On 4/8/24 23:33, Jonathan Humphreys wrote:
Create an EFI signature list (.esl) file based on the TI dummy key. Enable capsule authentication for several TI SoC based platforms: AM64, AM62, AM62p, BeaglePlay, J7, and BeagleboneAI.
Hello Jonathan,
with the patch a capsule update will not be possible if the capsule is not signed with the private key matching the ESL signature key in patch 1/13.
Why should a user want to lock down their board to a private key over which he has no control? Wouldn't it be in their best interest to create a key pair themselves?
I would have expected a documentation change explaining this to the users.
Best regards
Heinrich
Jonathan Humphreys (13): ti:keys Add EFI signature list configs: am64x: Set capsule update signature list file configs: am64x: Enable capsule authentication configs: j721e: Set capsule update signature list file configs: j721e: Enable capsule authentication configs: beagleplay: Set capsule update signature list file configs: beagleplay: Enable capsule authentication configs: am62px: Set capsule update signature list file configs: am62px: Enable capsule authentication configs: am62x: Set capsule update signature list file configs: am62x: Enable capsule authentication configs: beagleboneai64: Set capsule update signature list file configs: beagleboneai64: Enable capsule authentication
arch/arm/mach-k3/keys/custMpk.esl | Bin 0 -> 1523 bytes configs/am62px_evm_a53_defconfig | 2 ++ configs/am62x_beagleplay_a53_defconfig | 2 ++ configs/am62x_evm_a53_defconfig | 2 ++ configs/am64x_evm_a53_defconfig | 2 ++ configs/j721e_beagleboneai64_a72_defconfig | 2 ++ configs/j721e_evm_a72_defconfig | 2 ++ 7 files changed, 12 insertions(+) create mode 100644 arch/arm/mach-k3/keys/custMpk.esl