The common emulation Makefile has a dependency on a non-existent
qemu_capsule.o when building with support for capsule update enabled
(CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y).
The code which was in qemu_capsule.c has been completely moved to
lib/efi_loader/efi_capsule.c by commit 7a6fb28c8e ("efi_loader: capsule:
add back efi_get_public_key_data()").
Remove the false dependency.
This fixes the following build error:
make[1]: *** No rule to make target 'board/emulation/common/qemu_capsule.o', needed by 'board/emulation/common/built-in.o'. Stop.
Fixes: commit 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to .rodata"")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Simon Glass <sjg@chromium.org>
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.
Revert it before too many other things are built on top of it.
This reverts commit ddf67daac3.
Signed-off-by: Simon Glass <sjg@chromium.org>
The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The dfu framework uses the dfu_alt_info environment variable to get
information that is needed for performing the firmware update. Add
logic to set the dfu_alt_info for the qemu arm64 platform to reflect
the two mtd partitions created for the u-boot env and the firmware
image. This can be subsequently extended for other qemu architectures
which need this variable set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for setting the default values for mtd partitions on the
platform. This would be used for updating the firmware image using
uefi capsule update with the dfu mtd backend driver.
Currently, values have been defined for the qemu arm64 platform, with
default values defined for the mtd partitions based on the NOR
flash. This can be subsequently extended for other qemu architectures
which need mtdparts set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
