On Wed, May 12, 2021 at 04:49:02PM +0900, Masami Hiramatsu wrote: > Hi Ilias, > > 2021年5月12日(水) 16:21 Ilias Apalodimas <[email protected]>: > > > > Akashi-san, > > > > On Wed, May 12, 2021 at 01:57:51PM +0900, AKASHI Takahiro wrote: > > > As we discussed, "-K" and "-D" options have nothing to do with > > > creating a capsule file. The same result can be obtained by > > > using standard commands like: > > > === signature.dts === > > > /dts-v1/; > > > /plugin/; > > > > > > &{/} { > > > signature { > > > capsule-key = /incbin/("SIGNER.esl"); > > > }; > > > }; > > > === > > > $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts > > > $ fdtoverlay -i test.dtb -o test_sig.dtb -v signature.dtbo > > > > > > So just remove this feature. > > > (Effectively revert the commit 322c813f4bec ("mkeficapsule: Add support > > > for embedding public key in a dtb").) > > > > > > The same feature is implemented by a shell script (tools/fdtsig.sh). > > > > > > The only reason I can see to keep this, is if mkeficapsule gets included > > intro distro packages in the future. That would make end users life a bit > > easier, since they would need a single binary to create the whole > > CapsuleUpdate sequence. > > Hmm, I think it is better to write a manpage of mkeficapsule which > also describes > how to embed the key into dtb as in the above example if it is so short. > Or, distros can package the above shell script with mkeficapsule. > > Embedding a key and signing a capsule are different operations but > using the same tool may confuse users (at least me).
Sure fair enough. I am merely pointing out we need a way to explain all of those to users. Thanks! /Ilias > > Thank you, > > -- > Masami Hiramatsu
