16 Jul
2021
16 Jul
'21
4:03 p.m.
Hi Ilias,
On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embeded the key in U-Boot's .rodata we don't this this functionality anymore
Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org
tools/mkeficapsule.c | 226 ++----------------------------------------- 1 file changed, 7 insertions(+), 219 deletions(-)
Here again I see EFI diverging from the impl in U-Boot. WIth U-Boot you can add the public key after the build step, e.g. in a key-signing server. With EFI and this change you will have to rebuild U-Boot (from source) every time you sign something. Seems like a pain.
Regards, Simon