On Fri, 20 Feb 2026 at 02:16, Wojciech Dubowik <[email protected]> wrote: > > Mkeficapsule can dump signature for signed capsules. It can > be used in test to validate signature i.e. with openssl. > Add an entry for device tree node. > > Signed-off-by: Wojciech Dubowik <[email protected]> > --- > tools/binman/entries.rst | 4 ++++ > tools/binman/etype/efi_capsule.py | 9 ++++++++- > 2 files changed, 12 insertions(+), 1 deletion(-) >
Reviewed-by: Simon Glass <[email protected]> > diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst > index a81fcbd3891f..91f855f6d7a3 100644 > --- a/tools/binman/entries.rst > +++ b/tools/binman/entries.rst > @@ -552,6 +552,10 @@ Properties / Entry arguments: > - public-key-cert: Path to PEM formatted .crt public key certificate > file. Mandatory property for generating signed capsules. > - oem-flags - OEM flags to be passed through capsule header. > + - dump-signature: Optional boolean (default: false). Instruct > + mkeficapsule to write signature data to a separate file. The > + filename will be <capsule file>.p7. It might be used to verify > + capsule authentication with external tools. > > Since this is a subclass of Entry_section, all properties of the parent > class also apply here. Except for the properties stated as mandatory, the > diff --git a/tools/binman/etype/efi_capsule.py > b/tools/binman/etype/efi_capsule.py > index 3b30c12ea514..022d57ee5519 100644 > --- a/tools/binman/etype/efi_capsule.py > +++ b/tools/binman/etype/efi_capsule.py > @@ -53,6 +53,10 @@ class Entry_efi_capsule(Entry_section): > - public-key-cert: Path to PEM formatted .crt public key certificate > file. Mandatory property for generating signed capsules. > - oem-flags - OEM flags to be passed through capsule header. > + - dump-signature: Optional boolean (default: false). Instruct > + mkeficapsule to write signature data to a separate file. The > + filename will be <capsule file>.p7. It might be used to verify > + capsule authentication with external tools. > > Since this is a subclass of Entry_section, all properties of the parent > class also apply here. Except for the properties stated as mandatory, the > @@ -101,6 +105,7 @@ class Entry_efi_capsule(Entry_section): > self.private_key = '' > self.public_key_cert = '' > self.auth = 0 > + self.dump_signature = False > > def ReadNode(self): > super().ReadNode() > @@ -111,6 +116,7 @@ class Entry_efi_capsule(Entry_section): > self.hardware_instance = fdt_util.GetInt(self._node, > 'hardware-instance') > self.monotonic_count = fdt_util.GetInt(self._node, 'monotonic-count') > self.oem_flags = fdt_util.GetInt(self._node, 'oem-flags') > + self.dump_signature = fdt_util.GetBool(self._node, 'dump-signature') > > self.private_key = fdt_util.GetString(self._node, 'private-key') > self.public_key_cert = fdt_util.GetString(self._node, > 'public-key-cert') > @@ -150,7 +156,8 @@ class Entry_efi_capsule(Entry_section): > public_key_cert, > self.monotonic_count, > self.fw_version, > - self.oem_flags) > + self.oem_flags, > + self.dump_signature) > if ret is not None: > return tools.read_file(capsule_fname) > else: > -- > 2.47.3 >
