mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-18 02:38:56 +00:00
ddf67daac3
The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
17 lines
388 B
ArmAsm
17 lines
388 B
ArmAsm
/* SPDX-License-Identifier: GPL-2.0+ */
|
|
/*
|
|
* .esl cert for capsule authentication
|
|
*
|
|
* Copyright (c) 2021, Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
.section .rodata.capsule_key.init,"a"
|
|
.balign 16
|
|
.global __efi_capsule_sig_begin
|
|
__efi_capsule_sig_begin:
|
|
.incbin CONFIG_EFI_CAPSULE_KEY_PATH
|
|
__efi_capsule_sig_end:
|
|
.global __efi_capsule_sig_end
|
|
.balign 16
|