]> git.dujemihanovic.xyz Git - u-boot.git/commit
tools: mkeficapsule: add firmware image signing
authorAKASHI Takahiro <takahiro.akashi@linaro.org>
Wed, 9 Feb 2022 10:10:35 +0000 (19:10 +0900)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fri, 11 Feb 2022 19:07:55 +0000 (20:07 +0100)
commit16abff246b400bcb6f1ef85e501e5bbbd3c6aa53
treee02618bc5297e6f6f86b05222019eedaebecfe22
parent9af16cc8f1ad8144db6d70ea65a51e4ef1398397
tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
  -monotonic-cout <count> : monotonic count
  -private-key <private key file> : private key file
  -certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
.azure-pipelines.yml
tools/Makefile
tools/eficapsule.h [new file with mode: 0644]
tools/mkeficapsule.c