On 4/8/24 23:33, Jonathan Humphreys wrote:
Create an EFI signature list (.esl) file based on the TI dummy key.
Enable capsule authentication for several TI SoC based platforms: AM64, AM62,
AM62p, BeaglePlay, J7, and BeagleboneAI.
Hello Jonathan,
with the patch a capsule update will not be possible if the capsule is
not signed with the private key matching the ESL signature key in patch
1/13.
Why should a user want to lock down their board to a private key over
which he has no control? Wouldn't it be in their best interest to create
a key pair themselves?
I would have expected a documentation change explaining this to the users.
Best regards
Heinrich
Jonathan Humphreys (13):
ti:keys Add EFI signature list
configs: am64x: Set capsule update signature list file
configs: am64x: Enable capsule authentication
configs: j721e: Set capsule update signature list file
configs: j721e: Enable capsule authentication
configs: beagleplay: Set capsule update signature list file
configs: beagleplay: Enable capsule authentication
configs: am62px: Set capsule update signature list file
configs: am62px: Enable capsule authentication
configs: am62x: Set capsule update signature list file
configs: am62x: Enable capsule authentication
configs: beagleboneai64: Set capsule update signature list file
configs: beagleboneai64: Enable capsule authentication
arch/arm/mach-k3/keys/custMpk.esl | Bin 0 -> 1523 bytes
configs/am62px_evm_a53_defconfig | 2 ++
configs/am62x_beagleplay_a53_defconfig | 2 ++
configs/am62x_evm_a53_defconfig| 2 ++
configs/am64x_evm_a53_defconfig| 2 ++
configs/j721e_beagleboneai64_a72_defconfig | 2 ++
configs/j721e_evm_a72_defconfig| 2 ++
7 files changed, 12 insertions(+)
create mode 100644 arch/arm/mach-k3/keys/custMpk.esl