Hi Takahiro,
On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call.
To do that, We need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file.
Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
tools/Kconfig | 8 + tools/Makefile | 8 +- tools/mkeficapsule.c | 435 +++++++++++++++++++++++++++++++++++++++---- 3 files changed, 417 insertions(+), 34 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
This looks OK but I have some suggestions
- I don't think you should return -1 from main - could you split up your create_fwbin() to return the number of gotos? - could we have a man page for the tool? - should the files be opened in binary mode? - can we just build the tool always?
Regards, Simon