Hi Takahiro,
On Wed, 24 Nov 2021 at 19:21, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
Hi Simon,
On Wed, Nov 24, 2021 at 05:11:49PM -0700, Simon Glass wrote:
Hi Takahiro,
On Mon, 15 Nov 2021 at 21:33, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
By specifying CONFIG_EFI_CAPSULE_KEY_PATH, the build process will automatically insert the given key into the device tree. Otherwise, users are required to do so manually, possibly, with the utility script, fdtsig.sh.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
doc/develop/uefi/uefi.rst | 4 ++++ dts/Makefile | 23 +++++++++++++++++++++-- lib/efi_loader/Kconfig | 7 +++++++ 3 files changed, 32 insertions(+), 2 deletions(-)
This should be handled by binman. I can create an etype for it if you like.
Basically I'd defer to you, but I don't still understand when and how binman be invoked in this particular use case.
OK I will give it a try. Basically we need to create an etype for with, with a entry argument that specifies the key file. See
https://github.com/u-boot/u-boot/blob/master/tools/binman/etype/vblock.py
This one collects the data to sign, calls a tool to sign it, then puts the signature in the entry.
It is really easy (TM).
Regards, SImon