tools: mkeficapsule: add firmware image signing
With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
AKASHI Takahiro
committed by
Heinrich Schuchardt
Heinrich Schuchardt
parent
9af16cc8f1
commit
16abff246b
@@ -238,6 +238,7 @@ hostprogs-$(CONFIG_MIPS) += mips-relocs
|
||||
hostprogs-$(CONFIG_ASN1_COMPILER) += asn1_compiler
|
||||
HOSTCFLAGS_asn1_compiler.o = -idirafter $(srctree)/include
|
||||
|
||||
HOSTLDLIBS_mkeficapsule += -lgnutls
|
||||
hostprogs-$(CONFIG_TOOLS_MKEFICAPSULE) += mkeficapsule
|
||||
|
||||
# We build some files with extra pedantic flags to try to minimize things
|
||||
|
||||
Reference in New Issue
Block a user