summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2023-08-29 16:58:42 -0400
committerTom Rini <trini@konsulko.com>2023-08-29 16:58:42 -0400
commitda3cb125b0e8f0625b6bba5cb3f05b70174bb5e9 (patch)
treea532f75fd88442abc3d452f40af95bb071ac9a8b /lib
parent11cf91f755c7b1f1c8e7865743ac589bd23b7099 (diff)
parent1df1d566d21f52703511e55fadd72993a137a464 (diff)
Merge branch '2023-08-29-integrate-efi-capsule-update-better-in-to-u-boot-buildflow' into next
To quote the author: This patchset aims to bring two capsule related tasks under the U-Boot build flow. The first task is related to generation of capsules. The capsules can be generated as part of U-Boot build, and this is being achieved through binman, by adding a capsule entry type. The capsules can be generated by specifying the capsule parameters as properties under the capsule entry node. The other task is the embedding of the public key into the platform's DTB. The public key is in the form of an EFI Signature List(ESL) file and is used for capsule authentication. This is being achieved by adding the signature node containing the capsule public key in the platform's DTB. Corresponding changes have also been made to the test setup of the EFI capsule update feature. The ESL public key file was embedded into the sandbox platform's test.dtb as part of the test setup, post U-Boot build. This is now no longer needed as the embedding of the ESL happens as part of the build. Secondly, the capsules needed for testing the EFI capsule update feature were being generated through the invocation of the mkeficapsule tool. This setup has also been changed to introduce generation of these capsules through binman. The document has been updated to reflect the above changes.
Diffstat (limited to 'lib')
-rw-r--r--lib/efi_loader/Kconfig8
-rw-r--r--lib/efi_loader/capsule_esl.dtsi.in11
2 files changed, 19 insertions, 0 deletions
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 9989e3f384e..d20aaab6dba 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -272,6 +272,14 @@ config EFI_CAPSULE_MAX
Select the max capsule index value used for capsule report
variables. This value is used to create CapsuleMax variable.
+config EFI_CAPSULE_ESL_FILE
+ string "Path to the EFI Signature List File"
+ depends on EFI_CAPSULE_AUTHENTICATE
+ help
+ Provides the path to the EFI Signature List file which will
+ be embedded in the platform's device tree and used for
+ capsule authentication at the time of capsule update.
+
config EFI_DEVICE_PATH_TO_TEXT
bool "Device path to text protocol"
default y
diff --git a/lib/efi_loader/capsule_esl.dtsi.in b/lib/efi_loader/capsule_esl.dtsi.in
new file mode 100644
index 00000000000..61a9f2b25e9
--- /dev/null
+++ b/lib/efi_loader/capsule_esl.dtsi.in
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0+
+/**
+ * Devicetree file with the public key EFI Signature List(ESL)
+ * node. This file is used to generate the dtsi file to be
+ * included into the DTB.
+*/
+/ {
+ signature {
+ capsule-key = /incbin/("ESL_BIN_FILE");
+ };
+};