With this script, a public key is added to a device tree blob
as the default efi_get_public_key_data() expects.
Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org>
---
MAINTAINERS | 1 +
tools/fdtsig.sh | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100755 tools/fdtsig.sh
diff --git a/MAINTAINERS b/MAINTAINERS
index 569332db4719..860f58ef6640 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -738,6 +738,7 @@ F: cmd/bootefi.c
F: cmd/efidebug.c
F: cmd/nvedit_efi.c
F: tools/efivar.py
+F: tools/fdtsig.sh
F: tools/file2include.c
F: tools/mkeficapsule.c
diff --git a/tools/fdtsig.sh b/tools/fdtsig.sh
new file mode 100755
index 000000000000..c2b2a6dc5ec8
--- /dev/null
+++ b/tools/fdtsig.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0+
+#
+# script to add a certificate (efi-signature-list) to dtb blob
+
+usage() {
+ if [ -n "$*" ]; then
+ echo "ERROR: $*"
+ fi
+ echo "Usage: "$(basename $0) " <esl file> <dtb file>"
+}
+
+if [ "$#" -ne 2 ]; then
+ usage "Arguments missing"
+ exit 1
+fi
+
+ESL=$1
+DTB=$2
+NEW_DTB=$(basename $DTB)_tmp
+SIG=signature
+
+cat << 'EOF' > $SIG.dts
+/dts-v1/;
+/plugin/;
+
+&{/} {
+ signature {
+EOF
+echo "capsule-key = /incbin/(\"$ESL\");" >> $SIG.dts
+cat << 'EOF' >> $SIG.dts
+ };
+};
+EOF
+
+dtc -@ -I dts -O dtb -o $SIG.dtbo $SIG.dts
+fdtoverlay -i $DTB -o $NEW_DTB $SIG.dtbo
+mv $NEW_DTB $DTB
+
+rm $SIG.dts $SIG.dtsn $SIG.dtbo
--
2.33.0
