Hi Takahiro,
On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
With this script, a public key is added to a device tree blob as the default efi_get_public_key_data() expects.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
MAINTAINERS | 1 + tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 tools/fdtsig.sh
diff --git a/MAINTAINERS b/MAINTAINERS index 813674eb2898..8233a53c29dc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -742,6 +742,7 @@ F: cmd/bootefi.c F: cmd/efidebug.c F: cmd/nvedit_efi.c F: tools/efivar.py +F: tools/fdtsig.sh F: tools/file2include.c F: tools/mkeficapsule.c
diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh new file mode 100755 index 000000000000..c2b2a6dc5ec8 --- /dev/null +++ b/tools/fdtsig.sh @@ -0,0 +1,40 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0+ +# +# script to add a certificate (efi-signature-list) to dtb blob
+usage() {
if [ -n "$*" ]; thenecho "ERROR: $*"fiecho "Usage: "$(basename $0) " <esl file> <dtb file>"+}
+if [ "$#" -ne 2 ]; then
usage "Arguments missing"exit 1+fi
+ESL=$1 +DTB=$2 +NEW_DTB=$(basename $DTB)_tmp +SIG=signature
+cat << 'EOF' > $SIG.dts +/dts-v1/; +/plugin/;
+&{/} {
- signature {
+EOF +echo "capsule-key = /incbin/("$ESL");" >> $SIG.dts +cat << 'EOF' >> $SIG.dts
- };
+}; +EOF
+dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts +fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo +mv $NEW_DTB $DTB
+rm $SIG.dts $SIG.dtsn $SIG.dtbo
2.33.0
As mentioned, let's get binman working here.
Regards, Simon