Hi Ilias, On Thu, 15 Jul 2021 at 11:00, Ilias Apalodimas <ilias.apalodi...@linaro.org> wrote: > > commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a > dtb") > added a bunch of options enabling the addition of the capsule public key > in a dtb. Since now we embeded the key in U-Boot's .rodata we don't this > this functionality anymore > > Signed-off-by: Ilias Apalodimas <ilias.apalodi...@linaro.org> > --- > tools/mkeficapsule.c | 226 ++----------------------------------------- > 1 file changed, 7 insertions(+), 219 deletions(-)
Here again I see EFI diverging from the impl in U-Boot. WIth U-Boot you can add the public key after the build step, e.g. in a key-signing server. With EFI and this change you will have to rebuild U-Boot (from source) every time you sign something. Seems like a pain. Regards, Simon