[PATCH 0/4] efi_loader: capsule: improve capsule authentication support

12 May 2021


      As I discussed in [1], I have made a couple of improvements on
the current implemenation of capsule update.
Among others, this patch series
1. add signing feature to mkeficapsule
2. remove dtb operation from mkeficapsule
3. add pytest for capsule authentication (on sandbox)
NOTE:
I temporarily include Patch#3 in order to show that it is not worth
implementing in C as we can do the same thing with a very small
shell script.
My intent is *NOT* to merge Patch#3 in upstream.
Prerequisite patches
====================
See Sughosh's [2] and my [3].
Test
====
* passed the pytest which is included in this patch series
  on sandbox built locally.
Todo
====
* review and update the document for capsule update
    doc/board/emulation/qemu_capsule_update.rst
  (but not in this patch series)
[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
[2] https://lists.denx.de/pipermail/u-boot/2021-April/447183.html
[3] https://lists.denx.de/pipermail/u-boot/2021-May/449347.html
    https://lists.denx.de/pipermail/u-boot/2021-May/449348.html
    https://lists.denx.de/pipermail/u-boot/2021-May/449349.html
    https://lists.denx.de/pipermail/u-boot/2021-May/449350.html
    https://lists.denx.de/pipermail/u-boot/2021-May/449351.html
Changes
=======
Initial release (May 12, 2021)
* based on v2021.07-rc2
AKASHI Takahiro (4):
  tools: mkeficapsule: add firmwware image signing
  tools: mkeficapsule: remove device-tree related operation
  tools: add fdtsig command
  test/py: efi_capsule: add image authentication test
Makefile                                      |   7 +-
 .../py/tests/test_efi_capsule/capsule_defs.py |   5 +
 test/py/tests/test_efi_capsule/conftest.py    |  35 +-
 test/py/tests/test_efi_capsule/signature.dts  |   8 +
 .../test_capsule_firmware_signed.py           | 234 +++++++++
 tools/Makefile                                |   7 +-
 tools/fdtsig.c                                | 274 +++++++++++
 tools/fdtsig.sh                               |  40 ++
 tools/mkeficapsule.c                          | 455 ++++++++++--------
 9 files changed, 856 insertions(+), 209 deletions(-)
 create mode 100644 test/py/tests/test_efi_capsule/signature.dts
 create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
 create mode 100644 tools/fdtsig.c
 create mode 100755 tools/fdtsig.sh
-- 
2.31.0