git.dujemihanovic.xyz Git - u-boot.git/commit

author	Ilias Apalodimas <ilias.apalodimas@linaro.org>
	Sat, 17 Jul 2021 14:26:44 +0000 (17:26 +0300)
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>
	Sun, 18 Jul 2021 12:43:56 +0000 (14:43 +0200)
commit	ddf67daac39de76d2697d587148f4c2cb768f492
tree	2f6625c0035401e56d52ddc000e0b3ffddfa892e	tree \| snapshot
parent	d934ed577e9257e64e08bc722a7715e586c4a2bc	commit \| diff

efi_capsule: Move signature from DTB to .rodata

The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.

Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

board/emulation/common/Makefile		diff \| blob \| history
board/emulation/common/qemu_capsule.c	[deleted file]	blob \| history
include/asm-generic/sections.h		diff \| blob \| history
lib/efi_loader/Kconfig		diff \| blob \| history
lib/efi_loader/Makefile		diff \| blob \| history
lib/efi_loader/efi_capsule.c		diff \| blob \| history
lib/efi_loader/efi_capsule_key.S	[new file with mode: 0644]	blob