOX=y +CONFIG_OSD=y +CONFIG_SANDBOX_OSD=y +CONFIG_SPLASH_SCREEN_ALIGN=y +CONFIG_VIDEO_BMP_RLE8=y +CONFIG_W1=y +CONFIG_W1_GPIO=y +CONFIG_W1_EEPROM=y +CONFIG_W1_EEPROM_SANDBOX=y +CONFIG_WDT=y +CONFIG_WDT_SANDBOX=y +CONFIG_FS_CBFS=y +CONFIG_FS_CRAMFS=y +CONFIG_CMD_DHRYSTONE=y +CONFIG_TPM=y +CONFIG_LZ4=y +CONFIG_ERRNO_STR=y +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y +CONFIG_EFI_CAPSULE_ON_DISK=y +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y +CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl" +CONFIG_EFI_SECURE_BOOT=y +CONFIG_TEST_FDTDEC=y +CONFIG_CRYPT_PW=y +CONFIG_CRYPT_PW_SHA256=y +CONFIG_CRYPT_PW_SHA512=y +CONFIG_AUTOBOOT_KEYED=y +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n" +CONFIG_AUTOBOOT_ENCRYPTION=y +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y +CONFIG_AUTOBOOT_SHA256_FALLBACK=y +CONFIG_UNIT_TEST=y +CONFIG_UT_TIME=y +CONFIG_UT_DM=y +CONFIG_DM_REBOOT_MODE=y +CONFIG_DM_REBOOT_MODE_GPIO=y +CONFIG_DM_REBOOT_MODE_RTC=y
This new configuration, which was derived from sandbox_defconfig, will be used solely to run efi capsule authentication test as the test requires a public key (esl file) to be embedded in U-Boot binary. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ 1 file changed, 307 insertions(+) create mode 100644 configs/sandbox_capsule_auth_defconfig -- 2.31.0