From patchwork Tue Nov 2 00:55:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 516607 Delivered-To: patch@linaro.org Received: by 2002:ad5:5208:0:0:0:0:0 with SMTP id p8csp3917228iml; Mon, 1 Nov 2021 17:57:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzj0fz/VYOXNWPuSE/YL6a5Z3w6mUsBm+H+GipdIyCXBjFS7VEnRBUXL9+BG8+wfWztOZyE X-Received: by 2002:a17:906:140b:: with SMTP id p11mr40735039ejc.116.1635814669071; Mon, 01 Nov 2021 17:57:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635814669; cv=none; d=google.com; s=arc-20160816; b=RY0+/IlaztWvzBM1mQIfXi7M9J3liA6U3I1smCEU1V2tXRtNSEGd4g8eltCEzEp8DU zS+oNIvZaA11ac0uJ5KV0QTzWte6/voN+EleXTDoI8F1iIa43V2cp/QDpyvjde5PJCtX ksVYhNspPV6cc7TnepDxnE9mWcNLvs3HFKYFZ7tQG089kF8FwsEi32efuBL+PV+7fNr2 rJMbYgsCLaCPr1PpjQDm6bZFMR8Sqm2OLCi5WItLnxky9H43MKbBy9j6cdZfaj9UvZfZ KX4fx8Ust70Ome5+jLp/9SJ2jib8cXyT5A7ffK5hFUhLsOjlUVx/eFJWBdEGZzgxOkTq I+Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=c/XLH7vR9taN0klgqa+1gxWo68o4aMLxryw8O6vQMd0=; b=mVZ+oyclS9TbSkhrce39k0g2w9eP5I8Np8A8rdH6ifPT8AWpx70gvqZBLnppcod/ny +Wc7NV0FUl2MG08CiUn402yfHMrhzwCKGjVadfOf13WZ9XQ5aYAjqrSCnG+rPC87Smx7 jDzMP3vORki4S0PIeMnYr7mWiyrMuyVmJIvKaB7hcV2wgljovsrUME8fcg0syz91Jib7 LKzSR4TrcrkFDDW+ZFLcOixke/hHTPohSW3l6PWWbT7Yax+We8wdpnavb77SI7bpkCkL 4xjJjL1GX+wCtv60/FokxatYyrm4PmVwhqyeKdrTIbc20uof569ANilYWRUUEt3Nxj/A 4cLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=iQj8b0Fv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id he37si6102427ejc.123.2021.11.01.17.57.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Nov 2021 17:57:49 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=iQj8b0Fv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 31C278361A; Tue, 2 Nov 2021 01:57:23 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="iQj8b0Fv"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5E9F483623; Tue, 2 Nov 2021 01:56:48 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 14E3683612 for ; Tue, 2 Nov 2021 01:56:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x52d.google.com with SMTP id t7so18638647pgl.9 for ; Mon, 01 Nov 2021 17:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=c/XLH7vR9taN0klgqa+1gxWo68o4aMLxryw8O6vQMd0=; b=iQj8b0Fv7/vdwDK7xx6hKWvWFFGTP1JbJc4t6RWX78RBL8aWUUyooiGAjzM60mJ1fR voEcrAoNCHh9/p565ptkyY9dZP4Ua1Nz2OOQ3jh3ncGW5SRIsz/6SKssc2IwbpoYqPzM jropIgTw3QjZnoNkiGr6T/yT1LZnDgjOYO3oAfdvIH1on2klvEToKAwAnxXsFb9ergLy i2CALStegolHlBNT06C6dEdtIBCacgiAqQJ+KihQ9avZoGsDicW2I8t9VK99Ev/T65n8 DPYxICD2omXMtlsYE4bx4sPQ3x260oj7pb2RnPDC36dzbCqjl3Qk///WlJ6laGVgpV3s 5rhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c/XLH7vR9taN0klgqa+1gxWo68o4aMLxryw8O6vQMd0=; b=Up6zRI26repAC4dJ8ne5KR9EyMvYdNlpqPXZtQ3NZ6D/Yty17rwwTsCEcN2swRK4qy Ce9G2yqGiUwlm1WKsiwoCvg4vLKQNFWlsth60i50tQ/Pa0BxccbYU4kjIymrrOjZc9TV yZFkBuXggpfDiDP0YhpliWSORdHkw5tUeHyanR2I6qYBfT+7Mwv1YhK39L+PwSTXybWg 3Y4MQXTec7MbM7bK0XYPEG36GCF301I9SzzNktADiwp1xFvAhoLAHR9dzlWWnOiNsNH5 0xxgLY+0YpYoMBuUF7qzt4jJ0loWwZWQKFooL6NNfk7jNPs/tyJXX0IIPD6p1cS7p2MX arzg== X-Gm-Message-State: AOAM53195IjECX0Xt1QuqCvkj0euFnKRMPFv+jkOifFw2NWpUfrWfcBR RLEJIhVCON/aHSn74zig7FqTsg== X-Received: by 2002:a63:b002:: with SMTP id h2mr24778803pgf.464.1635814578451; Mon, 01 Nov 2021 17:56:18 -0700 (PDT) Received: from localhost.localdomain ([2400:4050:c3e1:100:a475:65cc:d4b7:aaf5]) by smtp.gmail.com with ESMTPSA id n29sm12305596pfv.29.2021.11.01.17.56.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Nov 2021 17:56:18 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v6 11/12] (RFC) tools: add fdtsig.sh Date: Tue, 2 Nov 2021 09:55:11 +0900 Message-Id: <20211102005512.96019-12-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211102005512.96019-1-takahiro.akashi@linaro.org> References: <20211102005512.96019-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean With this script, a public key is added to a device tree blob as the default efi_get_public_key_data() expects. Signed-off-by: AKASHI Takahiro --- MAINTAINERS | 1 + tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 tools/fdtsig.sh -- 2.33.0 diff --git a/MAINTAINERS b/MAINTAINERS index 569332db4719..860f58ef6640 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -738,6 +738,7 @@ F: cmd/bootefi.c F: cmd/efidebug.c F: cmd/nvedit_efi.c F: tools/efivar.py +F: tools/fdtsig.sh F: tools/file2include.c F: tools/mkeficapsule.c diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh new file mode 100755 index 000000000000..c2b2a6dc5ec8 --- /dev/null +++ b/tools/fdtsig.sh @@ -0,0 +1,40 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0+ +# +# script to add a certificate (efi-signature-list) to dtb blob + +usage() { + if [ -n "$*" ]; then + echo "ERROR: $*" + fi + echo "Usage: "$(basename $0) " " +} + +if [ "$#" -ne 2 ]; then + usage "Arguments missing" + exit 1 +fi + +ESL=$1 +DTB=$2 +NEW_DTB=$(basename $DTB)_tmp +SIG=signature + +cat << 'EOF' > $SIG.dts +/dts-v1/; +/plugin/; + +&{/} { + signature { +EOF +echo "capsule-key = /incbin/(\"$ESL\");" >> $SIG.dts +cat << 'EOF' >> $SIG.dts + }; +}; +EOF + +dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts +fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo +mv $NEW_DTB $DTB + +rm $SIG.dts $SIG.dtsn $SIG.dtbo