| Message ID | 20230821072909.2387400-7-sughosh.ganu@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | capsule: Embed the public key ESL as part of build | expand |
On Mon, 21 Aug 2023 at 10:29, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > Update the document to specify how the EFI Signature List(ESL) file > can be embedded into the platform's dtb as part of the U-Boot build. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > Changes since V2: > * Rephrase the statements in a couple of places as suggested by Ilias. > > doc/develop/uefi/uefi.rst | 19 +++++-------------- > 1 file changed, 5 insertions(+), 14 deletions(-) > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > index 3ce579d46e..f422915ef5 100644 > --- a/doc/develop/uefi/uefi.rst > +++ b/doc/develop/uefi/uefi.rst > @@ -539,20 +539,11 @@ and used by the steps highlighted below. > ... > } > > -You can do step-4 manually with > - > -.. code-block:: console > - > - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts > - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo > - > -where signature.dts looks like:: > - > - &{/} { > - signature { > - capsule-key = /incbin/("CRT.esl"); > - }; > - }; > +You can perform step-4 through the Kconfig symbol > +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol points to the esl file > +generated in step-2. Once the symbol has been populated with the path > +to the esl file, it will automatically get embedded into the > +platform's dtb as part of U-Boot build. > > Anti-rollback Protection > ************************ > -- > 2.34.1 > Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 3ce579d46e..f422915ef5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -539,20 +539,11 @@ and used by the steps highlighted below. ... } -You can do step-4 manually with - -.. code-block:: console - - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo - -where signature.dts looks like:: - - &{/} { - signature { - capsule-key = /incbin/("CRT.esl"); - }; - }; +You can perform step-4 through the Kconfig symbol +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol points to the esl file +generated in step-2. Once the symbol has been populated with the path +to the esl file, it will automatically get embedded into the +platform's dtb as part of U-Boot build. Anti-rollback Protection ************************
Update the document to specify how the EFI Signature List(ESL) file can be embedded into the platform's dtb as part of the U-Boot build. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V2: * Rephrase the statements in a couple of places as suggested by Ilias. doc/develop/uefi/uefi.rst | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-)