On Sat, 17 Jul 2021 at 14:35, Ilias Apalodimas
wrote:
>
> > > >
[...]
> > > > obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o
> > > > +obj-$(CONFIG_EFI_CAPSULE_AUTHENTICATE) += efi_capsule_key.o
> >
> > We should give users another choice here to allow them to add their
> > own
On Fri, Jul 16, 2021 at 07:49:09AM -0600, Simon Glass wrote:
> Hi Ilias,
>
> On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas
> wrote:
> >
> > The capsule signature is now part of our DTB. This is problematic when a
> > user is allowed to change/fixup that DTB from U-Boots command line since he
>
> > >
[...]
> > > +config EFI_CAPSULE_KEY_PATH
> > > + string "Path to .esl file for capsule authentication"
> > > + depends on EFI_CAPSULE_AUTHENTICATE
> > > + help
> > > + Provide the .esl file used for capsule authentication
>
> We might be friendly if we add what
Hi Ilias,
On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas
wrote:
>
> The capsule signature is now part of our DTB. This is problematic when a
> user is allowed to change/fixup that DTB from U-Boots command line since he
> can overwrite the signature as well.
Do you mean with the 'fdt' command?
Just a few minor comments:
On Fri, Jul 16, 2021 at 02:57:00PM +0900, Masami Hiramatsu wrote:
> 2021年7月16日(金) 2:00 Ilias Apalodimas :
> >
> > The capsule signature is now part of our DTB. This is problematic when a
> > user is allowed to change/fixup that DTB from U-Boots command line since he
>
On Thu, 15 Jul 2021 at 22:30, Ilias Apalodimas
wrote:
> The capsule signature is now part of our DTB. This is problematic when a
> user is allowed to change/fixup that DTB from U-Boots command line since he
> can overwrite the signature as well.
> So Instead of adding the key on the DTB, embed
2021年7月16日(金) 2:00 Ilias Apalodimas :
>
> The capsule signature is now part of our DTB. This is problematic when a
> user is allowed to change/fixup that DTB from U-Boots command line since he
> can overwrite the signature as well.
> So Instead of adding the key on the DTB, embed it in the u-boot
The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This
8 matches
Mail list logo