On Mon, 21 Aug 2023 at 10:29, Sughosh Ganu <[email protected]> wrote: > > Update the document to specify how the EFI Signature List(ESL) file > can be embedded into the platform's dtb as part of the U-Boot build. > > Signed-off-by: Sughosh Ganu <[email protected]> > --- > Changes since V2: > * Rephrase the statements in a couple of places as suggested by Ilias. > > doc/develop/uefi/uefi.rst | 19 +++++-------------- > 1 file changed, 5 insertions(+), 14 deletions(-) > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > index 3ce579d46e..f422915ef5 100644 > --- a/doc/develop/uefi/uefi.rst > +++ b/doc/develop/uefi/uefi.rst > @@ -539,20 +539,11 @@ and used by the steps highlighted below. > ... > } > > -You can do step-4 manually with > - > -.. code-block:: console > - > - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts > - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo > - > -where signature.dts looks like:: > - > - &{/} { > - signature { > - capsule-key = /incbin/("CRT.esl"); > - }; > - }; > +You can perform step-4 through the Kconfig symbol > +CONFIG_EFI_CAPSULE_ESL_FILE. This symbol points to the esl file > +generated in step-2. Once the symbol has been populated with the path > +to the esl file, it will automatically get embedded into the > +platform's dtb as part of U-Boot build. > > Anti-rollback Protection > ************************ > -- > 2.34.1 >
Reviewed-by: Ilias Apalodimas <[email protected]>
