Add provision for embedding the public key used for capsule authentication in the platform's dtb. This is done by invoking the mkeficapsule utility which puts the public key in the efi signature list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org ---
Changes since V1: None
Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/Makefile b/Makefile index b72d8d20c0..ebd4a6477c 100644 --- a/Makefile +++ b/Makefile @@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@; false; } quiet_cmd_lzma = LZMA $@ cmd_lzma = lzma -c -z -k -9 $< > $@
+quiet_cmd_mkeficapsule = MKEFICAPSULE $@ +cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \ + -D $@ + cfg: u-boot.cfg
quiet_cmd_cfgcheck = CFGCHK $2 @@ -1161,8 +1165,14 @@ endif PHONY += dtbs dtbs: dts/dt.dtb @: +ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy) +dts/dt.dtb: u-boot tools + $(Q)$(MAKE) $(build)=dts dtbs + $(call cmd,mkeficapsule) +else dts/dt.dtb: u-boot $(Q)$(MAKE) $(build)=dts dtbs +endif
quiet_cmd_copy = COPY $@ cmd_copy = cp $< $@