Mkeficapsule can dump signature for signed capsules. It can be used in test to validate signature i.e. with openssl. Add an entry for device tree node.
Signed-off-by: Wojciech Dubowik <[email protected]> --- tools/binman/entries.rst | 4 ++++ tools/binman/etype/efi_capsule.py | 9 ++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index a81fcbd3891f..91f855f6d7a3 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -552,6 +552,10 @@ Properties / Entry arguments: - public-key-cert: Path to PEM formatted .crt public key certificate file. Mandatory property for generating signed capsules. - oem-flags - OEM flags to be passed through capsule header. + - dump-signature: Optional boolean (default: false). Instruct + mkeficapsule to write signature data to a separate file. The + filename will be <capsule file>.p7. It might be used to verify + capsule authentication with external tools. Since this is a subclass of Entry_section, all properties of the parent class also apply here. Except for the properties stated as mandatory, the diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py index 3b30c12ea514..022d57ee5519 100644 --- a/tools/binman/etype/efi_capsule.py +++ b/tools/binman/etype/efi_capsule.py @@ -53,6 +53,10 @@ class Entry_efi_capsule(Entry_section): - public-key-cert: Path to PEM formatted .crt public key certificate file. Mandatory property for generating signed capsules. - oem-flags - OEM flags to be passed through capsule header. + - dump-signature: Optional boolean (default: false). Instruct + mkeficapsule to write signature data to a separate file. The + filename will be <capsule file>.p7. It might be used to verify + capsule authentication with external tools. Since this is a subclass of Entry_section, all properties of the parent class also apply here. Except for the properties stated as mandatory, the @@ -101,6 +105,7 @@ class Entry_efi_capsule(Entry_section): self.private_key = '' self.public_key_cert = '' self.auth = 0 + self.dump_signature = False def ReadNode(self): super().ReadNode() @@ -111,6 +116,7 @@ class Entry_efi_capsule(Entry_section): self.hardware_instance = fdt_util.GetInt(self._node, 'hardware-instance') self.monotonic_count = fdt_util.GetInt(self._node, 'monotonic-count') self.oem_flags = fdt_util.GetInt(self._node, 'oem-flags') + self.dump_signature = fdt_util.GetBool(self._node, 'dump-signature') self.private_key = fdt_util.GetString(self._node, 'private-key') self.public_key_cert = fdt_util.GetString(self._node, 'public-key-cert') @@ -150,7 +156,8 @@ class Entry_efi_capsule(Entry_section): public_key_cert, self.monotonic_count, self.fw_version, - self.oem_flags) + self.oem_flags, + self.dump_signature) if ret is not None: return tools.read_file(capsule_fname) else: -- 2.47.3
