Hi,
On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
Heinrich,
On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote:
On 2/9/22 11:10, AKASHI Takahiro wrote:
With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file.
Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org Reviewed-by: Simon Glass sjg@chromium.org Acked-by: Ilias Apalodimas ilias.apalodimas@linaro.org
.azure-pipelines.yml | 2 +- tools/Makefile | 1 + tools/eficapsule.h | 115 +++++++++++++ tools/mkeficapsule.c | 380 +++++++++++++++++++++++++++++++++++++++---- 4 files changed, 463 insertions(+), 35 deletions(-) create mode 100644 tools/eficapsule.h
I'm not sure if it is this patch or something else, but building is broken as it needs
gnutls/gnutls.h
Please update the docs in doc/build/gcc.rst to fix this.
Regards, Simon