Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org>
---
Changes since V1: None
Makefile | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/Makefile b/Makefile
index b72d8d20c0..ebd4a6477c 100644
--- a/Makefile
+++ b/Makefile
@@ -1011,6 +1011,10 @@ cmd_pad_cat = $(cmd_objcopy) && $(append) || { rm -f $@;
false; }
quiet_cmd_lzma = LZMA $@
cmd_lzma = lzma -c -z -k -9 $< > $@
+quiet_cmd_mkeficapsule = MKEFICAPSULE $@
+cmd_mkeficapsule = $(objtree)/tools/mkeficapsule -K $(CONFIG_EFI_PKEY_FILE) \
+ -D $@
+
cfg: u-boot.cfg
quiet_cmd_cfgcheck = CFGCHK $2
@@ -1161,8 +1165,14 @@ endif
PHONY += dtbs
dtbs: dts/dt.dtb
@:
+ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE)$(CONFIG_EFI_PKEY_DTB_EMBED),yy)
+dts/dt.dtb: u-boot tools
+ $(Q)$(MAKE) $(build)=dts dtbs
+ $(call cmd,mkeficapsule)
+else
dts/dt.dtb: u-boot
$(Q)$(MAKE) $(build)=dts dtbs
+endif
quiet_cmd_copy = COPY $@
cmd_copy = cp $< $@
--
2.17.1
