Heinrich, On Sun, Aug 01, 2021 at 11:40:14AM +0200, Heinrich Schuchardt wrote: > On 7/27/21 11:10 AM, AKASHI Takahiro wrote: > > As I proposed and discussed in [1] and [2], I have made a couple of > > improvements on the current implementation of capsule update in this > > patch set. > > > > * add signing feature to mkeficapsule > > * add "--guid" option to mkeficapsule > > * add man page of mkeficapsule > > * add pytest for capsule authentication (on sandbox) > > > > NOTE: > > Due to Ilias's commit[3], we need to have a customized configuration > > for sandbox to properly set up and run capsule authentication test. > > See patch#5,#6 and #7. > > > > [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html > > [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html > > [3] commit ddf67daac39d ("efi_capsule: Move signature from DTB to > > .rodata") > > > Dear Takahiro, > > thanks for driving this topic. I have finished with my review and will > be waiting for v2.
Thanks for your review comments. I'd like to know what's your thought on Patch#8 (and #9) as I have not seen your comment at [2] above. It is more or less an RFC since it breaks the compatibility of command syntax although I believe that the change is quite useful. -Takahiro Akashi > Best regards > > Heinrich > > > > > Prerequisite patches > > ==================== > > None > > > > Test > > ==== > > * locally passed the pytest which is included in this patch series > > on sandbox built. > > > > Todo > > ==== > > * Confirm that the change in .gitlab-ci.yml works. > > * Azure support(?) > > > > Changes > > ======= > > v2 (July 28, 2021) > > * rebased on v2021.10-rc* > > * removed dependency on target's configuration > > * removed fdtsig.sh and others > > * add man page > > * update the UEFI document > > * add dedicate defconfig for testing on sandbox > > * add gitlab CI support > > * add "--guid" option to mkeficapsule > > (yet rather RFC) > > > > Initial release (May 12, 2021) > > * based on v2021.07-rc2 > > > > AKASHI Takahiro (9): > > tools: mkeficapsule: add firmwware image signing > > tools: mkeficapsule: add man page > > doc: update UEFI document for usage of mkeficapsule > > efi_loader: ease the file path check for public key > > test/py: efi_capsule: add image authentication test > > sandbox: add config for efi capsule authentication test > > GitLab: add a test rule for efi capsule authentication test > > tools: mkeficapsule: allow for specifying GUID explicitly > > test/py: efi_capsule: align with the syntax change of mkeficapsule > > > > .gitlab-ci.yml | 6 + > > MAINTAINERS | 1 + > > configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++ > > doc/develop/uefi/uefi.rst | 31 +- > > doc/mkeficapsule.1 | 98 +++++ > > lib/efi_loader/Makefile | 5 +- > > test/py/tests/test_efi_capsule/SIGNER.crt | 19 + > > test/py/tests/test_efi_capsule/SIGNER.esl | Bin 0 -> 829 bytes > > test/py/tests/test_efi_capsule/SIGNER.key | 28 ++ > > test/py/tests/test_efi_capsule/SIGNER2.crt | 19 + > > test/py/tests/test_efi_capsule/SIGNER2.key | 28 ++ > > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > > test/py/tests/test_efi_capsule/conftest.py | 39 +- > > .../test_capsule_firmware_signed.py | 228 +++++++++++ > > tools/Kconfig | 7 + > > tools/Makefile | 8 +- > > tools/mkeficapsule.c | 368 ++++++++++++++++-- > > 17 files changed, 1129 insertions(+), 68 deletions(-) > > create mode 100644 configs/sandbox_capsule_auth_defconfig > > create mode 100644 doc/mkeficapsule.1 > > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.crt > > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.esl > > create mode 100644 test/py/tests/test_efi_capsule/SIGNER.key > > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.crt > > create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.key > > create mode 100644 > > test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > >