Re: [PATCH] EFI: update the documentation to correctly order loading SB keys

On Mon, 28 Nov 2022 at 00:45, AKASHI Takahiro wrote: > > On Fri, Nov 25, 2022 at 01:30:11PM +, luca.bocca...@gmail.com wrote: > > From: Luca Boccassi > > > > Loading the PK locks down the EFI variables, so it needs to be done last. > > No, it's not (alwa

[PATCH] EFI: update the documentation to correctly order loading SB keys

From: Luca Boccassi Loading the PK locks down the EFI variables, so it needs to be done last. Fix the order in the documentation and add a note. Signed-off-by: Luca Boccassi --- doc/develop/uefi/uefi.rst | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc

[U-Boot] fit_check_sign - offline FIT verification with public certificate only

Hi, Is there a particular reason why fit_check_sign can only verify an image using a DTB, rather than just the x509 public cert? Or is it just that nobody has added the option so far? It would be useful to verify images offline. Thanks! -- Kind regards, Luca Boccassi signature.asc

[U-Boot] [PATCH] tools: use read-only mmap in fit_check_sign

From: Luca Boccassi Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi --- tools