Akashi-san,
On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote:
As we discussed, "-K" and "-D" options have nothing to do with creating a capsule file. The same result can be obtained by using standard commands like: === signature.dts === /dts-v1/; /plugin/;
&{/} { signature { capsule-key = /incbin/("SIGNER.esl"); }; }; === $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo
So just remove this feature. (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb").)
The same feature is implemented by a shell script (tools/fdtsig.sh).
The only reason I can see to keep this, is if mkeficapsule gets included intro distro packages in the future. That would make end users life a bit easier, since they would need a single binary to create the whole CapsuleUpdate sequence.
Regards /Ilias