Please pull u-boot-dm
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57 -0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git tags/dm-pull-18sep21
for you to fetch changes up to 47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
---------------------------------------------------------------- Revert the public-key-embedded-in-executable patches so this does not form part of an official release before it is agreed.
---------------------------------------------------------------- Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
Note that the mkeficapsule is completely irrelevant and shouldnt be reversed anyway but since we have to make changes in documentation etc and we are close to a release, just keep it in there.
If everyone is convinced that this needs to be reverted I am fine. I'll just refix all of the platforms(since with this reverted only qemu supports authenticated capsules) and have a look on the dtb issues.
Regards Ilias
On Sat, 18 Sep 2021, 14:34 Simon Glass, sjg@chromium.org wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57 -0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git tags/dm-pull-18sep21
for you to fetch changes up to 47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not form part of an official release before it is agreed.
Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
Hi Ilias,
On Sat, 18 Sept 2021 at 05:59, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
We could get a patch in the release which makes it clear that the current approach is temporary only and will change immediately after the release. But really I don't see any sense in that since it just confuses people. Better to drop it and get it done for next time.
Note that the mkeficapsule is completely irrelevant and shouldnt be reversed anyway but since we have to make changes in documentation etc and we are close to a release, just keep it in there.
If everyone is convinced that this needs to be reverted I am fine. I'll just refix all of the platforms(since with this reverted only qemu supports authenticated capsules) and have a look on the dtb issues.
Yes and I am very happy to work with you on that.
Regards, Simon
Regards Ilias
On Sat, 18 Sep 2021, 14:34 Simon Glass, sjg@chromium.org wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57 -0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git tags/dm-pull-18sep21
for you to fetch changes up to 47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not form part of an official release before it is agreed.
Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
Hi Simon
Top posting again apologies. I am fine with whatever really. I've spent more time arguing about it than coding it :)
I have worked planned for this and the DM/EFI integration, so I'll update you on the details once we start
Cheers Ilias
On Sat, 18 Sep 2021, 15:13 Simon Glass, sjg@chromium.org wrote:
Hi Ilias,
On Sat, 18 Sept 2021 at 05:59, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't
need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
We could get a patch in the release which makes it clear that the current approach is temporary only and will change immediately after the release. But really I don't see any sense in that since it just confuses people. Better to drop it and get it done for next time.
Note that the mkeficapsule is completely irrelevant and shouldnt be
reversed anyway but since we have to make changes in documentation etc and we are close to a release, just keep it in there.
If everyone is convinced that this needs to be reverted I am fine. I'll
just refix all of the platforms(since with this reverted only qemu supports authenticated capsules) and have a look on the dtb issues.
Yes and I am very happy to work with you on that.
Regards, Simon
Regards Ilias
On Sat, 18 Sep 2021, 14:34 Simon Glass, sjg@chromium.org wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit
d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57
-0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git
tags/dm-pull-18sep21
for you to fetch changes up to 47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not
form
part of an official release before it is agreed.
Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
On Sat, 18 Sept 2021 at 14:23, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Simon
Top posting again apologies. I am fine with whatever really. I've spent more time arguing about it than coding it :)
Regardless of revert or no, we must dedicate enough energy ASAP to
conceptualize what we are collectively doing as discussions on the mailing list are not the most effective. I'll propose a first draft by Monday my time.
I have worked planned for this and the DM/EFI integration, so I'll update you on the details once we start
Cheers Ilias
On Sat, 18 Sep 2021, 15:13 Simon Glass, sjg@chromium.org wrote:
Hi Ilias,
On Sat, 18 Sept 2021 at 05:59, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't
need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
We could get a patch in the release which makes it clear that the current approach is temporary only and will change immediately after the release. But really I don't see any sense in that since it just confuses people. Better to drop it and get it done for next time.
Note that the mkeficapsule is completely irrelevant and shouldnt be
reversed anyway but since we have to make changes in documentation etc and we are close to a release, just keep it in there.
If everyone is convinced that this needs to be reverted I am fine.
I'll just refix all of the platforms(since with this reverted only qemu supports authenticated capsules) and have a look on the dtb issues.
Yes and I am very happy to work with you on that.
Regards, Simon
Regards Ilias
On Sat, 18 Sep 2021, 14:34 Simon Glass, sjg@chromium.org wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit
d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57
-0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git
tags/dm-pull-18sep21
for you to fetch changes up to
47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not
form
part of an official release before it is agreed.
Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
Hi François,
On Sat, 18 Sept 2021 at 06:44, François Ozog francois.ozog@linaro.org wrote:
On Sat, 18 Sept 2021 at 14:23, Ilias Apalodimas < ilias.apalodimas@linaro.org> wrote:
Hi Simon
Top posting again apologies. I am fine with whatever really. I've spent more time arguing about it than coding it :)
Regardless of revert or no, we must dedicate enough energy ASAP to
conceptualize what we are collectively doing as discussions on the mailing list are not the most effective. I'll propose a first draft by Monday my time.
I very much agree. Thank you for taking this on!
I will certainly dedicate what time is needed to resolve things from my side, too.
Regards, Simon
I have worked planned for this and the DM/EFI
https://dm.corp.google.com/EFI integration, so I'll update you on the details once we start
Cheers Ilias
On Sat, 18 Sep 2021, 15:13 Simon Glass, sjg@chromium.org wrote:
Hi Ilias,
On Sat, 18 Sept 2021 at 05:59, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't
need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
We could get a patch in the release which makes it clear that the current approach is temporary only and will change immediately after the release. But really I don't see any sense in that since it just confuses people. Better to drop it and get it done for next time.
Note that the mkeficapsule is completely irrelevant and shouldnt be
reversed anyway but since we have to make changes in documentation etc and we are close to a release, just keep it in there.
If everyone is convinced that this needs to be reverted I am fine.
I'll just refix all of the platforms(since with this reverted only qemu supports authenticated capsules) and have a look on the dtb issues.
Yes and I am very happy to work with you on that.
Regards, Simon
Regards Ilias
On Sat, 18 Sep 2021, 14:34 Simon Glass, sjg@chromium.org wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit
d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57
-0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git
tags/dm-pull-18sep21
for you to fetch changes up to
47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not
form
part of an official release before it is agreed.
Simon Glass (3): Revert "doc: Update CapsuleUpdate READMEs" Revert "mkeficapsule: Remove dtb related options" Revert "efi_capsule: Move signature from DTB to .rodata"
board/emulation/common/Makefile | 1 + doc/develop/uefi/uefi.rst | 124 ------------------------------ include/asm-generic/sections.h | 2 - lib/efi_loader/Kconfig | 7 -- lib/efi_loader/Makefile | 8 -- lib/efi_loader/efi_capsule.c | 18 +---- lib/efi_loader/efi_capsule_key.S | 17 ----- tools/mkeficapsule.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 8 files changed, 226 insertions(+), 180 deletions(-) delete mode 100644 lib/efi_loader/efi_capsule_key.S
Regards, Simon
-- François-Frédéric Ozog | *Director Business Development* T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog
On Sat, Sep 18, 2021 at 02:59:42PM +0300, Ilias Apalodimas wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't need to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
One thing I think you confirmed to me on IRC, but I don't think was on the mailing list is, if we do not revert this set of changes, we also do not lock ourselves in to some implementation that must be supported for forever, correct? In other words, shipping things as is does not preclude making further changes to this area based on Simon's feedback.
Hi Tom Yes the internal ABI and the whole functionality remains identical. What changes is how the user includes the key in the final binary.
It's a Kconfig with the patch applied, while if we move it to the dtb the user must add it and concat the dtb with uboot. So apart from how we build the final binary nothing changes
Regards Ilias
On Sat, 18 Sep 2021, 15:14 Tom Rini, trini@konsulko.com wrote:
On Sat, Sep 18, 2021 at 02:59:42PM +0300, Ilias Apalodimas wrote:
+cc a few people that had some input on that discussion. Apologies from top posting, but I am sending this from a mobile.
I think I've spent enough time trying to explain why I think we don't
need
to revert this and why moving the signature to the dtb once we fix it has minimal effect on the users.
One thing I think you confirmed to me on IRC, but I don't think was on the mailing list is, if we do not revert this set of changes, we also do not lock ourselves in to some implementation that must be supported for forever, correct? In other words, shipping things as is does not preclude making further changes to this area based on Simon's feedback.
-- Tom
On Sat, Sep 18, 2021 at 05:34:38AM -0600, Simon Glass wrote:
Hi Tom,
This is a revert of the EFI patches as mentioned on the mailing list. I believe this is the best way forward and avoids the current, flawed approach from getting into an official release and making it difficult to back out.
https://source.denx.de/u-boot/custodians/u-boot-dm/-/pipelines/9154
The following changes since commit d0b8c9a231d6e5fba881960c9fcfcc444f1812f9:
Merge branch '2021-09-17-TI-platform-updates' (2021-09-17 18:51:57 -0400)
are available in the Git repository at:
git@source.denx.de:u-boot/custodians/u-boot-dm.git tags/dm-pull-18sep21
for you to fetch changes up to 47a25e81d35c8d801cae9089de90c9ffea083409:
Revert "efi_capsule: Move signature from DTB to .rodata" (2021-09-18 03:47:50 -0600)
Revert the public-key-embedded-in-executable patches so this does not form part of an official release before it is agreed.
As the general consensus is that everyone involved here is committed to spending the time to come up with a technical solution to the problem that everyone can agree on, I've applied this PR to master.
participants (4)
-
François Ozog -
Ilias Apalodimas -
Simon Glass -
Tom Rini