]> git.baikalelectronics.ru Git - uboot.git/commit
projects / uboot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7df9bc7) | patch
tools: mkeficapsule: add firmware image signing
authorAKASHI Takahiro <takahiro.akashi@linaro.org>
Wed, 9 Feb 2022 10:10:35 +0000 (19:10 +0900)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fri, 11 Feb 2022 19:07:55 +0000 (20:07 +0100)
commit0fa3f6b7aa01c842274b157f0ab10a057abc88b1
treee02618bc5297e6f6f86b05222019eedaebecfe22tree | snapshot
parent7df9bc7abd92e208cfc3b549a6e5695944265bd7commit | diff
tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
  -monotonic-cout <count> : monotonic count
  -private-key <private key file> : private key file
  -certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
.azure-pipelines.yml diff | blob | history
tools/Makefile diff | blob | history
tools/eficapsule.h [new file with mode: 0644] blob
tools/mkeficapsule.c diff | blob | history
"Das U-Boot" Source Tree.