On Mon, 21 Aug 2023 at 10:29, Sughosh Ganu sughosh.ganu@linaro.org wrote:
Update the document to specify how the EFI Signature List(ESL) file can be embedded into the platform's dtb as part of the U-Boot build.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
Changes since V2:
- Rephrase the statements in a couple of places as suggested by Ilias.
doc/develop/uefi/uefi.rst | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 3ce579d46e..f422915ef5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -539,20 +539,11 @@ and used by the steps highlighted below. ... }
-You can do step-4 manually with
-.. code-block:: console
- $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts
- $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo
-where signature.dts looks like::
- &{/} {
signature {capsule-key = /incbin/("CRT.esl");};- };
+You can perform step-4 through the Kconfig symbol +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol points to the esl file +generated in step-2. Once the symbol has been populated with the path +to the esl file, it will automatically get embedded into the +platform's dtb as part of U-Boot build.
Anti-rollback Protection
-- 2.34.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org