efi_capsule: Move signature from DTB to .rodata

The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
author: Ilias Apalodimas <ilias.apalodimas@linaro.org> 2021-07-17 17:26:44 +0300
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> 2021-07-18 14:43:56 +0200
commit: ddf67daac39de76d2697d587148f4c2cb768f492 (patch)
tree: 2f6625c0035401e56d52ddc000e0b3ffddfa892e /include
parent: d934ed577e9257e64e08bc722a7715e586c4a2bc (diff)
download: u-boot-ddf67daac39de76d2697d587148f4c2cb768f492.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
index 267f1db73f2..ec992b0c2e3 100644
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -27,6 +27,8 @@ extern char __efi_helloworld_begin[];
 extern char __efi_helloworld_end[];
 extern char __efi_var_file_begin[];
 extern char __efi_var_file_end[];
+extern char __efi_capsule_sig_begin[];
+extern char __efi_capsule_sig_end[];
 
 /* Private data used by of-platdata devices/uclasses */
 extern char __priv_data_start[], __priv_data_end[];
author	Ilias Apalodimas <ilias.apalodimas@linaro.org>	2021-07-17 17:26:44 +0300
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	2021-07-18 14:43:56 +0200
commit	ddf67daac39de76d2697d587148f4c2cb768f492 (patch)
tree	2f6625c0035401e56d52ddc000e0b3ffddfa892e /include
parent	d934ed577e9257e64e08bc722a7715e586c4a2bc (diff)
download	u-boot-ddf67daac39de76d2697d587148f4c2cb768f492.tar.gz