Hi Takahiro, On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro <[email protected]> wrote: > > With this enhancement, mkeficapsule will be able to sign a capsule > file when it is created. A signature added will be used later > in the verification at FMP's SetImage() call. > > To do that, We need specify additional command parameters: > -monotonic-cout <count> : monotonic count > -private-key <private key file> : private key file > -certificate <certificate file> : certificate file > Only when all of those parameters are given, a signature will be added > to a capsule file. > > Users are expected to maintain and increment the monotonic count at > every time of the update for each firmware image. > > Signed-off-by: AKASHI Takahiro <[email protected]> > --- > tools/Kconfig | 8 + > tools/Makefile | 8 +- > tools/mkeficapsule.c | 435 +++++++++++++++++++++++++++++++++++++++---- > 3 files changed, 417 insertions(+), 34 deletions(-)
Reviewed-by: Simon Glass <[email protected]> This looks OK but I have some suggestions - I don't think you should return -1 from main - could you split up your create_fwbin() to return the number of gotos? - could we have a man page for the tool? - should the files be opened in binary mode? - can we just build the tool always? Regards, Simon
