diff options
| author | Jonathan Humphreys | 2024-06-13 15:27:53 -0500 |
|---|---|---|
| committer | Heinrich Schuchardt | 2024-07-14 09:56:24 +0200 |
| commit | 659f97eb1fc30296aa64e2ad9f4b7578e183aea5 (patch) | |
| tree | dd911978ea7354bd63ac00f1a45a3b35275f06b3 /scripts | |
| parent | 809141812e701d11651edb87d6332748d6289151 (diff) | |
scripts/Makefile.lib: EFI: Use capsule CRT instead of ESL file
The EFI Capsule ESL file (EFI Signature List File) used for authentication
is a binary generated from the EFI Capsule public key certificate. Instead
of including it in the source repo, automatically generate it from the
certificate file during the build process.
Currently, sandbox is the only device using this, so removed its ESL file
and set the (new) CONFIG_EFI_CAPSULE_CRT_FILE config to point to its public
key certificate.
Signed-off-by: Jonathan Humphreys <j-humphreys@ti.com>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Makefile.lib | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index d3c95f3446f..f66a65d1c1f 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -342,21 +342,27 @@ cmd_dtc = mkdir -p $(dir ${dtc-tmp}) ; \ ; \ sed "s:$(pre-tmp):$(<):" $(depfile).pre.tmp $(depfile).dtc.tmp > $(depfile) +capsule_esl_input_file=$(srctree)/lib/efi_loader/capsule_esl.dtsi.in +capsule_crt_file=$(subst $(quote),,$(CONFIG_EFI_CAPSULE_CRT_FILE)) +capsule_esl_dtsi=.capsule_esl.dtsi + quiet_cmd_capsule_esl_gen = CAPSULE_ESL_GEN $@ -cmd_capsule_esl_gen = \ - $(shell sed "s:ESL_BIN_FILE:$(capsule_esl_path):" $(capsule_esl_input_file) > $@) +cmd_capsule_esl_gen = cert-to-efi-sig-list $< $@ -$(obj)/.capsule_esl.dtsi: FORCE -ifeq ($(CONFIG_EFI_CAPSULE_ESL_FILE),"") - $(error "CONFIG_EFI_CAPSULE_ESL_FILE is empty, EFI capsule authentication \ +$(obj)/capsule_esl_file: $(capsule_crt_file) FORCE +ifeq ($(CONFIG_EFI_CAPSULE_CRT_FILE),"") + $(error "CONFIG_EFI_CAPSULE_CRT_FILE is empty, EFI capsule authentication \ public key must be specified when CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled") else $(call cmd,capsule_esl_gen) endif -capsule_esl_input_file=$(srctree)/lib/efi_loader/capsule_esl.dtsi.in -capsule_esl_dtsi = .capsule_esl.dtsi -capsule_esl_path=$(abspath $(srctree)/$(subst $(quote),,$(CONFIG_EFI_CAPSULE_ESL_FILE))) +quiet_cmd_capsule_dtsi_gen = CAPSULE_DTSI_GEN $@ +cmd_capsule_dtsi_gen = \ + $(shell sed "s:ESL_BIN_FILE:$(abspath $<):" $(capsule_esl_input_file) > $@) + +$(obj)/$(capsule_esl_dtsi): $(obj)/capsule_esl_file FORCE + $(call cmd,capsule_dtsi_gen) dtsi_include_list_deps := $(addprefix $(u_boot_dtsi_loc),$(subst $(quote),,$(dtsi_include_list))) |