efi_capsule: Move signature from DTB to .rodata
The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by:Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by:
Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by:
Ilias Apalodimas <ilias.apalodimas@linaro.org>
Showing
- board/emulation/common/Makefile 0 additions, 1 deletionboard/emulation/common/Makefile
- board/emulation/common/qemu_capsule.c 0 additions, 43 deletionsboard/emulation/common/qemu_capsule.c
- include/asm-generic/sections.h 2 additions, 0 deletionsinclude/asm-generic/sections.h
- lib/efi_loader/Kconfig 7 additions, 0 deletionslib/efi_loader/Kconfig
- lib/efi_loader/Makefile 8 additions, 0 deletionslib/efi_loader/Makefile
- lib/efi_loader/efi_capsule.c 15 additions, 3 deletionslib/efi_loader/efi_capsule.c
- lib/efi_loader/efi_capsule_key.S 17 additions, 0 deletionslib/efi_loader/efi_capsule_key.S
Loading
Please register or sign in to comment